SECURITY TO THE CORE

Latest

National Informatics Centre (NIC INDIA) got hacked by Anonymous !

National Informatics Centre (NIC INDIA) got hacked by Anonymous (India). Purpose of this defacement is just to awake the Government of India . Anonymous now start Operation India against corruption. Anonymous are world famous activist and always fight against Injustice.

Defaced Site : http://informatics.nic.in/oldnewsonline/abc.html

Capture

Just today Morning the Anonymous Core team announce the about operation India on there official Twitter:

Capture1

At the moment defaced page is not available anymore and also the sub-domain ‘informatics.nic.in’ has a ‘Under Maintenance’ message.

Sony network attacked again, hackers claim !!

A hacker group has claimed it has attacked the Sony network and stolen more than one million passwords, email addresses and other information.

CaptureLulz Security said it broke into servers that run SonyPictures.com. Sony said it was aware of Lulz Security’s statement and was investigating, the Associated Press reported.

In April, hackers broke into Sony’s PlayStation Network and stole data from more than 77 million accounts. That attack was considered the biggest in internet history and led to Sony shutting down the PlayStation Network and other services for almost a month.

The company has estimated the data breach will result in a $170m (£104m) hit to its operating profit.

Since then, Sony’s networks have become targets for hackers and the company has confirmed at least four other break-ins prior to the claimed attack on Sony Pictures.

Lulz Security claims to be behind one of those attacks: an assault on Sony Music Japan.

The latest alleged attack will come as a blow to the Japanese firm, 24 hours after it announced the PlayStation Network would be fully restored in the US and Europe, and said it had beefed up its security systems.

‘Asking for it’

In a statement on Thursday, Lulz Security said it had hacked into a database that included unencrypted passwords as well as names, addresses and dates of birth of Sony customers.

"From a single injection, we accessed EVERYTHING," it said. "Why do you put such faith in a company that allows itself to become open to these simple attacks?"

"What’s worse is that every bit of data we took wasn’t encrypted. Sony stored over 1,000,000 passwords of its customers in plain text, which means it’s just a matter of taking it.

"This is disgraceful and insecure: they were asking for it."

The group also recently claimed responsibility for hacking the website of the PBS network and posting a fake story in protest at a news programme about WikiLeaks.

BBC News

Windows 8 spam let to malware ..

While most people are enjoying a long weekend off, others are busy hacking websites, writing malware, sending spam and monitoring the progress of their growing Botnet(s).

Microsoft has hardly announced Windows 8 and the first cyber-criminals are already on top of it. Below a copy of a curious email that is being spammed over the “Ascension holiday/weekend”:

From: Microsoft.com [mailto:news@microsoft.com]
Send on: Wednesday 1 June 2011 21:40
Subject: Windows 8 released.
Microsoft R Corporation is proud to announce the latest and the best
operating system available yet. For more details, click
here

When clicking on the link, a file called “8final.gif.exe” is downloaded from a hacked website.

8final

File length: 1136678 bytes.
MD5 hash: b3babe1040d10ab4cbbc62ee2d986f85.
SHA1 hash: 096d5248144240097bc4eb398301a4d355713a09

Depending on your view settings you might not be able to see the second file extension (.exe)

The website (http://ed???ormer.com) which hosts the malware is an educational interest organization, which has unfortunately been compromised by criminals.

This malware is not installed by itself. You have to click on the download link AND double click the downloaded file to be able to infect yourself. One picture is shown you while in the background the malware is installed and started.

The currently downloaded malware is a Trojan which installs an IRC Backdoor which can be used to flood IRC channels. It talks to hxxp://irc.darkbit.info and sets up a connection to 70.32.83.146 and 94.125.182.255 on port 6667.

By adding itself to the Run section of HKLM\Software\Microsoft\Windows\CurrentVersion the malware will automatically load itself when restarted.

AutoStart

This malware was first reported on June the 1st around 10:50 (UTC) and was still available while writing this. More spam and malware will be using the upcoming Windows 8 to lure you into their net.

Don’t fall for this type of spam. Do not open suspicious emails and/or links. Keep your computer up-to-date and use common sense.

For more technical details see the Threat Expert Report: b3babe1040d10ab4cbbc62ee2d986f85

- Lucky H

Brazilian malware blocks user access to Anti-Virus sites

In addition to preventing the virus definition update, the Trojan redirects the user to fake banking websites.

Computer Virus

A new malware created in Brazil is trying to prevent the Internet browsers from accessing the websites of various Anti-Virus companies and redirects the Internet users to fake banking websites, even when typing the correct address. In addition to that, the code was written to prevent the Antivirus software to download updates.

Fabio Assolini, analyst at Kaspersky Lab explains that the virus uses a technique called Man in the Browser (MitB). This type of infection works by changing/modifying the key “AutoConfigURL” in the Windows registry, making the browser to use the URL as a proxy (intermediate) in its web connection.

If the infected user attempts to access a Web site to download some antivirus software or its updates, then he’ll see the following message: “Service Temporarily Unavailable, try again later …”.

The viral code provides a list of servers used by Anti-Virus companies to distribute their virus definition updates to users. The intention is clear: stop trying to download antivirus updates and remain un-detected,” explains the analyst.

The malware changes the settings of Firefox and registers itself at windows startup. It also updates the malicious proxies in the system incase it is removed by the hosting services. “Thus, the criminal tries to ensure that the victim remain infected as long as possible.”

%d bloggers like this: