[SecurityRatty] tag: cyber-security

Spies Launch 'Cyber-Behavior' Investigation

Sun, 12 Oct 2008 11:27:00 +0000

In effort to get a handle on wannabe spies' cyber behaviors, the Office of the Director of National Intelligence hands out $800,000 to researchers to figure out whether hopping on World of Warcraft or Facebook "suggests an unwillingness to abide by rules."

Links for 2008-10-09 [del.icio.us]

Thu, 09 Oct 2008 20:00:00 +0000

Air Force Will Fight Online, Without 'Cyber Command'

Wed, 08 Oct 2008 11:55:00 +0000

The Air Force is going ahead with plans to put together a force that will wage wars online. But it won't be a full-fledged Cyber Command as previously advertised.

Federal Charges Filed Against Alleged Cyber Peeping Tom

Fri, 03 Oct 2008 16:30:00 +0000

A college student who allegedly rigged a woman's laptop to snap nude photos through her webcam faces federal charges this week, and tops Threat Level's roundup of cybercrime in the federal courts.

The Commercialization of Anti Debugging Tactics in Malware

Mon, 29 Sep 2008 12:55:54 +0000

Commoditization or commercialization, Themida or Code Virtualizer, individually crypting or outsourcing to an experienced malware crypting service offering discounts on a volume basis next to detection rates of the crypted binary offered by a trusted online scanner that is NOT distributing the samples to the vendors? These are just some of the questions malware authors often ask themselves, while others distribute pirated copies of Code Virtualizer urging everyone to start taking advantage of commercial anti-reverse engineering tools to make their malware harder to analyze. Once again, just like we've seen before, a legitimate commercial application can come handy in the hands of the wrong people :

"Code Virtualizer will convert your original code (Intel x86 instructions) into Virtual Opcodes that will only be understood by an internal Virtual Machine. Those Virtual Opcodes and the Virtual Machine itself are unique for every protected application, avoiding a general attack over Code Virtualizer. Code Virtualizer can protect your sensitive code areas in any x32 and x64 native PE files (like executable files/EXEs, system services, DLLs , OCXs , ActiveX controls, screen savers and device drivers).

Code Virtualizer can generate multiple types of virtual machines with a different instruction set for each one. This means that a specific block of Intel x86 instructions can be converted into different instruction set for each machine, preventing an attacker from recognizing any generated virtual opcode after the transformation from x86 instructions. The following picture represents how a block of Intel x86 instructions is converted into different kinds of virtual opcodes, which could be emulated by different virtual machines.

When an attacker tries to decompile a block of code that was protected by Code Virtualizer, he will not find the original x86 instructions. Instead, he will find a completely new instruction set which is not recognized by him or any other special decompiler. This will force the attacker to go through the extremely hard work of identifying how each opcode is executed and how the specific virtual machine works for each protected application. Code Virtualizer totally obfuscates the execution of the virtual opcodes and the study of each unique virtual machine in order to prevent someone from studying how the virtual opcodes are executed."

With Cyber-as-a-Service business model becoming increasingly common, the entire quality assurance model in respect to malware is slowly maturing from individual malware crypting propositions, where the seller of the service is basically taking advantage of a diverse set of public/private tools, into DIY web services offering crypting discounts on a volume basis, and perhaps most importantly - improving the customer's experience by letting him take advantage of the inventory of crypting tools and bypassing verification services. Within the tool's inventory are naturally lots of (pirated) commercial anti-reverse engineering tools.

As we've seen before, whenever someone starts commercializing what used to be a self-selving process, others will either follow, or disintermediate their services by persistently releasing crypting tools for free in the wild. At the end of the day, it's all a matter of how serious they're about commercializing this market segment, and taking into consideration that a spamming vendor is offering malware crypting services "in between" the rest of the services in their portfolio, this underground cash cow is yet to prove itself in the long term.

Merged Banks' Names Already Cyber-squatted

Fri, 19 Sep 2008 06:08:38 +0000

Domain name speculators are already buying up names of recently merged banks, according to the BBC. In fact, names are being bought even in the speculation of sales. Earlier this week, as Lehman Brothers was failing and rumors circulated as to who might buy them, the names barclayslehman.com, hsbclehman.com, hsbclehmanbrothers.com and bofalehman.com were all reserved. The buyers are in the Netherlands and New York City, and one domain is registered anonymously. The same phenomenon is occurring in the U.K., where speculation surrounding the merger of Lloyds TSB with HBOS led someone to buy lloydstsbhbos.com and hboslloydstsb.com. Some of these domains include a notice that they are for sale. The person who bought bankofamericamerrilllynch.com went further, including a link to an eBay auction where the domain is for sale with a $1,500 reserve. About two days into the auction, no bids have been made. People who reserve domain names with clear trademarks in them routinely lose them in arbitration cases brought, under ICANN's Uniform Domain Name Dispute Resolution Policy, by the trademark holders.

Bill allows victims of identity theft to obtain restitution

Wed, 17 Sep 2008 19:28:07 +0000

Finally, criminals can be held responsible for the theft of our personal data.

clipped from www.eweek.com

Congress Approves Computer Fraud Bill

The bill amends the federal criminal code to expand
interstate and foreign jurisdiction for prosecution of computer fraud offenses
and imposes criminal and civil forfeitures of property used to commit computer
fraud offenses. In addition, the legislation makes it a felony to damage 10 or
more protected computers used by or for the federal government or a financial
institution.

The legislation also expands the federal definition of
cyber extortion to include a demand for money in relation to damage to a
protected computer, where such damage was caused to facilitate the extortion.
It also allows victims of identity theft to obtain restitution for time and
money spent to restore credit and imposes a fine and imprisonment for
installing spyware on a computer.

Copycat Web Malware Exploitation Kits are Faddish

Wed, 03 Sep 2008 03:18:08 +0000

For the cheap cybercriminals not wanting to invest a couple of thousand dollars into purchasing a cutting edge web malware exploitation kit -- a pirated copy of which they would ironically obtained several moths later -- with all the related and royalty free updates coming with it, there are always the copycat malware kits like this one offered for $100.

Taking into consideration the proprietary nature of some of the kits, the business model of malware kits was mostly relying on their exclusive nature next to the number, and diversity of the exploits included in order to improve the infection rate. This simplistic assumption on behalf of the coders totally ignored the possibility of their kits leaking to the general public, or copies of the kits ending up as a bargain in particular underground deal where the once highly exclusive kit was offered as a bonus.

"Me too" web malware kits were a faddish way to enjoy the popularity of web malware kits like MPack and Icepack and try to cash in on that popularity by coming up average kits lacking any significant differentiation factors in the process. But just like the original and proprietary kits, whose authors didn't envision the long term growth strategy of integrating different services into their propositions or the kits themselves, the authors of copycat malware kits didn't bother considering the lack of long-term growth strategy for their releases. Branding in respect to releasing a Firepack malware kit to compete with Icepack which was originally released to compete with Mpack, has failed to achieve the desired results as well.

And with malware kits now a commodity, and underground vendors excelling in a particular practice with the long term objective to vertically integrate in their area of expertise -- think spammers offering localization of messages into different languages and segmented email databases from a specific country -- would we witness the emergence of managed cybercrime services charging a premium for providing fresh dumps of credit card numbers, PayPal, Ebay accounts or whatever the buyer is requesting?

That may well be the case in the long term.

Related posts:
Web Based Botnet Command and Control Kit 2.0
DIY Botnet Kit Promising Eternal Updates
Pinch Vulnerable to Remotely Exploitable Flaw
The Zeus Crimeware Kit Vulnerable to Remotely Exploitable Flaw
The Small Pack Web Malware Exploitation Kit
Crimeware in the Middle - Zeus
The Nuclear Grabber Kit
The Apophis Kit
The FirePack Exploitation Kit Localized to Chinese
MPack and IcePack Localized to Chinese
The Icepack Exploitation Kit Localized to French
The FirePack Exploitation Kit - Part Two
The FirePack Web Malware Exploitation Kit
The WebAttacker in Action
Nuclear Malware Kit
The Random JS Malware Exploitation Kit
Metaphisher Malware Kit Spotted in the Wild
The Black Sun Bot
The Cyber Bot
Google Hacking for MPacks, Zunkers and WebAttackers
The IcePack Malware Kit in Action

Watch Out! Firing IT Workers Can Cost You

Wed, 27 Aug 2008 20:00:00 +0000

When IT employees are dismissed, watch out! A new survey by Cyber-Ark Software, a provider of identity management products, reports that theft of sensitive information by disgruntled former insiders is out of control.

Best Western Rebuts Claims of Massive Data Breach

Wed, 27 Aug 2008 09:45:00 +0000

Best Western International and the Sunday Herald newspaper of Scotland are duking it out over a story which reports that a hacker stole the records of 8 million customers from the hotel chain's global network in the "the greatest cyber-heist in world history." Best Western says 10 people were affected at one hotel.