SECURITY TO THE CORE

Posts tagged “Malicious Website

Windows 8 spam let to malware ..

While most people are enjoying a long weekend off, others are busy hacking websites, writing malware, sending spam and monitoring the progress of their growing Botnet(s).

Microsoft has hardly announced Windows 8 and the first cyber-criminals are already on top of it. Below a copy of a curious email that is being spammed over the “Ascension holiday/weekend”:

From: Microsoft.com [mailto:news@microsoft.com]
Send on: Wednesday 1 June 2011 21:40
Subject: Windows 8 released.
Microsoft R Corporation is proud to announce the latest and the best
operating system available yet. For more details, click
here

When clicking on the link, a file called “8final.gif.exe” is downloaded from a hacked website.

8final

File length: 1136678 bytes.
MD5 hash: b3babe1040d10ab4cbbc62ee2d986f85.
SHA1 hash: 096d5248144240097bc4eb398301a4d355713a09

Depending on your view settings you might not be able to see the second file extension (.exe)

The website (http://ed???ormer.com) which hosts the malware is an educational interest organization, which has unfortunately been compromised by criminals.

This malware is not installed by itself. You have to click on the download link AND double click the downloaded file to be able to infect yourself. One picture is shown you while in the background the malware is installed and started.

The currently downloaded malware is a Trojan which installs an IRC Backdoor which can be used to flood IRC channels. It talks to hxxp://irc.darkbit.info and sets up a connection to 70.32.83.146 and 94.125.182.255 on port 6667.

By adding itself to the Run section of HKLM\Software\Microsoft\Windows\CurrentVersion the malware will automatically load itself when restarted.

AutoStart

This malware was first reported on June the 1st around 10:50 (UTC) and was still available while writing this. More spam and malware will be using the upcoming Windows 8 to lure you into their net.

Don’t fall for this type of spam. Do not open suspicious emails and/or links. Keep your computer up-to-date and use common sense.

For more technical details see the Threat Expert Report: b3babe1040d10ab4cbbc62ee2d986f85

- Lucky H

The top 7 mistakes Facebook users make..

With over 520 million active users at the time of this post’s release, half of which log in at least once per day, Facebook is at the top of the website food chain. About 42% of users in the Internet are on Facebook. In my experience, the majority of people on Facebook are super friendly and they do not care about their privacy.

Over the past few months, I have noticed a massive increase in the number of Facebook accounts being hacked or hijacked by hackers using Phishing and Clickjacking (Likejacking) attacks. When people enter into the Facebook universe, they are unaware of the rules and even do not READ privacy guidelines and end up making many mistakes.

Here are some common mistakes that users make on Facebook and other social network websites:

1. Unsafe password practices

The password that you use to access your Facebook account is a gateway to your online life.

Many Facebook users use weak or unsafe passwords. If you use a weak password that a hacker can easily guess, you are asking for trouble. It is always a good practice to use different strong passwords and change it often. There are many free tools available on the internet such as Microsoft’s Password Checker, which is an application designed to Check Your Passwords’ Strength.

2. Exposing too much of yourself

Many users share their personal information like telephone number, email address, the location of their home, date of birth, etc. on Facebook, which makes them victim of identity theft.

3. Configuration Dilemma

Another common mistake most Facebook users make is not configuring their Facebook privacy settings. Mind your privacy settings, or anybody and everybody can easily see your whole life story. For example, keep you photo albums private and only share them with friends.

4. Use of untrusted Facebook application

Many users install applications they do not need. Every time they do that, they are showing an implicit trust in whoever wrote the application, which offers a green-field of opportunity for hackers and online predators and makes them capable of plundering their account information, swiping their "friends," or locking them out of their own account.

5. Over-friending

According to a recent survey commissioned by a Security Company, 31% of respondents said that they generally accept strangers’ friend requests. Most of them may not realize that by accepting friend requests from people they do not know, they are potentially opening themselves up to identity theft or related crimes. DO NOT trust anyone. Be suspicious of all users even if they claim to be a friend of yours.

6. Unwanted Clicks

Many unsuspecting Facebook users are tricked into clicking on bogus/malicious links that either redirects their web browsers to a phishing site or to other malicious sites in an effort to compromise their account as well as their system.

Do not just click on advertisements or any suspecting links on your Facebook page. Some of the ads can contain malware and will infect your PC. Be sure you have an up-to-date Anti-Virus or Internet Security Software.

7. Lack of awareness

Many users do not inform their friends about potential security threats. Your security is only as good as your friend’s security. Many Facebook users put too much trust in messages and posts that appear to come from friends’ accounts but they do not realize that if a friend’s password/profile is hacked, it can bring his friends (and you) in danger.

Many Facebook users have the burning desire to click on a tempting link that a Facebook friend suggests to them or one that he/she has ‘LIKED’. However, they always tend to forget that this could be a malicious link or may be a Clickjacking/ Likejacking attack.

You should be extremely cautious about clicking on links and whenever you have a doubt about a particular link on a Friend’s Facebook profile, do not click on it at any cost.

Remember, “It’s better to be Safe than Sorry”

While social networking websites like Facebook, Twitter, MySpace or Orkut can be fun, productive and profitable services, it is also important for users to be aware of the risks that they pose. By using some common sense and easy precautions, user can ensure a seamless experience to the bright side of social networking sites, and not become yet another victim to the cyber-crooks.

I hope that the tips I’ve provided are helpful and informative.


Smartphone banking applications expose sensitive customer data

A number of wireless banking applications for iPhone and Android phone users contain privacy and security flaws that cause the phones to store sensitive information in clear text that could be gleaned by hackers, according to a report.

Mobile-bankingThe applications distributed by such top banks and financial institutions as Wells Fargo and Bank of America placed various types of information at varying degrees of risk. But at least one Android application, distributed by Wells Fargo, stored an account holder’s username and password on the phone in cleartext. The application also stored account balances on the phone, according to a security researcher who spoke with the Wall Street Journal.

The applications store the information in the phone’s memory, allowing it to be easily gleaned from the phone if an attacker were to trick the user into visiting a malicious website—for example, by sending the user a phishing e-mail containing a link to the malicious site.

An application by the United Services Automobile Association was found to store a mirror image of the bank webpage the phone user visited, which could reveal the user’s account balances and transactions as well as the bank account and routing numbers, which can be used to conduct electronic money transfers. The application didn’t store the accountholder’s username and password, but an attacker might obtain this information through a more targeted attack against the account holder’s phone if he determines the bank balance revealed on the phone makes the extra effort worth it.

Bank of America’s application also didn’t save usernames and passwords, but it did save the answer to a secondary security question in cleartext. An account holder is asked the extra question only if the bank’s website determines that the user is trying to log in from a device it doesn’t recognize—such as from a phone or computer she doesn’t normally use to conduct banking.

Andrew Hoog, chief investigative officer for viaForensics, said that only one of the seven applications his group examined contained no such security flaw. That application is distributed the Vanguard Group.

Both Wells Fargo and USAA told the Journal that they had fixed the problem in updated applications released on Wednesday. Bank of America said it would be tweaking its application in a new update distributed in a few days.

Separately, Hoog’s company had found another security flaw with PayPal’s iPhone application that would allow someone on the same Wi-Fi network as the user to obtain the user’s PayPal username and password. The security flaw exists because the application doesn’t try to verify the digital certificate of the PayPal website. Therefore a hacker on the same network could conduct a man-in-the-middle attack that delivers a bogus PayPal page to the user’s browser, stealing the username and password when the user enters it.

PayPal has since updated its application to fix this flaw.

(Source: Ars Technica)