Antivirus startup linked to infamous Chinese hacker ‘This may all be a strange coincidence or hoax,’ the reporter who discovered the link warned By Antone Gonsalves CSO – Anvisoft, a Chinese antivirus startup, has been linked to an infamous hacker suspected of developing sophisticated malware used to siphon sensitive information from Defense Department contractors in [...]
View full post on The Cyber Wars
Earlier this month, it was reported that a certain malware is infecting Mac OS X machines. The malware was identified as BackDoor.Flashback.39–a Trojan that targets an unpatched JavaScript codes (CVE-2011-3544, CVE-2008-5353 and CVE-2012-0507) vulnerabilities within Mac OS. More than 600,000 Macs were said to be infected by the persistent malware.
Apple released two security updates to resolve the issue and is working on an antidote that would eliminate the threat as well as hunt the Trojan author but pundits aren’t happy with how Apple is handling the situation. They want Apple to work faster, resolve the issue and make sure that nothing like this happens again. But the threat is persistent. And here’s why: there’s a new malware in town.
SabPubs
Security experts recently identified a new breed of backdoor Trojans, the Backdoor.OSX.SabPub.a which Kaspersky Lab Expert Costin Raiu recently proved is linked to Luckycat–a campaign that targeted industries and/or communities from aerospace, energy, engineering, shipping, military research, and Tibetan activists.
Aside from the fact that both are backdoor Trojans, what links the two is the command-and-control (CC) at IP 199.192.152.* used in both of them.
As a typical procedure when a threat is identified, security experts create a fake system and infect it with the malware so they can observe how it works. The first two days of observation were uneventful but the third day gave them quite a surprise.
“On the morning of Sunday April 15, the traffic generated by the CC changed,” Raiu explains. “The attackers took over the connection and started analysing our fake victim machine. They listed the contents of the root and home folders and even stole some of the goat documents we put in there!”
Raiu is confident in their conclusion that SabPub has a real attacker that manually checks the infected machines and extracts data from them.
“It connects to a control server using HTTP, receiving commands from remote hackers as to what it should do,” Sophos Senior Technology Consultant Graham Cluley noted. “The criminals behind the attack can grab screenshots from infected Macs, upload and download files, and execute commands remotely.”
It is believed that the SabPub was created back in February of this year and spread thru spear-phising. It was also reported that a second version of SabPub was found and believed to have been created last March. And this is the malware that uses the Java exploits to wreak havoc in Macs. Experts believe that there are more SabPub variations not yet found or will be released in the future.
Raiu also stated in one of his earlier posts that the attacks weren’t quickly identified as it was using ZelixKlassMaster, a flexible and quite powerful Java obfuscator to hide the attacks.
Article source: http://siliconangle.com/blog/2012/04/18/flashback-malware-mac-attacks-linked-to-luckycat-hacker-campaign/
View full post on National Cyber Security » Virus/Malware/Worms
The credit card giants tell banks that a third-party payment processor may have been breached, causing the loss of tens of thousands of card numbers.
View full post on SearchSecurity: Security Wire Daily News
View full post on National Cyber Security
The BBC says its Persian Service has been targeted by a sophisticated cyber-attack , being linked to other attacks on the channel which broadcasts to Iran.
View full post on cyber attack – Yahoo! News Search Results
View full post on National Cyber Security
The Federal Bureau of Investigation has raided a Chicago home in connection with an investigation of the LulzSec and Anonymous hacking groups.
View full post on cyber crime hacking – Yahoo! News Search Results
View full post on National Cyber Security » Computer Hacking
A former systems security adviser to Nortel Networks says he has no doubt that extensive cyber attacks on the technology company contributed to its downfall.
In an interview with the CBC’s As It Happens, Brian Shields, the former senior systems security adviser at Nortel, said spying by hackers allegedly based in China “absolutely” was a “considerable factor.”
“When they see what your business plans are, that’s a huge advantage. It’s unfair business practices that really bring down a company of this size,” Shields said.
Nortel is currently selling off assets in the wake of a 2009 bankruptcy filing.
Shields said both the Canadian and Chinese governments should investigate.
“Your government needs to step in and provide direct assistance with an expert team …[that will] help with the forensics.”
He insisted the hackers were based in China, something the Chinese government has rejected.
Yesterday, its embassy in Canada said “cyber attacks are transnational and anonymous. It is irresponsible to prejudge the origin of attacks without thorough investigation and hard evidence.”
The embassy added that China’s government “strictly prohibits” hacking and “stands ready to step up international co-operation in this field.”
“The Chinese government ought to go to that location and get those computers and work with the Canadian government to help solve what happened here,” he said.
Shields has alleged that Chinese hackers had unfettered access to the former telecommunications giant as far back as 2000, downloaded business plans, research and development reports, employee emails and other documents.
He maintains that Canadian companies — including Waterloo, Ont.-based Research in Motion — continue to be targets.
“Absolutely. Without a doubt. The questions you’ve got to ask is, is there something of value? Companies, for example, like RIM [are] a huge target. They ought to worry about this stuff. And anybody else that is in technology or oil exploration. This is economic espionage. It truly is.”
Corporate espionage is a growing problem for North American companies, with the majority of attacks coming from China.
Last November, a group of U.S. analysts said there were as many as 12 different Chinese groups participating in cyber attacks on U.S. companies and government agencies.
During BHP Billiton’s hostile takeover bid for Saskatchewan’s PotashCorp, hackers traced to China targeted Bay Street law firms and other companies to get insider information on the $38-billion corporate takeover.
Those same hackers also targeted Canadian government computers in fall 2010, targeting the Finance Department, the Treasury Board, and Defence Research and Development Canada, a civilian agency of the Department of National Defence.
“It’s very personal to me because I’m very sad-hearted about what happened to so many of my friends, to this once great Canadian company,” Shields told As it Happens.
“I was very proud to work there for so many years. I used to say it was the best job in the world.”
Article source: http://ca.news.yahoo.com/nortel-collapse-linked-hacking-attack-211534300.html
View full post on National Cyber Security
The FBI has arrested a hacker linked to Anonymous for a DDoS attack last year against Gene Simmons’ website. The 24-year-old Kevin George Poe was apprehended in Connecticut. He has reportedly been ordered to appear before a Los Angeles court on an as of yet unscheduled date.
“The arrest once again sheds light on the increasing amount of DDoS attacks by criminals and hacktivists that are sometime out for financial gain or just looking to make a political or ideological statement,” Mike Paquette, Chief Strategy Officer at Corero Network Security, tells WebProNews.
“Traditionally, DDoS attacks have consisted of massive floods of network packets that overwhelm a company’s bandwidth, routers, firewalls, switches and servers,” he says. “ In 2012, blue chip corporations, retailers, banks and government agencies can expect more sophisticated application layer attacks that cause a denial of service without filling up all of the available bandwidth.”
“In other words, they don’t require a large volume of traffic to have their effect,” Paquette continues. “So in essence the attackers will profile a company’s Web application and build botnet scripts that use ‘heavyweight’ application transactions to overload backend databases and other servers. Attacks using these scripts cause the targeted application to become unreachable, thus making the DDoS attack successful.”
While many of us may think about Simmons as a rock star, Simmons all about business. He talks about this all the time. Have you ever seen the insane amount of Kiss merchandise there is? Simmons himself is always pitching it.
The lesson for businesses is to improve your security.
“In 2012, IT administrators should update their business continuity plans and improve their overall security posture in preparation,” says Corero. “The negative impact of business and productivity losses makes it essential to be diligent in preparation.”
“When working with technology providers, organizations should make sure their DDoS Defense solutions are flexible, improving the likelihood they are able to accommodate future variations of DDoS attack techniques,” he says. “Being prepared, vigilant and ready to act fast will go a long way in thwarting the DDoS attacks of tomorrow.”
Article source: http://www.webpronews.com/gene-simmons-2011-12
View full post on National Cyber Security » Computer Hacking
Police are searching for the driver of a distinctive car in connection to the theft of credit cards from two different vehicles this week in Saline and subsequent credit card fraud.
View full post on credit card fraud – Yahoo! News Search Results
View full post on National Cyber Security
Apple did not immediately respond to an email requesting comment.
Discussing Carrier IQ software on Android devices, Graham
Cluley of the internet security firm Sophos said: “The
inability to opt-out or remove the software without informing the user is
extremely concerning.
“Combine that with all of the sensitive information the software is
designed to intercept and it raises far more questions about how this
software is being used.”
View full post on National Cyber Security » Spyware/ Cyber Snooping
Philippine police and the US Federal Bureau of Investigation (FBI) have arrested four people that Manila said were paid by a militant Saudi Arabian-based group to hack into U.S. telecom AT&T’s system, but the company said it was neither targeted nor breached.
View full post on cyber crime hacking – Yahoo! News Search Results
View full post on National Cyber Security » Computer Hacking