'Kill Zeus' removes rival software from PCs, giving Spy Eye access to usernames, passwords
IDG News Service - An upstart Trojan horse program has decided to take on its much-larger rival by stealing data and then removing the malicious program from infected computers.
Security researchers say that the relatively unknown [Spy Eye toolkit] added this functionality just a few days ago in a bid to displace its larger rival, known as Zeus.
The feature, called "Kill Zeus," apparently removes the Zeus software from the victim's PC, giving Spy Eye exclusive access to usernames and passwords.
Zeus and Spy Eye are both Trojan-making toolkits, designed to give criminals an easy way to set up their own "botnet" networks of password-stealing programs. These programs emerged as a major problem in 2009, with the U.S. Federal Bureau of Investigation estimating last October that they have caused $100 million in losses.
Trojans such as Zeus and Spy Eye steal online banking credentials. This information is then used to empty bank accounts by transferring funds to so-called money mules -- U.S. residents with bank accounts -- who then move the cash out of the country.
Sensing an opportunity, a number of similar Trojans have emerged recently, including Filon, Clod and [Bugat], which was discovered just last month.
Spy Eye popped up in Russian cybercrime forums in December, according to Symantec Senior Research Manager Ben Greenbaum.
With its "Kill Zeus" option, Spy Eye is the most aggressive crimeware, however. The software can also steal data as it is transferred back to a Zeus command-and-control server, said Kevin Stevens, a researcher with SecureWorks. "This author knows that Zeus has a pretty good market, and he's looking to cut in," he said.
Turf wars are nothing new to cybercriminals. Two years ago a malicious program called Storm Worm began attacking servers controlled by a rival known as Srizbi. And a few years before that, the authors of the Netsky worm programmed their software to remove rival programs Bagle and MyDoom.
Spy Eye sells for about $500 on the black market, about one-fifth the price of premium versions of Zeus. To date, it has not been spotted on many PCs, however.
Still, the Trojan is being developed quickly and has a growing list of features, Greenbaum said. It can, for example, steal cached password information that is automatically filled in by the browser, and back itself up via e-mail. "This is interesting in its potential, but it's not currently a widespread threat at all," he said.
By Robert McMillan
http://www.computerworld.com
Thursday 11 February 2010
Wednesday 10 February 2010
Facebook ‘Cash Scam’ Continues to Grow Even Bigger
Over the past few years social networking sites such as Facebook and Twitter have given unprecedented access to people’s private lives. More and more personal information is revealed through photos, status updates and conversations that are all being documented online. Last week, the Serious Fraud Office of London (SFO) warned that Facebook and Twitter are being used to harvest users’ personal financial details,
“The public should be aware of the predatory nature of fraudsters and be careful about revealing personal information on social-networking sites, as this has become a primary method of harvesting information and targeting victims,” SFO said.
In a joint venture between London police and Financial Services Authority, over 10,000 people were notified that their names were on a “master list” that contained a range of personal information, that might include: names, address, phone number, place of business, income and relationship status. While this is the only reported list, it’s quite possible thousands more were already victims of this latest cash scam.
Facebook users may not mention all that personal information on their Facebook page, however, they may have it listed on a combination of networking sites. For example, a Facebook user will list their name and location along with photos on Facebook. The scammer can take that information and then look you up on LinkedIn and Twitter to find out your personal website, job, position, average income, number of years employed, education level and parlay all that information into a “cash scam.”
Fraudsters are using this information to set up “boiler rooms” and contact people on this master list. Boilers rooms look to employ high pressure sales tactics to push unwanted, over priced, or sometimes non-existent stock to unsuspecting buyers. Boiler rooms are nothing new, but using Facebook to gather leads and target people is becoming a serious problem.
The FSA is clearly trying to stay ahead of the scam, “By writing to people now, we can raise awareness of this type of fraud and help protect people from losing money to these criminals,” FSA said. While multiple efforts are being taken to stop these criminals, these cash scam continue to grow and more boiler rooms continue to operate off shore. It’s up to the individual to be aware of such fraud and report any phone calls that you suspect could be criminal.
In the mean time, keep your friends close, your Facebook account closed to outsiders, and don’t allow just anyone to view your personal details on your Facebook page.
posted by Mr.404
Wednesday 3 February 2010
Census of Files Available via BitTorrent
BitTorrent is popular because it lets anyone distribute large files at low cost. Which kinds of files are available on BitTorrent? Sauhard Sahi, a Princeton senior, decided to find out. Sauhard's independent work last semester, under my supervision, set out to measure what was available on BitTorrent. This post, summarizing his results, was co-written by Sauhard and me.
Sauhard chose a (uniform) random sample of files available via the trackerless variant of BitTorrent, using the Mainline DHT. The sample comprised 1021 files. He classified the files in the sample by file type, language, and apparent copyright status.
Before describing the results, we need to offer two caveats. First, the results apply only to the Mainline trackerless BitTorrent system that we surveyed. Other parts of the BitTorrent ecosystem might be different. Second, all files that were available were equally likely to appear in the sample -- the sample was not weighted by number of downloads, and it probably contains files that were never downloaded at all. So we can't say anything about the characteristics of BitTorrent downloads, or even of files that are downloaded via BitTorrent, only about files that are available on BitTorrent.
With that out of the way, here's what Sauhard found.
File types
46% movies and shows (non-pornographic)
14% games and software
14% pornography
10% music
1% books and guides
1% images
14% could not classify
Movies/Shows
For the movies and shows category, the predominant file format was AVI, and other formats included RMVB (a proprietary format for RealPlayer), MPEG, raw DVD, and some multi-part RAR archives. Interestingly, this section was heavily biased towards recent movies, instead of being spread out evenly over a number of years. In descending order of frequency, we found that 60% of the randomly selected movies and shows were in English, 8% were in Spanish, 7% were in Russian, 5% were in Polish, 5% were in Japanese, 4% were in Chinese, 4% could not be determined, 3% were in French, 1% were in Italian, and other infrequent languages accounted for 2% of the distribution.
Games/Software
For the games and software category, there was no clearly dominant file type, but common file types for software included ISO disc images, multi-part RAR archives, and EXE (Windows executables). The games were targeted for running on different architectures, such as the XBOX 360, Nintendo Wii, and Windows PC’s. In descending order, we found that 74% of games and software in the sample were in English, 12% were in Japanese, 5% were in Spanish, 4% were in Chinese, 2% were in Polish, and 1% were in Russian and French each.
Pornography
For the pornography category, the predominant encoding format was AVI, similar to the movies category. However, there were significantly more MPG and WMV (Windows Media Video) files available. Also, most pornography torrents included the full pornographic video, a sample of the video (a 1-5 minute extract of the video), as well as posters or images of the porn stars in JPEG format. Also, as these videos are not typically dated like movies are, it is difficult to make any remarks regarding the recency bias for pornographic torrents. Our assumption would be that demand for pornography is not as time-sensitive as demand for movies, so it is likely that these pornographic videos constitute a broader spectrum of time than the movies do. In descending order, we found that 53% of pornography in our sample was in English, 16% was in Chinese, 15% was in Japanese, 6% was in Russian, 3% was in German, 2% was in French, 2% was unclassifiable, and Italian, Hindi, and Spanish appeared infrequently (1% each).
Music
For the music category, the predominant encoding format for music was MP3, there were some albums ripped to WMA (Windows Media Audio, a Microsoft codec), and there were also ISO images and multi-part RAR archives. There is still a bias towards recent albums and songs, but it is not as strongly evident as it is for movies—perhaps because people are more willing to continue seeding music even after it is no longer new, so these torrents are able to stay alive longer in the DHT. In descending order, we found that 78% of music torrents in our sample were in English, 6% were in Russian, 4% were in Spanish, 2% were in Japanese and Chinese each, and other infrequent languages appeared 1% each.
Books/Guides
The books/guides and images categories were fairly minor. We classified 15 torrents under books and guides—13 were in English, 1 was in French, and 1 was in Russian. We classified 3 image torrents—one was a set of national park wallpapers, one was a set of pictures of BMW cars (both of these are English), and one was a Japanese comic strip.
Apparent Copyright Infringement
Our final assessment involved determining whether or not each file seemed likely to be copyright-infringing. We classified a file as likely non-infringing if it appeared to be (1) in the public domain, (2) freely available through legitimate channels, or (3) user-generated content. These were judgment calls on our part, based on the contents of the files, together with some external research.
By this definition, all of the 476 movies or TV shows in the sample were found to be likely infringing. We found seven of the 148 files in the games and software category to be likely non-infringing—including two Linux distributions, free plug-in packs for games, as well as free and beta software. In the pornography category, one of the 145 files claimed to be an amateur video, and we gave it the benefit of the doubt as likely non-infringing. All of the 98 music torrents were likely infringing. Two of the fifteen files in the books/guides category seemed to be likely non-infringing.
Overall, we classified ten of the 1021 files, or approximately 1%, as likely non-infringing, This result should be interpreted with caution, as we may have missed some non-infringing files, and our sample is of files available, not files actually downloaded. Still, the result suggests strongly that copyright infringement is widespread among BitTorrent users.
Sauhard chose a (uniform) random sample of files available via the trackerless variant of BitTorrent, using the Mainline DHT. The sample comprised 1021 files. He classified the files in the sample by file type, language, and apparent copyright status.
Before describing the results, we need to offer two caveats. First, the results apply only to the Mainline trackerless BitTorrent system that we surveyed. Other parts of the BitTorrent ecosystem might be different. Second, all files that were available were equally likely to appear in the sample -- the sample was not weighted by number of downloads, and it probably contains files that were never downloaded at all. So we can't say anything about the characteristics of BitTorrent downloads, or even of files that are downloaded via BitTorrent, only about files that are available on BitTorrent.
With that out of the way, here's what Sauhard found.
File types
46% movies and shows (non-pornographic)
14% games and software
14% pornography
10% music
1% books and guides
1% images
14% could not classify
Movies/Shows
For the movies and shows category, the predominant file format was AVI, and other formats included RMVB (a proprietary format for RealPlayer), MPEG, raw DVD, and some multi-part RAR archives. Interestingly, this section was heavily biased towards recent movies, instead of being spread out evenly over a number of years. In descending order of frequency, we found that 60% of the randomly selected movies and shows were in English, 8% were in Spanish, 7% were in Russian, 5% were in Polish, 5% were in Japanese, 4% were in Chinese, 4% could not be determined, 3% were in French, 1% were in Italian, and other infrequent languages accounted for 2% of the distribution.
Games/Software
For the games and software category, there was no clearly dominant file type, but common file types for software included ISO disc images, multi-part RAR archives, and EXE (Windows executables). The games were targeted for running on different architectures, such as the XBOX 360, Nintendo Wii, and Windows PC’s. In descending order, we found that 74% of games and software in the sample were in English, 12% were in Japanese, 5% were in Spanish, 4% were in Chinese, 2% were in Polish, and 1% were in Russian and French each.
Pornography
For the pornography category, the predominant encoding format was AVI, similar to the movies category. However, there were significantly more MPG and WMV (Windows Media Video) files available. Also, most pornography torrents included the full pornographic video, a sample of the video (a 1-5 minute extract of the video), as well as posters or images of the porn stars in JPEG format. Also, as these videos are not typically dated like movies are, it is difficult to make any remarks regarding the recency bias for pornographic torrents. Our assumption would be that demand for pornography is not as time-sensitive as demand for movies, so it is likely that these pornographic videos constitute a broader spectrum of time than the movies do. In descending order, we found that 53% of pornography in our sample was in English, 16% was in Chinese, 15% was in Japanese, 6% was in Russian, 3% was in German, 2% was in French, 2% was unclassifiable, and Italian, Hindi, and Spanish appeared infrequently (1% each).
Music
For the music category, the predominant encoding format for music was MP3, there were some albums ripped to WMA (Windows Media Audio, a Microsoft codec), and there were also ISO images and multi-part RAR archives. There is still a bias towards recent albums and songs, but it is not as strongly evident as it is for movies—perhaps because people are more willing to continue seeding music even after it is no longer new, so these torrents are able to stay alive longer in the DHT. In descending order, we found that 78% of music torrents in our sample were in English, 6% were in Russian, 4% were in Spanish, 2% were in Japanese and Chinese each, and other infrequent languages appeared 1% each.
Books/Guides
The books/guides and images categories were fairly minor. We classified 15 torrents under books and guides—13 were in English, 1 was in French, and 1 was in Russian. We classified 3 image torrents—one was a set of national park wallpapers, one was a set of pictures of BMW cars (both of these are English), and one was a Japanese comic strip.
Apparent Copyright Infringement
Our final assessment involved determining whether or not each file seemed likely to be copyright-infringing. We classified a file as likely non-infringing if it appeared to be (1) in the public domain, (2) freely available through legitimate channels, or (3) user-generated content. These were judgment calls on our part, based on the contents of the files, together with some external research.
By this definition, all of the 476 movies or TV shows in the sample were found to be likely infringing. We found seven of the 148 files in the games and software category to be likely non-infringing—including two Linux distributions, free plug-in packs for games, as well as free and beta software. In the pornography category, one of the 145 files claimed to be an amateur video, and we gave it the benefit of the doubt as likely non-infringing. All of the 98 music torrents were likely infringing. Two of the fifteen files in the books/guides category seemed to be likely non-infringing.
Overall, we classified ten of the 1021 files, or approximately 1%, as likely non-infringing, This result should be interpreted with caution, as we may have missed some non-infringing files, and our sample is of files available, not files actually downloaded. Still, the result suggests strongly that copyright infringement is widespread among BitTorrent users.
Tuesday 2 February 2010
One in four children sent pornography, says surveyOne in four children have sent or been sent inappropriate material including pornography via email,
Photo: GETTY
One in four children have sent or been sent inappropriate material including pornography via email, according to a survey.
The research also found that one in 20 children, aged between six and 15, had communicated with a stranger via webcam and one in 50 have actually met a stranger they first contacted online.
The report, which surveyed 500 children, found that many children are getting away with behaviour online that they wouldn’t get away with in the real world, largely because of their parents’ lack of understanding and awareness of their internet habits and of safety precautions.
More than six out of 10 children (62 per cent) said they lie to parents about what they have been looking at online and over half (53 per cent) delete the history on their web browser so their parents can’t see what they have been looking at.
The survey, by TalkTalk, the broadband provider, also found that and one in nine (11 per cent) have either bullied someone online or been bullied online themselves.
In December, the Government announced that every primary schoolchild in the country will be taught about the dangers of the internet and how to safely surf online.
The “Click Clever, Click Safe’ campaign comes in response to a report by Prof Tanya Byron, the child psychologist and broadcaster, who was asked by the Government to consider how to protect children online.
Prof Tanya Byron, who oversaw the TalkTalk research, said: “It’s crucial that parents educate themselves about what’s going on online and what their kids are doing there.”
By Urmee Khan, Digital and Media Correspondent
A story in yesterday's London Sunday Times that will not amuse the Chinese government says that the UK security service MI5 is claiming that undercover intelligence officers from the Chinese People’s Liberation Army and the Ministry of Public Security have approached UK businessmen at trade fairs and exhibitions with the offer of "lavish gifts" such as cameras and not so lavish gifts such as memory sticks that contain malware meant to remotely access their computers.
The Times says that the information is in a 14-page MI5 document it has seen. According to the Times, the document states that the Chinese government "represents one of the most significant espionage threats to the UK," and that, "Any UK company might be at risk if it holds information which would benefit the Chinese."
The Times also says that the Chinese are also targeting UK businessmen the good old fashion way as well - i.e., through offers of sex and money.
Accepting free memory sticks at trade fairs - international or otherwise - is pretty dumb, and I am surprised that companies at trade fairs even offer them any more because of the obvious risk. You may recall that a few years ago, thumb drives with malicious code were found lying around the US Department of Justice just waiting for some curious person to plug them into the DOJ's network.
I suppose that some people just can't pass up something that is "free."
POSTED BY: Robert Charette
http://spectrum.ieee.org/
Subscribe to:
Posts (Atom)