Spammers are again attacking Microsoft’s CAPTCHA system and so far have a 10-15% success rate. They’re using automated bots to defeat the system, which was revised and revamped after it was attacked successfully earlier this year. Experts have found that the process involves three stages. First, instructions are sent from a host machine to one on its botnet. The infected machine then begins to attempt to crack the CAPTCHA system, and then the bot uses the successfully created Live Hotmail accounts to send large amounts of spam.

Services like Live Hotmail and GMail have become favored targets for spammers and phishers because of the DomainKeys and Domain Key Identified Mail email authentication they use, which lets a sender’s reputation determine email delivery. The more reputable the sender, the less likely mail from them will end up in a spam filter or blacklist. The messages and senders are authenticated with a digital signature and private key. The server receiving the message decrypts the signature with a key obtained thtough the DNS of the sender’s domain (hence the name DomainKeys) to determine if it matches the email message. Once the message and sender are determined to be authentic, the sender’s reputation is used to decide the delivery status. Senders with bad reputations or messages with missing or fake signatures stand a very strong chance of being rejected while those from reputable senders and good signatures are usually delivered. While most ISPs haven’t adopted this technology yet, many web based email providers and services have, including Yahoo, GMail, Ebay, and Paypal. Read the rest of this entry »

Federal authorities in New Orleans have indicted a Brazilian man on charges he was planning to sell a botnet he created to a Dutch spammer. Prosecutors say 35 year old Leni de Abreu Neto created a botnet of over 100,000 compromised computers and was in negotiations to sell it to Nordin Nasari of The Netherlands, a spammer who wrote the virus Neto used to take control of the computers in his botnet. Nasari agreed to purchase the entire operation for $36,800. While Nasari s being prosecuted by Dutch authorities, Neto faces charges here in the U.S. and is facing up to 5 years in prison and a fine of up to a half million dollars. Read the rest of this entry »

A security vendor in the UK has discovered a new trojan. Called Limbo 2, it is designed to steal information from financial institutions and banks. Jacques Erasmus, director of malware research at Prevx says it may be the most sophisticated Trojan ever. The Trojan’s power lies in it’s stealth characteristics. It is able to bypass anti-virus software thanks to it’s own cryptor that obfuscates it.

Read the rest of this entry »

The Marshall Islands’ National Telecommunications Authority was hit by a spam attack that managed to shut down email service for the islands. The NTA is the sole ISP for the region, and is reporting that the constant flood of spam acted like a DDoS attack. It’s been over 24hours and email service has still not been restored.

          “The government-owned National Telecommunications Authority (NTA) was hit with a sudden four-fold increase in incoming email, which it described as an attack by “zombie computers”, said an NTA spokesman. While NTA customers could send and receive emails to each other through the local system, virtually no non-NTA emails had been received since Monday, impacting local businesses, banks and government offices.”

This attack was a vivid illustration of why a country having a sole ISP is a very bad idea. It makes it very easy to wreck havoc on a county’s Internet infrastructure, and with so many vital services and businesses relying heavily on that infrastructure, a spam or hacker attack could be catastrophic. Not only is a sole ISP a security nightmare, but it also makes it quite likely to be affected by corruption and censorship, as we’ve seen recently in Burma and China.

The NTA has no estimate on when their service will be fully restored.

Photobucket, the most popular photo sharing site on the net, had it’s DNS servers hijacked by a Turkish hacking group. The group, called NetDevilz, made the site redirect to a third party domain hosted by atspace.com. As a result, Photobucket was down for 15 minutes today while they fixed the compromised DNS server. They released this statement to their users:

          “On Tuesday afternoon, some users that typed in the Photobucket.com URL were temporarily redirected to an incorrect page due to an error in our DNS hosting services. The error was fixed within an hour of its discovery, but due to the nature of the problem, some users will not have access to Photobucket for a few hours as the fix rolls out. It is important to note that only a portion of Photobucket users encountered the problem and that no Photobucket content, password information or other personal information was affected by the redirect.”

This is the second such attack in a month. Three weeks ago cable, phone, and broadband giant Comcast had their DNS records hijacked, resulting in Comcast.net redirecting to a defaced page and their WHOIS replaced with sexually graphic and profane information. That group of hackers were also responsible for the attacks on the MySpace pages of celebrities Tila Tequila, Hilary Duff, and Justin Timberlake.

Photobucket users are still reporting minor outages and problems accessing their accounts, but these issues should subside once the DNS info propagates across the net. DNS hijacking seems to be the new weapon of choice for hackers unable to directly compromise a site. The new trend is worrisome-it’s only a matter of time until Paypal or a major bank’s site falls victim to a DNS hijack, and if the hackers manage to create a perfect copy of the site to redirect to, thousands of people could find their bank info in the hands of criminals.