'Kill Zeus' removes rival software from PCs, giving Spy Eye access to usernames, passwords
IDG News Service - An upstart Trojan horse program has decided to take on its much-larger rival by stealing data and then removing the malicious program from infected computers.
Security researchers say that the relatively unknown [Spy Eye toolkit] added this functionality just a few days ago in a bid to displace its larger rival, known as Zeus.
The feature, called "Kill Zeus," apparently removes the Zeus software from the victim's PC, giving Spy Eye exclusive access to usernames and passwords.
Zeus and Spy Eye are both Trojan-making toolkits, designed to give criminals an easy way to set up their own "botnet" networks of password-stealing programs. These programs emerged as a major problem in 2009, with the U.S. Federal Bureau of Investigation estimating last October that they have caused $100 million in losses.
Trojans such as Zeus and Spy Eye steal online banking credentials. This information is then used to empty bank accounts by transferring funds to so-called money mules -- U.S. residents with bank accounts -- who then move the cash out of the country.
Sensing an opportunity, a number of similar Trojans have emerged recently, including Filon, Clod and [Bugat], which was discovered just last month.
Spy Eye popped up in Russian cybercrime forums in December, according to Symantec Senior Research Manager Ben Greenbaum.
With its "Kill Zeus" option, Spy Eye is the most aggressive crimeware, however. The software can also steal data as it is transferred back to a Zeus command-and-control server, said Kevin Stevens, a researcher with SecureWorks. "This author knows that Zeus has a pretty good market, and he's looking to cut in," he said.
Turf wars are nothing new to cybercriminals. Two years ago a malicious program called Storm Worm began attacking servers controlled by a rival known as Srizbi. And a few years before that, the authors of the Netsky worm programmed their software to remove rival programs Bagle and MyDoom.
Spy Eye sells for about $500 on the black market, about one-fifth the price of premium versions of Zeus. To date, it has not been spotted on many PCs, however.
Still, the Trojan is being developed quickly and has a growing list of features, Greenbaum said. It can, for example, steal cached password information that is automatically filled in by the browser, and back itself up via e-mail. "This is interesting in its potential, but it's not currently a widespread threat at all," he said.
By Robert McMillan
http://www.computerworld.com
Thursday, 11 February 2010
Wednesday, 10 February 2010
Facebook ‘Cash Scam’ Continues to Grow Even Bigger
Over the past few years social networking sites such as Facebook and Twitter have given unprecedented access to people’s private lives. More and more personal information is revealed through photos, status updates and conversations that are all being documented online. Last week, the Serious Fraud Office of London (SFO) warned that Facebook and Twitter are being used to harvest users’ personal financial details,
“The public should be aware of the predatory nature of fraudsters and be careful about revealing personal information on social-networking sites, as this has become a primary method of harvesting information and targeting victims,” SFO said.
In a joint venture between London police and Financial Services Authority, over 10,000 people were notified that their names were on a “master list” that contained a range of personal information, that might include: names, address, phone number, place of business, income and relationship status. While this is the only reported list, it’s quite possible thousands more were already victims of this latest cash scam.
Facebook users may not mention all that personal information on their Facebook page, however, they may have it listed on a combination of networking sites. For example, a Facebook user will list their name and location along with photos on Facebook. The scammer can take that information and then look you up on LinkedIn and Twitter to find out your personal website, job, position, average income, number of years employed, education level and parlay all that information into a “cash scam.”
Fraudsters are using this information to set up “boiler rooms” and contact people on this master list. Boilers rooms look to employ high pressure sales tactics to push unwanted, over priced, or sometimes non-existent stock to unsuspecting buyers. Boiler rooms are nothing new, but using Facebook to gather leads and target people is becoming a serious problem.
The FSA is clearly trying to stay ahead of the scam, “By writing to people now, we can raise awareness of this type of fraud and help protect people from losing money to these criminals,” FSA said. While multiple efforts are being taken to stop these criminals, these cash scam continue to grow and more boiler rooms continue to operate off shore. It’s up to the individual to be aware of such fraud and report any phone calls that you suspect could be criminal.
In the mean time, keep your friends close, your Facebook account closed to outsiders, and don’t allow just anyone to view your personal details on your Facebook page.
posted by Mr.404
Wednesday, 3 February 2010
Census of Files Available via BitTorrent
BitTorrent is popular because it lets anyone distribute large files at low cost. Which kinds of files are available on BitTorrent? Sauhard Sahi, a Princeton senior, decided to find out. Sauhard's independent work last semester, under my supervision, set out to measure what was available on BitTorrent. This post, summarizing his results, was co-written by Sauhard and me.
Sauhard chose a (uniform) random sample of files available via the trackerless variant of BitTorrent, using the Mainline DHT. The sample comprised 1021 files. He classified the files in the sample by file type, language, and apparent copyright status.
Before describing the results, we need to offer two caveats. First, the results apply only to the Mainline trackerless BitTorrent system that we surveyed. Other parts of the BitTorrent ecosystem might be different. Second, all files that were available were equally likely to appear in the sample -- the sample was not weighted by number of downloads, and it probably contains files that were never downloaded at all. So we can't say anything about the characteristics of BitTorrent downloads, or even of files that are downloaded via BitTorrent, only about files that are available on BitTorrent.
With that out of the way, here's what Sauhard found.
File types
46% movies and shows (non-pornographic)
14% games and software
14% pornography
10% music
1% books and guides
1% images
14% could not classify
Movies/Shows
For the movies and shows category, the predominant file format was AVI, and other formats included RMVB (a proprietary format for RealPlayer), MPEG, raw DVD, and some multi-part RAR archives. Interestingly, this section was heavily biased towards recent movies, instead of being spread out evenly over a number of years. In descending order of frequency, we found that 60% of the randomly selected movies and shows were in English, 8% were in Spanish, 7% were in Russian, 5% were in Polish, 5% were in Japanese, 4% were in Chinese, 4% could not be determined, 3% were in French, 1% were in Italian, and other infrequent languages accounted for 2% of the distribution.
Games/Software
For the games and software category, there was no clearly dominant file type, but common file types for software included ISO disc images, multi-part RAR archives, and EXE (Windows executables). The games were targeted for running on different architectures, such as the XBOX 360, Nintendo Wii, and Windows PC’s. In descending order, we found that 74% of games and software in the sample were in English, 12% were in Japanese, 5% were in Spanish, 4% were in Chinese, 2% were in Polish, and 1% were in Russian and French each.
Pornography
For the pornography category, the predominant encoding format was AVI, similar to the movies category. However, there were significantly more MPG and WMV (Windows Media Video) files available. Also, most pornography torrents included the full pornographic video, a sample of the video (a 1-5 minute extract of the video), as well as posters or images of the porn stars in JPEG format. Also, as these videos are not typically dated like movies are, it is difficult to make any remarks regarding the recency bias for pornographic torrents. Our assumption would be that demand for pornography is not as time-sensitive as demand for movies, so it is likely that these pornographic videos constitute a broader spectrum of time than the movies do. In descending order, we found that 53% of pornography in our sample was in English, 16% was in Chinese, 15% was in Japanese, 6% was in Russian, 3% was in German, 2% was in French, 2% was unclassifiable, and Italian, Hindi, and Spanish appeared infrequently (1% each).
Music
For the music category, the predominant encoding format for music was MP3, there were some albums ripped to WMA (Windows Media Audio, a Microsoft codec), and there were also ISO images and multi-part RAR archives. There is still a bias towards recent albums and songs, but it is not as strongly evident as it is for movies—perhaps because people are more willing to continue seeding music even after it is no longer new, so these torrents are able to stay alive longer in the DHT. In descending order, we found that 78% of music torrents in our sample were in English, 6% were in Russian, 4% were in Spanish, 2% were in Japanese and Chinese each, and other infrequent languages appeared 1% each.
Books/Guides
The books/guides and images categories were fairly minor. We classified 15 torrents under books and guides—13 were in English, 1 was in French, and 1 was in Russian. We classified 3 image torrents—one was a set of national park wallpapers, one was a set of pictures of BMW cars (both of these are English), and one was a Japanese comic strip.
Apparent Copyright Infringement
Our final assessment involved determining whether or not each file seemed likely to be copyright-infringing. We classified a file as likely non-infringing if it appeared to be (1) in the public domain, (2) freely available through legitimate channels, or (3) user-generated content. These were judgment calls on our part, based on the contents of the files, together with some external research.
By this definition, all of the 476 movies or TV shows in the sample were found to be likely infringing. We found seven of the 148 files in the games and software category to be likely non-infringing—including two Linux distributions, free plug-in packs for games, as well as free and beta software. In the pornography category, one of the 145 files claimed to be an amateur video, and we gave it the benefit of the doubt as likely non-infringing. All of the 98 music torrents were likely infringing. Two of the fifteen files in the books/guides category seemed to be likely non-infringing.
Overall, we classified ten of the 1021 files, or approximately 1%, as likely non-infringing, This result should be interpreted with caution, as we may have missed some non-infringing files, and our sample is of files available, not files actually downloaded. Still, the result suggests strongly that copyright infringement is widespread among BitTorrent users.
Sauhard chose a (uniform) random sample of files available via the trackerless variant of BitTorrent, using the Mainline DHT. The sample comprised 1021 files. He classified the files in the sample by file type, language, and apparent copyright status.
Before describing the results, we need to offer two caveats. First, the results apply only to the Mainline trackerless BitTorrent system that we surveyed. Other parts of the BitTorrent ecosystem might be different. Second, all files that were available were equally likely to appear in the sample -- the sample was not weighted by number of downloads, and it probably contains files that were never downloaded at all. So we can't say anything about the characteristics of BitTorrent downloads, or even of files that are downloaded via BitTorrent, only about files that are available on BitTorrent.
With that out of the way, here's what Sauhard found.
File types
46% movies and shows (non-pornographic)
14% games and software
14% pornography
10% music
1% books and guides
1% images
14% could not classify
Movies/Shows
For the movies and shows category, the predominant file format was AVI, and other formats included RMVB (a proprietary format for RealPlayer), MPEG, raw DVD, and some multi-part RAR archives. Interestingly, this section was heavily biased towards recent movies, instead of being spread out evenly over a number of years. In descending order of frequency, we found that 60% of the randomly selected movies and shows were in English, 8% were in Spanish, 7% were in Russian, 5% were in Polish, 5% were in Japanese, 4% were in Chinese, 4% could not be determined, 3% were in French, 1% were in Italian, and other infrequent languages accounted for 2% of the distribution.
Games/Software
For the games and software category, there was no clearly dominant file type, but common file types for software included ISO disc images, multi-part RAR archives, and EXE (Windows executables). The games were targeted for running on different architectures, such as the XBOX 360, Nintendo Wii, and Windows PC’s. In descending order, we found that 74% of games and software in the sample were in English, 12% were in Japanese, 5% were in Spanish, 4% were in Chinese, 2% were in Polish, and 1% were in Russian and French each.
Pornography
For the pornography category, the predominant encoding format was AVI, similar to the movies category. However, there were significantly more MPG and WMV (Windows Media Video) files available. Also, most pornography torrents included the full pornographic video, a sample of the video (a 1-5 minute extract of the video), as well as posters or images of the porn stars in JPEG format. Also, as these videos are not typically dated like movies are, it is difficult to make any remarks regarding the recency bias for pornographic torrents. Our assumption would be that demand for pornography is not as time-sensitive as demand for movies, so it is likely that these pornographic videos constitute a broader spectrum of time than the movies do. In descending order, we found that 53% of pornography in our sample was in English, 16% was in Chinese, 15% was in Japanese, 6% was in Russian, 3% was in German, 2% was in French, 2% was unclassifiable, and Italian, Hindi, and Spanish appeared infrequently (1% each).
Music
For the music category, the predominant encoding format for music was MP3, there were some albums ripped to WMA (Windows Media Audio, a Microsoft codec), and there were also ISO images and multi-part RAR archives. There is still a bias towards recent albums and songs, but it is not as strongly evident as it is for movies—perhaps because people are more willing to continue seeding music even after it is no longer new, so these torrents are able to stay alive longer in the DHT. In descending order, we found that 78% of music torrents in our sample were in English, 6% were in Russian, 4% were in Spanish, 2% were in Japanese and Chinese each, and other infrequent languages appeared 1% each.
Books/Guides
The books/guides and images categories were fairly minor. We classified 15 torrents under books and guides—13 were in English, 1 was in French, and 1 was in Russian. We classified 3 image torrents—one was a set of national park wallpapers, one was a set of pictures of BMW cars (both of these are English), and one was a Japanese comic strip.
Apparent Copyright Infringement
Our final assessment involved determining whether or not each file seemed likely to be copyright-infringing. We classified a file as likely non-infringing if it appeared to be (1) in the public domain, (2) freely available through legitimate channels, or (3) user-generated content. These were judgment calls on our part, based on the contents of the files, together with some external research.
By this definition, all of the 476 movies or TV shows in the sample were found to be likely infringing. We found seven of the 148 files in the games and software category to be likely non-infringing—including two Linux distributions, free plug-in packs for games, as well as free and beta software. In the pornography category, one of the 145 files claimed to be an amateur video, and we gave it the benefit of the doubt as likely non-infringing. All of the 98 music torrents were likely infringing. Two of the fifteen files in the books/guides category seemed to be likely non-infringing.
Overall, we classified ten of the 1021 files, or approximately 1%, as likely non-infringing, This result should be interpreted with caution, as we may have missed some non-infringing files, and our sample is of files available, not files actually downloaded. Still, the result suggests strongly that copyright infringement is widespread among BitTorrent users.
Tuesday, 2 February 2010
One in four children sent pornography, says surveyOne in four children have sent or been sent inappropriate material including pornography via email,
Photo: GETTY
One in four children have sent or been sent inappropriate material including pornography via email, according to a survey.
The research also found that one in 20 children, aged between six and 15, had communicated with a stranger via webcam and one in 50 have actually met a stranger they first contacted online.
The report, which surveyed 500 children, found that many children are getting away with behaviour online that they wouldn’t get away with in the real world, largely because of their parents’ lack of understanding and awareness of their internet habits and of safety precautions.
More than six out of 10 children (62 per cent) said they lie to parents about what they have been looking at online and over half (53 per cent) delete the history on their web browser so their parents can’t see what they have been looking at.
The survey, by TalkTalk, the broadband provider, also found that and one in nine (11 per cent) have either bullied someone online or been bullied online themselves.
In December, the Government announced that every primary schoolchild in the country will be taught about the dangers of the internet and how to safely surf online.
The “Click Clever, Click Safe’ campaign comes in response to a report by Prof Tanya Byron, the child psychologist and broadcaster, who was asked by the Government to consider how to protect children online.
Prof Tanya Byron, who oversaw the TalkTalk research, said: “It’s crucial that parents educate themselves about what’s going on online and what their kids are doing there.”
By Urmee Khan, Digital and Media Correspondent
A story in yesterday's London Sunday Times that will not amuse the Chinese government says that the UK security service MI5 is claiming that undercover intelligence officers from the Chinese People’s Liberation Army and the Ministry of Public Security have approached UK businessmen at trade fairs and exhibitions with the offer of "lavish gifts" such as cameras and not so lavish gifts such as memory sticks that contain malware meant to remotely access their computers.
The Times says that the information is in a 14-page MI5 document it has seen. According to the Times, the document states that the Chinese government "represents one of the most significant espionage threats to the UK," and that, "Any UK company might be at risk if it holds information which would benefit the Chinese."
The Times also says that the Chinese are also targeting UK businessmen the good old fashion way as well - i.e., through offers of sex and money.
Accepting free memory sticks at trade fairs - international or otherwise - is pretty dumb, and I am surprised that companies at trade fairs even offer them any more because of the obvious risk. You may recall that a few years ago, thumb drives with malicious code were found lying around the US Department of Justice just waiting for some curious person to plug them into the DOJ's network.
I suppose that some people just can't pass up something that is "free."
POSTED BY: Robert Charette
http://spectrum.ieee.org/
Friday, 29 January 2010
Security researchers blast credit card verification system
Some credit card companies use a system called 3-D Secure (3DS) that adds an extra step to transactions that are carried out on the Internet. Visa and MasterCard tout their security, but researchers are questioning their efficacy.
When making a purchase, online shoppers are confronted with a validation check that requires them to supply a password—in addition to the standard security code that is on the card itself—in order to prove that they are the real owner of a credit card. Systems built on 3DS are better known by their brand names, which include Verified by Visa and MasterCard SecureCode.
Security researchers say that these validation systems—which are used by over 200 million cardholders—suffer from serious security deficiencies. Although the failings of 3DS and its lack of conformance with best practices are well-documented, it has still been widely adopted by online retailers because it allows them to deflect the liability for fraud back to the credit card companies.
Some of the credit card companies take advantage of 3DS by wrapping their implementations of the validation system in draconian terms of service that force users to agree to accept full liability for credit card fraud. To make matters worse, some retailers don't allow consumers to opt out. The 3DS Activation During Shopping (ADS) functionality often ropes in users and gets them to sign up without fully realizing that they are doing.
In a paper presented at the Financial Cryptography conference, researchers Ross Anderson and Steven Murdoch reveal the dark underbelly of 3DS and show how the service is detrimental to consumers.
"From the engineering point of view, [3DS] does just about everything wrong, and it's becoming a fat target for phishing," wrote Anderson in an entry at the University of Cambridge security research blog. "This is yet another case where security economics trumps security engineering, but in a predatory way that leaves cardholders less secure."
The standard method of integrating 3DS verification in a website involves using HTML iframes. This is highly problematic, because it means that users won't be able to rely on the security features of their browser—such as certificate highlighting in the browser URL bar—to easily distinguish between phishing sites legitimate 3DS verification. The inability to visually ascertain whether the certificate is valid exposes users to the possible risk of man-in-the-middle attacks.
Another problems with 3DS that is highlighted in the report is that it fails to specify a consistent mechanism for verification. Individual implementors are free to determine the means for verification on their own, and often make really poor choices. For example, the report says that one bank requires cardholders to enter their ATM PIN during the verification process. This is a pretty shoddy security practice that encourages consumers to engage in risky practices that will expose them to significant risk from phishing scams.
Fixing the problems
The widespread and growing adoption of 3DS is difficult to combat because it offers built-in incentives for merchants and banks by making it easy for them to shift liability to the consumer. The researchers say that the time has come for better technology and regulatory intervention.
Financial institutions have aggressively embraced the concept of electronic passwords in some countries—such as the UK—because passwords aren't covered by the laws that protect consumers from the consequences of transactions that are carried out with forged signatures. The security researchers say that the banks should only get to shift the liability to the consumer when transactions are validated by a trustworthy payment device—a piece of hardware, similar to a CAP calculator, that connects to the user's computer and implements a two-factor authentication model.
Further reading
* Paper (PDF) (cl.cam.ac.uk)
* PCWorld (news.yahoo.com)
By Ryan Paul
http://arstechnica.com
Thursday, 28 January 2010
How Unique is your browser
Is your browser configuration rare or unique? If so, web sites may be able to track you, even if you limit or disable cookies.
Panopticlick tests your browser to see how unique it is based on the information it will share with sites it visits. Click below and you will be given a uniqueness score, letting you see how easily identifiable you might be as you surf the web.
Only anonymous data will be collected by this site.
Check HERE
Panopticlick tests your browser to see how unique it is based on the information it will share with sites it visits. Click below and you will be given a uniqueness score, letting you see how easily identifiable you might be as you surf the web.
Only anonymous data will be collected by this site.
Check HERE
Subscribe to:
Posts (Atom)