With e-commerce spending breaking the $150 billion mark in 2011, 79 percent of consumers are eager to purchase more online-if given easier and more secure payment options. Find out what other concerns consumers have about online shopping.
Direct Link: http://blog.zonealarm.com/2012/01/online-payment-security-how-much-more-would-you-spend.html?view=infographic
TechWorld
By John E Dunn
01 February 2012
Researchers have discovered a malware engine that appears to be able to break the CAPTCHA security used by Yahoo’s webmail service after only a handful of attempts.
There is nothing new in malware that tries to break CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) – a low-level war has been ongoing since this type of security was first implemented almost a decade ago – but what matters is how quickly and invisibly this can de done.
Websense has posted an online video showing the effectiveness of the engine it found working as part of the Cridex banking Trojan malware in breaking down Yahoo’s CAPTCHA process.
Cridex itself is a traditional if rather dangerous login harvester that targets online banks and social media sites from victim PCs, uploading stolen data to a command and control server.
In that it resembles longer-established banking malware such as Zeus. But a key element of any malware is the way it tries to spread itself to new victims and the Cridex systems discovered by Websense does that by using infected PCs as proxies to create new webmail spamming accounts.
The webmail element of Cridex first fills in the registration form using dummy data before sending snapshots of the Yahoo CAPTCHA screen to a remote cracking server, which attempts to decipher the text.
If the returned CAPTCHA fails, the malware initiates the remote server to keep trying until it gets the correct answer. In the Websense test, the malware got the right answer after five failed attempts, a remarkably good success rate when taken over large numbers of infected machines.
The innovation here is twofold. First, Cridex would appear to have a CAPTCHA-cracking engine that can break webmail security quickly, assuming the six-attempt demo is typical. Websense doesn’t say but the remote server will be running a tweaked version of the image and text processing optical character recognition (OCR) systems that are elsewhere used for legitimate purposes.
A second and perhaps important advantage is that despite being cumbersome (the criminals need to move screen captures to and from a remote server) the CAPTCHA breaking is done using a legitimate PC in a trusted domain rather than from a criminal server that might be quickly blocked.
Once the fake Yahoo account has been set up the window in which it will be able to spam before being detected is probably very small, but that just makes it imperative that the malware generates fresh accounts as rapidly as possible.
The ability of malware operators to break CAPTCHA systems quickly has been an area of research for some years with a recent University of British Columbia study showing that Facebook could be fooled in 80 out of 100 attempts.
A handful of companies have grown up around CAPTCHA security which usually works by making the process more compute intensive for criminals. Examples of this include a system from NuCaptcha than incorporates video. The problem remains that while these systems undoubtedly deter anti-CAPTCHA servers, they also risk adding overhead for the webmail systems too.
Direct Link: http://news.techworld.com/security/3334357/trojan-found-breaking-yahoo-captcha-security-in-minutes/
TechWorld
By John E Dunn
02 February 2012
Criminals using a dangerous variant of the Zeus bank Trojan have started hacking BT, Talk Talk and Sky phone accounts as a way of redirecting phone calls from bank fraud services away from victims.
As with other financial malware, the Ice IX Trojan is designed to steal bank logins, emptying accounts of much money as it can without setting off the bank’s fraud protection systems that normally pick up on odd or unusually large transactions.
Security company Trusteer has discovered that criminals controlling Ice IX are now throwing up a browser screen as part of the web injection hijacking process that tries to engineer users into give up phone service logins too.
Armed with this data – plus keylogged passwords for the same service – criminals then try to set calls to forward to a number controlled by them. Banks that phone users to query transactions would then be told by imposters that transfers were genuine.
Screens have been discovered for three of the UK’s largest phone providers, BT, Talk Talk and Sky, but it is likely that almost any provider could be targeted.
”Faudsters are increasingly turning to these post-transaction attack methods to hide fraudulent activity from the victim and block email and phone communication from the bank,” said Trusteer CTO, Amit Klein.
“This allows attackers to circumvent security mechanisms that look for anomalies once transactions have already been executed by the user.”
Ice IX is one of a number of versions built using the source code from the most prodigious banking malware ever to appear, Zeus. Over time, attacks crafted using this family of malware have become increasingly targeted, with the phone service ruse another example of that phenomenon.
Malware gangs are wary of post-transaction verification and will typically test the system to work out the fraud threshold for different institutions and customers.
In one recent example, a New Jersey County lost $19,000 from a business account that had been compromised by Zeus, despite the fact that it contained $13 million in funds. The best explanation for this criminal modesty is that the gang attacking the account wanted to keep its theft as discrete as possible in the short term to avoid detection.
Direct Link: http://news.techworld.com/security/3334682/trojan-gang-targets-bt-talk-talk-and-sky-customers/
Computerworld –
Symantec today confirmed that the pcAnywhere source code published on the Web Monday by hackers who tried to extort $50,000 from the company was legitimate.
A company spokesman also said that Symantec expects that the rest of the source code stolen from its network in 2006 will also be made public.
Symantec’s acknowledgement followed the appearance late Monday of a 1.3GB file on various file-sharing websites, including Pirate Bay, that claimed to be the source code of the pcAnywhere remote-access software.
Download activity for the BitTorrent file has been moderately brisk: As of mid-morning Tuesday, Pirate Bay identified 376 “seeders,” the term for a computer that has a complete copy of the file — and about 200 “leechers,” or computers that have downloaded only part of the complete torrent.
The Anonymous hacking group claimed responsibility for posting the pcAnywhere source code.
“We can confirm that the source code is legitimate,” said Cris Paden, a spokesman for Symantec, in an email reply to questions. “It is part of the original cache of code for 2006 versions of the products that Anonymous has claimed to have been in possession during the last few weeks.”
Also on Monday, an individual or group going by the name “Yama Tough” had published a series of emails on Pastebin that detailed an attempt to extort $50,000 from Symantec.
Previously, Yama Tough had claimed responsibility for stealing the source code to pcAnywhere and other Symantec security software. At one point, Yama Tough had threated to publish the source code, but then recanted.
The Pastebin-posted emails covered negotiations between Yama Tough and someone identified as “Sam Thomas,” supposedly a Symantec employee, over payment for not disclosing the source code. In fact, Thomas was a pseudonym used by U.S. authorities, whom Symantec had alerted to the threat.
“In January, an individual claiming to be part of the ‘Anonymous’ group attempted to extort a payment from Symantec in exchange for not publicly posting stolen Symantec source code they claimed to have in their possession,” said Paden. “Symantec conducted an internal investigation into this incident and also contacted law enforcement, given the attempted extortion and apparent theft of intellectual property. The communications with the person(s) attempting to extort the payment from Symantec were part of the law enforcement investigation.”
Paden declined to identify the law enforcement agency, but the Federal Bureau of Investigation (FBI) has jurisdiction in extortion attempts that affect foreign or interstate commerce.
The negotiations went on for nearly a month — the emails began on Jan. 18 — but broke down when Yama Tough rejected Thomas’ conditions, which included an offer of payments of $2,500 each month for the first three months, with the balance to be paid on proof that the copy of the stolen source code had been destroyed.
Yama Tough tried to spin a different story on Twitter.
“They’ve been tricked trolled into offering a bribe so the false statement be [sic] made we never had the code and lied =),” Yama Tough said yesterday in a tweet.
Symantec’s Paden also said today that it expects Anonymous to shortly publish source code belonging to other products.
“So far, they have posted code for the 2006 version of Norton Utilities and pcAnywhere,” said Paden. “We also anticipate that at some point, they will post the code for Norton Antivirus [NAV] Corporate Edition and Norton Internet Security [NIS]. NAV Corporate Edition is no longer for sale or supported, and NIS has been completely rebuilt.”"
Yama Tough promised that the source code for NAV Corporate Edition would hit the Web today. “NAV release coming in seven hours,” Yama Tough said on Twitter about six hours ago.
Two weeks ago, Symantec took the unprecedented step of telling users of pcAnywhere to disable or uninstall the software until it could finish patching vulnerabilities it had uncovered. Symantec wrapped up that patching last week, and gave the all-clear to customers.
Symantec has also offered free upgrades to pcAnywhere 12.5 for users of editions prior to version 12.0.
Direct Link: http://www.computerworld.com/s/article/9224039/Symantec_expects_Anonymous_to_publish_more_stolen_source_code
Seven Types of Hacker Motivations
Friday, March 25, 2011
Contributed By: Robert Siciliano
There are good and bad hackers. Here is a window into what they do and why:
White Hat Hackers: These are the good guys, computer security experts who specialize in penetration testing and other methodologies to ensure that a company’s information systems are secure.
These IT security professionals rely on a constantly evolving arsenal of technology to battle hackers.
Black Hat Hackers: These are the bad guys, who are typically referred to as just plain hackers. The term is often used specifically for hackers who break into networks or computers, or create computer viruses.
Black hat hackers continue to technologically outpace white hats. They often manage to find the path of least resistance, whether due to human error or laziness, or with a new type of attack.
Hacking purists often use the term “crackers” to refer to black hat hackers. Black hats’ motivation is generally to get paid.
Script Kiddies: This is a derogatory term for black hat hackers who use borrowed programs to attack networks and deface websites in an attempt to make names for themselves.
Hacktivists: Some hacker activists are motivated by politics or religion, while others may wish to expose wrongdoing, or exact revenge, or simply harass their target for their own entertainment.
State Sponsored Hackers: Governments around the globe realize that it serves their military objectives to be well positioned online. The saying used to be, “He who controls the seas controls the world,” and then it was, “He who controls the air controls the world.”
Now it’s all about controlling cyberspace. State sponsored hackers have limitless time and funding to target civilians, corporations, and governments.
Spy Hackers: Corporations hire hackers to infiltrate the competition and steal trade secrets. They may hack in from the outside or gain employment in order to act as a mole. Spy hackers may use similar tactics as hacktivists, but their only agenda is to serve their client’s goals and get paid.
Cyber Terrorists: These hackers, generally motivated by religious or political beliefs, attempt to create fear and chaos by disrupting critical infrastructures.
Cyber terrorists are by far the most dangerous, with a wide range of skills and goals. Cyber Terrorists ultimate motivation is to spread fear, terror and commit murder.
McAfee Identity Protection includes proactive identity surveillance to monitor subscribers’ credit and personal information and access to live fraud resolution agents who can help subscribers work through the process of resolving identity theft issues. For additional tips, please visit http://www.counteridentitytheft.com
Robert Siciliano is a McAfee Consultant and Identity Theft Expert. See him discussing another data breach on Good Morning America.
Direct Link: https://www.infosecisland.com/blogview/12659-Seven-Types-of-Hacker-Motivations.html