Just in time for Halloween, one of the world’s stealthiest, most pervasive, and just plain terrifying botnets has received a complete makeover. A disturbing development in an arena where adware, malware, botnets and Trojans are already making our worst nightmares come true, the new face of TDL4 suggests that our anti-spam efforts will become even more trying. Not to be outdone, M. Night Shyamalan is rumored to be taking the directing helm for an overtly artsy movie treatment of the situation. Mercifully, reports suggest that the movie will circumvent theaters and go straight to Blu-Ray.

In an attempt to reinforce the gravity of the situation – and in keeping with the time of the year – we could implement some irritatingly flashing lights, pithy onomatopoeias, and ghoulish sound effects to convey the gravity of the situation; but like some of the greatest horror movies in the history of Hollywood, this is one of those instances where special effects and overdramatics just aren’t needed. This one is standalone scary. The TDL4 botnet, also known as Alureon and TDSS, recently received a thorough makeover, and if it’s as bad as some of the researchers are reporting, we may be the ones picking up the tab for the rootkit’s sexy new look.

Considered by many as the most sophisticated threat out there, TDL4 already had a reputation for being a naughty little boy before this most recent development in its evolution. With the ability to evade detection – either signature or heuristic based – and its encryption-based communication between bots and the botnet command and control center, TDL4 also contains a rootkit component which forces payloads of keyloggers, adware and other malware onto infected systems.

A major aspect of TDL4’s new look is in the way it infects its prey. According to The Register, “The makeover includes changes to the way TDL4 attempts to remain undetected by antivirus programs and other defenses. Newer versions create a hidden partition at the end of the infected machine’s hard disk and set it to active. This ensures that malicious code stashed in it is executed before the Windows operating system is run.” Furthermore, the malware has a nasty way of protecting itself against removal. “The partition is equipped with an advanced file system that checks the integrity of TDL4 components. If any of the files are corrupted, they’re removed.”

A chilling aspect to this story is the premonition that the reason for TDL4’s overhaul is most likely due to some new opportunities to conduct some nefarious business. “The code overhaul,” writes The Register, “may mean that operators of TDL4, which is used to force keyloggers, adware, and other malicious programs onto compromised machines, may have started providing services to other crimeware groups.” It’s pervasive and fast-moving, too. In June, the rootkit overtook 4.5 million computers in just three months.

In 2010, Vyacheslav Rusakov examined the rootkit in great detail and noted that, “There is no doubt that TDL-4 is ‘armed to the teeth’ and poses a very serious threat to users.” He also notes an increase in infections of 64 bit systems, not surprising since TDL4 was, “among the first rootkits to infect 64-bit versions of Windows by bypassing the OS’s kernel mode code signing policy. With the continued and increased usage of 64 bit systems, it’s inevitable that more and more malware will target these systems, and there are inherent problems with this new breed of malware. Rusakov points out that, “most contemporary antivirus, and specifically anti-rootkit, technologies are no match for threats targeting 64-bit platforms, which makes the average malware writer’s life much easier.”

As usual, we’re either just keeping up, or more likely, falling behind in the battle against malware. “The latest changes suggest that the relentless innovation of those developing TDL4 shows no signs of slowing,” reports The Register, and there’s no arguing with the obvious.

As I write this article on the eve before Halloween, I stop to stare out my window at the first snowfall of the pending winter. The last remnants of the summer – the dead and dying leaves – are unceremoniously ripped from the trees by an unfriendly arctic blast. Perhaps it’s my overactive imagination combined with the starkness of Halloween, but the imagery seems fitting.  If this new demon that is TDL4 is half the monster that they’re saying it is, 2012 is going to be a scary year.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

BOO! TDL4 Botnet Makeover Scary as Hell

In a world where the only thing standing between us and the spammers, phishers and hackers is a little piece of tunneling security that keeps IT admins dreaming about warm and snuggly things, the idea of that security being breached is a beastly demon no one could have envisioned. Unfortunately, the pleasant dreams are over and the BEAST is a nightmare that will rock the Internet world, and warm milk ain’t gonna fix this one, folks.

When I go to sleep at night, I do it with the comforting belief that when I awake in the morning and put my feet on the floor, there will be a floor underneath me. In much the same way, I traverse the web knowing full-well that my surfing habits, private information and transactions are snugly tucked away inside a warm blanket of encryption known as SSL/TLS. So when the floor gets yanked out from underneath my feet, you can understand how I might get a little pissed off. And that’s exactly how I felt this morning when I discovered that the floor that protected me from the creeps has begun to sway, as if I had just spent Saturday night at the pub and the floor wasn’t particularly happy about it.

If you want to share the experience, look no further than The Register, which is reporting that at the Ekoparty security conference in Buenos Aires last week, researchers Thai Duong and Juliano Rizzo unveiled their work – BEAST, short for Browser Exploit Against SSL/TLS – which attacks TLS and SSL, the protocols that heretofore kept us warm at night. BEAST is a nifty piece of JavaScript that works alongside a network sniffer to decrypt user account cookies and gain access to restricted user accounts. Yes, you heard it right.

Sing Along: It’s the End of the World as We Know it…Or is it?

Duong and Rizzo made news last year when they unveiled a point-and-click tool that exposes private information and executes arbitrary code. According to Duong, the demo decrypted an authentication cookie used to access a PayPal account. The exploit of SSL and TLS is not a new idea, actually, since the idea was conceived back in 2002; but for years it’s been considered theoretical at best – until now, that is.

Duong noted in an email published by The Register that “BEAST is different than most published attacks against HTTPS. While other attacks focus on the authenticity property of SSL, BEAST attacks the confidentiality of the protocol. As far as we know, BEAST implements the first attack that actually decrypts HTTPS requests.”

In case you’re wondering how many canned goods you have in the pantry, worry not: it’s not yet time to strip naked and run through the streets proclaiming the end of the world.

“The vulnerability resides in versions 1.0 and earlier of TLS, or transport layer security, the successor to the secure sockets layer technology that serves as the internet’s foundation of trust,” The Register reports.

It’s not all good news, though.

“Although versions 1.1 and 1.2 of TLS aren’t susceptible, they remain almost entirely unsupported in browsers and websites alike, making encrypted transactions on PayPal, GMail, and just about every other website vulnerable to eavesdropping by hackers who are able to control the connection between the end user and the website he’s visiting.”

Furthermore, independent security analyst Trevor Perrin writes:

“BEAST is like a cryptographic Trojan horse – an attacker slips a bit of JavaScript into your browser, and the JavaScript collaborates with a network sniffer to undermine your HTTPS connection. If the attack works as quickly and widely as [Duong and Rizzo] claim, it’s a legitimate threat.”

Note: Those who run a web server and who may be concerned about security should modify the servers to favor the rc4-sha cipher, which is widely supported and not vulnerable to the attack unveiled by Duong and Rizzo.

Time to Call Some People Out

It’s being reported that:

“Duong and Rizzo tipped off the major browser vendors about their findings months ago but so far the only response appears to have come from the folks at Chrome. A fix for the attack is currently under test in the development version of their browser.”

REALLY? Shame on you, browser makers. Not surprisingly, two days after The Register first published their article, Google released a developer version of its Chrome browser designed to thwart the attack.

Time to go and huddle in a corner. Now, where did I put that tin foil hat?

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

“Holy [Insert Expletive Here]! Et Tu, SSL?”

Spam-ready tablets off the shelves? Zombie PCs out of the box? Testifying before U.S. Congress this week, a top official for the Department of Homeland Security said that technology being imported into the country is sometimes known to contain preloaded security threats. The disturbing news leaves us wondering what’s next – perhaps our credit card numbers automatically being published to Twitter and Facebook when we sign up for an account?

As if the raging war on spam isn’t bad enough, an ominous moment in U.S. Congress this week should leave an unsettling feeling in anyone who has purchased a PC, tablet, or any other connected device; anyone who worries about the safety of their information, for that matter – in other words, pretty much everyone.

Testifying before Congress at the House Oversight and Government Reform Committee this week, Greg Schaffer –the Department of Homeland Security (DHS) Assistant Secretary for Cybersecurity and Communications – admitted that Homeland Security and the White House are aware that electronics and software imported into and sold in the United States are sometimes pre-installed with malware, spyware, keyloggers, and even the components of botnets. Not only are they aware of these threat-laden devices, various media outlets report, but in fact they have been aware for quite some time.

Fast Company first reported the story on Friday. Schaffer was testifying in a tense exchange between himself and Representative Jason Chaffetz. “When asked by Rep. Chaffetz whether Schaffer was aware of any foreign-manufactured software or hardware components that had been purposely embedded with security risks, the DHS representative stated that ‘I am aware of instances where that has happened,’” but not before a long pause where Schaffer seemingly considered the implications of his answer.

According to PC World, Schaffer didn’t go as far as singling out PCs, tablets, or even DVDs and smart phones.

“Schaffer admitted he is aware of instances when foreign-made technology was built with embedded security risks but did not elaborate on what kind of equipment DHS has encountered. He also pointed out that overseas components are found in many domestically manufactured electronics.” [Emphasis added]

It’s not news that some consumer devices and products have entered the retail world with viruses or other malware. Several years ago, digital picture frames with USB ports were found to be infected, and every so often a piece of software is inadvertently set into the wild with some sort of Trojan or some such malware. What makes this story chilling, however, is Schaffer’s implication that the problem could be far larger than just the odd digital photo frame or errant code in a piece of software. If the malware is actually hard-coded onto a chip – as opposed to pre-installed on a hard disk drive – then these chips could be finding their way into everything that has a wired or wireless connection with the Internet. The problem? Hard drives can be wiped. Onboard chips are like taxes – they’re there for life.

Neal Ungerleider of Fast Company suggests that something sinister may be at work here, drawing from the White House’s Cyberspace Policy Review:

“[In the review] is a small acknowledgment that the Executive Branch knows something weird is happening in imported tech:

‘The emergence of new centers for manufacturing, design, and research across the globe raises concerns about the potential for easier subversion of computers and networks through subtle hardware or software manipulations. Counterfeit products have created the most visible supply problems, but few documented examples exist of unambiguous, deliberate subversions…The challenge with supply chain attacks is that a sophisticated adversary might narrowly focus on particular systems and make manipulation virtually impossible to discover. Foreign manufacturing does present easier opportunities for nation-state adversaries to subvert products; however, the same goals could be achieved through the recruitment of key insiders or other espionage activities.’” [Emphasis added]

Don’t Panic!

As disturbingly eerie as this information certainly is, it poses the question: what can we do about it? The answer is readily available. Nothing – at least not as single consumers or even as IT/IS Managers. Some might decide to throw out all their devices and in a Walden moment, return to nature, resorting to carrier pigeons and smoke signals to communicate with the outside world; but most of us recognize that technology owns us now, and for good or for bad, better or worse, we like it. Heck, we love it! We refuse to reject technology because, well, how could we? It makes our lives easier. It makes our lives better, at least if you believe the mantras of GE (We Bring Good Things to Life) and LG (Life’s Good).

Conspiracy Theory

Assume for a moment that the White House and other governments know far more than they’re saying (not a leap at all). Then assume that detecting and removing these hard-coded security risks not only represents a huge difficulty, but rather a virtual impossibility (not a stretch). Now imagine that the threats represented by this built-in malware could be a mixture of state-sponsored and/or private interests – some in it for innocuous concepts like ‘national security’ and some in it for more tangible returns like money. Finally, imagine if the whole truth got out – how it would create such a panic that Greece’s finances would seem rock-solid next to what was left of the global economy. No wonder Schaffer took so long to answer.

As much as it sounds like the stuff that Hollywood is made of, the truth is in there somewhere. If so, then (for all you Star Trek fans) like the Borg, this new threat is lurking and waiting, ready to pounce and assimilate your information, and there’s not a darned thing you – or anyone else – can do about it. Come to think of it, spam is the equivalent of the Borg – maybe even a progenitor of the 24th Century race.

I think I’m going to avoid the rush and post all my personal information on Twitter. I hate waiting.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

U.S. Official Admits Imported Computer Tech is Known to be Infected

In what surely must be the third sign of the pending apocalypse, video game industry icon, Sega Corp. is hacked for data on 1.3 million of its users. And just when you thought the world hadn’t gotten any stranger, hacktivist group LulzSec offers assistance to the creators of Sonic the Hedgehog. The problem: the real victims in these attacks are the users, caught in the middle of a brewing war that will inevitably lead to more spam.

One would think that gaming giants like Sony and Nintendo could manage a basic task like keeping their doors locked and blinds drawn, and one would be wrong; but lest you think that they’re alone, look no further than another venerable icon in the game development world, Sega Corp., which this week announced that they too had been hit by the bug that of late seems to have a nasty habit of popping up on a weekly basis.

“Names, birth dates, e-mail addresses and encrypted passwords of users of Sega Pass online network members had been compromised,” Sega said in a statement on June 19th, also indicating that while no credit card information had been compromised, a whopping 1.3 million user accounts were breached.

Add this to the tally of an estimated 100 million plus PSN, Qriocity and Sony BMG Music users and you have yourself a startling amount of personal information floating out there in the cloud. (Nintendo got off easily: LulzSec ‘merely’ posted a server configuration file on their site to show that they could hack Nintendo if they so desired).

Recognizing that not all of the players have been so forthcoming, and in the spirit of giving credit where credit is due, hats off to Sega for getting in front of this one.

“We are deeply sorry for causing trouble to our customers,” said Sega spokesperson Yoko Nagasawa, “We want to work on strengthening security.”

So, is it coincidence that all three gaming companies are Japan-based? Probably. But it isn’t coincidental that some of the biggest names in the gaming software world have been compromised by a variety of groups – Anonymous and LulzSec have laid claim to the Sony breaches, and as mentioned, LulzSec felt the need to point out a security flaw in Nintendo’s security, but so far no one has taken responsibility for Sega. Of this, however, we are certain: it probably wasn’t LulzSec.

How can we be sure that it wasn’t LulzSec? Well, in a bizarre twist of events, LulzSec has come forth to offer its assistance in tracking down the perpetrator. On June 17th the group posted to Twitter: “@Sega – contact us. We want to help you destroy the hackers that attacked you. We love the Dreamcast, these people are going down.”

Whether Sega takes LulzSec up on the offer is anybody’s guess (‘probably not’ is the consensus here), but the group that targeted the U.S. Government after President Obama made hacking a declaration of war just can’t seem to get its philosophical mojo in sync with its actions. LulzSec has stated that their attack on Sony was a blow in the name of solidarity after Sony declared its own war on iPhone hacker extraordinaire, George Hotz, better known as GeoHot. But in what felt like an “I love you, man!” moment, LulzSec seemed almost honorable in its hack on Nintendo, stating publicly that they simply wanted to make Nintendo aware of its own vulnerabilities. Now that Sega has been hacked, however, LulzSec wants to help because they clearly like Sega (or, at least, the Dreamcast). It feels like frontier justice, the Old West approach to settling a beef, and while some might applaud LulzSec’s attempt at heroism, one cannot help but wonder: “what happens if I tick these guys off?”

What, indeed. LulzSec has declared its own war, but the burning question is who is the enemy? On June 15th, LulzSec posted to Twitter: “Tango down – cia.gov – for the lulz.”  According to the International Business Times, “The site of the CIA, which engages in covert activities at the request of the President of the United States, was back two hours later. The CIA has not revealed that valuable information was stolen.” And on June 13th, the group took on the U.S. Senate website, stating “We don’t like the US government very much.  Their boats are weak, their lulz are low, and their sites aren’t very secure.  In an attempt to help them fix their issues, we’ve decided to donate additional lulz in the form of owning them some more!”

Data Insecurity

Everyone wants to talk about the economic impact on the targeted companies, but with the amount of information that’s been compromised, it’s the guys in the middle of this brewing war – the end users – who are the true victims. It’s highly unlikely that Anonymous is sitting on the data, and LulzSec seems to enjoy giving it away for free. Regardless of the cost, it’s conceivable that data breaches like the ones on the game companies will lead to spam-laden inboxes. One only has to look at the highly-publicized attack on Epsilon earlier this year.

Where does it all end? This week, LulzSec released a manifesto of sorts, as the group celebrated its 1,000th Tweet with a letter that reads like it was co-written by Charlie Sheen.

“Yes, yes, there’s always the argument that releasing everything in full is just as evil, what with accounts being stolen and abused, but welcome to 2011…We’ve been entertaining you 1000 times with 140 characters or less, and we’ll continue creating things that are exciting and new until we’re brought to justice, which we might well be.” Justice may eventually be LulzSec’s endgame, but until then, “this is the lulz lizard era, where we do things just because we find it entertaining.”

Entertaining? Really? Hey, Sonic the Hedgehog! See if you can escape the nasty trap that Dr. Robotnik set for you! Now that’s entertaining.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

LulzSec Offers Aid, ASCII Art to Sega After Big Hack Attack

In what is eerily beginning to look like a monthly ritual, another high-profile organization is targeted by Cyber Terrorism. This time it is the world’s largest military contractor. Is it World War III, or just another day at the office?

Lockheed Martin Corporation, the world’s largest defense contractor, announced this week that it staved off what it calls a “significant and tenacious attack” on its servers. The attack, which Lockheed Martin detected on May 21, still remains something of a mystery in terms of scope, but Reuters reports that, as of May 29, employee access was still down.

“No customer, program or employee personal data was compromised thanks to ‘almost immediate’ protective action taken after the attack was detected May 21,” company spokesperson Jennifer Whitlow stated in an email distributed by the company.

The Bethesda, Maryland company is the world’s biggest aerospace company and the largest supplier of military systems to the U.S. government. The maker of the F-16, F22 and F-35 Lightning fighter jets also sells military equipment across the globe.

In an effort, perhaps, to ensure that they themselves haven’t been compromised, the U.S. Government has offered its assistance in determining the scope and source of the attack. Bloomberg News reports that in a May 28 email from Homeland Security, spokesperson Chris Ortman states the Department of Homeland Security, along with the Department of Defense, is looking into the matter.

“[We are] aware of a cyber incident impacting [Lockheed]” and will be “determining the extent of the incident, performing analysis of available data in order to provide recommendations to mitigate further risk.”

Lockheed said in an email that the attack on May 21 was discovered “almost immediately” and no employee, program or customer data was lost. Lockheed uses RSAs mobile security platform. RSA, a division of EMC Corporation of Hopkinton, Massachussetts, recently increased security on their system after a security breach in March of this year. In that attack, amongst the stolen information were data directly related to RSA’s SecurID authentication products. MarketWatch reports that after this most recent attack, Lockheed Martin employees were required to change their passwords, and that the breach may have been a direct result of the SecurID information stolen from RSA.

Bloomberg helped clarify the possible nature of the attack, in statements from a source speaking under the condition of anonymity. “The remediation involves replacing the SecurID tokens issued by RSA that often expire in three years, said the person, who wasn’t authorized to discuss the matter publicly.” An eerie premonition of what might be coming next, EMCs clients include, “defense-contractor clients, which make missiles, aircraft and other weapons, [including] Northrop Grumman Corp. (NOC) and Raytheon Co. (RTN).” Bloomberg also stated that EMC declined comment on the matter.

Not surprisingly, the U.S. military remains tight-lipped on the matter. In an email, U.S. Air Force Lieutenant Colonel April Cunningham stated that the resulting fallout of the attack is, “minimal” and that the powers that be, “don’t expect any adverse effect.” Reuters also stated that Cunningham “declined to specify the nature of the impact, saying that as a matter of policy, the department does not not comment on operational matters,” and that DHS spokesperson Ortman said that the department will be working with Lockheed Martin to review the “available data in order to provide recommendations to mitigate further risk.”

2011: The Year of the Cyber Terrorist?

In the spirit of keeping score, the Lockheed Martin cyber attack is only the latest in a litany of high-profile targets, making 2011 seem more and more like the Year of the Cyber Terrorist:

• In January, the Canadian government was the target of an “unprecedented cyber-attack” by Chinese hackers, which took down the systems of two government agencies.
• In February, pro-Iranian hackers calling themselves the “Iranian Cyber Army” launched an attack against the Voice of America’s website. VOA’s Persian News Network also experienced satellite interruptions.
• In early March, major agencies of the government of South Korea were bombarded in a Distributed Denial of Service (DDoS) attack.
• Also in March, the European Commission revealed that it had been the victim of an “ongoing [and] widespread cyber attack” against its servers.
• In early April, email marketing firm Epsilon reported that it had been breached, in a targeted attack which could cost the affected parties more than $600 million;
• In mid April, Sony Corporation made news – over and over again – as its woes kept the company’s PlayStation Network and Qriocity servers dark for several weeks. The result of the attack saw the user account information of more than 70 million released into the wild.
• In May, the U.K. Finance Minister stated that the U.K. Government’s servers are under a constant state of attack, averaging more than one attack per day just on the Ministry of Finance.

Cyber Horror or Cyber Hype?

While it may be premature to declare this the Year of the Cyber Terrorist, it certainly seems like these attacks are becoming more frequent and more severe. Perhaps it would be more accurate to dub this the ‘Era of the Cyber Terrorist.’ Bill Davidow at Forbes suggests that World War III, if it ever occurs, will be fought on the battlefield of cyber space. Tony Bradley of PCWorld takes an interesting perspective in his article, Lockheed-Martin Attack Signals New Era of Cyber Espionage, suggesting that the era of cyber espionage is in full bloom. The attack on Lockheed Martin, Bradley writes, “seems at face value like either a state-sponsored attack, or an attack by well-funded hackers with the intent to market whatever information can be extracted internationally to other governments.”

Food for thought, or all-out lunacy? As if the media frenzy isn’t enough, this week China announced that it has an elite “Cyber Warfare Unit” dubbed the ‘Cyber Blue Team.’ The jury’s still out as to the purpose of Cyber Blue, but add to the mix last year’s kafuffle over Stuxnet and its intended purpose and you have yourself one heck of a Cyber Thriller, Hollywood movie rights and all.

Hmm. Time to get writing.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Lockheed Martin Latest to Succumb to “Significant” Cyber Attack

In the most recent spam scam to assault Facebook, users are being greeted with a message advising them to ‘verify’ their account, seemingly a noble act of spam prevention and surely not spam itself, right? Not so fast. Those rascally little hackers have swapped out the ‘Like – Comment – Share’ links with a ‘== VERIFY MY ACCOUNT ==’ link, making clicking eminently attractive and practically unavoidable for the uninformed user. Clicking the link, of course, has exactly the opposite effect advertised by the malware, not only posting the message on the user’s wall, but in fact spreading JavaScript that, according to The Register, is “highly obfuscated.” (If interested, you can check out an interesting analysis of the script here.)

“Facebook has become a veritable cesspool of spam, with fake links promising to show users things like how many people have visited your profile or the never-released photos of Osama bin Laden’s body,” reports the Detroit Free Press.

In fact, it seems that these clickjacking schemes have become the norm and Facebook, by its own admission, has only been able to react to the scams as they appear.

“We’ve been shutting down the scammy pages that are the source of this spam as soon as we detect them or they’re reported to us,” Facebook’s Fred Wolens told the Free Press.

So let’s return to the kingdom of the blind. No disrespect to any Facebook user intended, but knowing how to recognize a genuine security threat often requires three things: experience, specialized understanding in what goes on under the hood, and the requisite savvy that comes with being an IT professional. The first one is easy. Think about the first time you learned that touching an open flame wasn’t such a good idea. Anyone who’s been nailed at least once by a malicious link will testify that they think twice before clicking again. The second and third, however, require specialized information that, simply speaking, aren’t part of the average computer user’s frame of reference. And to be fair to Facebook users everywhere, they shouldn’t need to have that specialized knowledge. It would be counterintuitive to the concept that Facebook is easy to join. Easy to use.

To give Facebook credit, last week the website announced several new features implemented to combat clickjacking:

• Web of Trust (WOT) – Web of Trust is a free service that grades sites based on user experience. Basically a community that relies upon reported links, WOT intercepts links in Facebook, warning the user that the link could be dangerous, if it has been frequently reported by the community.
• Clickjacking Prevention – Since clickjacking is based on tricking the user into thinking they’re clicking on one thing when in fact they’re clicking on another, Facebook has implemented extra security measures to detect whether links are trying to pretend they’re something else. In essence, users will be required to confirm their choices when they click “Like.”
• Cross-Site Scripting (XSS) Protection – Malware often tricks users into pasting malicious code into the browser address bar. Facebook has added an extra layer of protection, providing a popup window advising the user that he or she is trying to address a bad link.
• Login Approvals – Facebook has added an optional – but highly recommended – layer of security by offering two-factor authentication, meaning that whenever a user tries to log on to Facebook from a new device, he or she will also have to enter a code sent via SMS to the user’s mobile device.

If you’re reading this and you have responsibility for office workers who have access to Facebook, you’re probably already copying and pasting into an enterprise-wide email. That would be a wise choice.

Let’s face the facts. Social networking does a great job of bringing people together in cyberspace. The problem: it also makes it way too easy to put hackers, spammers and cyberpunks together with innocent users who are not trained – or even interested in being trained – in how to recognize malicious code and spam when and where it appears. As memberships continue to grow in unprecedented proportions, hackers will continue to figure out how to exploit the system.

You had better hang on. The one-eyed men aren’t going away anytime soon. In fact, they’re fitting themselves for crowns.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Facebook Spam Prevention Scam Propagates, Hackers Rejoice

Recent Security Breaches May Bring Discussions on Cloud Computing Crashing Back to Earth

Cloud computing isn’t a new concept. Technically speaking (and some may disagree), cloud computing is as old as public chat rooms and web mail. As long as we’ve been able to attach a file and send it out into the cold, dark server-based galaxy of cyberspace, we’ve all been living in the cloud. The term itself – cloud computing – is nothing more than a marketing construct developed by software companies for the express purpose of paying homage to the offices of CEOs and Boards of Directors, wherein the almighty dollar is king.

That’s the cynical view. Now for the idealistic, almost Utopian, approach:

Cloud computing is the miracle cure that will change our lives to the point where we wonder how we survived the chaos that existed before living in the cloud. It will increase productivity and collaboration, reduce office footprints by giving rise to telecommuting. Some may say that it even reduces the need for localized data security because the security is now in the safe, competent hands of dedicated data centers. The cloud even tips a hat to green computing, reducing the carbon footprint in offices by passing application and data loads off to remote servers, thus reducing the need for localized and/or dedicated servers (truth be told, the jury’s still out on this one).

Stand back and take a long look at both these views. Does either ring true? Of course not. In fact, the truth seems to lie somewhere in the middle, but all good IS Managers approach the topic cautiously and with a great deal of research into the pros and the cons, the tools and the risks. The implications of employee training alone can leave the strongest of IT people waking in the middle of the night, screaming for their mommies. All the while, evangelists in the form of software account managers stand on soapboxes, thumping on white papers that explain cloud computing and its cost benefits and pointing long, bony index fingers straight at us, promising, “this is what cloud computing can – nay, will – do for you! ROI! ROI!”

It’s no wonder that the caution, confusion and fear have risen to monumental levels; but like the tortoise in Aesop’s fable, IT professionals approach the finish line, slowly and steadily, hoping all the while that the bosses won’t push them over the edge of a precipice from which there is no safe return.

Amidst all the confusion, news of recent security breaches at some very large companies may be the warning that IT people everywhere have been looking for – the ammunition they need to remind their bosses that being the first to jump off a cliff before checking for water below isn’t the best way to embrace innovation. The recent woes felt by Sony Corporation, Epsilon and Amazon serve as that useful warning. While some may not recognize the name Epsilon as a household name, all will recognize the other two. If one was asked to name the top technology companies in the world today, Sony and Amazon would surely be in that list. So it’s no surprise that the news of these data breaches (a reported 100 million accounts compromised for Sony, which is still experiencing issues two weeks after the breach) has shaken the online world to its very core. And one of the casualties here may very well be cloud computing.

According to Reuters, “Some businesses are rethinking plans to move to cloud-based computer systems located at remote data centers that can be accessed over the web,” and that the Sony breach and Amazon’s recent outage at its cloud computer center, “have caused some businesses to put the brakes on plans to move their operations into the cloud.”

This might only be the beginning, because no one really knows what’s going to happen next. It seems that a new security breach greets us each week, and with each story it seems like the hits are getting worse and the stakes are getting higher.

“Nobody is secure,” Eric Johnson, professor at Dartmouth University and technology advisor to corporations, was quoted by Reuters. “Sony is just the tip of this thing.”

In fact, Reuters reports that since Sony announced its PlayStation Network and Qriocity breaches on April 26, stocks for companies involved in cloud computing have not only underperformed, but “Salesforce.com Inc, a maker of web-delivered software, has dropped 3 percent. VMware Inc, which sells software for building clouds, has declined 2 percent.” Lest one thinks this is a general trend in the stock markets, Reuters reports that The Standard & Poor’s 500 Index has increased by 3.3 percent.

So does this mark a major setback for cloud computing, the miracle of modern connectivity? It certainly gives rise to conversations about data security and the risks associated with putting sensitive data ‘out there.’ Ever since the term ‘cloud computing’ was coined and then pushed – and pushed again – out to the marketplace as the solution to everyone’s problems, there’s been an uneasiness about the implications of placing data – the lifeblood of modern society – outside the firewall. People, in a cloudlike trance, seem to have been soaking up the concept of being able to access their data from anywhere in the world, but at what cost?

Perhaps these recent events are the wakeup call that everyone needed. Consider a newborn baby and a crib, which has all the requisite safety features, including bars to keep the child safe from falling. Nearby, you have a bed, soft and safe and comfortable in its own right, but lacking the features designed to protect a young child. Who in their right mind would opt for placing the baby on the bed, and then leave the baby unattended?

It’s something to consider.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Hey, You! Get Off Of My Cloud!

Let’s recount what happened. On April 19th, without so much as a “how do you do,” the PlayStation Network and Qriocity, Sony’s on-demand service for music and videos, went down, rendering all aspects of the network – multiplayer gaming, PlayStation Store access, web access, NetFlix and Qriocity services – unusable. It was a little eerie, too, in the way it transpired. Users were simply unable to log on to their PSN and Qriocity accounts, normally a common occurrence when the system is down for periodic maintenance. But hours turned into a day and some media outlets picked up the story, when the outage still greeted users. “We’re aware certain functions of PlayStation Network are down” was Sony’s response, but not long afterward they posted on their EU blog that there was, “the possibility of targeted behaviour by an outside party.” Not long after that, Sony announced that the service would be down for “a full day or two.”

Since then, the issue has turned into something of a nightmare, both for Sony and the 78 million members of the services. Hours turned into days, days into a week. What was very quietly sold as an outage turned into the worst possible outcome: three days into the outage, Sony finally announced that the service failure was in fact the product of “an external intrusion.” Nearly a week after the initial outage, Sony finally announced that personal information was also compromised. For those of you keeping score, here’s what Sony UK reported as being compromised: name, shipping address, billing address, country, email address, birthdate, PSN/Qriocity ID, PSN/Qriocity password, PSN/Qriocity security question and answer, and purchase history. Ouch.

Every major media outlet has keyed in on the unprecedented breach. Sony’s taken a big black eye in the stock markets – according to Reuters, Sony’s shares dipped 4.5 percent on Thursday (markets were closed on Friday) – and lawsuits against Sony Corporation are already being discussed. One class-action attorney in the United States is considering filing a suit on behalf of PSN account holders and several governments are looking into the security breach, including US Congress and the UK Information Commissioner’s Office, which Reuters announced was “investigating whether Sony violated laws that require it to safeguard personal information.” Double ouch.

Perhaps even more damaging to Sony, PSN and Qriocity members are expressing their outrage at Sony’s delay in revealing the breach, the ongoing loss of service, and the loss of their personal information (I for one, was lucky: the week before the outage I changed my credit card number due to a lost card). Reuters stated that “some gamers writing in online forums called for a boycott of Sony products, while shoppers at London video-games stores said they might leave the PSN network.”

Reuters also reports that “a Sony spokesman said that after learning of the breach it took ‘several days of forensic investigation’ before the company knew consumers’ data had been compromised.” Unfortunately for Sony, however, news media everywhere can’t help but draw the similarity to another Japanese company which came under scrutiny in 2010. And in a case of ‘timing is everything,’ the announcement that credit card information may have been stolen broke only hours after Sony introduced its first tablet PC. Thankfully, on May 1st The Montreal Gazette reported that, “there’s no evidence that anyone’s credit card information has been compromised.” Sony reported that the credit card info was encrypted, and credit card companies have observed no suspicious behavior. But the damage has been done and what the fallout will look like, from this data getting into the wild, is anybody’s guess.

What hasn’t been reported (much) since the April 19th breach is that there was a premonition of something big coming only weeks before. On April 4^th, Engadget reported that users trying to log on to their PSN and Qriocity accounts couldn’t get online, instead receiving a brief message from Sony stating that the service was down for maintenance. Hacktivist group Anonymous claimed responsibility for that outage, but Sony quietly denied any funny business, instead opting for the ‘sporadic maintenance’ approach. It might have been left right there and forgotten, were it not for the current woes that plague the beleaguered electronics company.

So what’s to be made of this recent security war? Several things come to mind. First – and always first – system security and privacy are paramount. It’s always been easier to break something than to make something, and even though it’s extremely difficult to plan for every contingency – or the prowess of some hackers, it seems – if you’re going to play in a big arena you had better bring your A game. The fallout could be devastating. Don’t get me wrong: Sony should be commended for, amidst the criticism bombarding the company, not rushing to get their network back up and running. Since the breach, the company has been consistent with the message that they’re ensuring additional security before restoring the services, even rebuilding parts of the system, which Sony purports to be reactivating this week.

Second, coming clean up front is always easier than trying to explain why you didn’t afterward. The stage that is international news media is relentless and unforgiving, especially when the media can grab onto numbers like 78 million and run with them. Toyota saw it in 2010 and now Sony will have to endure the scrutiny of governments, courts, and maybe most important, their users.

Third, if you do have a PSN or Qriocity account, you may want to take the advice given here. And turn your spam filters on high.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

PSN Security Breach: Gaming Not So Fun Anymore, a Warning to Others?

News agencies have reported that several South Korean websites, including the Presidential Office, the Ministry of National Defense, the National Assembly and the Ministry of Foreign Affairs and Trade were attacked by cyber criminals on March 4, 2011. The attack was effective enough to shut down some of the sites.

According to Stars and Stripes, Yonhap news reported that U.S. Forces Korea websites were attacked, but USFK spokesman David Oten “would not comment on whether U.S. military computers had been affected by the virus, citing policy meant to protect operational security.”

“There was a DDoS attack, but no damage was reported,” said a presidential aide at Cheong Wa Dae, the executive office of the President.

Media reports theorize that the attackers compromised two peer-to-peer file-sharing websites using malware. The attacks appear to be linked to a similar incident in July, 2009, when nearly 30 organizations were overrun by a distributed denial of service (DDoS) attack. In both incidents, ‘zombie computers’ were used to carry out the attack. This method is an attractive option for the modern cyber criminal, because the use of zombie computers reduces the attacker’s risk of being detected, and by hijacking the computers of thousands of unsuspecting users, the attack is often quite effective.

Although the methods used to implement a DDoS attack vary, denial of service prevents an Internet site or service from functioning by overwhelming a web server with an unmanageable amount requests at a given time. In the attacks of July 2009 and March 4 of this year, the DDoS attack compromised users’ personal computers with malicious code that caused their machines to attack South Korean websites without the users’ permission.

According to the Korea Herald, an official for the Korea Communications Commission (the state telecommunications policy maker) stated that, “the number of zombie PCs, which are infected by malware and taking part in the attack, currently totals up to 11,000, much smaller than the 115,000 counted during the 2009 cyber attack.” He added that the South Korean government is, “making preparation measures since the number [of zombie PCs] is likely to increase.”

After the incident, the KCC released a second-level warning regarding the attack, indicating that the government will be monitoring any increases in online traffic and will keep a close watch out for malicious code which could be used in the commission of a denial of service attack. Cyber security professionals are working with the South Korean government to address security flaws uncovered by the recent attack.

South Korean information security firm AhnLab said that additional attacks were expected, The Herald reports. The firm also said that the attackers hacked two local peer-to-peer file sharing websites a day before on late Thursday and planted malware in the files.

Kim Hong-sun, chief executive of AhnLab, stressed the inherent dangers of spam, being infected by malware, and the preventative measures that can be taken. “For the PC to not be infected by the malicious code, one must have the latest security patch for the computer operating system and must update the vaccine program, along with checking the system in real time,” Hong-sun stated.

“The attached links sent through the e-mails and online messengers should not be clicked on and files should be screened when downloading them from peer-to-peer sites.”

In the 2009 attack, South Korean and U.S. websites were flooded with signals from infected computers causing service disruptions. While reports vary, as many as 270,000 computers were used to attack U.S. and South Korea-based websites. The BBC reports that the 2009 attack was blamed on North Korea, although no evidence has been uncovered to support this claim.

The 2009 incident was traced to a Chinese IP address used by the North Korean Ministry of Post and Telecommunications. Following the attack, the government established a cyber security center designed to protect financial and economic institutions, claiming it would utilize various methods to mitigate the risk of future DDoS attacks.

The ultimate goal of these attacks remains a mystery. One might surmise that they were ‘nuisance’ attacks perpetrated by hackers who wanted to flex their collective brain cells; or worse, that they were coordinated efforts with an as yet unknown purpose. Either way, the purpose of the attacks and who coordinated them seems irrelevant. The end result is the same and this recent wave of cyber crime might only be a precursor of what’s to come.

What is clear is how the increased vulnerability of corporate and institutional websites is often directly linked to factors outside the direct control of today’s IT manger. Peer-to-peer, phishing scams, email spam, social media spam, the advent of IPv6 – all reasons to consider the ‘X’ factor in today’s connected world: the computer on the other side of that fibre optic cable.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Denial of Service Attack Bombards South Korean Websites

The agency said the breach occurred via an infected laptop which was used to access the Pentagon Federal Credit Union’s network, exposing customer names, addresses, social security numbers, bank account numbers and credit card numbers. It appears the laptop was probably infected via a spear phishing attack.

“We have no indication that your information has been misused,” Roderick Mitchell, PenFed’s executive vice president of operations, wrote in a letter mailed to customers. No PINs or passwords were accessed.”

Despite that, PenFed decided to err on the side of caution and issued new credit and debit cards to all its customers. PenFed has nearly a million members, most of them members of the Coast Guard, Army, Air Force, Defense Department, Veterans of Foreign Wars and Department of Homeland Security. Mitchell says the infection has been wiped out and steps have been taken to avoid such breaches in the future.

It’s important to make sure that every device that connects to your network has the proper anti-virus and security protection. When it comes to your company’s most critical data, it’s a good idea to limit how many people have access to it. Some companies have even taken the step of keeping such data on a computer or server that is not left connected to the main network. This keeps it out of a hacker’s reach if the network is compromised.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Pentagon’s Credit Union Suffers Data Breach

Starting Wednesday, spam exploiting the site began flooding the net. The messages, with subject lines like “IRAN NUCLEAR BOMB!” forged headers that make them look like they were sent by WikiLeaks, and text claiming President Obama is an imposter, urge the recipient to click on the included link. Doing so sends the recipient to a website that attempts to download a file called wikileaks.jar. If successful, it installs a backdoor Trojan and rootkit onto the infected system which would allow a hacker to have complete control of the system.

While a hacker group calling itself Anonymous has been distributing malware and conducting cyberattacks against Amazon, Paypal, Visa, Mastercard, and other sites it feels have wronged WikiLeaks, it’s not known if this spam campaign is related or if the malware is designed to help the hackers with their attacks.

Businesses concerned about the WikiLeaks attacks should look for information on known and trusted sites and avoid clicking on links in emails claiming to have info. Be careful when searching for info on Google as well; it’s only a matter of time before spammers and hackers start poisoning SE results on WikiLeaks related searches with malicious links.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

WikiLeaks Spam Has Malicious Payload

The accused, George Samuel Bronk, an unemployed 23-year-old from Citrus Heights, California, was believed to have relied on the information found on Facebook pages to trick various Web-based email accounts into resetting passwords, allowing him to take over the targeted email accounts.

According to the CNET News report:

          Once inside their e-mail accounts, Bronk allegedly searched the sent mail folders for nude or semi-nude photographs and videos, which he allegedly then distributed via their e-mail and Facebook accounts, the computer crimes department said.

In addition, Bronk blackmailed one victim into sending him additional explicit photos of herself by threatening to release her photos more widely.  He was tracked down using his IP address by authorities after his first victim reported the matter to the police.  A list of 3,200 email profiles was found on his computer, though it is not known if they have already been breached or were simply his next targets.  What is clear though is that the methods used by Bronk are reproducible and could have led to more damage if not for his arrest.

The weaknesses

First, let’s take a look at the two separate weaknesses that were exploited by Bronk.  The first problem has to do with how social networking sites have thrown a spanner into traditional identity verification methods that rely on the use of “secret” information.  The second issue has to do with how emails stored in the cloud can be problematic should security be circumvented somehow; be it Web hosted emails, or the IMAP and Exchange servers typically used in businesses.

So why is protecting one’s email account so important?  Well, it would certainly be damaging for a hacker to penetrate your email security to harvest the email addresses of business partners and clients for spamming or phishing, won’t it?  So what are some ways that businesses can protect themselves from these two dangers?

• Avoid relying on “Secret Answers”

Bronk’s strategy involves using public information found on victim’s profile pages to figure out the secret answers that many of the Web hosts employ to help users recover from forgotten passwords.  Name of your favourite pet?  (Interesting Facebook photo gallery of your pet dog you have there, and oh, your friend just mentioned its name in a comment)  How about the month and date that you first met your wife or husband? (For many couples, it’s often their anniversary date)

Indeed, Bronk himself reportedly said: “People should limit the amount of information they put online,” quoting the example of “Which high school you went to” as an example of a likely question posed prior to initiating password recovery on an email account.

In a nutshell, the proliferation of social networking means that administrators need to throw traditional security verification methods that rely on “secret” information out of the door when designing their systems.  Where this is not possible, administrators should exercise greater diligence when crafting security questions where the answer is not likely to be found in a Facebook or Twitter.

In addition, the implementation of an administrative alert upon a password reset will also help to identify potential email breaches.  In the absence of follow-up action, most users will probably just assume that they have forgotten their passwords, and reset their passwords another time without being the wiser.

• Archive old emails

It is common for corporations to make use of an IMAP or Exchange email server to facilitate their business.  With the majority of such transactions and negotiations taking place via e-mail however, the damage from someone who successfully gains entry into an email server can be devastating.  Yet compliance requirements often mean that administrators cannot reduce mailbox sizes or compel employees to delete older emails.  Thankfully, this is a problem that can be easily resolved by the judicious use of archival solutions, which can be configured to store older emails on a separate system.

Bronk was arrested as it was clear he did not implement any evasive measures to obfuscate the source of his shenanigans.  You can be sure that a seasoned hacker will not be detected quite so easily.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

How to Protect your Email Account from Hackers

Security experts say the worm, which briefly accounted for 14% of the world’s spam volume, contained several malicious components including a backdoor Trojan and a keylogger. It was also programmed to shut down and delete any anti-virus services it found. Fortunately for the victims, the worm was quickly shut down due to its unsophisticated structure. It struck many large U.S. companies including Proctor & Gamble, Disney, and Wells Fargo. It also hit NASA. At one point the deluge was so bad it forced cable and broadband provider Comcast to completely shut down their email servers.

It’s not clear why the emails duped so many into clicking on the attachment they contained. The fact that the worm invaded the address book of anyone infected and sent itself out to everyone on it may have been a factor. People, even those who know better than to click on links or open attachments from strangers, are much more likely to drop their guard and open attachments that come from friends, no matter how odd or suspicious they may look.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Hacker Takes Credit For Email Worm

“I am guilty of these crimes … I accept full responsibility for these actions,” Gonzalez said at the sentencing, “I plead for leniency,” he said. “I understand that the road to redemption is going to be long for me,” adding that it was his hope, however, that he would be able to be on that road someday.

Gonzalez, who had buried $1 million dollars of his illegally gained profits in his backyard, had been working as an informant with the U.S. Secret Service but double crossed them. He will also serve two 20 year sentences for his roles in data breaches that affected TJ Maxx, Dave & Busters, Barnes and Nobel, DSW, OfficeMax, and other major retailers. He and the gang of criminals he worked with stole millions more credit and debit card numbers and sold them on the black market.

Heartland lost over $130 million due to the breach and was forced to agree to multi-million dollar settlements with Visa and American Express. It is not yet known what, if any restitution Gonzalez will have to make. A hearing on the matter is scheduled for late June.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Hacker Gets 20 Years for Heartland Data Breach

 

          Campaign spokesman Cullen Sheehan wrote in an email to supporters that that there was no “evidence that our database was downloaded by any unauthorized party,” but he doesn’t dispute the possibility that security has been breached. Several IT professionals interviewed by the Minnesota Independent in late January revealed they had downloaded the database, which was not password protected. This fact seems to contradict Sheehan’s report about findings by federal authorities looking into the case. They “did not find evidence that our database was downloaded by any unauthorized party.”

Um, Mr. Sheehan? Unless you gave Wikileaks.org permission to download it and post parts of it on its website, or those IT professionals,  it sounds to me like it was downloaded by several unauthorized parties. Ignorance at its best.  The good news is there have been no reports of fraudulent credit card activity linked to the breach.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Data Breach Found on Website of Minnesota Senator

Holly, also known as “TrainReq”, had hacked into the talented Miss Cyrus’ MySpace and Gmail accounts and stole her personal photos, but according to a recent update on the account on Wired.com, his activities weren’t just limited to cheap thrills. He was, of course, a spammer and had raked in over a hundred thousand dollars, sending out spam from celebrities’ email accounts.

A Tennessee news channel obtained the affidavit that had been filed by an FBI agent last week, which provided some more details on the scams. Holly said that he often used hacked celebrity Internet accounts to send out spam because of the name recognition and the large number of people that follow them. And he has hacked more celebrities than Miley’s, too; and also conducted spamming using pilfered accounts from recording artists Chris Brown, Rihanna, Linkin Park, and Fall Out Boy.

The MySpace spamming worked by first gaining the password to the account through a social engineering technique; then he used the account to send a note to all of the celebrity’s MySpace friends advertising a ringtone for sale.

A look at Holly’s web site, http://www.trainreq.org, quotes him as saying he thinks of himself more as a “prankster” rather than a threat to society, and made the dubious claim that he caused no damage. Has the hacker given up on trying to be an Internet papparazzi and actually gone into something legitimate though? He refers to a new project called “Tube Tunnel”. There’s very little info about it, but it appears to be a music site that lets you download the soundtrack off of YouTube videos.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Hacker who broke into Miley Cyrus account was a spammer

Steven Barnes was also ordered to pay a fine of over $54,000. Prosecutors say Barnes hacked into Akimno Systems’ network, turned the mail server into a massive open relay which sent out so much spam that the company’s email service was restricted, deleted its Microsoft Exchange data base, and compromised core boot files. Barnes pleaded guilty to the charges.

In a sentencing memorandum, federal prosecutor Shawna Yen urged U.S. District Judge Jeffrey White to sentence Barnes to 16 months. She said it was necessary to “send a message to future would-be hackers that this kind of crime – namely, intentionally attacking a company’s computer system and wreaking damage to the company’s business – is taken seriously by the courts.”

Barnes’ former employer is partly to blame however. Amazingly, they had no firewall installed and had not deleted his user account or changed the network passwords after he was fired over 4 years ago! Such lax security is inexcusable these days, and hopefully Akimno Systems has learned a valuable lesson.
 

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Former IT Manager Sentenced to One Year in Prison For Hacking Former Employer