Cracked Silent Hunter 5 – Battle of the Malware

March 9th, 2010

March, 8th – To protect the 5th part of Silent Hunter game from piracy, its producers has implemented a new protection system, which not only sparked discontent within the gamers’ community but also increased hackers’ desire to crack it. This coincides with gamers’ passionate hunt for a cracked version of the game, which is clearly illustrated by the search statistics, in which the “name of the game + cracked” combination ranks very high.

However, while engaging in this quest players are willingly transforming themselves into sitting ducks for e-threats. A quick search on the Internet over this very hot topic has revealed that no less than four different breeds of malware accompany the returned results.

four different breeds of malware

four different breeds of malware

The malware cocktail that players are in for includes two different Trojans, one Backdoor Agent and one Rootkit.

Here are just a few hints as to what these ingredients can do. Backdoor Agents are classic Trojan backdoors that open the infected machines to remote access. Rootkits attempt to hide processes, files, registry data and network connections and they are usually employed for malicious purposes, hiding viruses, worms, backdoors and spyware. In the case under discussion, for a complete malware pack, two other Trojans are delivered with the rootkit and the backdoor agent.

Hence, instead of commanding U-Bots in their search for fuel against allied forces stationed in Malta, Silent Hunter’s aficionados could easily end up sinking their machines under the heavy fire of e-criminals’ malware.

In order to stay safe, BitDefender recommends users never to follow suspicious links returned in Internet searches and to only download legitimate applications. Realizing the importance of copyright and the risks users expose themselves to when downloading pirated software are also two key lessons this malware spreading episode teaches. Finally, installing and updating a complete antimalware software solution will help them play on and play safe.

About BitDefender®
BitDefender is the creator of one of the industry’s fastest and most effective lines of internationally certified security software. Since its inception in 2001, BitDefender has continued to raise the bar and set new standards in proactive threat prevention, emerging as the industry’s anti-malware innovator. Every day, BitDefender protects tens of millions of home and corporate users across the globe — giving them the peace of mind of knowing that their digital experiences will be secure. BitDefender solutions are distributed by a global network of value-added distribution and reseller partners in more than 100 countries worldwide. More information about BitDefender and its products are available at the company’s security solutions press room. Additionally, BitDefender’s www.malwarecity.com provides background and the latest updates on security threats helping users stay informed in the everyday battle against malware.

Post to Twitter

Tags: , , , , , ,
Posted in Malware | No Comments »

Group calling itself ‘al-Qaida in Aceh’ says it survived Indonesian crackdown

March 9th, 2010

By: ALI KOTARUMALOS
Associated Press
03/06/10 7:00 AM EST

JAKARTA, INDONESIA — A group calling itself “al-Qaida in Aceh” claimed Saturday to be the target of a police crackdown in the Indonesian province, where authorities have arrested and charged suspected militants with planning terrorist attacks.

In a statement posted on the blog hosting site WordPress.com, the group said it had survived the police crackdown and pledged to continue its jihad against “Zionist Jews and Christians and apostates.” Later Saturday, WordPress blocked access to the blog for violating its terms of service.

It was not possible to authenticate the statement. Police spokesman Maj. Gen. Edward Aritonang said the statement was under investigation, and could yet prove to be a hoax.

Police have arrested 16 suspected militants in a series of raids in the deeply conservative province of Aceh since Feb. 22, the latest two on Saturday. Police suspect the group is linked to Jemaah Islamiyah, a Southeast Asian offshoot of al-Qaida that has been blamed for twin bombings last year on hotels in Jakarta, and 2002 bombings on the island of Bali.

“As of the 10th day of the pursuit against us, we survive to continue jihad although some of our brothers were captured and martyred,” the statement said.

“We hereby assure Muslims that we will uphold our pledge to jihad against the Zionist Jews and Christians and apostates until God awards us victory, or we become martyrs in the way of Allah,” it added.

Sidney Jones, Jakarta-based senior adviser for the International Crisis Group think tank, said she had never heard of the group and could not say whether the statement spoke for the militants in Aceh. She said militants in the province appeared to comprise several movements, including Jemaah Islamiyah.

President Susilo Bambang Yudhoyono said Friday that the group, which he did not name, had set up in Aceh believing that Indonesian security forces had lost interest in the province since a violent separatist movement ended there in 2005. He said members of the separatist movement were not part of the new group.

Police say 14 of the suspects confessed to undergoing paramilitary training, including weapons use and hand-to-hand combat. They say the militants were preparing for a terrorist attack against an undisclosed target.

They face up to 20 years in prison if convicted.

On Saturday, two more suspected militants were arrested in Aceh but have yet to be charged, Aritonang said. He declined to detail the circumstances of those arrests.

Post to Twitter

Tags: , , , ,
Posted in Uncategorized | No Comments »

Hacker Arrested in Billboard Porn Stunt

March 8th, 2010

17 February 2010
By Alexandra Odynova

Police in the southern city of Novorossiisk have arrested a man accused of hacking into a video billboard in Moscow last month and showing a pornographic movie that spawned a traffic jam as curious drivers slowed to watch the film.

The suspected hacker, a 41-year-old unemployed man, was arrested in Novorossiisk and released Tuesday after promising to remain in the city, the Interior Ministry’s high-tech crime department said in a statement.

Police released neither the man’s name nor the date he was arrested but said he had been hacking into computers out of “curiosity” and to “sharpen his skills.”

On the night of Jan. 14, the video appeared on a 9-by-6 meter roadside video billboard on the Garden Ring Road, near the Serpukhovskaya metro station.

It played for about 20 minutes as traffic ground to a halt, with many drivers filming the spectacle on their cell phones and later reposting the footage on the Internet.

Police said the hacker used the IP-address of an organization based in Chechnya to break into the Moscow server and post the video on the billboard. He has admitted that he was behind the stunt but said he merely wanted to entertain people, not create a furor, police said.

The suspect claimed that he intended to show the video not on the billboard, but at a Moscow store, the Interior Ministry statement said. He said he was confident that police would never make it to Chechnya to investigate the case, police said.

He faces charges of illegal distribution of pornography and gaining illegal computer access. If convicted, he faces up to two years in prison.

The incident prompted the Moscow Advertising Committee to ban video billboards on the streets of Moscow.

Earlier this month, the committee tightened rules for video billboards to make them less susceptible to hacker attacks. Billboard operators should be able to switch the signs off immediately in case of emergency.

The Krasnodar regional branch of the Federal Drug Control Service said Tuesday that the suspect had previously faced charges of dealing marijuana in Novorossiisk while working as a taxi driver, Interfax reported.

He had previously worked as a systems administrator but was laid off, Interfax said.

Source: http://www.themoscowtimes.com/news/article/hacker-arrested-in-billboard-porn-stunt/399895.html

Post to Twitter

Tags: ,
Posted in Hacking | No Comments »

Top Ten E-Threats – February 2010

March 2nd, 2010

Removable devices – main vectors for spreading malware 

With 4 Trojans, 3 Exploits, 2 Worms and 1 Virus, this month’s e-threats chart changed a bit since exploits have a greater say in February’s malware distribution!

February comes with a surprise. Last month’s number one e-threat (Trojan.Clicker.CM) totally disappears from the current landscape. Instead, the generic mechanism to spread malware using removable devices such as flash drives, memory cards or external hard-disks – Trojan.AutorunInf.Gen is the top e-threat of the month with 9.09 percent of the total amount of global malware. “External devices should be scanned on a regular basis,” advised Catalin Cosoi, Senior Senior Researcher at BitDefender® “This is a safe practice especially when these devices have been plugged in library computers, copy shops and other public locations  which are known to be sources of infection” he added.

Overview of February’s malware distribution chart:

February’s malware distribution chart


Win32.Worm.Downadup.Gen is up one place since January. Ranking second, with 6.24 percent, this worm exploits a well-known Microsoft® Windows® vulnerability. “Win32.Worm.Downadup.Gen’s continuous presence in monthly tops proves nothing else but most users’ reluctance to updating both the operating system and their locally-installed antimalware solution, as well as installing the security fixes issued by Microsoft® more than one year ago” explains Catalin Cosoi, Senior Researcher at BitDefender®. Newer variants of the worm also install rogue antivirus applications, among others.

BitDefender’s® third and fourth e-threats for February are Exploit.PDF-JS.Gen with 5.13 percent and Exploit.PDF-Payload.Gen with 4.21 percent of the total amount of infections. These generic detections deal with manipulated PDF files exploiting different vulnerabilities found in Adobe® PDF Reader’s® Javascript engine. Their purpose is to execute malicious code on users’ computer.  

Torrents continue to be one of the favorite vectors of malware distribution. With a percentage of 3.37, Trojan.Wimad.Gen.1 is February’s number five e-threat, keeping its January positioning in top. A not yet aired episode of your favorite series or a box-office title could be the perfect cover for this Trojan.

The sixth place is taken by Win32.Sality.OG – the only file infector in this month’s top 10. With a constantly changing code, the Sality family is extremely difficult to detect and annihilate. Furthermore, the rootkit component that accompanies the virus tries to disable various antivirus applications installed on the infected system.

Trojan.Autorun.AET, a close relative of top February malware Trojan.AutorunInf.Gen, is a malicious code spreading via the Windows® shared folders, as well as through removable storage devices. This Trojan, ranking seventh, exploits the Autorun feature implemented in Windows® operating systems prior to Vista SP2. Due to frequent abuses on Autorun, Microsoft® decided to terminate it starting with Windows® Vista®SP2 and newer OSes.

Ranking eighth, Worm.Autorun.VHG exploits Windows® vulnerability in order to execute itself remotely using a specially crafted RPC (remote procedure call) package (an approach also used by Win32.Worm.Downadup).

Exploit.Comele.A, number nine in February malicious chart, with a percentage of 1.48, abuses an Internet Explorer® vulnerability which proves that this particular browser holds the lion’s market share despite fearsome competition from Firefox®, Chrome®, Safari®. The presence of this particular exploit in this month’s top shows that people are reluctant to updates, as it’s been a couple of weeks now since Microsoft® released a patch to mitigate this kind of attacks.

Ranking tenth in February’s top, Trojan.SWF.HeapSpray.B makes use of an exploit technique that facilitates arbitrary code execution through manipulating a certain amount of memory from users’ computers.

BitDefender’s® February 2009 Top 10 E-Threat list includes:

1 Trojan.AutorunINF.Gen 9,09  
2 Win32.Worm.Downadup.Gen 6,24  
3 Exploit.PDF-JS.Gen 5,13  
4 Exploit.PDF-Payload.Gen 4,21  
5 Trojan.Wimad.Gen.1 3,37  
6 Win32.Sality.OG 2,77  
7 Trojan.Autorun.AET 1,92  
8 Worm.Autorun.VHG 1,85  
9 Exploit.Comele.A 1,48  
10 Trojan.SWF.HeapSpray.B 1,40  
  OTHERS 62,53  

Post to Twitter

Tags: , , ,
Posted in Malware | No Comments »

Schools in China say they weren’t behind hacking

February 21st, 2010

SHANGHAI – Two prominent schools in China dispute allegations that hacking attacks on Google and other firms originated from them, a report said Saturday.

The New York Times reported late Thursday that security investigators traced the hacking to computers at Shanghai Jiaotong University and Lanxiang Vocational School in China.

The official Xinhua News Agency cited an unnamed university spokesperson Saturday as saying the allegation against it is baseless, and an official at the vocational school said its investigation found no evidence the attacks originated there.

Li Zixiang, a Communist party official in the Lanxiang school in the eastern Shandong province, said students there are currently on their winter break. He also disputed the Times report that some evidence linked attacks to one computer science class taught by a Ukrainian. “We have never employed any foreign staff,” Xinhua quoted Li as saying.

Another official at the vocational school disputed the Times’ report that Lanxiang had close ties to the military.

Zhou Hui, director of the school’s general office, told Xinhua that some students had joined the military after school, but it was natural for citizens to do so.

Google revealed Jan. 12 that digital thieves had stolen some of its computer code and tried to break into the accounts of human rights activists opposed to China’s policies. The sophisticated theft also targeted the computers of more than 30 other companies, according to security experts.

The digital assault was serious enough to prompt Google to confront China’s government about censorship rules that weed out politically and culturally sensitive topics from search results in the country. Google says it’s prepared to shut down its China-based search engine and the company and the government are still discussing a possible compromise.

China has denied involvement in Internet attacks and said in January its anti-hacking policy is transparent and consistent.

AP

Post to Twitter

Tags: , , , ,
Posted in Hacking | 1 Comment »

Two Chinese Schools Said to Be Tied to Online Attacks

February 20th, 2010

NY Times: Computer security experts have traced the recent attacks on Google and other U.S. companies to two Chinese schools: Shanghai Jiaotong University, home to one of Chinese best computer science programs, and Shanghai Jiaotong University, an enormous vocational school that trains computer scientists for the Chinese military. Evidence acquired by a U.S. military contractor points to a particular Ukrainian computer science professor.

U.S. officials continue to debate what the school links mean, but one professor at Jiaotong said he wasn’t surprised by the finding. “I’m not surprised. Actually students hacking into foreign Web sites is quite normal.” He continued, “I believe there’s two kinds of situations. One is it’s a completely individual act of wrongdoing, done by one or two geek students in the school who are just keen on experimenting with their hacking skills learned from the school, since the sources in the school and network are so limited. Or it could be that one of the university’s I.P. addresses was hijacked by others, which frequently happens.”

Post to Twitter

Tags: , , ,
Posted in Hacking | No Comments »

Experts highlight growing cyber-jihad threat

February 20th, 2010

By Michel Moutot (AFP) – 1 day ago

PARIS — An Al-Qaeda cyber-offensive is a real and growing threat, even though Osama bin Laden’s shadowy group has yet to show a true capability, experts said.

“A co-ordinated cyber-attack made in Al-Qaeda? This has not happened yet, but it is not just fantasy,” Dominique Thomas, a specialist in Islamic networks at Paris’s School for Advanced Studies in the Social Sciences, told AFP.

“We can envisage it: they have the brains, and the advantage is they don’t have to be many to be effective”, Thomas added.

Al-Qaeda has so far stuck to classic, if spectacular, attack methods — the hijackings in the September 11, 2001 attacks and machine gun and bombs.

But on Tuesday top US officials participated in the “Cyber ShockWave” exercise testing responses to a coordinated attack on the Internet, transport, telephone and electricity networks.

And this month US Director of National Intelligence Dennis Blair told the US Senate “terrorist groups and their sympathisers have expressed interest in using cyber means to target the United States and its citizens”.

The US defence establishment is also discussing when a cyber-attack on facilities such as the American electricity grid could be considered an act of war.

Online offensives against official websites have already been recorded, including in Saudi Arabia, and the necessary expertise is available on some forums.

“On jihadist websites there are all sorts of manuals explaining how to make an e-bomb, how to create a virus, how to use encryption techniques”, Thomas said. “They are very up to date. The Saudis especially are very strong.”

Among militants indicted for terrorist acts, there are more students from pure sciences such as mathematics or information technology than there are from the social sciences, according to numerous studies.

Nigerian, Umar Farouk Abdulmutallab, who is accused of trying to blow up a US bound jet on December 25 studied mechanical engineering at a top London university.

James Lewis from the Center for Strategic and International Studies who co-authored the “Security in cyberspace in the 44th presidency”, said a cyber-attack was only a matter of time.

“Al-Qaeda doesn’t yet have the kind of capabilities to pull off the kind of big disruptive attack that they really want,” he said.

“But over the next few years, they will develop these capabilities.”

“We have to expect something big to happen within a decade”, he said.

Richard Hunter, a specialist in computer security based in New York and author of “World Without Secrets”, stressed that “IT is the ultimate asymmetrical force.”

“The power one exerts through IT is very much a function of one’s intelligence and skills,” he told AFP.

It was less about funding or the number of people he argued. “The ultimate resource is one clever individual. You find one of those everywhere.”

“If they don’t have the expertise, and we know they made that a priority, they could certainly develop it”, Hunter said.

“It is well known to all working IT professionals that the technology turns over every five years. Meaning that anyone who enters at a given point can be an expert within 5 years.”

Post to Twitter

Tags: , , , ,
Posted in Hacking | No Comments »

Official: FBI probing Pa. school webcam spy case

February 20th, 2010

PHILADELPHIA — A Pennsylvania school district accused of secretly switching on laptop computer webcams inside students’ homes is under investigation by federal authorities, a law enforcement official with knowledge of the case told The Associated Press.

The FBI will look into whether any federal wiretap or computer-intrusion laws were violated by Lower Merion School District officials, the official, who spoke on condition of anonymity because the official was not authorized to discuss the investigation, told the AP on Friday.

Days after a student filed suit over the practice, Lower Merion officials acknowledged Friday that they remotely activated webcams 42 times in the past 14 months, but only to find missing student laptops. They insist they never did so to spy on students, as the student’s family claimed in the federal lawsuit.

Families were not informed of the possibility the webcams might be activated in their homes without their permission in the paperwork students sign when they get the computers, district spokesman Doug Young said.

“It’s clear what was in place was insufficient, and that’s unacceptable,” Young said.

The district has suspended the practice amid the lawsuit and the accompanying uproar from students, the community and privacy advocates. District officials hired outside counsel to review the past webcam activations and advise the district on related issues, Young said.

Remote-activation software can be used to capture keystrokes, send commands over the Internet or turn computers into listening devices by turning on built-in microphones. People often use it for legitimate purposes – to access computers from remote locations, for example. But hackers can use it to steal passwords and spouses to track the whereabouts of partners or lovers.

The Pennsylvania case shows how even well-intentioned plans can go awry if officials fail to understand the technology and its potential consequences, privacy experts said. Compromising images from inside a student’s bedroom could fall into the hands of rogue school staff or otherwise be spread across the Internet, they said.

“What about the (potential) abuse of power from higher ups, trying to find out more information about the head of the PTA?” wondered Ari Schwartz, vice president at the Center for Democracy and Technology. “If you don’t think about the privacy and security consequences of using this kind of technology, you run into problems.”

The FBI opened its investigation after news of the suit broke on Thursday, the law-enforcement official said. Montgomery County District Attorney Risa Vetri Ferman may also investigate, she said Friday.

Lower Merion, an affluent district in Philadelphia’s suburbs, issues Apple laptops to all 2,300 students at its two high schools. Only two employees in the technology department were authorized to activate the cameras – and only to locate missing laptops, Young said. The remote activations captured images but never recorded sound, he said.

No one had complained before Harriton High School student Blake Robbins and his parents, Michael and Holly Robbins, filed their lawsuit Tuesday, he said.

According to the suit, Harriton vice principal Lindy Matsko told Blake on Nov. 11 that the school thought he was “engaged in improper behavior in his home.” She allegedly cited as evidence a photograph “embedded” in his school-issued laptop.

The suit does not say if the boy’s laptop had been reported stolen, and Young said the litigation prevents him from disclosing that fact. He said the district never violated its policy of only using the remote-activation software to find missing laptops. “Infer what you want,” Young said.

The suit accuses the school of turning on Blake’s webcam while the computer was inside his Penn Valley home, allegedly violating wiretap laws and his right to privacy.

Blake Robbins told KYW-TV on Friday that a school official described him in his room and mistook a piece of candy for a pill.

“She described what I was doing,” he said. “She said she thought I had pills and said she thought that I was selling drugs.”

Robbins said he was holding a Mike and Ike candy, not pills.

Holly Robbins said a school official told her that she had a picture of Blake holding up what she thought were pills.

“It was an invasion of privacy; it was like we had a Peeping Tom in our house,” Holly Robbins told WPVI-TV. “I send my son to school to learn, not to be spied on.”

Neither the family nor their lawyer, Mark Haltzman, returned calls from The Associated Press for comments this week.

The remote activations helped the district locate 28 of the 42 missing computers, Young said. He could not immediately say whether the technology staff was authorized to share the images with Matsko or other officials.

Either way, the potential for abuse is nearly limitless, especially because many teens keep their computers in their bedrooms, experts said.

“This is an age where kids explore their sexuality, so there’s a lot of that going on in the room,” said Witold Walczak, legal director for the American Civil Liberties Union of Pennsylvania, which is not involved in the Robbins case. “This is fodder for child porn.”

AP

Post to Twitter

Tags: , ,
Posted in Privacy | No Comments »

New virus breaches 75,000 computers worldwide

February 19th, 2010

REUTERS

A new type of computer virus is known to have breached almost 75,000 computers in 2,500 organizations around the world, including user accounts of popular social network websites, according to Internet security firm NetWitness.

The latest virus, known as “Kneber botnet,” gathers log-in credentials to online financial systems, social networking sites and e-mail systems from infected computers and reports the information back to hackers, NetWitness said. A botnet is an army of infected computers that hackers can control from a central machine.

The company said the attack was discovered in January during a routine deployment of NetWitness software.

Further investigation by the Herndon, Va.-based software security firm revealed that many commercial and government systems were compromised, including 68,000 corporate log-in credentials and access to e-mail systems, online banking sites, Yahoo, Hotmail and Facebook.

Post to Twitter

Tags: , ,
Posted in Malware | 2 Comments »

Gangs use online scams to target Haiti cash: BBC probe

February 18th, 2010

(AFP) – 1 day ago

LONDON — Criminal gangs have defrauded people out of funds intended for Haiti earthquake victims by setting up bogus charities and seeking contributions online, according to a BBC investigation out Tuesday.

Scam emails began appearing online within days of the January 12 earthquake, including some with logos for genuine charities. One for the British Red Cross was traced to a computer in Nigeria, the BBC reported.

Another group, calling itself the M E Foundation, emailed the BBC photos of Haiti projects it said it was involved with — but which turned out to be of disaster relief activities from the 2005 Pakistan earthquake.

British charity SOS Children said the photos were cut and pasted from their website.

“The problem is it’s not just about exploiting a donor or a charity, really they’re exploiting the victims,” said its boss Andrew Cates.

“They’re taking money people want to give to the victims of these natural disasters and they’re stealing it.

“So I don’t feel that they’re robbing me, I feel that they’re taking from the mouths of children we’re trying to help and that is something which is very difficult not to get angry about,” he added.

Another scam email was sent by a charity calling itself Help the World — when the BBC called the mobile number it gave, its reporter was told it focused on repairing schools.

But the London address given turned out to be a jazz and blues bar, it said.

Political leaders and celebrities made passionate appeals for help and themselves donated to the relief effort quickly organized in the wake of a tragedy that has killed at least 217,000 people and left 1.2 million homeless.

The result was an unprecedented deluge of aid from the private sector, the United Nations and non-governmental groups, although part of that relief was not initially getting to those who most needed it.

Despite efforts to coordinate the massive aid effort, tens of thousands remain homeless, sheltering in makeshift camps across the capital as the rainy season approaches.

Post to Twitter

Tags: , , ,
Posted in Fraud | No Comments »

« Older Entries