Just in time for Halloween, one of the world’s stealthiest, most pervasive, and just plain terrifying botnets has received a complete makeover. A disturbing development in an arena where adware, malware, botnets and Trojans are already making our worst nightmares come true, the new face of TDL4 suggests that our anti-spam efforts will become even more trying. Not to be outdone, M. Night Shyamalan is rumored to be taking the directing helm for an overtly artsy movie treatment of the situation. Mercifully, reports suggest that the movie will circumvent theaters and go straight to Blu-Ray.

In an attempt to reinforce the gravity of the situation – and in keeping with the time of the year – we could implement some irritatingly flashing lights, pithy onomatopoeias, and ghoulish sound effects to convey the gravity of the situation; but like some of the greatest horror movies in the history of Hollywood, this is one of those instances where special effects and overdramatics just aren’t needed. This one is standalone scary. The TDL4 botnet, also known as Alureon and TDSS, recently received a thorough makeover, and if it’s as bad as some of the researchers are reporting, we may be the ones picking up the tab for the rootkit’s sexy new look.

Considered by many as the most sophisticated threat out there, TDL4 already had a reputation for being a naughty little boy before this most recent development in its evolution. With the ability to evade detection – either signature or heuristic based – and its encryption-based communication between bots and the botnet command and control center, TDL4 also contains a rootkit component which forces payloads of keyloggers, adware and other malware onto infected systems.

A major aspect of TDL4’s new look is in the way it infects its prey. According to The Register, “The makeover includes changes to the way TDL4 attempts to remain undetected by antivirus programs and other defenses. Newer versions create a hidden partition at the end of the infected machine’s hard disk and set it to active. This ensures that malicious code stashed in it is executed before the Windows operating system is run.” Furthermore, the malware has a nasty way of protecting itself against removal. “The partition is equipped with an advanced file system that checks the integrity of TDL4 components. If any of the files are corrupted, they’re removed.”

A chilling aspect to this story is the premonition that the reason for TDL4’s overhaul is most likely due to some new opportunities to conduct some nefarious business. “The code overhaul,” writes The Register, “may mean that operators of TDL4, which is used to force keyloggers, adware, and other malicious programs onto compromised machines, may have started providing services to other crimeware groups.” It’s pervasive and fast-moving, too. In June, the rootkit overtook 4.5 million computers in just three months.

In 2010, Vyacheslav Rusakov examined the rootkit in great detail and noted that, “There is no doubt that TDL-4 is ‘armed to the teeth’ and poses a very serious threat to users.” He also notes an increase in infections of 64 bit systems, not surprising since TDL4 was, “among the first rootkits to infect 64-bit versions of Windows by bypassing the OS’s kernel mode code signing policy. With the continued and increased usage of 64 bit systems, it’s inevitable that more and more malware will target these systems, and there are inherent problems with this new breed of malware. Rusakov points out that, “most contemporary antivirus, and specifically anti-rootkit, technologies are no match for threats targeting 64-bit platforms, which makes the average malware writer’s life much easier.”

As usual, we’re either just keeping up, or more likely, falling behind in the battle against malware. “The latest changes suggest that the relentless innovation of those developing TDL4 shows no signs of slowing,” reports The Register, and there’s no arguing with the obvious.

As I write this article on the eve before Halloween, I stop to stare out my window at the first snowfall of the pending winter. The last remnants of the summer – the dead and dying leaves – are unceremoniously ripped from the trees by an unfriendly arctic blast. Perhaps it’s my overactive imagination combined with the starkness of Halloween, but the imagery seems fitting.  If this new demon that is TDL4 is half the monster that they’re saying it is, 2012 is going to be a scary year.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

BOO! TDL4 Botnet Makeover Scary as Hell

In a world where the only thing standing between us and the spammers, phishers and hackers is a little piece of tunneling security that keeps IT admins dreaming about warm and snuggly things, the idea of that security being breached is a beastly demon no one could have envisioned. Unfortunately, the pleasant dreams are over and the BEAST is a nightmare that will rock the Internet world, and warm milk ain’t gonna fix this one, folks.

When I go to sleep at night, I do it with the comforting belief that when I awake in the morning and put my feet on the floor, there will be a floor underneath me. In much the same way, I traverse the web knowing full-well that my surfing habits, private information and transactions are snugly tucked away inside a warm blanket of encryption known as SSL/TLS. So when the floor gets yanked out from underneath my feet, you can understand how I might get a little pissed off. And that’s exactly how I felt this morning when I discovered that the floor that protected me from the creeps has begun to sway, as if I had just spent Saturday night at the pub and the floor wasn’t particularly happy about it.

If you want to share the experience, look no further than The Register, which is reporting that at the Ekoparty security conference in Buenos Aires last week, researchers Thai Duong and Juliano Rizzo unveiled their work – BEAST, short for Browser Exploit Against SSL/TLS – which attacks TLS and SSL, the protocols that heretofore kept us warm at night. BEAST is a nifty piece of JavaScript that works alongside a network sniffer to decrypt user account cookies and gain access to restricted user accounts. Yes, you heard it right.

Sing Along: It’s the End of the World as We Know it…Or is it?

Duong and Rizzo made news last year when they unveiled a point-and-click tool that exposes private information and executes arbitrary code. According to Duong, the demo decrypted an authentication cookie used to access a PayPal account. The exploit of SSL and TLS is not a new idea, actually, since the idea was conceived back in 2002; but for years it’s been considered theoretical at best – until now, that is.

Duong noted in an email published by The Register that “BEAST is different than most published attacks against HTTPS. While other attacks focus on the authenticity property of SSL, BEAST attacks the confidentiality of the protocol. As far as we know, BEAST implements the first attack that actually decrypts HTTPS requests.”

In case you’re wondering how many canned goods you have in the pantry, worry not: it’s not yet time to strip naked and run through the streets proclaiming the end of the world.

“The vulnerability resides in versions 1.0 and earlier of TLS, or transport layer security, the successor to the secure sockets layer technology that serves as the internet’s foundation of trust,” The Register reports.

It’s not all good news, though.

“Although versions 1.1 and 1.2 of TLS aren’t susceptible, they remain almost entirely unsupported in browsers and websites alike, making encrypted transactions on PayPal, GMail, and just about every other website vulnerable to eavesdropping by hackers who are able to control the connection between the end user and the website he’s visiting.”

Furthermore, independent security analyst Trevor Perrin writes:

“BEAST is like a cryptographic Trojan horse – an attacker slips a bit of JavaScript into your browser, and the JavaScript collaborates with a network sniffer to undermine your HTTPS connection. If the attack works as quickly and widely as [Duong and Rizzo] claim, it’s a legitimate threat.”

Note: Those who run a web server and who may be concerned about security should modify the servers to favor the rc4-sha cipher, which is widely supported and not vulnerable to the attack unveiled by Duong and Rizzo.

Time to Call Some People Out

It’s being reported that:

“Duong and Rizzo tipped off the major browser vendors about their findings months ago but so far the only response appears to have come from the folks at Chrome. A fix for the attack is currently under test in the development version of their browser.”

REALLY? Shame on you, browser makers. Not surprisingly, two days after The Register first published their article, Google released a developer version of its Chrome browser designed to thwart the attack.

Time to go and huddle in a corner. Now, where did I put that tin foil hat?

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

“Holy [Insert Expletive Here]! Et Tu, SSL?”

Spam-ready tablets off the shelves? Zombie PCs out of the box? Testifying before U.S. Congress this week, a top official for the Department of Homeland Security said that technology being imported into the country is sometimes known to contain preloaded security threats. The disturbing news leaves us wondering what’s next – perhaps our credit card numbers automatically being published to Twitter and Facebook when we sign up for an account?

As if the raging war on spam isn’t bad enough, an ominous moment in U.S. Congress this week should leave an unsettling feeling in anyone who has purchased a PC, tablet, or any other connected device; anyone who worries about the safety of their information, for that matter – in other words, pretty much everyone.

Testifying before Congress at the House Oversight and Government Reform Committee this week, Greg Schaffer –the Department of Homeland Security (DHS) Assistant Secretary for Cybersecurity and Communications – admitted that Homeland Security and the White House are aware that electronics and software imported into and sold in the United States are sometimes pre-installed with malware, spyware, keyloggers, and even the components of botnets. Not only are they aware of these threat-laden devices, various media outlets report, but in fact they have been aware for quite some time.

Fast Company first reported the story on Friday. Schaffer was testifying in a tense exchange between himself and Representative Jason Chaffetz. “When asked by Rep. Chaffetz whether Schaffer was aware of any foreign-manufactured software or hardware components that had been purposely embedded with security risks, the DHS representative stated that ‘I am aware of instances where that has happened,’” but not before a long pause where Schaffer seemingly considered the implications of his answer.

According to PC World, Schaffer didn’t go as far as singling out PCs, tablets, or even DVDs and smart phones.

“Schaffer admitted he is aware of instances when foreign-made technology was built with embedded security risks but did not elaborate on what kind of equipment DHS has encountered. He also pointed out that overseas components are found in many domestically manufactured electronics.” [Emphasis added]

It’s not news that some consumer devices and products have entered the retail world with viruses or other malware. Several years ago, digital picture frames with USB ports were found to be infected, and every so often a piece of software is inadvertently set into the wild with some sort of Trojan or some such malware. What makes this story chilling, however, is Schaffer’s implication that the problem could be far larger than just the odd digital photo frame or errant code in a piece of software. If the malware is actually hard-coded onto a chip – as opposed to pre-installed on a hard disk drive – then these chips could be finding their way into everything that has a wired or wireless connection with the Internet. The problem? Hard drives can be wiped. Onboard chips are like taxes – they’re there for life.

Neal Ungerleider of Fast Company suggests that something sinister may be at work here, drawing from the White House’s Cyberspace Policy Review:

“[In the review] is a small acknowledgment that the Executive Branch knows something weird is happening in imported tech:

‘The emergence of new centers for manufacturing, design, and research across the globe raises concerns about the potential for easier subversion of computers and networks through subtle hardware or software manipulations. Counterfeit products have created the most visible supply problems, but few documented examples exist of unambiguous, deliberate subversions…The challenge with supply chain attacks is that a sophisticated adversary might narrowly focus on particular systems and make manipulation virtually impossible to discover. Foreign manufacturing does present easier opportunities for nation-state adversaries to subvert products; however, the same goals could be achieved through the recruitment of key insiders or other espionage activities.’” [Emphasis added]

Don’t Panic!

As disturbingly eerie as this information certainly is, it poses the question: what can we do about it? The answer is readily available. Nothing – at least not as single consumers or even as IT/IS Managers. Some might decide to throw out all their devices and in a Walden moment, return to nature, resorting to carrier pigeons and smoke signals to communicate with the outside world; but most of us recognize that technology owns us now, and for good or for bad, better or worse, we like it. Heck, we love it! We refuse to reject technology because, well, how could we? It makes our lives easier. It makes our lives better, at least if you believe the mantras of GE (We Bring Good Things to Life) and LG (Life’s Good).

Conspiracy Theory

Assume for a moment that the White House and other governments know far more than they’re saying (not a leap at all). Then assume that detecting and removing these hard-coded security risks not only represents a huge difficulty, but rather a virtual impossibility (not a stretch). Now imagine that the threats represented by this built-in malware could be a mixture of state-sponsored and/or private interests – some in it for innocuous concepts like ‘national security’ and some in it for more tangible returns like money. Finally, imagine if the whole truth got out – how it would create such a panic that Greece’s finances would seem rock-solid next to what was left of the global economy. No wonder Schaffer took so long to answer.

As much as it sounds like the stuff that Hollywood is made of, the truth is in there somewhere. If so, then (for all you Star Trek fans) like the Borg, this new threat is lurking and waiting, ready to pounce and assimilate your information, and there’s not a darned thing you – or anyone else – can do about it. Come to think of it, spam is the equivalent of the Borg – maybe even a progenitor of the 24th Century race.

I think I’m going to avoid the rush and post all my personal information on Twitter. I hate waiting.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

U.S. Official Admits Imported Computer Tech is Known to be Infected

The Department of Energy’s Pacific Northwest National Laboratory (PNNL) was hit with a cyberattack that was likely spawned from a spear phishing attack. The facility immediately disabled its internet access and email system when the attack was discovered. They are the second government lab to be hit by hackers in recent months. In April, the Oak Ridge Laboratory in Tennessee was knocked offline by a similar attack. That attack happened because a careless employee clicked on a link in a spear phishing message and downloaded a Trojan which infected the lab’s network. The malware was designed to steal technical data.

While it’s not yet clear what, if any, data was stolen from PNNL, researchers say the attack was probably quite similar to the Oak Ridge incident.

“What they are after is not that user machine. They simply use it as a beachhead from which to move inside the network,” he said. Once inside a network, attackers usually are able to move with the level of access that the compromised user has. “There tend not to be any barriers,” security researcher Anup Ghosh said.

Both labs do work in the areas of information security, nuclear non-proliferation and counter-terrorism. Yes, you read that right. One of their jobs is to do research on information security!

The incidents reflect the frustrating reality that no matter how educated your employees are, there is still a 5-20% chance a phishing email will be opened and clicked on. This is especially troubling given the trend toward spear phishing over traditional phishing. Spear phishing attacks target certain groups, usually individuals in positions of power or authority who have the privileged access spammers and hackers crave. If heightened awareness and through training programs aren’t enough to curb careless clicking, what can companies do? Leave a comment and share your thoughts!

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Government Labs Hit By Spear Phishing Attacks

In what surely must be the third sign of the pending apocalypse, video game industry icon, Sega Corp. is hacked for data on 1.3 million of its users. And just when you thought the world hadn’t gotten any stranger, hacktivist group LulzSec offers assistance to the creators of Sonic the Hedgehog. The problem: the real victims in these attacks are the users, caught in the middle of a brewing war that will inevitably lead to more spam.

One would think that gaming giants like Sony and Nintendo could manage a basic task like keeping their doors locked and blinds drawn, and one would be wrong; but lest you think that they’re alone, look no further than another venerable icon in the game development world, Sega Corp., which this week announced that they too had been hit by the bug that of late seems to have a nasty habit of popping up on a weekly basis.

“Names, birth dates, e-mail addresses and encrypted passwords of users of Sega Pass online network members had been compromised,” Sega said in a statement on June 19th, also indicating that while no credit card information had been compromised, a whopping 1.3 million user accounts were breached.

Add this to the tally of an estimated 100 million plus PSN, Qriocity and Sony BMG Music users and you have yourself a startling amount of personal information floating out there in the cloud. (Nintendo got off easily: LulzSec ‘merely’ posted a server configuration file on their site to show that they could hack Nintendo if they so desired).

Recognizing that not all of the players have been so forthcoming, and in the spirit of giving credit where credit is due, hats off to Sega for getting in front of this one.

“We are deeply sorry for causing trouble to our customers,” said Sega spokesperson Yoko Nagasawa, “We want to work on strengthening security.”

So, is it coincidence that all three gaming companies are Japan-based? Probably. But it isn’t coincidental that some of the biggest names in the gaming software world have been compromised by a variety of groups – Anonymous and LulzSec have laid claim to the Sony breaches, and as mentioned, LulzSec felt the need to point out a security flaw in Nintendo’s security, but so far no one has taken responsibility for Sega. Of this, however, we are certain: it probably wasn’t LulzSec.

How can we be sure that it wasn’t LulzSec? Well, in a bizarre twist of events, LulzSec has come forth to offer its assistance in tracking down the perpetrator. On June 17th the group posted to Twitter: “@Sega – contact us. We want to help you destroy the hackers that attacked you. We love the Dreamcast, these people are going down.”

Whether Sega takes LulzSec up on the offer is anybody’s guess (‘probably not’ is the consensus here), but the group that targeted the U.S. Government after President Obama made hacking a declaration of war just can’t seem to get its philosophical mojo in sync with its actions. LulzSec has stated that their attack on Sony was a blow in the name of solidarity after Sony declared its own war on iPhone hacker extraordinaire, George Hotz, better known as GeoHot. But in what felt like an “I love you, man!” moment, LulzSec seemed almost honorable in its hack on Nintendo, stating publicly that they simply wanted to make Nintendo aware of its own vulnerabilities. Now that Sega has been hacked, however, LulzSec wants to help because they clearly like Sega (or, at least, the Dreamcast). It feels like frontier justice, the Old West approach to settling a beef, and while some might applaud LulzSec’s attempt at heroism, one cannot help but wonder: “what happens if I tick these guys off?”

What, indeed. LulzSec has declared its own war, but the burning question is who is the enemy? On June 15th, LulzSec posted to Twitter: “Tango down – cia.gov – for the lulz.”  According to the International Business Times, “The site of the CIA, which engages in covert activities at the request of the President of the United States, was back two hours later. The CIA has not revealed that valuable information was stolen.” And on June 13th, the group took on the U.S. Senate website, stating “We don’t like the US government very much.  Their boats are weak, their lulz are low, and their sites aren’t very secure.  In an attempt to help them fix their issues, we’ve decided to donate additional lulz in the form of owning them some more!”

Data Insecurity

Everyone wants to talk about the economic impact on the targeted companies, but with the amount of information that’s been compromised, it’s the guys in the middle of this brewing war – the end users – who are the true victims. It’s highly unlikely that Anonymous is sitting on the data, and LulzSec seems to enjoy giving it away for free. Regardless of the cost, it’s conceivable that data breaches like the ones on the game companies will lead to spam-laden inboxes. One only has to look at the highly-publicized attack on Epsilon earlier this year.

Where does it all end? This week, LulzSec released a manifesto of sorts, as the group celebrated its 1,000th Tweet with a letter that reads like it was co-written by Charlie Sheen.

“Yes, yes, there’s always the argument that releasing everything in full is just as evil, what with accounts being stolen and abused, but welcome to 2011…We’ve been entertaining you 1000 times with 140 characters or less, and we’ll continue creating things that are exciting and new until we’re brought to justice, which we might well be.” Justice may eventually be LulzSec’s endgame, but until then, “this is the lulz lizard era, where we do things just because we find it entertaining.”

Entertaining? Really? Hey, Sonic the Hedgehog! See if you can escape the nasty trap that Dr. Robotnik set for you! Now that’s entertaining.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

LulzSec Offers Aid, ASCII Art to Sega After Big Hack Attack

• Gmail
• Paypal
• Amazon
• Yahoo
• Facebook
• World of Warcraft
• Ebay

There could potentially be many more. The group isn’t giving out specifics but others who have downloaded the list have managed to figure out where at least some of the stolen data came from. Unfortunately, some of it is mine. I didn’t realize it until I got an email from LinkedIn saying my account had been disabled as security precaution, and then I got a similar one from iTunes. I hopped on Google and found out about the latest hacking attack. After spending an hour or so changing all my passwords I got a strange email in my inbox. It was a vacation auto-responder from someone I’d never heard of. It appears my email account sent something to them though. Makes me wonder if a spammer hadn’t already grabbed the list and gotten to work using the stolen addresses with which to spoof his headers.

This group of hackers has no shame. They are even taking requests for what sites they should yet hack. I urge you all to go here and check to see if your info is on the list. Have all your employees check their info as well. If any of your company addresses show up on the list, change their passwords immediately. Even if they aren’t, it’s a good idea to change all your company and employee passwords regularly-at least every 30-90 days.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

LulzSec Posts List of 62,000 Stolen Email Addresses and Passwords

In what’s rapidly becoming a cliché of the direst proportions, Sony gets yet another dose of what some consider Karma. Not to be left out, however, Nintendo suffers the wrath of the group claiming to have taken Sony down. Which leads everyone to ask: Is Microsoft next? If so, when will the other shoe drop? And more importantly: When does the phishing expedition begin?

What a difference a week makes. In case you weren’t tuned in last week at this time, Sony had just moved its one billionth PS3 console, gamers everywhere were cheering the mammoth entertainment provider for its second-to-none gaming experience, and cures for cancer and the common cold left mankind with the incontrovertible belief that we are all destined to live long and prosperous lives.

Oh, wait. That was the Bizarro world. Over here in the land of reality and taxes, Sony didn’t sell its billionth console, but it did cough up another million user accounts, albeit unwillingly. In what’s quickly becoming (or has already become) something of a joke ending with a simple punch line – ‘Sony’ – another hack attack saw the entertainment giant scrambling to quietly warn users that another breach in its security, this time of Sony BMG Music’s website, had occurred. The announcement seemed like it came from the Bizarro world, considering that over at Playstation.com, splashed in prominence on the main page is the announcement of Sony’s ‘Welcome Back’ program, designed to mollify irritated users whose access to the Playstation Network and Qriocity had been down for a month.

The group LulzSec claimed responsibility for the hack, and this time, even though the result doesn’t seem nearly as severe – one million accounts, compared to 78 million in the PSN/Qriocity breach – this one has increasingly chilling implications. First, LulzSec, which wasted no time in reporting its success, stated in an anonymous post, “We just want to embarrass Sony some more. Can this be hack number eight? Seven and a half?!”

Second, the LulzSec team gives a detailed account of the fruits of their labors: “Personal information, including passwords, email addresses, home addresses, dates of birth, and all Sony opt-in data associated with their accounts. Among other things, we also compromised all admin details of Sony Pictures (including passwords) along with 75,000 “music codes” and 3.5 million “music coupons”.

Third, they went and posted the data for everyone to see, ready for phishing enthusiasts, spam artists and identity thieves everywhere to just pluck the data out of the cloud and go to work. All this while the U.S. Congress is grilling Sony and email marketing company Epsilon about their recent security woes.

Fourth – and maybe most disturbing – was how LulzSec claims they went about it. “Our goal here is not to come across as master hackers, hence what we’re about to reveal: SonyPictures.com was owned by a very simple SQL injection, one of the most primitive and common vulnerabilities, as we should all know by now. From a single injection, we accessed EVERYTHING. Why do you put such faith in a company that allows itself to become open to these simple attacks?” Ohhh, man. For Sony, this must seem like the makings of a script for the sequel to The Hangover 2 (too bad they don’t own the rights to the blockbuster movie series – it would have made for good irony).

Word on the street, however, suggests that Sony brought it on themselves, and that maybe this is just Karma coming back to roost. Speculation has been that both Anonymous – the hacktivist group which laid claim to the PSN breach – and LulzSec were striking a blow in the name of solidarity for the way Sony has been treating George Hotz, better known as iPhone hacker extraordinaire GeoHot. In February, a premonition of what was to come showed up in a warning from Paul Roberts at ThreatPost, who wrote about the early February security breach at HBGary: “Don’t kick the hornet’s nest.” Interestingly enough, the hornets he referred to were none other than Sony’s newest, bestest nemesis,  Anonymous.

But wait, there’s more! It seems that LulzSec wasn’t happy just taking Sony down. Last week, Nintendo Corp. announced that it was stung by the hornets when LulzSec posted a server configuration file on its website as proof that they hacked another of the three giants in the gaming arena, a claim that was confirmed by Nintendo. Nintendo stated that no user data was compromised in the attack, which actually happened weeks before (question: are these companies really helping their own cause by sitting on this information?) In a strange message on Twitter, LulzSec sounded charitable when the group tweeted, “We’re not targeting Nintendo. We like the N64 (gaming console) too much – we sincerely hope Nintendo plugs the gap.”

Is Microsoft next? International Business Times reports that, “it is because of the random nature of LulzSec’s attack on Nintendo that certain analysts and industry commentators have speculated that a future cyber attack on Microsoft may be in the works,” and there’s a lot of truth in those words, if recent activity is any indicator. Perhaps Microsoft has already been hit, and like their counterparts have chosen to sweep it under the carpet. Whichever the case, the question here is: what’s the real story in all this? That a mega corporation like Sony can be embarrassed – repeatedly – so easily, if LulzSec’s claims are true? That if companies like the ones being breached aren’t safe, then how can the average IT manager expect to protect her company’s networks? That the frequency of these security breaches has media in general taking a ‘ho-hum’ approach to new occurrences? That hackers are so ambivalent toward what they do that in one breath they can take down one gaming giant for fun and another for vengeance? Or – getting back to Sony and considering LulzSec’s claims – how in the heck could Sony let themselves be taken down again and so easily?

You choose.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Hatriot Games? Sony Hacked Again, Nintendo a Wii Bit Compromised

In what is eerily beginning to look like a monthly ritual, another high-profile organization is targeted by Cyber Terrorism. This time it is the world’s largest military contractor. Is it World War III, or just another day at the office?

Lockheed Martin Corporation, the world’s largest defense contractor, announced this week that it staved off what it calls a “significant and tenacious attack” on its servers. The attack, which Lockheed Martin detected on May 21, still remains something of a mystery in terms of scope, but Reuters reports that, as of May 29, employee access was still down.

“No customer, program or employee personal data was compromised thanks to ‘almost immediate’ protective action taken after the attack was detected May 21,” company spokesperson Jennifer Whitlow stated in an email distributed by the company.

The Bethesda, Maryland company is the world’s biggest aerospace company and the largest supplier of military systems to the U.S. government. The maker of the F-16, F22 and F-35 Lightning fighter jets also sells military equipment across the globe.

In an effort, perhaps, to ensure that they themselves haven’t been compromised, the U.S. Government has offered its assistance in determining the scope and source of the attack. Bloomberg News reports that in a May 28 email from Homeland Security, spokesperson Chris Ortman states the Department of Homeland Security, along with the Department of Defense, is looking into the matter.

“[We are] aware of a cyber incident impacting [Lockheed]” and will be “determining the extent of the incident, performing analysis of available data in order to provide recommendations to mitigate further risk.”

Lockheed said in an email that the attack on May 21 was discovered “almost immediately” and no employee, program or customer data was lost. Lockheed uses RSAs mobile security platform. RSA, a division of EMC Corporation of Hopkinton, Massachussetts, recently increased security on their system after a security breach in March of this year. In that attack, amongst the stolen information were data directly related to RSA’s SecurID authentication products. MarketWatch reports that after this most recent attack, Lockheed Martin employees were required to change their passwords, and that the breach may have been a direct result of the SecurID information stolen from RSA.

Bloomberg helped clarify the possible nature of the attack, in statements from a source speaking under the condition of anonymity. “The remediation involves replacing the SecurID tokens issued by RSA that often expire in three years, said the person, who wasn’t authorized to discuss the matter publicly.” An eerie premonition of what might be coming next, EMCs clients include, “defense-contractor clients, which make missiles, aircraft and other weapons, [including] Northrop Grumman Corp. (NOC) and Raytheon Co. (RTN).” Bloomberg also stated that EMC declined comment on the matter.

Not surprisingly, the U.S. military remains tight-lipped on the matter. In an email, U.S. Air Force Lieutenant Colonel April Cunningham stated that the resulting fallout of the attack is, “minimal” and that the powers that be, “don’t expect any adverse effect.” Reuters also stated that Cunningham “declined to specify the nature of the impact, saying that as a matter of policy, the department does not not comment on operational matters,” and that DHS spokesperson Ortman said that the department will be working with Lockheed Martin to review the “available data in order to provide recommendations to mitigate further risk.”

2011: The Year of the Cyber Terrorist?

In the spirit of keeping score, the Lockheed Martin cyber attack is only the latest in a litany of high-profile targets, making 2011 seem more and more like the Year of the Cyber Terrorist:

• In January, the Canadian government was the target of an “unprecedented cyber-attack” by Chinese hackers, which took down the systems of two government agencies.
• In February, pro-Iranian hackers calling themselves the “Iranian Cyber Army” launched an attack against the Voice of America’s website. VOA’s Persian News Network also experienced satellite interruptions.
• In early March, major agencies of the government of South Korea were bombarded in a Distributed Denial of Service (DDoS) attack.
• Also in March, the European Commission revealed that it had been the victim of an “ongoing [and] widespread cyber attack” against its servers.
• In early April, email marketing firm Epsilon reported that it had been breached, in a targeted attack which could cost the affected parties more than $600 million;
• In mid April, Sony Corporation made news – over and over again – as its woes kept the company’s PlayStation Network and Qriocity servers dark for several weeks. The result of the attack saw the user account information of more than 70 million released into the wild.
• In May, the U.K. Finance Minister stated that the U.K. Government’s servers are under a constant state of attack, averaging more than one attack per day just on the Ministry of Finance.

Cyber Horror or Cyber Hype?

While it may be premature to declare this the Year of the Cyber Terrorist, it certainly seems like these attacks are becoming more frequent and more severe. Perhaps it would be more accurate to dub this the ‘Era of the Cyber Terrorist.’ Bill Davidow at Forbes suggests that World War III, if it ever occurs, will be fought on the battlefield of cyber space. Tony Bradley of PCWorld takes an interesting perspective in his article, Lockheed-Martin Attack Signals New Era of Cyber Espionage, suggesting that the era of cyber espionage is in full bloom. The attack on Lockheed Martin, Bradley writes, “seems at face value like either a state-sponsored attack, or an attack by well-funded hackers with the intent to market whatever information can be extracted internationally to other governments.”

Food for thought, or all-out lunacy? As if the media frenzy isn’t enough, this week China announced that it has an elite “Cyber Warfare Unit” dubbed the ‘Cyber Blue Team.’ The jury’s still out as to the purpose of Cyber Blue, but add to the mix last year’s kafuffle over Stuxnet and its intended purpose and you have yourself one heck of a Cyber Thriller, Hollywood movie rights and all.

Hmm. Time to get writing.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Lockheed Martin Latest to Succumb to “Significant” Cyber Attack

Cyberattacks are a growing security threat. Hackers and scammers are quickly moving beyond the traditional types of attacks such as phishing and browser hijacking. They’re getting much more sophisticated and some of the newest threats could threaten the country’s very infrastructure. Here is look at the top 4 largest threats right now.

1. SMS Attacks

As the recent incident involving a suicide bomber who was prematurely killed when a spam text set off the bomb she was carrying, mobile phones are becoming a more popular way to distribute malware and more. Terrorists can detonate bombs using a text message and a hacker can infiltrate your corporate network in the same way simply by sending a malicious text that downloads malware when opened. It’s important for companies to have a strict policy in place regarding texting to protect themselves.

2. Infrastructure Hacking

Last year the Stuxnet worm was unleashed and targeted Siemens SCADA systems, which are used by many major manufacturing and utility companies. Now a new threat is targeting so-called smart grids, which are used by power companies to monitor their customers’ power usage over a digital network. The problem is that these smart grids, and the smart meters they are connected to, have vulnerabilities that could allow hackers to get into the grid and cause potentially widespread power disruptions.

3. Social Network Spoofing

In this attack a hacker sets up a fake Facebook page for a legit company. Users join, sometimes under the lure of discounts or coupons from what they think is a the real company, and then have their personal info stolen after being tricked into signing up for more discounts. Sometimes hackers do this using fake sites set up to look just like the real thing. It’s spear phishing taken to a whole new level.

4. Cyberstalking/Bullying

This isn’t just affecting kids and teens. It’s becoming a growing problem among adults thanks to the exploding popularity of social networks and the trend toward the digital workplace. Sometimes these attacks have corporate sabotage as their goal, setting their sights on a particular employee or company in an attempt to ruin reputations and even steal company info. I’ve been the target of such attacks and it is crucial to do three things to protect yourself and your company. First, be stingy with the personal info you choose to share, never respond to the attack, no matter how badly you want to defend yourself or your company, and save all posts, emails and other communications. If physical threats are made, it becomes a federal crime.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

4 Increasing Threats in Cybercrime

In the most recent spam scam to assault Facebook, users are being greeted with a message advising them to ‘verify’ their account, seemingly a noble act of spam prevention and surely not spam itself, right? Not so fast. Those rascally little hackers have swapped out the ‘Like – Comment – Share’ links with a ‘== VERIFY MY ACCOUNT ==’ link, making clicking eminently attractive and practically unavoidable for the uninformed user. Clicking the link, of course, has exactly the opposite effect advertised by the malware, not only posting the message on the user’s wall, but in fact spreading JavaScript that, according to The Register, is “highly obfuscated.” (If interested, you can check out an interesting analysis of the script here.)

“Facebook has become a veritable cesspool of spam, with fake links promising to show users things like how many people have visited your profile or the never-released photos of Osama bin Laden’s body,” reports the Detroit Free Press.

In fact, it seems that these clickjacking schemes have become the norm and Facebook, by its own admission, has only been able to react to the scams as they appear.

“We’ve been shutting down the scammy pages that are the source of this spam as soon as we detect them or they’re reported to us,” Facebook’s Fred Wolens told the Free Press.

So let’s return to the kingdom of the blind. No disrespect to any Facebook user intended, but knowing how to recognize a genuine security threat often requires three things: experience, specialized understanding in what goes on under the hood, and the requisite savvy that comes with being an IT professional. The first one is easy. Think about the first time you learned that touching an open flame wasn’t such a good idea. Anyone who’s been nailed at least once by a malicious link will testify that they think twice before clicking again. The second and third, however, require specialized information that, simply speaking, aren’t part of the average computer user’s frame of reference. And to be fair to Facebook users everywhere, they shouldn’t need to have that specialized knowledge. It would be counterintuitive to the concept that Facebook is easy to join. Easy to use.

To give Facebook credit, last week the website announced several new features implemented to combat clickjacking:

• Web of Trust (WOT) – Web of Trust is a free service that grades sites based on user experience. Basically a community that relies upon reported links, WOT intercepts links in Facebook, warning the user that the link could be dangerous, if it has been frequently reported by the community.
• Clickjacking Prevention – Since clickjacking is based on tricking the user into thinking they’re clicking on one thing when in fact they’re clicking on another, Facebook has implemented extra security measures to detect whether links are trying to pretend they’re something else. In essence, users will be required to confirm their choices when they click “Like.”
• Cross-Site Scripting (XSS) Protection – Malware often tricks users into pasting malicious code into the browser address bar. Facebook has added an extra layer of protection, providing a popup window advising the user that he or she is trying to address a bad link.
• Login Approvals – Facebook has added an optional – but highly recommended – layer of security by offering two-factor authentication, meaning that whenever a user tries to log on to Facebook from a new device, he or she will also have to enter a code sent via SMS to the user’s mobile device.

If you’re reading this and you have responsibility for office workers who have access to Facebook, you’re probably already copying and pasting into an enterprise-wide email. That would be a wise choice.

Let’s face the facts. Social networking does a great job of bringing people together in cyberspace. The problem: it also makes it way too easy to put hackers, spammers and cyberpunks together with innocent users who are not trained – or even interested in being trained – in how to recognize malicious code and spam when and where it appears. As memberships continue to grow in unprecedented proportions, hackers will continue to figure out how to exploit the system.

You had better hang on. The one-eyed men aren’t going away anytime soon. In fact, they’re fitting themselves for crowns.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Facebook Spam Prevention Scam Propagates, Hackers Rejoice

Recent Security Breaches May Bring Discussions on Cloud Computing Crashing Back to Earth

Cloud computing isn’t a new concept. Technically speaking (and some may disagree), cloud computing is as old as public chat rooms and web mail. As long as we’ve been able to attach a file and send it out into the cold, dark server-based galaxy of cyberspace, we’ve all been living in the cloud. The term itself – cloud computing – is nothing more than a marketing construct developed by software companies for the express purpose of paying homage to the offices of CEOs and Boards of Directors, wherein the almighty dollar is king.

That’s the cynical view. Now for the idealistic, almost Utopian, approach:

Cloud computing is the miracle cure that will change our lives to the point where we wonder how we survived the chaos that existed before living in the cloud. It will increase productivity and collaboration, reduce office footprints by giving rise to telecommuting. Some may say that it even reduces the need for localized data security because the security is now in the safe, competent hands of dedicated data centers. The cloud even tips a hat to green computing, reducing the carbon footprint in offices by passing application and data loads off to remote servers, thus reducing the need for localized and/or dedicated servers (truth be told, the jury’s still out on this one).

Stand back and take a long look at both these views. Does either ring true? Of course not. In fact, the truth seems to lie somewhere in the middle, but all good IS Managers approach the topic cautiously and with a great deal of research into the pros and the cons, the tools and the risks. The implications of employee training alone can leave the strongest of IT people waking in the middle of the night, screaming for their mommies. All the while, evangelists in the form of software account managers stand on soapboxes, thumping on white papers that explain cloud computing and its cost benefits and pointing long, bony index fingers straight at us, promising, “this is what cloud computing can – nay, will – do for you! ROI! ROI!”

It’s no wonder that the caution, confusion and fear have risen to monumental levels; but like the tortoise in Aesop’s fable, IT professionals approach the finish line, slowly and steadily, hoping all the while that the bosses won’t push them over the edge of a precipice from which there is no safe return.

Amidst all the confusion, news of recent security breaches at some very large companies may be the warning that IT people everywhere have been looking for – the ammunition they need to remind their bosses that being the first to jump off a cliff before checking for water below isn’t the best way to embrace innovation. The recent woes felt by Sony Corporation, Epsilon and Amazon serve as that useful warning. While some may not recognize the name Epsilon as a household name, all will recognize the other two. If one was asked to name the top technology companies in the world today, Sony and Amazon would surely be in that list. So it’s no surprise that the news of these data breaches (a reported 100 million accounts compromised for Sony, which is still experiencing issues two weeks after the breach) has shaken the online world to its very core. And one of the casualties here may very well be cloud computing.

According to Reuters, “Some businesses are rethinking plans to move to cloud-based computer systems located at remote data centers that can be accessed over the web,” and that the Sony breach and Amazon’s recent outage at its cloud computer center, “have caused some businesses to put the brakes on plans to move their operations into the cloud.”

This might only be the beginning, because no one really knows what’s going to happen next. It seems that a new security breach greets us each week, and with each story it seems like the hits are getting worse and the stakes are getting higher.

“Nobody is secure,” Eric Johnson, professor at Dartmouth University and technology advisor to corporations, was quoted by Reuters. “Sony is just the tip of this thing.”

In fact, Reuters reports that since Sony announced its PlayStation Network and Qriocity breaches on April 26, stocks for companies involved in cloud computing have not only underperformed, but “Salesforce.com Inc, a maker of web-delivered software, has dropped 3 percent. VMware Inc, which sells software for building clouds, has declined 2 percent.” Lest one thinks this is a general trend in the stock markets, Reuters reports that The Standard & Poor’s 500 Index has increased by 3.3 percent.

So does this mark a major setback for cloud computing, the miracle of modern connectivity? It certainly gives rise to conversations about data security and the risks associated with putting sensitive data ‘out there.’ Ever since the term ‘cloud computing’ was coined and then pushed – and pushed again – out to the marketplace as the solution to everyone’s problems, there’s been an uneasiness about the implications of placing data – the lifeblood of modern society – outside the firewall. People, in a cloudlike trance, seem to have been soaking up the concept of being able to access their data from anywhere in the world, but at what cost?

Perhaps these recent events are the wakeup call that everyone needed. Consider a newborn baby and a crib, which has all the requisite safety features, including bars to keep the child safe from falling. Nearby, you have a bed, soft and safe and comfortable in its own right, but lacking the features designed to protect a young child. Who in their right mind would opt for placing the baby on the bed, and then leave the baby unattended?

It’s something to consider.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Hey, You! Get Off Of My Cloud!

Let’s recount what happened. On April 19th, without so much as a “how do you do,” the PlayStation Network and Qriocity, Sony’s on-demand service for music and videos, went down, rendering all aspects of the network – multiplayer gaming, PlayStation Store access, web access, NetFlix and Qriocity services – unusable. It was a little eerie, too, in the way it transpired. Users were simply unable to log on to their PSN and Qriocity accounts, normally a common occurrence when the system is down for periodic maintenance. But hours turned into a day and some media outlets picked up the story, when the outage still greeted users. “We’re aware certain functions of PlayStation Network are down” was Sony’s response, but not long afterward they posted on their EU blog that there was, “the possibility of targeted behaviour by an outside party.” Not long after that, Sony announced that the service would be down for “a full day or two.”

Since then, the issue has turned into something of a nightmare, both for Sony and the 78 million members of the services. Hours turned into days, days into a week. What was very quietly sold as an outage turned into the worst possible outcome: three days into the outage, Sony finally announced that the service failure was in fact the product of “an external intrusion.” Nearly a week after the initial outage, Sony finally announced that personal information was also compromised. For those of you keeping score, here’s what Sony UK reported as being compromised: name, shipping address, billing address, country, email address, birthdate, PSN/Qriocity ID, PSN/Qriocity password, PSN/Qriocity security question and answer, and purchase history. Ouch.

Every major media outlet has keyed in on the unprecedented breach. Sony’s taken a big black eye in the stock markets – according to Reuters, Sony’s shares dipped 4.5 percent on Thursday (markets were closed on Friday) – and lawsuits against Sony Corporation are already being discussed. One class-action attorney in the United States is considering filing a suit on behalf of PSN account holders and several governments are looking into the security breach, including US Congress and the UK Information Commissioner’s Office, which Reuters announced was “investigating whether Sony violated laws that require it to safeguard personal information.” Double ouch.

Perhaps even more damaging to Sony, PSN and Qriocity members are expressing their outrage at Sony’s delay in revealing the breach, the ongoing loss of service, and the loss of their personal information (I for one, was lucky: the week before the outage I changed my credit card number due to a lost card). Reuters stated that “some gamers writing in online forums called for a boycott of Sony products, while shoppers at London video-games stores said they might leave the PSN network.”

Reuters also reports that “a Sony spokesman said that after learning of the breach it took ‘several days of forensic investigation’ before the company knew consumers’ data had been compromised.” Unfortunately for Sony, however, news media everywhere can’t help but draw the similarity to another Japanese company which came under scrutiny in 2010. And in a case of ‘timing is everything,’ the announcement that credit card information may have been stolen broke only hours after Sony introduced its first tablet PC. Thankfully, on May 1st The Montreal Gazette reported that, “there’s no evidence that anyone’s credit card information has been compromised.” Sony reported that the credit card info was encrypted, and credit card companies have observed no suspicious behavior. But the damage has been done and what the fallout will look like, from this data getting into the wild, is anybody’s guess.

What hasn’t been reported (much) since the April 19th breach is that there was a premonition of something big coming only weeks before. On April 4^th, Engadget reported that users trying to log on to their PSN and Qriocity accounts couldn’t get online, instead receiving a brief message from Sony stating that the service was down for maintenance. Hacktivist group Anonymous claimed responsibility for that outage, but Sony quietly denied any funny business, instead opting for the ‘sporadic maintenance’ approach. It might have been left right there and forgotten, were it not for the current woes that plague the beleaguered electronics company.

So what’s to be made of this recent security war? Several things come to mind. First – and always first – system security and privacy are paramount. It’s always been easier to break something than to make something, and even though it’s extremely difficult to plan for every contingency – or the prowess of some hackers, it seems – if you’re going to play in a big arena you had better bring your A game. The fallout could be devastating. Don’t get me wrong: Sony should be commended for, amidst the criticism bombarding the company, not rushing to get their network back up and running. Since the breach, the company has been consistent with the message that they’re ensuring additional security before restoring the services, even rebuilding parts of the system, which Sony purports to be reactivating this week.

Second, coming clean up front is always easier than trying to explain why you didn’t afterward. The stage that is international news media is relentless and unforgiving, especially when the media can grab onto numbers like 78 million and run with them. Toyota saw it in 2010 and now Sony will have to endure the scrutiny of governments, courts, and maybe most important, their users.

Third, if you do have a PSN or Qriocity account, you may want to take the advice given here. And turn your spam filters on high.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

PSN Security Breach: Gaming Not So Fun Anymore, a Warning to Others?

eWeek reports that an email warning of the attack was sent to all employees of the European Commission and its foreign ministry European External Action Service (EEAS). EUObserver obtained a copy of the internal document, which reads, “We have found evidence that both the commission and EEAS are the subject of an ongoing widespread cyber attack.”

The massive malware-driven attack that was discovered on March 22 appears to have directly targeted the two agencies. Upon discovery of the attack, the EC moved quickly to disable remote access to its email and intranet services and has asked its employees to change their passwords.

“The Commission and External Advisory Service are subject to a serious cyber attack,” Antony Gravili, the spokesman for the inter-institutional relations and administration commissioner, told BBC News. In attempt to head-off the inevitable speculation that the timing of this attack is somehow linked to the March 24 summit in Brussels convened to discuss the war in Libya, European debt and nuclear power, Gravili stated that there was no evidence suggesting the two are connected. “I have no information at all linking the attack to the summit, we don’t only suffer attacks at these times,” Gravili said.

One European Commission source stated that the commission was, “often hit by cyber attacks, but this is a big one.”

Gravili stated that he didn’t know how long the attack had been going on or what type of malware was used in the attack. He also declined to comment on whether the malware had been delivered by email or some other means, or whether any information had been compromised. The EC’s security team, the Security Directorate, is investigating the breach and will be focusing on how to avoid such attacks in the future.

Somewhat surprisingly, Gravili dismissed the breach as being the result of random malware and not necessarily on a deliberate and coordinated effort to steal documents. Perhaps that means the EC is aware of something that they’re not sharing, but it seems that the use of malware is a perfect means for cyber terrorists to attack.

While details on the EU malware assault are still sketchy, BBC reports that its sources are comparing this attack to the recent assault on France’s Ministry of Finance in December, when the French ministry encountered a cyber attack that specifically targeted information on the G20 summit held in Paris in February. In that attack, more than 150 of the ministry’s 170,000 computers were infected, and it appeared to be a professional and well-coordinated effort that Patrick Pailloux, director general of the French National Agency for IT Security, characterized as, “pure espionage … one of the most important attacks, if not the most important, ever to target the public administration.”

EUObserver is reporting that there may be a common link between the attacks. In the December assault on France’s finance ministry, French officials suggested that some of the affected traffic was redirected to China, while an unnamed EU official has stated that China is a possible suspect in the March 22 attack on the EC and EEAS. To make matters even more interesting, earlier this month on March 4, several South Korean websites, including the Presidential Office, the Ministry of National Defense, the National Assembly and the Ministry of Foreign Affairs and Trade were attacked by cyber criminals. In that attack, a botnet of about 50,000 infected zombie computers assaulted more than thirty South Korean agencies with a denial of service attack, reminiscent of a 2009 cyber assault on South Korea that was traced to a Chinese IP address used by the North Korean Ministry of Post and Telecommunications.

“We are not speculating on the origin,” Gravili said, referring to the March 22 cyber attack on the EC and EEAS. “We are already taking urgent measures to tackle this. An inquiry’s been launched. This isn’t unusual as the commission is frequently targeted.”

Gravili’s dismissal of the attack as a random case of malware rather than a coordinated effort is an attempt, perhaps, to downplay what is becoming a series of cyber assaults, so common that they now appear in the news every couple of weeks. Whether these attacks are originating from professional groups with deliberate motives, or whether they are the result of nuisance malware from multiple random sources remains to be seen. Regardless of the source or the reason, it appears that the gloves are off and that anyone could be a target of this growing epidemic.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Malware Attack Prompts European Commission to Disable Remote Access

News agencies have reported that several South Korean websites, including the Presidential Office, the Ministry of National Defense, the National Assembly and the Ministry of Foreign Affairs and Trade were attacked by cyber criminals on March 4, 2011. The attack was effective enough to shut down some of the sites.

According to Stars and Stripes, Yonhap news reported that U.S. Forces Korea websites were attacked, but USFK spokesman David Oten “would not comment on whether U.S. military computers had been affected by the virus, citing policy meant to protect operational security.”

“There was a DDoS attack, but no damage was reported,” said a presidential aide at Cheong Wa Dae, the executive office of the President.

Media reports theorize that the attackers compromised two peer-to-peer file-sharing websites using malware. The attacks appear to be linked to a similar incident in July, 2009, when nearly 30 organizations were overrun by a distributed denial of service (DDoS) attack. In both incidents, ‘zombie computers’ were used to carry out the attack. This method is an attractive option for the modern cyber criminal, because the use of zombie computers reduces the attacker’s risk of being detected, and by hijacking the computers of thousands of unsuspecting users, the attack is often quite effective.

Although the methods used to implement a DDoS attack vary, denial of service prevents an Internet site or service from functioning by overwhelming a web server with an unmanageable amount requests at a given time. In the attacks of July 2009 and March 4 of this year, the DDoS attack compromised users’ personal computers with malicious code that caused their machines to attack South Korean websites without the users’ permission.

According to the Korea Herald, an official for the Korea Communications Commission (the state telecommunications policy maker) stated that, “the number of zombie PCs, which are infected by malware and taking part in the attack, currently totals up to 11,000, much smaller than the 115,000 counted during the 2009 cyber attack.” He added that the South Korean government is, “making preparation measures since the number [of zombie PCs] is likely to increase.”

After the incident, the KCC released a second-level warning regarding the attack, indicating that the government will be monitoring any increases in online traffic and will keep a close watch out for malicious code which could be used in the commission of a denial of service attack. Cyber security professionals are working with the South Korean government to address security flaws uncovered by the recent attack.

South Korean information security firm AhnLab said that additional attacks were expected, The Herald reports. The firm also said that the attackers hacked two local peer-to-peer file sharing websites a day before on late Thursday and planted malware in the files.

Kim Hong-sun, chief executive of AhnLab, stressed the inherent dangers of spam, being infected by malware, and the preventative measures that can be taken. “For the PC to not be infected by the malicious code, one must have the latest security patch for the computer operating system and must update the vaccine program, along with checking the system in real time,” Hong-sun stated.

“The attached links sent through the e-mails and online messengers should not be clicked on and files should be screened when downloading them from peer-to-peer sites.”

In the 2009 attack, South Korean and U.S. websites were flooded with signals from infected computers causing service disruptions. While reports vary, as many as 270,000 computers were used to attack U.S. and South Korea-based websites. The BBC reports that the 2009 attack was blamed on North Korea, although no evidence has been uncovered to support this claim.

The 2009 incident was traced to a Chinese IP address used by the North Korean Ministry of Post and Telecommunications. Following the attack, the government established a cyber security center designed to protect financial and economic institutions, claiming it would utilize various methods to mitigate the risk of future DDoS attacks.

The ultimate goal of these attacks remains a mystery. One might surmise that they were ‘nuisance’ attacks perpetrated by hackers who wanted to flex their collective brain cells; or worse, that they were coordinated efforts with an as yet unknown purpose. Either way, the purpose of the attacks and who coordinated them seems irrelevant. The end result is the same and this recent wave of cyber crime might only be a precursor of what’s to come.

What is clear is how the increased vulnerability of corporate and institutional websites is often directly linked to factors outside the direct control of today’s IT manger. Peer-to-peer, phishing scams, email spam, social media spam, the advent of IPv6 – all reasons to consider the ‘X’ factor in today’s connected world: the computer on the other side of that fibre optic cable.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Denial of Service Attack Bombards South Korean Websites

The two men, Daniel Spitler, 26, of San Francisco, and 25-year-old Andrew Auernheimer of Fayetteville, Ark, are accused of hacking AT&T’s website to take advantage of a vulnerability they discovered. The vulnerability was discovered in the function designed to make the login process faster by linking a user’s integrated circuit card identification (ICC-ID) with their e-mail address.

The two men created a script they called “iPad 3G Account Slurper” that randomly generated ICC-ID numbers. If a legit one was created, the email address linked to it would display. The men wound up with the email addresses of high profile people like Donald Trump and New York City mayor Michael Bloomberg.

          “Hacking is not a competitive sport, and security breaches are not a game,” said U.S. Attorney Paul Fishman. “Companies that are hacked can suffer significant losses, and their customers made vulnerable to other crimes, privacy violations and unwanted contact.”

The two men, members of a small hacker group called Goatse Security, defended themselves by saying the flaw had been fixed before they went public and took credit for it. It’s not known what, if anything, they did with the addresses they stole or if other members of the group had access to them, but the possibility of the addresses being sold to spammers or other hackers is a concern.

Spitler and Auernheimer face one count each of conspiracy to access a computer without authorization and one count of fraud in connection with personal information. They face up to 10 years in prison and a $500,000 fine. Auernheimer is also facing drug charges after FBI agents found drug paraphernalia while searching his home.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Two Men Charged in iPad Email Hack

Pump and dump schemes have been around for a long time. Typically they involve massive amounts of spam being sent hyping a particular penny stock as being the next hot thing, hoping people will be tempted by the promise of big profits to invest. This causes the value of the stock to rise artificially, and once it gets to what the spammers consider a profitable level, they sell their stock and disappear, leaving the investors with worthless stock and empty bank accounts. Recently an Indian man was handed a 6 year prison sentence for a similar pump and dump scheme.

Bragg was previously sentenced to a year in prison for a similar case involving infamous “Godfather of Spam” spammer Alan Ralsky. That Michigan based operation netted an estimated $2.7 million dollars in profit and got Ralsky over 4 years in prison.

Just how much Bragg may have profited from his latest scheme and how much spam he pumped out is unknown. He also faces a $250,000 fine.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Arizona Man Pleads Guilty in Pump and Dump Spam Scheme

The Zeus botnet has over 74,000 infected PCs under its control and is using them to carry out the attack. 10 federal agencies are among the victims and there is no telling just how much sensitive data the hackers have stolen. Security firm NetWitness did manage to intercept 75GB of stolen data, but there is likely much more out there.

“The botnet is still active and still actively being managed by the organized criminal activity behind it,” NetWitness CTO Tim Belcher told The Register. “Over the last month, we’ve seen it retask its (victim) members half a dozen times looking for different types of information.”

In a surprising twist, the firm discovered that the affected PCs were also infected with Waledec. This could mean there are two cybergangs working together or merely that a solitary gang is using more than one strain of malware to avoid detection.

Among the organizations attacked are Merck, Paramount Pictures, and Cardinal Health. All in all organizations in 196 countries around the world have been attacked. Rumors are swirling that even the Pentagon was hit, but they are declining to confirm any such breach.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Nearly 2,500 Companies Hacked in Ongoing Cyberattack

These companies, and many others like them, provide email marketing services to websites and other online businesses.  Email marketing, when done properly, is a legitimate practice and is not spam although some people do not make the distinction between the two.

A legitimate email marketing service will require a subscriber to deliberately opt-in to a list, usually by sending them a confirmation email before they are added to a marketer’s email list.  This stops spammers from simply harvesting email addresses, importing them into one of these services, and starting to spam them.

This opt-in requirement, plus other measures, assures a high deliverability rate for the customers of the email marketing service because antispam systems on the receiving end can have a high level of confidence that the marketing messages are opt-in and not spam.

Among the more paranoid web users there is a tendency to use unique emails for each mailing list that they sign up to.  So if they were to sign up to ABC Corp’s mailing list, they would use paul_abc@somewhere.com, and then for XYZ Pty Ltd would use paul_xyz@somewhere.com.

This might seem like a lot of hassle to go to, generating unique email addresses for every list you subscribe to, but when the attacks on these companies occurred it was these people who noticed the problem first.  Suddenly their secret, unique addresses began receiving pharmaceutical spam emails.   Your average person who uses one single email address probably would not have noticed this additional spam.

Initial reports were sketchy but eventually first Aweber, and then later iContact determined that a data breach had occurred in their systems.  In both cases the outcome was the same – subscriber email addresses were compromised, but customer account and billing information was not.For the attackers this was a major score.  Hundreds of thousands, if not millions of valid working email addresses are now in their hands ready to be spammed.  And now that the data is out there is no way to get it back in again.

The paranoid web users, with their single-purpose email addresses, can probably go to the effort of unsubscribing and then discarding those addresses and generating new ones to re-subscribe with.  The average user with just one email address that all their friends and family know has no such luxury.

Both incidents cast a shadow across the internet marketing industry and put a lot of pressure on email marketers.  These people ask for their subscribers’ trust and in turn trust their service provider to keep their subscriber email addresses secure.

As serious as this incident is, the real impact is not necessarily all that big.  Valid email addresses fall into the hands of spammers every day, there is nothing more special about the ones compromised in these attacks other than the sheer volume of them that the hackers were able to net in one go.

For email users, particularly those in businesses, who are running a good anti-spam system the impact will likely be nothing at all.  The spammers aren’t able to leverage the trust of the email marketing services’ servers to send their spam, they still need to send them out via their usual compromised servers and botnets, which a good anti-spam system will still block.

However it does highlight the fact that as long as we try to use email for legitimate business, spam will always be a problem.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Email Marketing Services Targetted by Hackers

Zbot even contains a list of specific sites to monitor including Facebook, MySpace, Bank of America, Amazon, HSBC, Paypal, Blogger, and just about every bank you can think of. This Trojan means business. Once a user on an infected machine accesses one of the sites on the list, a built in keylogger is activated and records their information. The stolen information is then uploaded to a remote server.

Zbot has been spotted in several previous attacks. One pretended to be a notice from UPS, another a ticket confirmation from Delta Airlines and a third a notice from Western Union. The gang behind the attacks is said to be hiding out in Russia.

To protect yourself and your users, remember that common sense is a hacker’s worst enemy. They are hoping people will trust that it a real update from Microsoft even though it’s well known that Microsoft pushes their patches through on the second Tuesday of each month only and never ever sends them via email. If you get an update from anywhere other than the Microsoft Update console, chances are it’s fake. Make sure you have a policy in place regarding software installation. It’s probably best to restrict everyone but the IT department from doing any at all.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

New Malware Attack Pretends to Be a Microsoft Update

The most disturbing part of the attacks is that many of the sites belong to elementary schools and are visited by students. The hackers behind the attack apparently have no problem directing children to porn sites. Even the search results for these sites have been changed to refer to porn and shady pharmacies.

It’s not known who’s behind the attack and the UK government has not yet had any comment. One thing is sure however, and that’s that they need to take a serious look at the security and software on their sites. It’s poorly designed software and careless security (such as not disabling unused FTP logins) that lead to these types of attacks. Experts warn that it’s possible that people who are infected by compromised sites may begin to file lawsuits against them for negligence.

However I’m not sure that’s the way to go-after all it is up to each of us to properly secure our computers and use up to date anti-virus software!

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Hundreds of UK Government Sites Hacked