Tag Archives: Online Security

Flashback Trojan Infection Affects 600,000 Macs

Mac OS X has been devoid of any large scale viruses and Trojans for a long time now. However, of late as the popularity of Mac has grown, virus creators have started targeting the OS with new viruses. This is evident with the number of viruses and Trojans which are being written for Mac. Take for example the Fake Mac Defender Anti-Virus (removal instructions).

A recent investigation by a security group has found out that a new virus called Flashback has been infecting nearly 600,000 Macs globally. The latest variation of this virus has been targeting an unpatched Java vulnerability in Mac based PCs. The OSX Flashback Trojan connects to a remote server and downloads instructions and payload. Once the payload has been downloaded the malware will modify webpages in the web browser and try to collect personal and other information and send it back to their servers.

If you are a Mac user, the first thing you should do is apply the new patch supplied by Apple that patches this vulnerability. However, there is a chance that you might have been already infected by the Trojan.

F-secure has put up some detailed instructions on their website to find out whether you are infected by the Flashback Trojan for Mac along with instructions to remove the OSX Flashback Trojan. You can visit this page to find instructions for removing Flashback Trojan and remove it from your system.

The detection and removal instructions are targeted towards advanced users so you might want to have someone familiar with Terminal taking a look at it for you.

Also, don’t forget to apply the latest update patch supplied by Apple. To do that, open the main system menu on your Mac by clicking on the “Apple icon” and click on the item “Software update”. Once the software update has checked for updates, apply any new patch/Java update that is available for your system.

We’ll try and post more simpler detection and removal instructions for this shortly.

Google Chrome Finally Hacked

After managing to remain unscathed for four consecutive years, Google Chrome has finally been breached, and Google is rewarding the hacker with $60,000. Google Chrome’s security features were bypassed successfully by hackers in both Pwn2Own and Pwnium.

Google-Chrome-PwnedPwn2Own is an annual hacking fest sponsored by HP, which challenges hackers to breach fully patched web browsers and operating systems. Google Chrome was the only browser that couldn’t be hacked for the past four years. This year, it was the first to fall. A team from the French security firm VUPEN, lead by its co-founder and head of research Chaouki Bekrar, managed to take complete control of a fully patched 64-bit Windows 7 (SP1) machine within five minutes by using two zero-day exploits. VUPEN also claims to have zero-day exploits for Internet Explorer, Firefox, and Safari.

This year, Google is also running its own competition called Pwnium, which has a total bounty of $1 million. Google decided against sponsoring Pwn2Own, since its new rules don’t compel hackers to responsibly disclose vulnerabilities to the software developer. VUPEN itself intends on selling the exploits to its clients. Sergey Glazunov, a Russian university student, managed to bypass Google Chrome’s sandbox feature in Pwnium.

The breaches mean that Google will no longer be able to tout its clean record. However, Chrome developers aren’t mourning. While announcing the contest, Chris Evans and Justin Schuh from Chrome’s security team had explained that they have a big learning opportunity when they receive full end-to-end exploits. “Not only can we fix the bugs, but by studying the vulnerability and exploit techniques we can enhance our mitigations, automated testing, and sandboxing”.

FBI Hits Back: Arrests LulzSec and Anonymous Members with the Help of Kingpin Sabu

After being repeatedly embarrassed and discomforted by Anonymous and its various offshoots, the feds have finally managed to land a telling blow on the notorious band of hackers. Fox News is reporting that Kayla (Ryan Ackroyd), Topiary (Jake Davis), pwnsauce (Darren Martyn), palladium (Donncha O’Cearrbhail), and Anarchaos (Jeremy Hammond) have been arrested in an intercontinental raid. The hackers were picked up from USA (Chicago), UK (London), and Ireland.

The arrests tell only part of the story. The real kicker is in the details. Apparently, the feds managed to track down Sabu, the kingpin of LulzSec and one of the leaders of Anonymous, in June, 2011. The man behind some of the most notorious attacks in the past 18 months turned out to be Hector Xavier Monsegur – an unemployed, 28-year-old father of two. Facing the charge of charge of aggravated identity theft, which carries a two year prison sentence, Sabu agreed to drop all his moral convictions and teamed up with the FBI. Turning him wasn’t easy, and ultimately it was the prospect of staying away from his kids that swayed him. Since then, Sabu has continued to work with the FBI, often from their offices, to help in collection of proof against his co-conspirators.

Although today’s news will send shockwaves through Anonymous, this wasn’t totally unexpected. Sabu had been doxed towards the end of last year itself, and several hackers believed that he was snitching. Here are excerpts from a prophetic interview given by Virus:

6:15:39 PM virus: he disappeared for a week, I don’t recall what day
6:15:52 PM virus: but when he returned he said his grand mother died and that’s why he was MIA
6:16:01 PM virus: after that he started offering me money to own people

6:19:19 PM virus: another reason why I believe he was converted after he disappeared and returned is everybody else started getting arrested one by one starting with ryan clearly, who was their ddos bitch
6:19:29 PM virus: yes, I believe he cut a deal to save himself

Back in November, Jester and others uncovered Sabu’s real name, email address, address, pictures and other personal details. Here are some of the stuff about Sabu that was already available on the internet:

Sabu
Sabu

Sabu
Sabu’s grandmom with his and his dad’s pictures (source)

Even though, many members of the inner circle had already predicted today’s events, it still is a massive blow to Anonymous. Not only have they lost several of their most visible faces, but they have been betrayed by their de facto leader.

Sloppy Programming Results in Millions of Passwords Getting Leaked from YouPorn

YouPorn is one of the most popular pornographic websites on the Internet, and constantly features among the top 100 websites, worldwide. However, what concerns many netizen at present, is that YouPorn had a glitch in their matrix, allowing people to see the user information of millions of registered users.

The leak has allegedly come from the chat system on YouPorn, and the misbehaving server has been taken down already. Eset, the Original source on this, says,

The exposed information contains e-mail addresses and passwords. This information can be used to identify porn consumers, but for some users more than a reputation is at stake. It is common knowledge that even today a surprisingly large portion of Internet users use the same passwords for many (or all) of the services they use on the Internet, whether it is e-mail accounts, Facebook, PayPal, or other services.

The hack was a result of debug logging being turned on one of the pages, which has been present from November 2007. This points many angry fingers at the developers of YouPorn. A sample dump of the user info including their user IDs and passwords is given below.

youporn-password

Hackers have already started checking for reuse of passwords, and have made some hits too. This is embarrassing for those who still use the same passwords online, even after all the hacking attempts taking place over the last year.  This incident should serve as an eye-opener for those people.

Facebook Hacker in Jail for 8 Months

Self-styled cyber Robin hood, Glenn Mangham, who is only a year younger than Facebook CEO Mark Zuckerberg, was jailed for 8 months by the British court today. He was also given a serious crime prevention order restricting his access to the internet and forfeiting his computer equipment. He admitted infiltrating the website from his bedroom between April and May last year.

As part of his operation, he hacked into the account of a Facebook employee and managed to reset his password. He used it to access restricted internal information while the staff member was away on holiday. Though he deleted his electronic footprint, his penetration was discovered by a routine security review by Facebook. He had apparently stolen “invaluable” intellectual property that was downloaded on his external hard drive.

The self-described “ethical hacker” said that he wanted a mini project to point out vulnerabilities, and chose Facebook because of its high-profile. He is no newbie at high-profile hacking. He had also hacked into Yahoo, but then his actions were looked upon by Yahoo as an opportunity for it to improve its security. In his defense, it was claimed that he had not tried to sell any of the information he obtained from Facebook or pass it on to anyone else. But prosecutor Sandip Patel rejected his claims and said, “He acted with determination, undoubted ingenuity and it was sophisticated, it was calculating.”

Judge McCreath said,

“I bear in mind you have never been in trouble before, that you’re young in physical years and maybe emotionally younger than your physical age, and I bear in mind all the aspects of your psychological and personal make-up. I acknowledge also that you never intended to pass any information you got through these criminal offences to anyone else and you never did so, and I acknowledge you never intended to make any financial gain for yourself from these offences.

You and others who are tempted to act as you did really must understand how serious this is. The creation of that risk, the extent of that risk and the cost of putting it right mean at the end of it all. I’m afraid a prison sentence is inevitable. You accessed the very heart of the system of an international business of massive size, so this was not just fiddling about in the business records of some tiny business of no great importance.”

Facebook spent $200,000 (£126,400) dealing with Mangham’s crime. A Facebook spokesman said, “We applaud the efforts of the Metropolitan Police and the Crown Prosecution Service in this case, which did not involve any compromise of personal user data.”

[Video] Police Officer Does Good Deed Before He Dies Moments Later Facebook Scam

Another new video scam is brewing on where scammers are using a good deed by a Police office to spread this new Facebook scam. The new Facebook scam is spreading with the following message

what a hero! or see how god works in strange ways [url]

Police officer does good deed before he dies moments later.

[url]

Incredible video of a kind Policeman who does a kind deed but tragically gets killed! Exclusive footage!

The new scam is similar to earlier video scams like Chuck Norris death at 71 and where Bon Jovi was killed by spammers. Clicking on the URL leads users to a page which looks and feels like Facebook. However, users are asked to install an update before they play the video.

Policeman Shot Facebook Video Scam

The update in question is a malware and will install rogue software on your computer, so you are better off NOT INSTALLING anything. On the other hand, you would be safer if you do not click on the link itself. In addition to downloading malware to your computer, this scam will also start posting spam messages on your Timeline and affect your friends as well.

Also, as a precautionary measure, always check which applications you use and remove unwanted or suspicious ones. If you aren’t sure how to do it, you can always check our guide on removing apps from Facebook. In addition to that, don’t forget to check out our article about Avoiding Facebook Lifejacking and Clickjacking scams.

With over 800 million users on Facebook, the social networking giant has always been a main target for spreading scams. It is quite difficult to identify scams on Facebook. Here is a post on How to Identify and Avoid Facebook Scams. Bookmark Techie Buzz Facebook Scams or Subscribe to Scam Alert Feed. We always keep you updated with the latest scams spreading on Facebook.

Google, Microsoft, Yahoo and AOL Team Up to Combat Phishing

In spite of spirited efforts from email providers, browser developers, and security firms, phishing continues to be a major nuisance. There are already repositories like Phishtank that rely on crowdsourcing to identify phishing campaigns. However, crowdsourcing is not nearly nimble enough to tackle phishing scams that often require just a few hours to cause the intended damage.

Now, a new Cisco spinoff called Agari is trying to tackle the problem by combining multiple sophisticated approaches including authentication of the sender, message analysis, and end-to-end email channel visibility. Google, Microsoft, Yahoo, and AOL, who are amongst the biggest email providers, have joined hands to provide metadata about emails passing through their networks to Agari, which uses its cloud infrastructure to analyze more than 1.5 billion messages every day. It doesn’t receive the actual messages, but might receive suspicious links contained in the message along with miscellaneous metadata. Agari, which is launching today, has Facebook and some of the largest financial institutions, social networks, and ecommerce companies as its customers. Besides the aforementioned four email giants, file sharing website YouSendIt, social network LinkedIn, and Cisco are also part of its trust fabric network.

Agari

“Facebook can go into the Agari console and see charts and graphs of all the activity going on in their e-mail channel (on their domains and third-party solutions) and see when an attack is going on in a bar chart of spam hitting Yahoo,” for instance, Daniel Raskin, vice president of marketing for Agari, explained to CNET. “They receive a real-time alert and they can construct a policy to push out to carriers (that says) when you see this thing happening don’t deliver it, reject it.”

Agari, which had been operating in stealth mode for the past couple of years, protects 50 percent of U.S. consumer e-mail traffic and more than one billion individual mailboxes. During its stealth phase, it rejected more than one billion messages across its email partners. Agari believes that by having end-to-end visibility over most messages it can rapidly react and stop phishing campaigns in their tracks.

Teamp0ison Hacks United Nations, Leaks over 1000 Email IDs and Passwords

Team Poison is a notorious hacker collective, which has managed to survive without being part of Anonymous. We have seen Team Poison in action earlier, when they engaged LulzSec and  exposed many of their members  back in June. A few days ago, Team Poison joined hands with Anonymous on #opRobinHood, which protests against banks. However, what they have done lately does not fall under the premise of any ongoing operations directly.

united-nations-hacked

Team Poison has hacked the website of the  United Nations Development Programme, Organization for Economic Co-operation and Development, UNICEF, World Health Organization,  and has leaked an enormous list of usernames, emails and passwords. The idea behind this leak was to protest against the fact that

the bureaucratic head of NATO used to legitimise the Barbarism of Capitalist elite.

Anonymous has had many failed claims recently because of half-hearted support. However, with Team Poison, they have managed to hack into a huge list of login credentials, many of which are admin accounts.

The UN is a worldwide organization, and this hack proves just how vulnerable it is. The collectives participating in this hack have exclaimed at the lack of security at these UN departments with,

United Nations, why didn’t you expect us?

The list of passwords found in the Pastebin document shows some user accounts with common passwords like “12345” and “password”. Some even used their own username as the password, and there were a few user accounts with the same email ID, username and password. Moreover, a vast majority of users had no password at all. Clearly, security has been the least of their concerns.

Hacker From Nepal Releases Huge List of Facebook Login Credentials

A hacker from Nepal, who goes by the name of Cru3l Int3ntion,  has released a huge list of Facebook usernames and passwords. This comes a few days after Facebook was hacked, and Facebook users found pornographic content on their wall posts. The hack is not motivated by any reason, and the hacker in question (Cru3l Int3ntion) does not seem to be affiliated with any international hacker collective. He claims responsibility for this hack, and has not tagged it under any Anonymous operation.

facebook-accounts-hacked

Cru3l Int3ntion has leaked login details for over 2500 Facebook accounts. The total list is 500 KB in size. Most of the hacked accounts have been locked due to repeated login attempts from multiple locations. This is Facebook’s preventive measure against hacks.  The method used in this hack is unknown.

Facebook has become a phishing haven. A few days ago, another hacker Cr@zy 3xpl0!t released a list of hacked Facebook accounts.  A hacked Facebook account is a whole world of private data and this makes it so attractive for phishing scams. Unless Facebook does about it, its users are under a continuous risk. Phishing scams on Facebook are at an all-time high, and solving this is their biggest challenge at the moment.

If you want to check whether your Facebook account is hacked, head over to  pwnedlist.com.

Stanford Researchers Breach Captcha Security Codes

Captcha is no surety of safety, demonstrated a group from Stanford University, thwarting the best guard we have against automated attacks. Captcha is supposed to be breakable only by humans, but not by bots or any other automated machines. A word or phrase, written in a style that cannot be read by a text editor is the method to achieve this. Users have to enter this code in order to gain access. It was developed at Carnegie Mellon University by a graduate student in 2000. Captcha is actually a fancy acronym for a bland sentence Completely Automated Public Turing Test to tell Computers and Humans Apart.

Breached!!

The Decaptcha

Stanford Security Laboratory post-doctoral researchers Elie Bursztein, Matthieu Martin and John C. Mitchell busted that myth as they created a tool, named DeCaptcha, that breaks codes 13 out of 15times. The sites used for testing were high-profile sites like CNN, Visa, eBay and Wikipedia. Bursztein says:

For example, our automated Decaptcha tool breaks the Wikipedia scheme… approximately 25% of the time. 13 out of 15 of the most widely used current schemes are similarly vulnerable to automated attack by our tool. Therefore, there is a clear need for a comprehensive set of design and testing principles that will lead to more robust captchas

The principle for the working for Decaptcha is simple it just reduces background noise, breaks strings into single characters and recognizes the pattern. It achieved varying degrees of success at various sites. It broke Visa’s Authorise.net 66% of the time and eBay 43% of the time. Wikipedia clocked in at 25% in the rate of being breached.

The team shared a report elucidating the strengths and weaknesses of the Captcha method. The link is given below.

Report link:  http://cdn.ly.tl/publications/text-based-captcha-strengths-and-weaknesses.pdf

Google Untouched!

There is, however, some good news for those seeking online security. Google was unbeatable and so was reCAPTCHA. reCAPTCHA is an improved version of Captcha, which makes it more difficult for bots to recognize patterns by warping and twisting words into strange forms readable only by humans. Google now owns reCAPTCHA, which it acquired in 2009. On these two cases, Decaptcha scored no breaches.

Not yet breached!

The bottom line is that Captcha needs to be upgraded. Next time you feel smug about getting in a site by correctly typing in the captcha code, think twice. There are some smart computer programs sharing the same cyberspace!

Report on strengths and weaknesses of Captcha:  http://cdn.ly.tl/publications/text-based-captcha-strengths-and-weaknesses.pdf