Tag Archive | "cyber crooks"

Tags: , ,

Cybercrooks Using Malicious Video Advertisements to Plant Malware

Posted on 13 November 2015 by GranTorinoGuy

Hackers and cybercrooks are busier than ever, and they won’t back down at anything that gets in their way of spreading their malicious creations. In an effort to more effectively spread malware, cybercrooks are taking their distribution methods to video advertisements.

What is technically known as a method of malvertising, is a process of spreading malware through advertisements, which has been around for many years. Among various ad networks cybercrooks are able to inject their malicious ads that cause redirects to malicious sites that offer or initiate the download of malware.

In the latest schemes of spreading malware through malvertising, cybercrooks are aggressively using video ads as a means of spreading malware. The video ads that hackers target are ones distributed through ads served on high-traffic sites.

What is happening in these cases is that cybercrooks grant themselves access to various ad networks where they must purchase ad space for running the more-expensive video ads. Once access is granted they misleadingly serve up ads that should not be approved by they are sneaky in their approach as to not alert the ad network serving the ads.

Currently, it is very difficult to estimate how many malicious video ads are running on any giving website, even if it is a high-traffic site well-known to internet surfers.

Companies are starting to serve more and more video ads and publishers that monetize those video ads should pay close attention to each network channel that serves up third party coding for those ads. Where there is third party ad coding involved, there is a likelihood of cybercrooks taking advantage of the ad servicing and delivering malicious ads.

As far as avoiding malicious video ads, there is no sure way. The only thing end users can do is to take proactive steps in running antivirus and/or antimalware software to detect and eliminate malicious threats when they occur. Other things computer users can do is to avoid visiting questionable sites or ones that display advertisements that seem out of the ordinary or offer something that is just too good to be true.

Popularity: 9%

Comments (0)

Tags: , , , , ,

US Requiring HTTPS for all Public Government Websites

Posted on 09 June 2015 by GranTorinoGuy

Lately U.S. government websites have been the brunt of attacks where hackers found ways to deface some of them and collect sensitive data in other cases. To put a stop to this chaos, it is being mandated by the U.S. government that all public government websites utilizing the HTTPS security protocol.

HTTPS deployment is an assurance of a website having authenticated communications with the data sent back and forth over the internet. With HTTPS, which is known as HTTP over SSL or HTTP Secure, websites are encrypted and decrypted with the information that they transmit. Basically, use of HTTPS will make the data transmitted to and from government websites encrypted where attackers could not compromise the information or use it to wage an attack against the sites.

Computer users who often surf the web visiting financial sites or make purchases on legitimate shopping sites are accustomed to seeing a HTTPS site load where the URL field of most web browsers is highlighted green or shows a lock icon. In such cases of using HTTPS, the site prevents eavesdropping and will ultimately ensure the U.S. government of information transmitted over the vast internet being secure.

With the actions of the government making all publicly accessible sites use HTTPS, it will be difficult for third parties to intercept communications. In the end, this will fortify the U.S. government and make the sites secure for all users, not use those outside of the U.S. government.

The U.S. CIO, Tony Scott, said, “With this new requirement, the Federal web community seeks to drive faster internet-wide adoption of HTTPS and promote better privacy standards for the entire browsing public.”

With Edward Snowden’s many revelations about the U.S. government and their alleged snooping on the public, the irony gets thick as attackers and hacker activist groups wage war on many U.S. government sites that have proven to be vulnerable.

In March, the proposal of mandatory use of HTTPS was issued after the government started accepting comments on its plans from the security community and public. As it turns out, the consideration is a real thing and is in process of being deployed.

Popularity: 15%

Comments (0)

Tags: , , , ,

Ramnit Botnet Extends Infection Reach To Over 28 Countries and 500,000 Computers

Posted on 11 March 2015 by GranTorinoGuy

The Ramnit malware threat, which has recently evolved into a dangerous botnet, is extending its presence across the world infecting hundreds of thousands of computers. The systems infected with Ramnit may be used to exploit online banking accounts, much like how other well-known botnets have done in the past.

Among many of the banking theft botnets, Ramnit is a bit late to the game getting its start in 2010, then recognized as a computer worm threat. Now, after an update through as many as two command and control servers, Ramnit has the ability to shut down security applications including all security components of Windows.

The expansion of Ramnit tends to lead experts down a path where such an infection may reach over a million computers before it is stopped in its tracks. Because of the unsurpassed sophistication of Ramnit, it has an upper hand to evade tracking and detection.

Dynamic IPs used by Ramnit on infected systems makes it difficult to track them down. Additionally, in the past six months Microsoft researchers have seen more than 500,000 systems become infected making the growth rate of Ramnit rather alarming.

The vast spread of Ramnit has reached more than 28 countries, and that number is bound to go up. Among those 28 countries, the most compromised systems reside in Indonesia with about 90,925 in total accounting for 26.27% according to Symantec’s data in recording this infection thus far. India is second in line with 80,144 infections at a 23.16% rate with Vietnam at 37,708 and a 10.03% rate with Algeria at 5.73% and Thailand at 4.84% completing the top 5 locations.

Other regions of the world account for 23 countries where Ramnit has reached, including the UK Egypt, Philippines, Saudi Arabia, Pakistan, Iran, Azerbaijan, Morocco, Nepal, Nigeria, Malaysia, Romania, Yemen, Russian Federation, Turkey, Mexico, China, Brazil, Myanmar, Palestinian Territory, and Mongolia.

From the extensive list of countries showing no rhyme or reason for the locations, Ramnit’s operators have no desire to focus in on a specific target location. However, it may be prudent to mention that attackers behind sophisticated botnets like Ramnit may exploit systems that prove to be more vulnerable than others, which could lead them down a path to virtually any location in the world.

Popularity: 15%

Comments (0)

Tags: , , ,

Beware: Scam Designed to Steal Gmail Info Is Difficult to Catch

Posted on 25 March 2014 by GranTorinoGuy

Hackers and cybercrooks are always on the leading edge of exploiting computer users and one of the latest scams is one that is almost impossible to catch where it pretends to be a Google document leading to a Gmail login interface that steals your login information.

Many of us use Google in some shape or form and there is a large population that utilizes actual Google services including Gmail and Google Docs. Scammers are sending out spam emails that contain an alleged Google doc that directs you to a webpage that resembles a Google Drive login and sign-up page. This Google Drive page is rather clever in that it is almost identical to the legitimate login page, which is part of why this scam is difficult to detect or catch.

The fake pages created by hackers in this scam is yet another extension of how cybercrooks are crafty in creating phishing sites that closely resemble the legitimate form that it is attempting to mimic. In the case of the Google Drive login phishing page, most computer users will not be able to decipher the real one and the phishing page as shown in figure 1 and 2 respectfully.

Figure 1. Fake Google Drive sign-in page

Figure 2. Legitimate Google Drive sign-in page

Using the fake login page will collect your login details providing hackers with unadulterated access to your Google account, which could allow cybercrooks to pilfer your personal life by accessing items within your Gmail account and others.

As an answer to this massive scam, Google has taken action to remove the fake pages. “We’ve removed the fake pages and our abuse team is working to prevent this kind of spoofing from happening again,” a representative from Google explained to the press. “If you think you may have accidentally given out your account information, please reset your password.”

In some cases, this scam is customized for different users where some systems may load a different version of the Google Drive phishing page. For now, computer users should still be on the lookout for phishing scams like this one even though Google is cracking down on them. Remember, hackers are relentless in their actions to continually attack unsuspecting computer users. In the case of this recent Google Drive phishing attack, the unsuspecting can be anyone as this clever scam is difficult to catch even for so-called computer experts.

Popularity: 10%

Comments (0)

Tags: , , ,

Beware of Netflix Phishing Scam Tricking Customers with Fake Member Services

Posted on 05 March 2014 by GranTorinoGuy

Netflix is a giant in the scheme of streaming movies and movie rentals through the mail. They reportedly have over 40 million subscribers around the world. As it turns out, hackers and cybercrooks are attempting to scam users with a new phishing technique preying on the blind trust of customer service representatives.

In what appears to be a phishing campaign from a fake Netflix customer service number, users are being exploited in a way where they are presented with an “Important Notice” claiming that unusual activity was detected on the Netflix account. The user is given a 1-800 number on the screen with an error code to reference. Users who call up the number the rogue represented instructs the user to go through a process where the so-called service rep is able to connect to the user’s computer through the remote control software Teamviewer. From there, the fake agent searches the system for banking information or other personal data they can use for potential identity theft of theft of money from an online banking account.

This new phishing technique is rather clever but it is not the first of its kind. Scammers have long been known to use fake customer service setups to exploit gullible computer users. In the case of the Netflix phishing scam, users are easily victimized because of how clever the “Important Notice” error message is.

There are a lot of issues and red flags to point out about the whole scam starting with the message as it is never a case where Netflix would warn you through your computer on an alert message of unusual activity on your Netflix account. Additionally, a service agent at Netflix would never connect to your computer to resolve a supposed issue causing such an error message.

The video below is the complete phishing scam in action where a computer may have redirected you to a malicious site and then initiate the scam. The video also goes through the full conversation with the said member services, which is a complete scam even claiming that there is a hacker on the computer causing the issue.

We highly advice computer users to utilize caution with such messages as the fake Netflix “Important Notice”. These scammers are sneaky and they don’t want to help you, they want to hurt you badly through stealing from you by any means necessary within their power.

Popularity: 14%

Comments (0)

Tags: , , , ,

Over 60% of Malware Analysts Report Investigations of Undisclosed Security Breaches

Posted on 22 November 2013 by GranTorinoGuy

Security breaches are almost a common expected thing to take place in today’s massively technology-intrigued world. In a new ThreatTrack Security study, it was revealed that security breaches are occurring at a much higher rate than initially reported by many security researchers.

ThreatTrack has found that about 6 out of 10 of US-based malware analysts interviewed about security breaches failed to disclose breach incidents that their own company experienced in the past. This very detail, had led to further investigations uncovering IT security works as the main problem when it come to protecting their company against attacks.

In about 35% of cases where security breaches occur, the security professionals or staff responsible for securing the attacked network was the ones initially responsible for clicking on a malicious link in shady emails or mobile apps.

ThreatTrack CEO Julian Waits Sr said, “While it is discouraging that so many malware analysts are aware of security breaches that enterprises have not disclosed, it is no surprise that the breaches are occurring. Every day, malware becomes more sophisticated, and US enterprises are constantly targeted for cyber espionage campaigns from overseas competitors and foreign governments.” Basically, the study has revealed the idea that malware analysts are aware of the threats they face, but many of them may fail to report their inability to fight the given cyber-attacks. Additionally, they will commonly point out their lack of proper resources and tools to protect their own company from attacks.

About 40% of the 200 professionals taking part in the survey, originally conducted by Opinion Matters on behalf of ThreatTrack Security, are deemed as the main culprit in cyber-attacks against their own company. By knowing this bit of information, the rates and numbers of security breaches actually reported is totally skewed in the broad scope of finding out how many security breaches actually take place. Essentially, it makes everyone’s job a little more difficult, but the attackers are basking in their glory in knowing how they can take advantage of some companies.

Bottom line is that over 60% of security researchers are now reporting cases of undisclosed breaches from surveys and simple inquiries among US-based companies who have at one time been suspected to be a vulnerable asset in a security breach. That is rather scary in the full scope of things when you consider some of these companies may harbor your personal information or banking data.

Popularity: 21%

Comments (0)

Tags: , , , ,

Average Time It Takes Cybercriminals to Start Exploiting Breaking News Decreases to 22 Hours

Posted on 28 September 2013 by GranTorinoGuy

It is almost a daily occurrence that cybercrooks find the most popular news stories or breaking news events to exploit. Researchers from Commtouch Security have now made the conclusion for the time it takes for cybercriminals to start exploiting breaking news is now around 22 hours, the lowest we have ever seen.

Cybercrooks waste no time in their efforts to ramp up actions for exploiting some popular news story. It is almost as expected as you are to take your next breath of air. Cybercriminals in their malware distribution campaigns commonly utilize a popular news subject or breaking news to get traction on search engines. Naturally, popular search engines like Google, Bing and Yahoo will quickly pick up a breaking news story. Hackers thrive on this idea and virtually waste no time in rehashing a version of the story on either a hacked website or one specifically designed to exploit computer users through news stories eventually spreading malware.

Over the past few months, experts have taken notice to the start time of a breaking news event and how long it takes cybercrooks to react to the news by posting their malware-laced stories related to the news. It was found that, in April of this year, the average time was 27 hours when examining the Boston Marathon bombings. In recent events, such as the Royal Baby, Syrian conflict, NSA leaks and even the U.S. government shutdown, the start-time has shrunk to just 22 hours.

In retrospect, 22 hours is a short amount of time for getting breaking news stories out where the posts or pages have malware linked in one way or another. Just think, a breaking news story floods the media at 9am this morning, and the hackers have their own version of the story, only laced with malware by 7am the next morning. In some instances, this is faster than some reputable news outlets are able to confirm and relay a breaking news story on their website.

Do you think cybercrooks will eventually break popular news stories to us laced with malware faster than the top news websites in the near future? After-all, what is stopping them from doing that?

Popularity: 20%

Comments (0)

Tags: , , , , , , , , ,

More Hacking Threats Are Expected to Spread As Mobile Phones Continue to Evolve

Posted on 21 December 2009 by admin

Mobile phones are like computers these days. So if you can do with a phone what could only be done on a computer before, then hackers can to.

Mobile phones have become more vulnerable to traditional computer menaces like hackers and viruses. Russian anti-virus company Kaspersky Lab has reported on a new malicious program that stole money by taking over Nokia phones and making small charges to the owners’ wireless accounts. Recently, an Australian student created a worm that spread through “jailbroken” (altered to run software Apple has not authorized) iPhones. The worm did not cause any damage, it uploaded a photo of ’80s pop star Rick Astley. To security experts, this suggested that cyber attacks on iPhones are possible. Where there are security threats, there are always money-hungry cyber crooks looking to capitalize on the innocent.

Earlier in December, Khosla Ventures, a prominent Silicon Valley venture capital firm, led an investment group that injected $5.5 million into a fledgling security start-up called Lookout. Lookout is set to introduce security applications for the BlackBerry and iPhone after testing security software for phones running the Windows Mobile and Android operating systems. The software protects phones against rogue programs and gives phone owners the ability to remotely back up and erase the data on their phones.

A basic version of the software is free, while the company plans to charge a monthly subscription for a version with more features. It feels a lot like it did in 1999 in desktop security, according to John Hering, Lookout’s 26-year-old chief executive, who for years has done research demonstrating security vulnerabilities in phones. Hering says people are using the mobile Web and downloading applications more than ever before and there are threats that come with that.

Lookout represents the latest attempt to build a new business that capitalizes on the surge of smartphones. Thousands of companies making mobile games, shopping tools and other programs have sprung up in the last two years as the iPhone, in particular, has taken off. Lookout and its investors believe this is the right time to get into the market. The rules of mobile are different, says Vinod Khosla, founder of Khosla Ventures, which also recently invested in Square, a mobile payments start-up. He says phones are people’s most personal computer, and needs to be protected.

Companies like Research In Motion, who made the BlackBerry, and Good Technology, a Silicon Valley-based mobile messaging firm, already offer mobile security tools, but their systems are aimed at businesses. Security firms like Symantec also have mobile security divisions, and a five-year-old company, Trust Digital, based in McLean, Va., has set its sights on this market.

Lookout says it can address the unique challenges of protecting cellphones, like preserving battery life. While the company will not give details, it says it has figured out how to get its software to work on the iPhone, which does not allow non-Apple programs to operate in the background, as security software typically does. Hering and his co-founder, Kevin Mahaffey, have been publicly demonstrating the weaknesses of mobile phones for some time.

In 2005, they camped outside the Academy Awards ceremony in Hollywood and scanned the phones of stars walking the red carpet, using a short-range Bluetooth wireless connection. They found that as many as 100 of the phones were vulnerable to hacking over such a connection. That year, at the Black Hat security conference in Las Vegas, they hacked into a phone over a mile away using Bluetooth.

Lookout’s founders and backers concede that for now, snoops and bad guys pose much less of a threat to cellphones than to PCs. But they believe there is an immediate need for software that preserves and protects a phone’s data, from email to corporate information, and they say current systems do not work when a family or business has multiple types of cellphones on various wireless networks. For instance, a small business could install the Lookout software on many different types of devices, back up all the data and remotely erase a phone if, say, an employee leaves it in a cab.

Jeff Moss, a security expert and organizer of the Black Hat conference, said mobile security had historically been a solution in search of a problem. But he said that mobile viruses had recently become more common in Asia. His own Nokia N97 phone even caught a bug recently, but the software he was running from F-Secure, a Finnish security company, caught it in time. Moss says the tipping point will be when we start using phone to shop and conduct banking, because the more we do with a phone, the more valuable a target it will become.

Popularity: 31%

Comments (0)