[SecurityRatty] tag: international

Summarizing Zero Day's Posts for August

Thu, 04 Sep 2008 03:40:10 +0000

Here's a concise summary of all of my posts at Zero Day for August. If interested, consider going through July's summary, subscribe yourself to my personal feed, or Zero Day's main feed, and stay informed.

Some of the notable articles are - Today's assignment : Coding an undetectable malware ; Coordinated Russia vs Georgia cyber attack in progress and Inside India's CAPTCHA solving economy.

01. Cuil's stance on privacy - "We have no idea who you are"
02. Phishers increasingly scamming other phishers
03. Today's assignment : Coding an undetectable malware
04. Consumer Reports urges Mac users to dump Safari, cites lack of phishing protection
05. Fake CNN news items malware campaign spreading rapidly
06. CNET's Clientside developer blog serving Adobe Flash exploits
07. Coordinated Russia vs Georgia cyber attack in progress
08. Researcher discovers Nokia S40 security vulnerabilities, demands 20,000 euros to release details
09. Intel proactively fixes security flaws in its chips
10. 1.5m spam emails sent from compromised University accounts
11. Fortune 500 companies use of email spoofing countermeasures declining
12. China busts hacking ring, managed to penetrate 10 gov't databases
13. Scammers caught backdooring chip and PIN terminals
14. SpamZa - opt in spamming service fighting to remain online
15. FEMA's PBX network hacked, over 400 calls made to the Middle East
16. Typosquatting the U.S presidential election - a security risk?
17. Hundreds of Dutch web sites hacked by Islamic hackers
18. Twitter's "me too" anti-spam strategy
19. Malware detected at the International Space Station
20. Taiwan busts hacking ring, 50 million personal records compromised
21. MSN Norway serving Flash exploits through malvertising
22. Inside India's CAPTCHA solving economy

Malware Infects Space Station Laptop

Mon, 01 Sep 2008 03:33:24 +0000

NASA has confirmed that malware has managed to get aboard the International Space Station and that it's not the first time a worm has been discovered on space station computers.

Exposing Indias CAPTCHA Solving Economy

Fri, 29 Aug 2008 13:03:37 +0000

"Are you a Human?" - once asked the CAPTCHA, and the question got answered by, well, a human, thousands of them to be precise. Speculations around one of the main weaknesses of CAPTCHA based authentication in the face of human CAPTCHA solvers, seems to have evolved into a booming economy in India during the past 12 months, with thousands of people involved.

The following article - "Inside India’s CAPTCHA solving economy" aims to expose legitimate data entry workers, whose business models and techniques are in fact used by Russian cybercriminals not only for personal phishing, spamming and malware spreading purposes, but also, to resell the bogus accounts and earn a premium in the process :

"No CAPTCHA can survive a human that’s receiving financial incentives for solving it, and with an army of low-wagedIndia CAPTCHA breakers human CAPTCHA solvers officially in the business of “data processing” while earning a mere $2 for solving a thousand CAPTCHA’s, I’m already starting to see evidence of consolidation between India’s major CAPTCHA solving companies. The consolidation logically leading to increased bargaining power, is resulting in an international franchising model recruiting data processing workers empowered with do-it-yourself CAPTCHA syndication web based kits, API keys, and thousands of proxies to make their work easier, and the process more efficient."

Cybercrime is just as outsourceable as CAPTCHA breaking is these days.

Related posts:
The Unbreakable CAPTCHA
Spam coming from free email providers increasing
Gmail, Yahoo and Hotmail’s CAPTCHA broken by spammers
Microsoft’s CAPTCHA successfully broken
Vladuz's Ebay CAPTCHA Populator
Spammers and Phishers Breaking CAPTCHAs
DIY CAPTCHA Breaking Service
Which CAPTCHA Do You Want to Decode Today?

Fake Security Software Domains Serving Exploits

Thu, 28 Aug 2008 02:41:10 +0000

Psychological imagination, "think cybercriminals" mentality or scenario building intelligence, seem to always produce the results they are supposed to. On Monday, I pointed out that :

"Ironically, the participant in the affiliate program whose original objective was to drive traffic to the fake security software's site, may in fact start receiving so much traffic due to the combination of traffic acquisition tactics, that introducing client-side exploits courtesy of a third-party affiliate network, may in fact prove more profitable then the revenue sharing partnership with the rogue security software's vendor at the first place."

The next day, client-side exploits start getting introduced "in between" the fake security software sites :

"I've blogged before about the problem of Google Adwords pushing Antivirus XP Antivirus 2008. The situation is still ongoing. However, it's taken a turn for the worse, as these XP Antivirus pages are pushing exploits to install malware on the users system. This will also affect the many syndicators of Google Adwords."

The domain in question bestantivirus2009.com - (68.180.151.21) is hosting the binary at bestantivirus2009 .com/setup_1096_MTYwM3wzNXww_.exe and has an IFRAME pointing to huytegygle .com/index.php (200.46.83.246).

Here's another example antivirus0003.net with an IFRAME pointing to a different location - 124.217.250.85 /~ave/etc/count.php?o=16.

Despite that these domains are part of the "International Virus Research Lab" fake domains portfolio, it remains to be seen whether others will start multitasking as well.

Computer Worm Infects International Space Station Laptops

Wed, 27 Aug 2008 12:10:19 +0000

NASA has confirmed that a computer worm that steals passwords managed to finds its way into laptops aboard the International Space Station. It is not the first time a NASA computer has become infected. SpaceReg.com identified the infection as W32.TGammima.AG, a worm that spreads by copying itself to removable media devices. Once in place, it steals [...]

Best Western Rebuts Claims of Massive Data Breach

Wed, 27 Aug 2008 09:45:00 +0000

Best Western International and the Sunday Herald newspaper of Scotland are duking it out over a story which reports that a hacker stole the records of 8 million customers from the hotel chain's global network in the "the greatest cyber-heist in world history." Best Western says 10 people were affected at one hotel.

Virus Infects the Space Station

Wed, 27 Aug 2008 09:27:27 +0000

Laptops aboard the International Space Station have been infected with the W32.Gammima.AG worm. And it's not the first time this sort of thing has happened.

Malware infects space station laptops

Wed, 27 Aug 2008 09:00:00 +0000

Malware has managed to get onto the International Space Station, NASA confirmed today. And it's not the first time that a worm or virus has made it into space.

NASA infected with W32.TGammima.AG

Wed, 27 Aug 2008 08:26:18 +0000

A computer worm that ferrets out passwords managed to stow away on laptops aboard the International Space Station, NASA has confirmed. It is not the first time a NASA computer has become infected.

Doctoring Photographs without Photoshop

Wed, 27 Aug 2008 03:27:27 +0000

It's all about the captions:

...doctored photographs are the least of our worries. If you want to trick someone with a photograph, there are lots of easy ways to do it. You don't need Photoshop. You don't need sophisticated digital photo-manipulation. You don't need a computer. All you need to do is change the caption.
The photographs presented by Colin Powell at the United Nations in 2003 provide several examples. Photographs that were used to justify a war. And yet, the actual photographs are low-res, muddy aerial surveillance photographs of buildings and vehicles on the ground in Iraq. I'm not an aerial intelligence expert. I could be looking at anything. It is the labels, the captions, and the surrounding text that turn the images from one thing into another. Photographs presented by Colin Powell at the United Nations in 2003.

Powell was arguing that the Iraqis were doing something wrong, knew they were doing something wrong, and were trying to cover their tracks. Later, it was revealed that the captions were wrong. There was no evidence of chemical weapons and no evidence of concealment. Morris's mockery of the sweeping interpretations made in Powell's photographs.

There is a larger point. I don't know what these buildings were really used for. I don't know whether they were used for chemical weapons at one time, and then transformed into something relatively innocuous, in order to hide the reality of what was going on from weapons inspectors. But I do know that the yellow captions influence how we see the pictures. "Chemical Munitions Bunker" is different from "Empty Warehouse" which is different from "International House of Pancakes." The image remains the same but we see it differently.

Change the yellow labels, change the caption and you change the meaning of the photographs. You don't need Photoshop. That's the disturbing part. Captions do the heavy lifting as far as deception is concerned. The pictures merely provide the window-dressing. The unending series of errors engendered by falsely captioned photographs are rarely remarked on.