Security Hero Rotating Header Image

May 11th, 2009:

4067

4067

BAT/Qhost.NBJ (2), BAT/Qhost.NBK, BAT/StartPage.NAS (4), BAT/TrojanDownloader.Ftp.NDB (4), BAT/TrojanDownloader.Ftp.NDC (5), Win32/Adware.AntiSpyware2008, Win32/Adware.Antivirus2008, Win32/Adware.InternetAntivirus (3), Win32/Adware.SystemSecurity, Win32/Adware.WinPCDefender, Win32/Agent.WPI (2), Win32/AutoRun.Agent.NP (2), Win32/AutoRun.FlyStudio.IT, Win32/Delf.ODU (4), Win32/KillAV.NDC (2), Win32/Mypis.AR, Win32/PSW.WOW.NKB (2), Win32/Qhost (2), Win32/Rootkit.Agent.NLD, Win32/Rootkit.Ressdt.NAW, Win32/Rootkit.Ressdt.NAX, Win32/Rustock, Win32/Rustock.NIG (2), Win32/Spy.Banker.QRP (2), Win32/Spy.Banker.QRQ (2), Win32/Spy.Delf.NRL, Win32/Spy.Pophot.NAO, Win32/TrojanDownloader.Agent.OXO (2), Win32/TrojanDownloader.Agent.PBN (4), Win32/TrojanDownloader.Agent.PBO, Win32/TrojanDownloader.Banload.ONO (2), Win32/TrojanDownloader.Banload.OOK (3), Win32/TrojanDownloader.Banload.OPH, Win32/TrojanDownloader.Delf.OTK (2), Win32/TrojanDownloader.Delf.OTL (2), Win32/TrojanDownloader.Small.OOT (2), Win32/TrojanDownloader.VB.NXU (2), WinCE/SMS.Redoc.L (2)

URL: http://www.eset.com/joomla/index.php?option=com_content&task=view&id=6018&Itemid=26

Pirate Bay proposes Distributed Denial of Dollars Attack – DDo$

Pirate Bay proposes Distributed Denial of Dollars Attack – DDo$

Pirate Bay founder Gottfrid Svartholm (aka anakata) received a bill for the 30 million SEK that he, along with Peter Sunde (aka brokep), Fredrik Neij (aka TiAMO), and Carl Lundstrom, was fined in the verdict of the Pirate Bay trial just over three weeks ago.

The bill inspired anakata to devise a plan involving sending money to Danowsky¡¦s law firm, but not to pay the fine of course which they say will never be payed. Anakata¡¦s clever plan is called internet-avgift, internet-fee in English. Anakata encourages all Internet users to pay extremely small sums around 1 SEK (0.13 USD) to Danowsky¡¦s law firm, which represented the music companies at the Pirate Bay trial. The music companies will not benefit from this, instead it will cost them money to handle and process all the money.

The plan can be called a Distributed Denial of Dollars attack (DDo$). The plan is an away-from-keyboard DDoS attack. DDoS attacks involve lots of users overloading the victim with internet traffic damaging their ability to provide services. Money, instead of Internet traffic is used in this case. A friend of Anakata told Blog Pirate that the bank account to which the payments are directed has only 1000 free transfers, after which any transfers have a surcharge of 2 SEK for the account holder.

URL: http://www.hackinthebox.org/index.php?name=News&file=article&sid=31255

Apple Rejects iPhone BitTorrent App

Apple Rejects iPhone BitTorrent App

Citing copyright infringement concerns, Apple won¡¦t include a BitTorrent client in the App Store.

The Cupertino-based electronics company rejected Maza Digital¡¦s Drivetrain, saying ¡§this category of applications is often used for the purpose of infringing third-party rights. We have chosen to not publish this type of application to the App Store.¡¨

Apple is well known for banning porn-related apps or those it deems culturally unworthy. That said, the latest rejection is rather ironic: iPhones, iPods and even Apple computers nd those from its competitors are routinely used ¡§for the purpose of infringing third-party rights.¡¨ And there already is at least one app available, called trackr, which is described as ¡§an RSS reader with the unique ability to queue to torrent downloads diectly from an RSS feed.¡¨

URL: http://www.hackinthebox.org/index.php?name=News&file=article&sid=31254

Microsoft finally acknowledges Windows 7 will ship in 2009

Microsoft finally acknowledges Windows 7 will ship in 2009

Microsoft officials are finally admitting what many company watchers, customers and partners have known for a while: Windows 7 is going to ship in 2009.

Specifically, Windows 7 is going to be generally available in time for holiday 2009. Windows Server 2008 R2 will ship ¡§in the same timeframe,¡¨ officials are conceding.

If you¡¦re thinking you read this somewhere before you have: In late April, a senior Windows exec told Bloomberg News that shipping Windows 7 in time for the holidays was ¡§accomplishable.¡¨ On May 11, during the kick-off keynote for Microsoft¡¦s annual TechEd USA conference, the Windows team is going way out on a limb and saying they actually WILL ship Windows 7 in time for it to be preloaded on holiday PCs.

URL: http://www.hackinthebox.org/index.php?name=News&file=article&sid=31253

Duke Nukem material released

Duke Nukem material released

EMPLOYEES AT TROUBLED game maker 3D have released stills and footage of how far they got with the legendarily late Duke Nukum game.

The game was delayed more times than the second coming of Jesus and was one of the reasons why 3D appears to have gone to the wall. According to Techspot some of the games design team have posted what people who had waited nearly ten years for the sequel will now miss.

URL: http://www.hackinthebox.org/index.php?name=News&file=article&sid=31252

Cadets Trade the Trenches for Firewalls

Cadets Trade the Trenches for Firewalls

The Army forces were under attack. Communications were down, and the chain of command was broken. Pacing a makeshift bunker whose entrance was camouflaged with netting, the young man in battle fatigues barked at his comrades: ¡§They are flooding the e-mail server. Block it. I¡¦ll take the heat for it.¡¨

These are the war games at West Point, at least last month, when a team of cadets spent four days struggling around the clock to establish a computer network and keep it operating while hackers from the National Security Agency in Maryland tried to infiltrate it with methods that an enemy might use. The N.S.A. made the cadets¡¦ task more difficult by planting viruses on some of the equipment, just as real-world hackers have done on millions of computers around the world.

The competition was a final exam of sorts for a senior elective class. The cadets, who were computer science and information technology majors, competed against teams from the Navy, Air Force, Coast Guard and Merchant Marine as well as the Naval Postgraduate Academy and the Air Force Institute of Technology. Each team was judged on how well it subdued the threats from the N.S.A.

URL: http://www.hackinthebox.org/index.php?name=News&file=article&sid=31251

Maldives Elections Commission website hacked

Maldives Elections Commission website hacked

The website of the Maldives Elections Commission was hacked last night and the hackers defaced the homepage of the website. It isn¡¦t sure when the attack had occurred but even by 9:15pm last night the hackers¡¦ message on the homepage had not been removed.

Later, after the website finally went offline, an official from the Commission said that they were trying to fix the website and assisting the Police in their investigation of the attack.

The official further said that the hackers had not changed any details on their database and had only changed the contents of the homepage.

URL: http://www.hackinthebox.org/index.php?name=News&file=article&sid=31250

Living with Windows 7 release candidate

Living with Windows 7 release candidate

I’ve been living with Windows 7 for some time now. Indeed, I’ve been using it since the first public release last fall.

At work, it has been my main machine for several months and I frequently bring it home and take it on the road. However, I have relied on my CNET-issued Windows XP machine for a number of key tasks, such as using the desktop version of Outlook and when I needed to access the Internet using a Sprint modem. (Our newsroom USB modem didn’t work with the beta of Windows 7.)

With the release candidate, I was finally able to take the complete plunge. Since Tuesday, I have been using nothing else–at work and at home. And I must say, despite one hiccup that I’ll get to in a minute, Windows 7 is shaping up quite well. There’s a lot to like about Windows 7 for those using Windows XP or Windows Vista.

URL: http://www.hackinthebox.org/index.php?name=News&file=article&sid=31249

Mergers and acquisitions in the botnet world

Mergers and acquisitions in the botnet world

With the growth of the profit motive in recent years, the world of hackers has become more businesslike, with the development of off-the-shelf software packages, professional services, and retail and wholesale markets for goods and resources. Will we be seeing the emergence of mergers and acquisitions?

Probably not yet. Bot-herders still appear to be more interested in hostile takeovers than mergers. But some observers are concerned about the apparent strategic partnership being established by two of the more successful current botnets: Conficker and Waledac.

The U.S. Computer Emergency Readiness Team (US-CERT) warned last month that a new variant of the Conficker worm, also known as W32.Downadup, that updated earlier infections via its peer-to-peer network. The most recent variant appears to download additional malicious code onto compromised systems, including copies of the Waledac Trojan, a spam tool. Waledac has previously spread via e-mail containing malicious links.

URL: http://www.hackinthebox.org/index.php?name=News&file=article&sid=31248

Porn Leads To Conviction Under ‘Hacker Law’

Porn Leads To Conviction Under ‘Hacker Law’

Did you know that by looking online for an “adult friend” and uploading nude pictures of yourself while at work, you could be convicted using the same law that was designed for prosecuting malicious hackers?

Talk about a tale of woe: Richard Wolf, a lonely guy looking for love in all the wrong places, used his work computer to visit the Adult Friend Finder website and upload personal nudes to prospective “friends.”

I’ve read through the commentary from the Wired article “Court Upholds Hacking Conviction of Man for Uploading Porn Pics from Work Computer,” and the appellate court’s upholding (PDF) of Wolf’s conviction of Richard. In my opinion, what appears to have been a normal violation of acceptable usage policies that should have been handled by the HR department quickly devolved, leading to a questionable use of state laws based on the federal Computer Fraud and Abuse Act when law enforcement was involved instead.

URL: http://www.hackinthebox.org/index.php?name=News&file=article&sid=31247

Security Researchers Hijack Cybercrime Network

Security Researchers Hijack Cybercrime Network

The scale of the threat posed by cybercriminals has been revealed after researchers took over a network of computers for 10 days, gaining unrestricted access to thousands of bank and credit-card accounts.

They showed how a botnet, a network of 180,000 compromised or zombie computers, allowed thieves to steal thousands of bank account and credit-card details and computer passwords and to spy on the browsing habits of the users.

In an unprecedented insight into how “botnets” operate and how lucrative they can be, security researchers at the University of California, Santa Barbara, estimated that they could have sold the information that they collected for more than $8 million on the thriving underground market for stolen data.

URL: http://www.hackinthebox.org/index.php?name=News&file=article&sid=31246

Students excel in new-age crime technology

Students excel in new-age crime technology

It was their chance to rub shoulders with the bigwigs of security industry and make their mark in field. First day of on Security and Identity Management (SIM) conference at IIM-A saw a number of paper presentations from the students of various national universities in fields of fraud mechanics, secured multi-party computation, Bluetooth hacking and laws pertaining cyber crime in India.

Wallace Jacob, a participant from Tolani Maritime Institute in Pune presented a paper on Digital Fraud’ and its variants in contemporary times. “We are now looking eye-to-eye with concepts like key-logging, phishing, click-jacking and email scams that were a part of science fiction a while ago. Now, a computer equipped with internet and communication technology, one can commit crime from any corner of the world. As we become greedy for free stuff on the Internet, we are inviting a lot of trouble in the form of malware and trojans. These send personal information of your computer to a remote server accessed by hackers,” he said.

URL: http://www.hackinthebox.org/index.php?name=News&file=article&sid=31245

As Hacking Hits Home, China Strengthens Cyber Laws

As Hacking Hits Home, China Strengthens Cyber Laws

A year ago, when a Time Magazine reporter told Tan Dailin that he’d been identified as someone who may have hacked the Pentagon, he gasped and asked, “Will the FBI send special agents out to arrest me?”

The answer, it turns out, was, “No, the Chinese government will.” Dailin, better known in Chinese hacker circles as Withered Rose, was reportedly picked up last month in Chengdu, China, by local authorities. He is now facing seven years in prison under a new Chinese cybercrime law that was passed in late February.

Although the Western media has been awash with stories of Chinese hacking for years, cybercrime was until recently governed by three articles added to China’s criminal code in 1997. The laws were out-of-date and “failed to correlate proportionately with the tremendous social harm” caused by cybercrime, according to a recent paper on Chinese cyber-law published in the International Journal of Electronic Security and Digital Forensics.

URL: http://www.hackinthebox.org/index.php?name=News&file=article&sid=31244

pecio cms ‘index.php’ Local File Include Vulnerability

Vuln: pecio cms ‘index.php’ Local File Include Vulnerability

pecio cms ‘index.php’ Local File Include Vulnerability

URL: http://www.securityfocus.com/bid/34802

Microsoft Internet Explorer UTF-7 Cross-Site Scripting Vulnerability

Vuln: Microsoft Internet Explorer UTF-7 Cross-Site Scripting Vulnerability

Microsoft Internet Explorer UTF-7 Cross-Site Scripting Vulnerability

URL: http://www.securityfocus.com/bid/34917