[SecurityRatty] tag: ebooks

Happy Birthday Freebies from the Belgian Security Network

Thu, 13 Nov 2008 09:45:24 +0000

Happy birthday Belsec!

It looks like the Belgian Security bloggers’ network is just a year old, and in celebration, its bloggers are providing links to free stuff online — check out the following:

60+ freeware programs

Hundreds of eBooks

Fun videos and other stuff

Summarizing June's Threatscape

Tue, 01 Jul 2008 03:05:01 +0000

June's threatscape that I'll summarize in this post based on all the research conducted during the month, was a very vibrant one. With the return of GPcode, a remotely exploitable flaw in the Zeus crimeware kit allowing both, researchers and malicious parties to assess the severity of a particular banker malware campaign, the increasing use of malicious doorways next to ICANN and IANA's DNS hijacking, all speak for themselves and how diverse the threats and, of course, the abilities to maintain a decent situatiational awareness about what's going on have become.

01. U.K's Crime Reduction Portal Hosting Phishing Pages - nothing new here since vulnerable sites are to be "remotely file included" and SQL injected to locally host anything on behalf of a malicious party. Risk and responsibility forwarding is one thing, but having a crime reduction portal hosting phishing pages is entirely another. The phishing pages was shut down in less than 12 hours upon notification

02. Price Discrimination in the Market for Stolen Credit Cards - Tracking down "yet another stolen credit cards for sale" service in the wild, the price discremination that they applied greatly reflects the current lack of transpararency for a potential buyer of stolen credit cards, and how higher profit margins are driving the entire business model. With script kiddies running their own botnets and undermining the sophisticated botnet master's high profit margin business model by undercutting their prices, stolen credit cards are not what they used to be - an exclussive good. Nowadays, they are a commodity good and often a bargain

03. Blackhat SEO Redirects to Malware and Rogue Software - Sampling an active blackhat SEO campaign out of the hundreds of thousands currently active online, releaved a large portfolio of domains serving Zlob variants by pitching them as fake codecs that the end user should download if they are to view the non existent adult content at the sites. Where's the OSINT mean? It's in the fact that the codecs and the fake security software phone back to UkrTeleGroup Ltd's network

04. Using Market Forces to Disrupt Botnets - With the current oversupply of malware infected hosts, and botnet masters embracing the services model for anything malicious, in this post I discussed the radical security approach of puchasing already infected malware hosts on a per country basis, disinfecting them and forcing them to update all the software on the infected PCs. Of course, on an opt-in basis. The possibility to directly provide incentives for botnet hunters to shut down whatever they come across to on a daily basis, and that's a lot of botnets, is also there

05. Who's Behind the GPcode Ransomware? - The title speaks for itself, the research with enough actionable intelligence gathered in the shortest timeframe possible is already proving accurate and highly valuable. How come? Stay tuned for more developments

06. ImageShack Typosquatted to Serve Malware - In a rare instance of a creative attack combining typosquatting in order to impersonate ImageShack and serve malware by redirecting users to an image file that is actually forwarding to the binary, I was recently tipped by the folks at TrendMicro who are also following this that the site is up and running again. Not for long

07. Fake YouTube Site Serving Flash Exploits - Next to using the usual set of exploits courtesy of a commodity web malware exploitation kit, this campaign was also using flash exploits. Even more interesting is the fact that the password stealer obtained was attempting to phone back to a misconfigured malware command and control interface, basically allowing you to assess the campaign from the eyes of the "campaigner"

08. Monetizing Web Site Defacements - Web site defacements are getting monetized just like SQL injections are in order to locally host a blackhat search engine optimization campaign on a vulnerable site with a high page rank. In this post I've assessed such monetization courtesy of a web site defacer at The Africa Middle Market Fund

09. Malicious Doorways Redirecting to Malware - Yet another large domains portfolio exposed though a malicious doorway redirecting to fake porn and video sites serving Zlob variants, tracking down the initial spamming of the malicious doorways across multiple vulnerable forums and guestbooks

10. The Zeus Crimeware Kit Vulnerable to Remotely Exploitable Flaw - When cyber criminals get advised to patch their vulnerable versons of the Zeus Crimeware Kit, you know there's a monoculture in the crimeware market. This flaw released publicly in May, 2008, not just allows others to hijack someone's ebanking botnet, but also, vendors and researchers to better assess a vulnerable Zeus command and control location

11. Fake Celebrity Video Sites Serving Malware - When templates for fake video and adult sites are just as available as they are now, anyone can take advantage of this cheap social engineering track that seems to work just fine. Compared to relying on blackhat search optimization to acquire traffic, some of the campaigns were SQL injected at vulnerable sites in order to drive traffic to them, next to several other tactics which when combined can result in a lot of people unknowingly visiting the sites

12. Phishing Campaign Spreading Across Facebook - An internal phishing campaign was circulating across Facebook, which got taken care of thanks to coordinated efforts with Facebook's security folks. There's also an indicating tha they are currently typosquatting other social networking sites like Hi5 for instance

13. Underground Multitasking in Action - As a firm believed in taking a random sample for a particular threat segment, this was once of these cases confirming the confidence I've built into anticipating upcoming tactics and strategies to be used

14. An Update to Photobucket's DNS Hijacking - Despite that Photobucket didn't oficially acknowledge the DNS hijacking, the hosting provider the NetDevilz hacking team used issued a statement. Ironically, the Turkish hacking group used the same provider weeks later to redirect ICANN and IANA's domains to Atspace.com

15. Fake Porn Sites Serving Malware - Among the largest domains portfolio of malware serving porn sites I've exposed in a while, all of them naturally remain active since they are hosted on a partition of RBN's diverse network. Visualizing a malicious doorway or the entire ecosystem provides a better understanding at how structured the ecosystems are

16. Backdoording Cyber Jihadist Ebooks for Surveillance Purposes - Despite that in this case we have a cyber jihadist backdoording his own released books, the international intelligence community next to law enforcement are known to have expressed interest in backdooring suspect's PCs, so why not SQL inject the cyber jihadist forums themselves?
17. Right Wing Israeli Hackers Deface Hamas's Site - When you read that Hamas's site is hacked, you ask yourself the following, do they even have a web site that's up the running? The answer to which would be the fact that even Hezbollah has been maintaining an Internet infrastructure since 1998
18. ICANN and IANA's Domain Names Hijacked by the NetDevilz Hacking Group - A fact is a fact, no comment here, go through all the technical details of the hijacking, including some actionable intelligence on who's behind the hijacking
19. The Malicious ISPs You Rarely See in Any Report - Who's tolerating malicious activities on their network, and how is the RBN related to all this? Well, when combined, the tiny parts of these ISPs represent a tiny part of the Russian Business Network itself

Backdoording Cyber Jihadist Ebooks for Surveillance Purposes

Wed, 25 Jun 2008 13:06:38 +0000

It appears that cyber jihadists are striking back at the academic and intelligence community, by binding their propaganda Ebooks with malware, then distributing them across different forums, thanks to a recently analyzed Ebook entitled "The Al-Qaeda network's timely entrance in Palestine" distributed by the Global Islamic Media Front - hat tip to Warintel.

If it were posted by a newly joined forum member, it would have logically raises the suspicion that it's in fact intelligence agencies spreading malware infected Ebooks around cyber jihadist forums, but it's since this one in particular is being distributed by what looks like a hardcore cyber jihadist, it brings the discussion to a whole new level.

What are they trying to achive? Abuse the already established trust of their readers and cyber jihadist supporters in order to snoop on their Internet activities, or it's the academic and intelligence community they are trying to monitor? In times when botnets can be rented and created on demand, they seem to be more interested in infecting their enemies. Moreover, I suspect that prior to the forum posting, private messages and emails were automatically sent to notify members whose number of posts at the forum greate outpace those of average observers, perhaps the target in such an attack.

The malware is detected by 9 out of 33 antivirus scanners as Trojan.Midgare.gra. Consider reading a previous post on "Terror on the Internet - Conflict of Interest" as well as through the related posts summarizing all the cyber jihadist research I've conducted so far.

Combating Unrestricted Warfare

Sat, 15 Dec 2007 06:08:23 +0000

It's February, 1999, and two senior colonels from China's PLA, namely Qiao Liang and Wang Xiangsui depressed the world's military thinkers by coming up with a study on the future developments and potential of asymmetric warfare in a surprising move next to the overall discussion always orbiting around symmetric warfare. The study itself entitled "Unconventional Warfare" is an ugly combination of Sun Tzu's 3D perspective on warfare in combination with guerilla approaches to achieve one of Sun Tzu's most insightful quotes - "One hundred victories in one hundred battles is not the most skillful. Seizing the enemy without fighting is the most skillful." Here's a summary of the study :

"Two senior PLA Air Force colonels wrote "Unrestricted Warfare", presented here in summary translation, to explore how technology innovation is setting off a revolution in military tactics, strategy and organization. "Unrestricted Warfare" discusses new types of warfare which may be conducted by civilians as well as by soldiers including computer hacker attacks, trade wars and finance wars."

During the years, and especially since 9/11, the tipping point acting as the wake up call that asymmetric warfare is also getting embraced by the bad guys, many other niche research papers were published in the context of information warfare and cyber warfare such as :

Chinese Information Warfare: A Phantom Menace or Emerging Threat?

Information Warfare: Its Application in Military and Civilian Contexts

The Spectrum of Cyber Conflict From Hacking to Information Warfare

Globalization and Asymmetrical Warfare

Cyber Warfare: An Analysis of the Means and Motivations of Selected Nation States

Each of these is a visionary reading by itself, but perhaps it was the need for setting a new milestone into such warfare thinking that prompted the public release of the Unrestricted Warfare Symposium Proceedings Book in 2006 and in 2007. An excerpt from the introduction of the 2006 edition :

"To compensate for their weaker military forces, these actors will employ a multitude of means, both military and nonmilitary, to strike out during times of conflict. The first rule of unrestricted warfare is that there are no rules; no measure is forbidden. It involves multidimensional, asymmetric attacks on almost every aspect of the adversary’s social, economic, and political life. Unrestricted warfare employs surprise and deception and uses both civilian technology and military weapons to break the opponent’s will."

Moreover, the 2007 edition is covering in-depth such popular asymmetric threats posed by jihadists (pages 135/143) debunking the use of WMD as a priority, and the cyber dimension (pages 251/297) with some remarkable analogies post Cold-War strategies applied to modern digital threats :

"Technology alone is never going to solve the IA problem. We have no informed national defensive strategy in this area. The situation is starting to change and improve, in large part because visionaries like General Cartwright are in key slots. But we do not have a lot of time. The intelligence community is not sufficiently engaged in conducting, analyzing, and reporting those issues. During the Cold War, we analyzed Soviet capabilities exhaustively. We did everything possible to understand our adversary and manage that gap. We need to do the same thing today. The bottom line is that it is dangerous to underestimate the capabilities of our adversaries. They do whatever it takes to win. Good adversaries know our strengths and weaknesses. They develop surprising partners that sometimes do not even know they are partners—they will give someone an honorarium to talk at a conference and ask that person for information on associates. They play by a different set of rules. They see offense as a systems problem, while our defense is fragmented."

All of these reports and Ebooks are highly recomended bedtime reading, and so is the last but not least one, namely "Victory in Cyberspace" released October, 2007. Besides generalizing cyberspace war activities, it includes a comprehensive summary of the events that took place in Estonia during the DDoS attacks.

Related posts:

People's Information Warfare Concept

China's Cyber Espionage Ambitions

North Korea's Cyber Warfare Unit 121

Chinese Hackers Attacking U.S Department of Defense Networks

Electronic Jihad v3.0 - What Cyber Jihad Isn't

Electronic Jihad's Targets List

Teaching Cyber Jihadists How to Hack

Empowering the Script Kiddies

OSINT Through Botnets

Corporate Espionage Through Botnets

Overperforming Turkish Hacktivists