08 January 2012
07 January 2012
06 January 2012
Ramnit Goes Social
Figure 1: Number of Ramnit Infected Machines Between September 2011 and December 2011
It seems, however, that this is not the last twist. Recently, our research lab identified a completely new 'financial' Ramnit variant aimed at stealing Facebook login credentials. Since the Ramnit Facebook C&C URL is visible and accessible it was fairly straightforward to detect that over 45,000 Facebook login credentials have been stolen worldwide, mostly from users in the United Kingdom and France.
Figure 2: Ramnit.C Facebook Infection Distribution By Country
Figure 3: Ramnit Command & Control Server with Visible Facebook Accounts files
We suspect that the attackers behind Ramnit are using the stolen credentials to log-in to victims' Facebook accounts and to transmit malicious links to their friends, thereby magnifying the malware's spread even further. In addition, cybercriminals are taking advantage of the fact that users tend to use the same password in various web-based services (Facebook, Gmail, Corporate SSL VPN, Outlook Web Access, etc.) to gain remote access to corporate networks.
With the recent ZeuS Facebook worm and this latest Ramnit variant, it appears that sophisticated hackers are now experimenting with replacing the old-school email worms with more up-to-date social network worms.
Etrade suffers DDOS festive treat
ANZ Bank-owned online broker ETrade, has been the target of a sustained malicious offshore generated cyber attack.
The denial-of-service attack resulted in thousands of emails flooding the broking site, prompting a cessation of services from Christmas Eve to the New Year period.
According to a Fairfax report, offshore Etrade clients were the worst affected with some countries unable to access accounts for almost two weeks. An ETrade spokesperson confirmed that while overseas clients were , more profoundly affected, Australian clients had intermittent access to their accounts.
Neither ANZ nor ETrade have supplied any detail on the nature of the attack or who the culprit was.
Customers only received an explanation of the outage yesterday stating, "immediate action was taken to restrict access from some overseas locations, but given the nature of the incident we were restricted in what we could communicate with you at the time. Importantly, at no stage was the security of the Etrade website breached."
05 January 2012
Social media engages the globe
Despite significant differences in government, infrastructure, availability of access and cultural practices around the world, social networking is growing in every single market. The penetration of social networking sites ranges from 53% in China to 98% in the US, with 41 of the 43 markets individually reported by comScore seeing a market penetration of 85% or more.
“Regardless of how open or closed a society may be, it is safe to assume that more than half of local online populations are engaging in online social networking, making the practice comparatively ubiquitous around the world,” the metrics outfit says.
And for each region, the total time spent by users on social networking grew by at least 35% over the past year, reflecting its growing pervasiveness across the board. In Latin America, Europe, and the Middle East-Africa – three very culturally different regions – social networking accounted for at least 24% all time spent online.
04 January 2012
Phishing scam
The Sun-Times has been alerted of a phishing scam hitting e-mail inboxes nationwide. The e-mail is disguised as an electronic copy of a purchased airline ticket. It is advised that if anyone does receive this e-mail, they should report it as spam or junk without opening it. The copy of the email text is as follows:
Dear Customer,
FLIGHT NUMBER AA753
ELECTRONIC 778679819
DATE & TIME / JANUARY 15, 2012, 10:53 PM
ARRIVING / Cleveland
TOTAL PRICE / 223.73 USD
Your bought ticket is attached to the letter as a scan document.
You can print your ticket.
Thank you for using our airline company services.
American Airlines.
CM tells police to monitor FB
Jaipur: The state government would be closely monitoring hate crimes spreading through the social networking sites. While reviewing law and order situation in the districts, chief minster Ashok Gehlot, made it amply clear that networking sites cannot be allowed to trigger communal tension. Gehlot asked senior police officials to probe how Facebook was misused to turn people anger into mob fight in some districts and warned such instance should not occur in future.
"Why was the misuse of the social networking sites, like Facebook, reported from four-five districts of the state recently," Gehlot asked officials. He directed officials to evaluate the fact and check attempts to break communal harmony through uploading objectionable matter on social networking sites.
He directed the police to take strong measures against ‘external forces’ trying to disturb the communal harmony in state. "In case of a communal violence, the district collector and the superintendent of police would be solely responsible for the fallout of such an event," he said during the meeting.
Schools say Get off FB
With Board exams a month away, are you worried that your child spends too much time online surfing social networking sites? You are not alone. Many schools are sending out advisories to parents asking them to wean their children away from these sites, especially Facebook, during this exam season.
The Class X and Class XII exams of CBSE, ICSE and state boards are scheduled from February to April and since December, de-activating students’ FB accounts has been widely discussed in parents’ meetings and open houses conducted by schools.
While principals and teachers are urging parents to ask their wards to de-activate their FB accounts immediately, some schools have even engaged technical experts for the purpose. While most parents agree wholeheartedly that this could show positive results as far as their wards’ results are concerned, surprisingly the students too are agreeing to comply, albeit after some initial resistance.
THE ADVISORY
* Children below 16 should be discouraged from social networking
* Ensure that the computer is installed in a common area and not in the bedrooms
* Keep a tab on the content of their children’s networking accounts till the age of 18
* Make sure that a child doesn’t misuse the Internet under the guise of school projects
* Keep a tab on websites being visited and install a firewall to bar social networking sites
* Avoid buying mobiles for a student below Class XII
* Children should not be allowed to carry cellphones to school under no circumstance
03 January 2012
That 'UK lottery you just won' originated in Aarey Colony
If you wondered where you are receiving fradulent emails about winning millions of dollars and property in the United Kingdom from, the city’s crime branch has the answers.
These SMSes and emails were not generated from foreign soil, but by a group of Nigerians holed up in rented flats in Goregaon (E).
The city crime branch sleuths on Saturday arrested six Nigerian nationals for their alleged involvement in phishing scams and suspects that they would have cheated several people to the tune of lakhs of rupees.
Explaining their modus-operandi, Joint commissioner of police, crime Himanshu Roy said, they were using two different ways to con their victims. They would either send SMSes and emails informing victims about being selected in some lucky draw or the name the victims as beneficiaries of inherited property worth crores, mostly of a rich person in the UK or Libya. They would ask the victims for their email address for further communication.
Once in possession of the email address, they would email the victims and try to convince the victims. They had also prepared bogus certificates of the firms who had allegedly carried out lucky draws and announced the bogus prize money cheques. They would then email these bogus documents to the victim to gain their trust.
The accused would then started demanding money from the victims, saying they would need to appoint a local lawyer to act on their behalf in the UK and release the prize money from the government there.
They would then demand money on various pretexts like clearance from the revenue department in UK, RBI and Customs, take money from the victims and disappear.
The accused also had bank accounts in the city and some local contacts too.
Nehru Place: A beehive for software piracy
If the numbers remain alarmist, you only need to visit the country's largest technology market,Nehru Place in New Delhi. Its notoriety as a haven of software piracy was articulated by the US last month and it's easy to see why. At first glance, a first-time visitor to Nehru Place might feel misguided. There's nothing technology about it.
Street hawkers swamp the two main lanes alongside rows of shops, selling fake branded clothes, watches, shoes, utility items, and what have you. Cut through them to reach the stores selling computers, tablets, smart phones and just about any kind of software. But even before you can enter any of them, 19-year-old Inder Kumar, boyish and street-smart, accosts with a seven-page catalogue.
It's literally an A to Z of software, from Adobe to Z-Brush (a digital art software ). And he promises to sell them, at prices cheaper than a pair of boxers . He is all mouth even as his eyes dart around for cops and flying squads from Microsoft.
Indian cyberspace hit by Kim Jong-II malware mails: IT sleuths
Indian computer security analysts have detected and alerted internet users against "malicious spam mails" in the name of the dead North Korean leader Kim Jong-II leading to hacking and crashing of vulnerable e-mails.
The Indian Computer Emergency Response Team (CERT-In), country's national agency to respond to computer security incidents, has found the malware virus streaming into the Indian cyberspace.
"It has been observed that a spam campaign in the pretext of death of North Korean leader "Kim Jong II" is making rounds for malware propagation. The malicious spam mails carry a fake name - "brief_introduction_of_kim_jong_Ill_pdf.pdf".
"The said pdf file is exploiting vulnerabilities in Adobe reader and Acrobat, that once successfully exploited leads to remote code execution in the victim system," the CERT-In said in its latest advisory to computer and internet users in the country.
"The malware has been detected more than ten days after the death of the North Korean leader and it lures the internet user to fall into trap of reading his life and style of living. The spam generators are being detected," a senior internet investigator told PTI.
The CERT-In has asked all government and other Internet Protocol (IP) addresses to avoid clicking on the link as it may lead to loss of valuable secret data including threat to personal financial details.
Miscreants hack into Wardha ZP website
Alarm bells started ringing after the official website of Wardha Zilla Parishad washacked and slogans like 'Pakistan zindabad' were posted in Urdu on Friday. The website was ordered to be shut down soon after the hacking came to light.
District collector Jayashree Bhoj confirmed the hacking and said that ZP chief executive officer has been directed to conduct investigations and take suitable action against the unknown hacker.
According to Deputy CEO Vivek Bondre , the website was designed four years ago by Micological System, a Nagpur-based company. Information about government schemes was posted on it.02 January 2012
Social networking sites vulnerable to attacks in 2012
Social networking sites will be most vulnerable to cybercriminal attacks across the world in the next year, says a report from Trend Micro, an anti-virus, anti-spam and Internet security vendor.
Social networking sites are ideal targets for online criminal activity because of the large number of users, and an apparent high-level of trust among them.
The report has come up with predictions covering four main categories — big IT trends; mobile landscape; threat landscape; and data leaks and breaches.
In the mobile landscape, smartphones and tablet platforms, especially Android, will suffer from more cybercriminal attacks.
Among big IT trends, the Bring-Your-Own-Device era is here to stay. As more and more corporate data is stored or accessed by devices that are not fully controlled by IT administrators, the likelihood of data loss directly attributable to the use of improperly secured personal devices will rise. Information Technology will definitely see such incidents in 2012.
Kashmir cops launch new teams to fight ‘Facebook jihad’
Troubled by inflammatory and obscene postings on social networking sites, the Jammu and Kashmir police is establishing three special police stations to fight cyber crime in the state.
During the 2010 unrest, several pages sprung up on Facebook calling for protests. Hundreds of netizens were posting anti-India thoughts which triggered stone-pelting at a number of places. Even separatists were encouraging the “Facebook Jihad” — the term used to spread anti India propaganda last year.
The special cyber police stations will now be entrusted with the job of cracking down on hi-tech crimes relating to cyber frauds and inflammatory postings on social networking sites.
31 December 2011
30 December 2011
Hacker defrauds MNC of Rs 6 lakh
CHANDIGARH: A hacker accessed the email ID of a manager of a Chandigarh-based multinational company and fraudulently took away $11,178 (around Rs 6 lakh) from its US-based customer.
The customer had placed an order of machines with the firm. The CEO of M/s Khosla Machines Private Ltd, Mohali, Darshan Kumar, came to know about the cheating when the US-based customer asked about his order.
The cyber cell probing the case stated that the hacker accessed the email ID of the company's local manager, Sunil Kumar Bhardwaj, created a new ID and told the client that henceforth he would contact him through the new Id. He later asked the customer to deposit the amount inHDFC Bank in Mumbai instead of Citi Bank, where the firm has its account.
The culprit asked the customer to deposit $11,178 in two installments in a Mumbai-based branch of HDFC Bank. The account -- opened on the basis of forged documents -- in HDFC Bank was in the name of Kalpna Enterprises Pvt Ltd, which too was found to be fake.
Sibal's Changing Tunes
A few days back our Union Minister for Information and Communications, Kapil Sibal was leaving no stone unturned to censor social networking sites like Facebook, Twitter, etc, but now taking an entirely opposite route all together the Minister has suddenly gone gaga over its benefits.
The minister who had earlier asked the social networking sites like Yahoo, Facebook, Google, etc, to control what is published in their sites, saying that there are many controversial matters posted in social networking sites that are objectionable, hurt the religious sentiments and depict the political leaders in poor light, has categorically been coming up with newer and different statements to hog the limelight and media attention.
He had even conducted a meeting with the Indian leaders of these networking sites and asked them to comply or face action. In other words, he threatened the social networking sites of dire consequences if they did not toe his line.
Phishing Scam Targets New Owners of Apple Products
If you own an AppleID account, be sure to look out for a well-crafted phishing scam that's been going over the past week. The email has targeted Apple users, fooling them into give their Apple IDs and billing information.
Internet security firm Intego says the email was sent to many owners of iPhone, iPod and iMac with the "Apple update your Billing Information" in the subject line.
This is how the phishing scam works:
After the Apple users open the email, they will find a message claiming to have originated from "appleid@id.apple.com.”
The email will tell the users that their current billing records are "out of date," and it will provide a link to the Apple Store, urging the users to click on that link and confirm their billing records. However, if the users click the link, they will be directed to a fake Apple sign-in page. Users who received the email, said the fake sign-in page is nearly identical to the real sign-in page.
Once the users enter their Apple ID and password, they will be reminded to update their billing account information, especially their credit card information.
29 December 2011
JK cops discuss cyber crime policing with IT experts
Srinagar, Dec 28 (PTI) Issues pertaining to cyber crime and counter strategies were today discussed during an interactive session between Jammu and Kashmir Police personnel and IT experts here.
Click here to read more ......
Solutions : www.xcyss.in
Facebook status can open door to crime
More than 800 million people are active Facebook users, according to the social media website, and when one user makes a status public, every user can see it.
Around the holiday season when more Facebook users are going on vacation, posting statuses to the public about leaving town can invite crime into their homes.
“If you give somebody the keys to your house, you better make sure they’re responsible to take care of your house,” said Evansville Police Department Detective Kurt Pritchett, who works with cyber crimes. “If you give everybody your information, you’re giving all of them the opportunity to come into your house.”
A 2011 survey of 50 convicted burglars in the United Kingdom, conducted by the Survey Shop, reported that 78 percent of the burglars believed social media sites like Facebook, Twitter and Four Square are useful tools for targeting properties.