After dealing with multiple attacks on several sites, including Apple, Facebook, and Twitter – this being Java exploits. Now, it’s time to deal with more hacks, including NBC.com (which has been serving up malware for a day now) and Twitter. As in recent reports now, Tumblr and Pinterest have been forewarned.
NBC.com’s hacked pages were modified to include additional HTML component called IFRAME, which is inline frame. This allows at least a 1px x 1px frame to be included independently in the webpage, which may contain malicious code. In HTML code, frames can be made to host web content. But, in the hands of the evildoers, aka cybercriminals, it is used as an effort to launch malware campaigns.
I recognized something was wrong with NBC.com, which may have already been hacked a few weeks ago, and I posted the information on my Twitter account that a downloaded file was sent to my browser asking me to save or open it. This was on a sister site/blog, RedTape. I asked people to replicate it. The Twitter status can be found here.
What type of malware was delivered? Citadel or ZeroAccess, which are both crimeware families and botnets. They are usually part of several exploit kits.
This drive-by download situation is no good, as the pages were taken offline. Therefore, that dropped the traffic of those specific areas of the site. It is sure that this situation is a matter of cybercrime aimed at a financial side of things, not defacement or pranks.
Was it a big deal that it was NBC? No. In fact, it is sure the hackers were aimed at using a high-profile site, and apparently NBC.com was the easiest or quickest to access. Hackers rely on time and many other factors to make their approach(es).
Zendesk hacks and other various warnings
Zendesk is all about customer support…therefore no one really knows, except for those in the business of customer support. Big names use this service, which include Tumblr, Twitter, and Pinterest, among others. Hackers broke into the Zendesk systems, accessing email addresses of those big name customers, namely Twitter, Tumblr, and Pinterest.
How “pinteresting” that another hack has been born, which is related to a social network. Zendesk detailed the hack:
We’ve become aware that a hacker accessed our system this week. As soon as we learned of the attack, we patched the vulnerability and closed the access that the hacker had. Our ongoing investigation indicates that the hacker had access to the support information that three of our customers store on our system. We believe that the hacker downloaded email addresses of users who contacted those three customers for support, as well as support email subject lines. We notified our affected customers immediately and are working with them to assist in their response.
The companies involved made a point to tell its customers that they haven’t been hacked, but private information was stolen. Luckily, no password thievery was involved.
Obviously, an incident like this, just like the NBC.com incident, needs to be taken very seriously. Something must be done to stop the continuous hacks.
Twitter hacks additionally are nothing new. Many times, hackers used a backdoor, such as the tools the support team uses, to infiltrate the information of Twitter users. It’s not a huge gain, more possibly a waste of time.
The Bamital Botnet, known for grossing about $1 million a year using fraudulent means has been destroyed by the investigative teams of Microsoft and Symantec. With help from the feds, the two teams collaborated in the investigation of a number of data centers for the botnet servers. This operation is the sixth operation in the past three years to take down botnets, titled Operation b58. This operation began around a year ago, when Symantec approached Microsoft with intent to collaborate and take down this botnet.
The most notorious means of the botnet are very typical, inflicting a fraudulent payload via search redirects. The victims were lured in to a scam (social engineering), in which malware was then installed to infect the machine. Once done, the victim will do their normal activities including searching, which the malware will redirect to scam sites, selling fake (or legitimate but modified) software or services, attempting to steal credit card data.
For the last two years of its continual attack on internet users, the botnet totaled 8 million computers, approximately, and stole/racked in around $1 million USD. Right now, it’s estimated that anywhere from 300,000 to 1 million computers are still infected with the botnet.
During the takedown operation, Microsoft’s crew constructed a lawsuit against the botnet operators to pull the plug on the zombie network. Yesterday, February 6, after the request was granted by the court, Microsoft was escorted by the US Marshals Service to go to every facility in Virginia and New Jersey to seize servers.
According to Richard Boscovich, assistant general counsel with Microsoft’s Digital Crimes Unit, the operators of the Virginia data center were persuaded to take down the server at the parent facility in the Netherlands.
Many of the cybercriminals involved include about 18 of them, scattered all around the world from the US, to the UK, to Australia, and even Romania.
Microsoft and Symantec seek to help users who’re infected. The search redirect and querying system by the rogue servers will be broken, therefore the search function on victim computers will be broken, too. There will be removal tools to help this, as well as the ability to repair the broken functions.
It is sure this will make it a lot harder for the cybercriminals behind Bamital to restart their servers, as Microsoft and possibly others like the feds and Symantec, have the servers in their custody.
One hacker/malware writer of the DNSChanger malware has pleaded guilty. Only two out of the six have been extradited to the US, so far, to be charged. Valeri Aleksejev, one suspect, has now pleaded guilty and is looking at 25 years in prison, with the possibility of having to pay back up to $7M to victims. Deportation is probable as well.
When hackers change DNS settings, they have the ability to lead the victim(s) to other sites through redirects. Redirects can be used for fraudulent purposes, such as boosting affiliate sales, getting search traffic, etc.
The six suspects in this case effectively manipulated this method and other methods, and “were able to manipulate Internet advertising to generate at least $14 million in illicit fees.”
Eighteen people have been charged in a major credit card fraud scheme. New Jersey federal prosecutors called the fraud one of the largest credit card fraud schemes ever uncovered by the US Department of Justice. This fraudulent act spanned eight countries, as well as 28 US States.
“The defendants are part of a massive international fraud enterprise involving thousands of false identities, fraudulent identification documents, doctored credit reports and more than $200 million in confirmed losses. Due to the massive scope of the fraud, which involved over 25,000 fraudulent credit cards, loss calculations are ongoing and final confirmed losses may grow substantially,” FBI Special Agent James Simpson said in court records.
The criminals charged used greedy means for the stolen money, buying high-end clothing, automobiles, electronics, etc. As well, they stockpiled some in odd places, like an oven in one case.
More information is still up for grabs in this case, once everyone has made their court appearances. It is unknown what the aim was for the criminals, however, it is no surprise the schemes used were for means to make the criminals more wealthy.
Keep your credit card safe with a couple of different tools:
Of course, holidays for the US and even other parts of the world light up big time (no pun intended), this time of year. Rolex spam rolls out by attackers, and they want your identity.
They’ll say they give you a Rolex watch, one the of most expensive timepieces sold on the watch market. This is for their own little Black Friday sale. What do they want, though? Your credit card, and other personal information!
Screenshot of email:
From: Designer Watches by LR (could be random, too)
Subject: Start Black Friday today
BLACK FRIDAY EVERY DAY UNTIL NOVEMBER 23RD!
The best quality watch replicas on PLANET EARTH!
The lowest priced high-end watches on the PLANET!
BLACK FRIDAY HAS STARTED!
Black Friday every day until November 23!
All items reduced by 25-50% as of TODAY.
Over 25,000 exact watch-copies have been reduced until Friday November 23rd.
There plenty of time to get the watch of your dreams but we recommend doing it as soon as possible.
This will ensure INSTOCK availability and fast delivery.
NOTE: BLACK FRIDAY PRICES ARE AVAILABLE ON INSTOCK ITEMS ONLY!
Currently every watch model is INSTOCK and ready to ship within 1 hour.
THESE ARE NOT CHEAP CHINA STOCK KNOCK-OFFS:
These are hand crafted high-end watch-copies.
These are made using identical parts and materials.
These are tested inside and out to be identical.
There is no difference between our watch-copies and the originals!
More spam is lighting up for Battle.net account users, Diablo, and World of Warcraft members. The latest spam update is below, where once again, the spammers are using a fake email account (firstname.lastname@example.org) as the sender, and stating that you are trying to sell your Battle.net account and need to verify it so it will not be suspended.
However, the link it gives looks real, however, it is fake.
Here are the technical details:
Return-path (email address the email actually came from): ab[at]vlrpc.com
IP address: 220.127.116.11 belonging to an unknown/private user (WHOIS states the IP master’s name: yanling ruanof) China Unicom, a telecommunications company governed by The People’s Republic of China. They seem to either ignore abuse reports, or do not know much about their users’ activities. We know a private user sent this spam, because the message header clearly states the application used to send the email: Microsoft Outlook Express 6.00.2900.5512.
Known blacklisting: Spamhaus.org (listed as “Illegal 3rd party exploits, including proxies, worms and trojan exploits”), abuseat.org, barracudacentral.org, uceprotect.net
Now, it’s believed that the recent spam outbreak (like the one above, for example) is a result of the latest Blizzard lawsuit. However, spam like this has happened before (also look in the comments for a user who posted about Diablo 3 spam).
The only thing to best protect against spam is having an anti-spam program. Please visit the vendor below for more information.
The latest security studies are in, and here are the analyses from seCURE Connexion…
- Android malware has overgrown, with an extreme growth by the end of July to the month of August, and into September and October. Get protected now with the latest in mobile security, so your smartphone can stay secure from the dangers of the app world.
- Another rise for Android issues, would be apps that act like aggressive adware, by collecting way too much personal information. It is continuously a problem, dealing with apps that collect a load of personal information, and some have worried about identity theft.
- Vendors of software have seen a continual rise in vulnerabilities for the past couple of years. However, Apple seems to have the worst problem, but so does Google. Both companies have seen varying degrees of intensity and quantity of attacks, and it’s to question that Microsoft is seeing a break in the action. The good part is, Microsoft only shown half as many vulnerabilities as Google, and only one-quarter as many as Apple. Though these numbers are only speculative, based on looking over the lists of the past few months.
- Some of the major malware on Windows systems have included Trojan.ZeroAccess, Worm.Conficker, and more.
- Corporate and government entities have seen an extreme rise in the number of cyberattacks. Worries about a cyberwar are continually heating up, and it’s unknown the origin of most of the attacks.
- According to the Symantec Internet Security Threat Report (ISTR), 400 million new variants of malware were created in 2011, which is an average of 33 million new variants of malware a month, or an average of one million new variants a day.
Overall, the spectrum of cyberattacks has increased on an extreme level, whether it’d be cyberwar related, or cybercrime. It’s definitely best to consider this declared war, and work constantly to protect our computers and our own livelihood.