Linux/Cdorked.A: One of The Most Sophisticated Apache Backdoor Targets Millions of Websites

Linux/Cdorked.A: One of The Most Sophisticated Apache Backdoor Targets Millions of Websites to Serve Blackhole Exploit

ESET one of the world renowned security firm headquartered in Bratislava have figured out what it called a malicious cyber rampage targeting millions of cPanel-based servers. Since last few months security experts have been tracking server level compromises that have been utilizing malicious Apache modules to inject malware into websites and  redirecting some of its requests to the infamous Blackhole Exploit packs. On cPanel-based servers, instead of adding modules or modifying the Apache configuration, the attackers started to replace the Apache binary (httpd) with a malicious one. This new backdoor is very sophisticated and this new malware has been dubbed "Linux/Cdorked.A." Several analysis reveals that it is a sophisticated and stealthy backdoor meant to drive traffic to malicious websites. According to the official blog post of ESET - Linux/Cdorked.A is one of the most sophisticated Apache backdoor's we have seen so far. The backdoor leaves no traces of compromised hosts on the hard drive other than its modified httpd binary, thereby complicating forensics analysis. All of the information related to the backdoor is stored in shared memory. The configuration is pushed by the attacker through obfuscated HTTP requests that aren't logged in normal Apache logs. This means that no command and control information is stored anywhere on the system.

This malicious cyber rampage was first detected by another security firm named 'Sucuri' and later ESET published a detailed analysis of the issue. But still there are thoughtful matter as already thousands of websites get infected. The attack is particularly dangerous as Apache web servers are among the most well-known and widely-used in the world and are used by numerous companies. This means that a successful security breach can affect numerous different businesses across a diverse range of industries.

As this malware also known as Linux/Cdorked.A has already been spotted in the wild, so on behalf of cyber media, we urge all the concern system administrator, security analyst to take care of the above issue while to checking their servers and verify that they are not affected by this threat. Detailed instructions to perform this check are provided in the ESET blog.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Linux/Cdorked.A: One of The Most Sophisticated Apache Backdoor Targets Millions of Websites "https://www.voiceofgreyhat.com/2013/05/Linux-Cdorked.A-Sophisticated-Apache-Backdoor.html</a>

President of Guyana Official Site Hacked By Tha Disastar

President of Guyana under cyber attack. Well known Pakistani hacker named from Tha Disastar from The Hackers Army hacked the official website of Office of the President of Guyana. Few days before Tha Disastar has hacked and defaced the anonyops.com. It was one of the important site of Hacktivist Anonymous. Not only that he also performed a massive DDoS attack on Hacktivist site and as a result the site was remain offline. Also earlier The Hackers Army has hacked lots of high profile websites inlcuding ESET antivirus site and many more.

Hacked Site:-

http://op.gov.gy/index.php

Mirror Link:-

http://zone-hack.com/defacements/?id=18299

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">President of Guyana Official Site Hacked By Tha Disastar"https://www.voiceofgreyhat.com/2011/12/president-of-guyana-official-site.html</a>

Eset (Antivirus Company), Horoscope India & 300+ Sites Hacked By THA Disastar

The official website of Well-Known Anti Virus Company ESET Thailand hacked and defaced by THA Disastar. The hacker also took down the official website of horoscope India. Also more than 300 Indian and  Russian sites get hacked by THA Disastar.

Hacked Sites:-

http://www.eset.co.th/
http://www.activemedia.co.th/
http://www.horoscope-india.com/

Full List of Hacked Sites:-

pastesite.com/27682

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Eset (Antivirus Company), Horoscope India & 300+ Sites Hacked By THA Disastar"https://www.voiceofgreyhat.com/2011/11/eset-antivirus-company-horoscope-india.html</a>

ESET Released Antivirus for Android in Beta

ESET is well-known in the PC arena for its NOD32 antivirus and ESET Smart Security suite. The company's existing mobile security product supports Windows Mobile and Symbian devices. ESET Mobile Security for Android Beta (free, direct) extends the same protection to the Android realm.

ESET Mobile naturally includes protection against Android malware. It checks processes and new apps in real time and also scans for threats on demand. Some mobile security products eliminate almost all antivirus configuration settings. Lookout Mobile Security is an example. ESET includes a full set of configuration choices, much like what you'd find in a PC-based antivirus. It uses heuristic analysis, it can quarantine suspect files, and it optionally scans inside archives, among other things.

Like Kaspersky Mobile Security 9, Norton Mobile Security 2.0 Beta, and others ESET Mobile can respond to coded SMS messages by locking the phone, transmitting its GPS location, or wiping all data from the phone. You can't track the phone by logging in to a Web site the way you can with GadgetTrak Mobile Security for Android & Blackberry 3.1, Mobile Superhero, and others, but ESET's SMS response to a location request includes a Google Maps link.

A thief who attempts to evade ESET's protection by swapping out the SIM card won't get far. Insertion of a SIM card not already marked as trusted will cause the phone to automatically lock and secretly send an alert SMS to one or more predefined contacts. The alert SMS contains the new SIM card's phone number, the IMSI (International Mobile Subscriber Identity) number and the phone's IMEI (International Mobile Equipment Identity) number. ESET also protects against uninstallation on Android 2.2 and later.

ESET's antispam feature isn't as ambitious as that of PrivacyStar and Mr. Mr. Number, which use crowdsourcing to block known spam callers. You can set ESET to block specific blacklisted numbers or to block all incoming calls and texts that don't come from your contacts. The app retains information about blocked contact attempts, so you can review the contact log and make any necessary adjustments.

The most unusual feature ESET offers is the security audit. This isn't an audit of app permissions like that found in Lookout and in Webroot Mobile Security for Android. ESET audits the device daily and automatically fixes everything it can. You can also manually run an audit at any time. ESET alerts if battery power or free disk space are too low. It reports security problems with Bluetooth, GPS, and GSM Network as well as with installed applications and stored data. The included Task Manager lets you view running processes and terminate non-system processes.

This app, currently in beta testing, can be downloaded from the Android Market or directly from the ESET Web site.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">ESET Released Antivirus for Android in Beta"https://www.voiceofgreyhat.com/2011/06/eset-released-antivirus-for-android-in.html</a>

Microsoft Security Essentials is on the first place in North America

Microsoft (17.07 percent), AVG (15.63 percent), and Symantec (14.47 percent) were found to be the top three antivirus vendors in North America, according to the latest quarterly antivirus market share report released by OPSWAT. Microsoft increased its market share from OPSWAT's previous antivirus report to surpass Symantec and become the North American leader. AVG held steady in the second position, and Symantec fell to third.

Worldwide, the top three antivirus vendors detected were Avast (12.37 percent), AVG (12.37 percent), and Avira (12.29 percent). Microsoft was fourth (11.24 percent), followed by ESET Software (9.98 percent).

The software company analyzed more than 43,000 opt-in reports from endpoints worldwide. The reports, generated by OPSWAT's AppRemover and Am I OESIS OK? tools, utilize the detection capabilities of the OESIS Framework to list the applications installed on the endpoint computer. The full 8-page document, titled Q2 2011 Antivirus and Instant Messenger Market Share Report, includes data on the leading antivirus vendors and products in North America and worldwide, Windows OS usage in North America and worldwide, instant messaging market share worldwide, and instant messaging usage in North America and Europe.

The rest of the data wasn't too surprising: Windows 7 usage continues to increase in North America and worldwide, showing a steady trend away from Windows Vista. In both North America and worldwide, Windows XP remains the dominant Windows operating system. The top three worldwide IM applications are Windows Live Messenger, Skype, and Yahoo! Messenger. The report does not, however, account for Web-based instant messaging services such as Google Chat or Facebook. This is because it only looks at installed applications, and those services run in the browser.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Microsoft Security Essentials is on the first place in North America"https://www.voiceofgreyhat.com/2011/06/microsoft-security-essentials-is-on.html</a>

Why does Sony getting hacked for multiple times (full report)

Since the April Play Station Network breach that exposed over 100 million user accounts, Sony has been hacked more than 10 times. Sony Pictures,Sony Europe, Sony BMG Greece, Sony Thailand,Sony Music Japan, Sony Ericcson Canada, and others, have all been the target of attacks. Sony has had to contend with intense scrutiny from media, disgruntled users and lawmakers, with everyone asking the company how it could let such a breach happen. Sony has apologized repeatedly and said that the original attack was a highly professional, criminal cyber attack aimed at stealing credit card numbers. Other experts have said that Sony simply didn't have its security act together and that the attack was likely far simpler. Now, critics are wondering what exactly the motivation might be behind the continued hacks. While the initial PlayStation Network breach was the largest of the hacks to date, Sony's cyber attack problem has continued due to both inconsistent security across Sony's systems and the rise of new groups of hackers interested less in punishing Sony than in showing off their ability to breach the company's defenses, experts say.

Some analysts say Sony's security woes started when the company pressed charges against 20 year-old hacker, George Hotz, who reverse-engineered Sony’s PlayStation 3 so that it could run unapproved third-party applications. Sony responded by suing Hotz, a move that reportedly infuriated many in the hacker community. Many experts say the attack on the PlayStation Network in April could have been an act of vilgilante justice resulting directly or indirectly from Sony's lawsuit against Hotz.

"Sony's perceived abuse of the legal system in targeting reverse-engineer George Hotz infuriated hacker groups," said Randy Abrams, director of technical education at ESET, an IT security firm. Abrams also noted that even before the Hotz incident, Sony had drummed up "significant antipathy" as the result of a 2005 scandal involving Sony CDs that automatically installed a rootkit that made users' computers vulnerable to attack.

The PlayStation Network attack appears to have set off an avalanche of follow-ups.

"Other hackers and hacking groups realized they could jump on the bandwagon and break into other Sony properties and get in the news," said Richard Wang, manager of Sophos Labs, a security vendor. "Really anything that has the Sony brand on it has become a target for someone trying to make a name for themselves or trying to prove they can break into the website."

Fred Cate, director of the Center for Applied Security Research at the University of Indiana, said the first PlayStation Network breach may have tempted hackers by revealing Sony as open to attack. "There's sort of a pile-on effect," Cate said. "Once you hear that there's a vulnerable network out there, other folks start trying. Sony's now a new target of interest."

Other hackers seem to have joined up for reasons other than political or monetary gain. Sites like has sonybeen hacked this week.com demonstrate a curious mixture of genuine curiosity and weary cultural saturation.

"Prior to the PSN hack, the loosely organized Anonymous group had waged war against Sony, reflecting the opinion of a significant share of netizens who got infuriated by Sony's corporate attitude," said Guillaume Lovet, a senior manager of the threat response team at Fortinet. "But now, from being a target for opinion reasons only, it also became a target 'just for the lulz,' for [hacker group] lulzsecurity and others."

"The outcome," Lovet said, "is more attackers, thus more successful hacks."

Some critics have questioned whether Sony's security efforts both before and after the initial breaches have been adequate. Sony has since promised to boost its security systems and review existing procedures. Still, according to experts, many of the attacks used to breach Sony's sites are fairly basic hacks that the company could easily have protected against.

"They seemingly have an almost anarchistic approach to global network security, with no visible coordination of security practices across Internet properties," said Abrams. "Some properties, such as Sony Pictures, seem to have been ignoring basic security best practices."

Part of the problem is Sony’s huge international web presence. Experts say its highly unlikely that the company's multiple divisions, from movies to gaming, are following any coordinated set of security protocols.

"Sony has disclosed many breaches, including different servers in Indonesia and Thailand. I highly doubt that the same developers who developed these websites are the same developers who worked on the Playstation Network, Sony Pictures, etc.,” said Derek Manky, a senior security strategist at Fortinet. "Quite simply, there is a tradeoff: Security dwindles as you add convenience and complexity."

While the novelty of hacking Sony may continue to diminish as other cybersecurity stories hit the news, it's clear Sony must get its act together or risk more attacks, a loss of customer faith and money and possible government intervention. 

"Sony needs time to get their security house in order," Jeremiah Grossman, the CTO of WhiteHat Security wrote in an email. "As an organization, Sony could see this as an opportunity. A year or more from now, they could be an example of how security SHOULD be done across the entire industry."

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Why does Sony getting hacked for multiple times (full report)"https://www.voiceofgreyhat.com/2011/06/why-sony-does-soney-getting-hacked-for.html</a>

Google Deodorizes Sniffable Android Security Flaw

A new round of patching has begun for Android phones, the vast majority of which were found to be vulnerable to hackers if the owner was using it on an open WiFi network. The flaw affected 99.7 percent of all Android smartphones running Android 2.3.3 and earlier versions because they don't use a secure HTTPS connection, according to researchers.

Google (Nasdaq: GOOG) has begun rolling out a patch to fix a security flaw in versions 2.3.3 and earlier of its Android mobile operating system.

That flaw affects all Google services using the ClientLogin authentication protocol.
It lets hackers access any personal data available through Android's application programming interfaces (APIs).
"The flaw is now fixed for all versions of Android worldwide," Google spokesperson Randall Sarafa told LinuxInsider.
The patch is being rolled out in stages over several days, Sarafa said.

The Hole in Android

The flaw gained media attention after it was publicized by the University of Ulm.
Here's how it works: When an application wants to get access to Android's APIs, it requests an authentication token through ClientLogin by providing an account name and password.
The system then returns an authorization token, which is good for up to two weeks.
If the token is used in requests sent over unencrypted networks, such as WiFi networks, hackers can steal it. They can then use the token to access any personal data made available through the service API.
The hackers will gain full access to the victim's calendar, contacts information, or private Web-based photo albums. They'll be able to view, delete, or modify any calendar events, contacts, or private pictures, the Ulm University researchers said.
The flaw affected 99.7 percent of all Android smartphones running Android 2.3.3 and earlier versions because they don't use a secure HTTPS connection, the researchers said.
Google's patch forces an HTTPS connection for calendar and contacts sync on Android, Sarafa said.

More on the Flaw

Authentication tokens are widely used for online services such as eBay (Nasdaq: EBAY). They are also used by software and application vendors such as Microsoft (Nasdaq: MSFT) and Splunk, and in Apple's (Nasdaq: AAPL) iOS mobile operating system.
There was a problem with the authentication token on Android because Google's implementation was faulty, Paul Laudanski, director of ESET's cyber threat analysis center, told LinuxInsider.
"The entry point is having an unpatched or vulnerable Android system connecting to Google services using ClientAuth over an unencrypted public WiFi network," Laudanski explained. "The correct implementation is to transmit the authorization token in a secured manner."
Google services transmit the authorization token as an open text message, which can be easily stolen.
If the technology is implemented correctly and the authorization tokens are sent securely, then even if an unencrypted WiFi network is used, the user information would appear as garbage to snoopers, Laudanski pointed out.
Google's implementation of the technology may not have been faulty in and of itself, argues Mike Paquette, chief strategy officer at Top Layer Security.
"The problem appears to be the use of the ClientLogin protocol, allowing these sniffable authentication protocols, combined with a long expiry time," Paquette told LinuxInsider. "This makes exploits practical and even likely," he added.
Android smartphone owners should stay away from heavily used public WiFi hotspots, Paquette warned. "It's likely that attackers would target areas with large numbers of users of public WiFi in order to have the greatest return," he explained.

Old Problems Refreshed

The security flaw in Android was apparently first discovered by Dan Wallach of Princeton University, who blogged about it in February.
In an experiment during his undergraduate security class, he set up a sniffer with fellow students to listen in on his Android smartphone. They used Wireshark and Mallory.
Wireshark is a network protocol analyzer for Unix and Windows. Mallory is a transparent TCP and UDP proxy. It can be used to access network streams and assess mobile Web applications, among other things.
UDP, the User Datagram Protocol, is one of the core members of the Internet Protocol (IP) Suite. It lets applications directly send messages, or datagrams, to other hosts on an IP network.
The team found that Google doesn't encrypt traffic to Google Calendar, although it properly encrypts traffic to Gmail and Google Voice. Eavesdroppers could see victims' calendar transactions and likely impersonate them on Google Calendar, Wallach found.
The University of Ulm researchers built on Wallach's research.
Android smartphone users should apply the same security precautions to their devices as they would do with their laptops, Torsten George, vice president of marketing at Agiliance, told LinuxInsider.
"Smartphones are essentially taking on the role of a regular computer," George pointed out. "Thus, they are just as vulnerable to attack by cybercriminals as regular laptop or desktop computers."
Because they lack built-in security, smartphones "open up a bigger attack surface than traditional computer devices," George added

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Google Deodorizes Sniffable Android Security Flaw"https://www.voiceofgreyhat.com/2011/05/google-deodorizes-sniffable-android.html</a>

Mobile device vulnerability at an all-time high

Malware targeting the popular Android mobile platform has increased by 400 per cent since summer 2010, according to a report from network infrastructure firm Juniper Networks.
The same report found that both enterprise and consumer mobile devices are currently being exposed to a record number of security threats.
"Hackers are now setting their sights on mobile devices," said Jeff Wilson, principal analyst, security at Infonetics Research. "Operating system consolidation and the massive and growing installed base of powerful mobile devices is tempting profit-motivated hackers to target these devices."
He added that endpoint security needs to include all employee mobile devices.
"Businesses need security tools that provide comprehensive protection: from the core of the network to the diverse range of endpoints that all IT shops are now forced to manage and secure."
Last month, security firm Eset released details of a YouGov study it commissioned into mobile security. It stated that over a third of those surveyed were aware their smartphone is under threat, but have not yet installed software to protect it.
It found that six per cent of users had installed antivirus software, while 21 per cent used their device for mobile banking.
The Juniper study found that the single greatest source of mobile malware is application download.
Google's Android marketplace is known to be threatened by malicious apps, as the platform is open-source and the store unvetted by its owners, unlike Apple's App Store.
Malware known as DroidDream infected 50,000 users of the Android marketplace earlier this year before Google began to remove the malicious software. Even the clean-up attempt from Google was hampered by hackers uploading further malware posing as a Google security update.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Mobile device vulnerability at an all-time high"https://www.voiceofgreyhat.com/2011/05/mobile-device-vulnerability-at-all-time.html</a>