WISH YOU A HAPPY AND SECURE YEAR 2009

Saturday, July 26, 2008

Quote of the day

Quote of the day

Be quick to forgive any form of insult, and slow to forget the importance of a big heart.

New IT Term of the day

New IT Term of the day


Product Activation


An anti-piracy technology built into all Microsoft Office XP, Windows XP and Visio 2002 products. Product Activation requires that the user verify a product key that was used to install the product. This ensures that the software has not been used on more computers than is intended by the software's license. Users can activate their software via the Internet or telephone. Once the user has contacted Microsoft, an installation ID number is issued that will complete the activation.

According to Microsoft, the user has 50 grace launches before a product must be activated. After the 50 launches, the product will go into a reduced-functionality mode if is has not been activated. With reduced functionality, documents cannot be edited and new ones cannot be created until the product has been activated by contacting Microsoft.

Spammer sentenced to 47 months

JAILED : Spammer sentenced to 47 months

Seattle Spam King Dark Mailer faces 47-month sentence

By Dan Goodin in San Francisco

23rd July 2008

http://www.theregister.co.uk/2008/07/23/soloway_sentenced/

One of the world's most prolific spammers has been sentenced to nearly four years in prison and ordered to forfeit more than $708,000 in income for blasting out tens of millions of unwanted emails.

Robert Alan Soloway, 29, on Tuesday received 47 months in federal prison following a two-and-a-half-day sentencing hearing. Federal prosecutors pushed for a nine-year sentence, but the judge presiding over the case rejected the call, saying sentencing guidelines for the nation's anti-spam statute aren't clear enough.

Even still, the next four years will be a far cry from the luxury apartment, designer clothes and other extravagances that became a way of life for Soloway. Prosecutors say he earned more than $700,000 over three years, income he pumped into a penthouse apartment overlooking Seattle's swanky Elliott Bay, more than $7,000 worth of shoes, and sunglasses worth more than $3,400. US District Judge Marsha Pechman gave Soloway 60 days to report to prison.

Soloway has emerged as one of the most reviled figures among anti-spam crusaders for the perseverance and volume of his junk mail campaign. He's been successfully sued in civil court for spamming offenses, including by Microsoft, which in 2005 obtained a $7.8m judgment. At his hearing, Soloway said he owes more than $17m in civil penalties.

And yet Soloway continued his relentless spam binge. Prosecutors say he used a program called Dark Mailer to pump out messages advertising his business called Newport Internet Marketing, which sold software for spamming. At the hearing, one exasperated businessman from Florida said he went to great lengths to stop receiving Soloway's spam, including dispatching a friend to Soloway's apartment. The barrage only stopped after Soloway was arrested.

UK Spying requests exceed 500,000

SPYING : UK Spying requests exceed 500,000

BBC NEWS

2008/07/22

http://news.bbc.co.uk/go/pr/fr/-/2/hi/uk_news/politics/7520371.stm

More than 500,000 official "spying" requests for private communications data such as telephone records were made last year, a report says.

Police, security services and other public bodies made requests for billing details and other information.

Interception of Communications Commissioner Sir Paul Kennedy said 1,707 of these had been from councils.

A separate report criticises local authorities for using powers to target minor offences such as fly-tipping.

Itemised bills

Figures show public bodies made 519,260 requests to "communications providers" such as phone and internet firms for information in 2007.

Under available powers, they can see details such as itemised phone bills and website records. But they are not allowed to monitor conversations.

The total number of requests for last year - amounting to more than 1,400 a day - compared with an average of fewer than 350,000 a year in the previous two years.

In his report, Sir Paul said he believed "local authorities could make much more use of communications data as a powerful tool to investigate crime".

'Proportionality'

But a separate report, by Chief Surveillance Commissioner Sir Christopher Rose, criticises the techniques employed by local authorities to deal with minor offences such as fly-tipping or avoiding council tax.

He said some councils had a "tendency to expose lack of understanding of the legislation" and displayed a "serious misunderstanding of the concept of proportionality".

Some authorising officers were inexperienced and suffered "poor oversight", he added.

He called on town halls to invest in properly trained intelligence officers who could operate covertly.

Home Secretary Jacqui Smith said: "The commissioners' reports offer valuable oversight and provide reassurance that these powers are being used appropriately.

"These powers can make a real difference in delivering safer communities and protecting the public - whether enabling us to gain that vital intelligence that will prevent a terrorist attack, working to tackle antisocial behaviour or ensuring that rogue traders do not defraud the public."

Asprox computer virus infects govt and consumer websites

VIRUS : Asprox computer virus infects govt and consumer websites

Alexi Mostrous

The Times

July 23, 2008

http://technology.timesonline.co.uk/tol/news/tech_and_web/the_web/article4381034.ece

Cyber-criminals have attacked key government and consumer websites, allowing them to steal the personal details of anyone browsing the sites, The Times has learnt.

Eastern European hackers are suspected of placing the Asprox virus on more than a thousand British websites, including those run by the NHS and a local council, in the past two weeks.

Experts described the Asprox virus as an alarming departure from commonplace viruses, which tend to be spread through rogue e-mails and unregulated websites.

Unlike other viruses, Asprox sits undetected on mainstream sites, with any visitor at risk of being infected. The virus automatically installs itself on a visitor's computer, allowing a hacker to access financial information.

It is not known how many people are affected by the virus, but security experts estimate that it has spread to at least two million computers worldwide.

Detective Constable Bob Burls, of the Metropolitan Police computer crime unit, said that there had been a sudden rise in infection rates. “The virus got into the job pages of a local council’s internet page,” he said. “It’s a new thing that people who visit mainstream websites are clobbered.”

Such incidents have only come to light after people have found money removed from their bank accounts or other personal data frauds.

“We’ve dealt with two major websites in as many weeks,” he said.

Ben Taylor, an engineer from South London, had £560 fraudulently taken from his bank account this month. After reporting the theft he installed an anti-virus system, which identified “SQL malware” embedded on his computer — technology associated with Asprox. “I only use the internet a few times a week and didn’t look at anything dodgy,” he said. “It’s scary to think that a criminal was controlling my computer. I’ve got rid of it now.”

Last week, Asprox infected a website managed by the Norfolk NHS, used by thousands of people a day. Hackney Council’s website was one of 12 local council websites also compromised, meaning that anyone logging on to pay a parking ticket or council tax was at risk over a three day period.

And visitors to Nigella Lawson’s website last week were in danger of picking up something less palatable than a recipe for goose-fat potatoes. A spokesman for Ms Lawson said that the virus, which was installed on the website last Monday, was dealt with “instantly” and that nobody was infected.

Yuval Ben-Itzhak, chief technical officer of Finjan, an online security company who exposed the rapid growth of Asprox around the world, said: “This is very serious threat.

“Five years ago when your computer got infected by a virus, you noticed immediately that your PC was broken. These days, you don’t notice anything. This is exactly what the hacker wants. It gives him complete control over the infected machine.”

Once installed on a personal computer, the Asprox virus allows a hacker to steal files, e-mails and passwords. It can also be used to infect other computers and even make attacks against companies and foreign governments.

Any computer without up-to-date anti-virus software is vulnerable. But only around half of current anti-virus programmes can detect Asprox, Mr Ben-Itzhak said.

In the US, the virus has successfully penetrated mainstream sites belonging to Sony’s Playstation, the city of San Francisco and Snapple.

A spokeswoman for Apacs, the payments organisation, said: “There is a responsibility on website owners to ensure that they have sufficient security software installed so that criminals are not able to easily compromise their sites.

“This combined with users not downloading any pop-ups, or falling into any other traps such as those, does considerably reduce the chance of a criminal being able to infect their PC with malware.”

The breach comes as losses through online fraud, partly caused by hackers stealing personal data through virus, increased by 37 percent with losses on cards issued in Britain amounting to £144 million compared with £100 million in 2000.

Security flaws in online banking sites widespread

BANKS AT-RISK : Security flaws in online banking sites widespread

22-July-2008

http://www.eurekalert.org/pub_releases/2008-07/uom-sfi072208.php

ANN ARBOR, Mich. - More than 75 percent of the bank Web sites surveyed in a University of Michigan study had at least one design flaw that could make customers vulnerable to cyber thieves after their money or even their identity.

Atul Prakash, a professor in the Department of Electrical Engineering and Computer Science and doctoral students Laura Falk and Kevin Borders examined the Web sites of 214 financial institutions in 2006. They will present the findings for the first time at the Symposium on Usable Privacy and Security meeting at Carnegie Mellon University July 25.

These design flaws aren't bugs that can be fixed with a patch. They stem from the flow and the layout of these Web sites, according to the study. The flaws include placing log-in boxes and contact information on insecure web pages as well as failing to keep users on the site they initially visited. Prakash said some banks may have taken steps to resolve these problems since this data was gathered, but overall he still sees much need for improvement.

"To our surprise, design flaws that could compromise security were widespread and included some of the largest banks in the country," Prakash said. "Our focus was on users who try to be careful, but unfortunately some bank sites make it hard for customers to make the right security decisions when doing online banking."

The flaws leave cracks in security that hackers could exploit to gain access to private information and accounts. The FDIC says computer intrusion, while relatively rare compared with financial crimes like mortgage fraud and check fraud, is a growing problem for banks and their customers.

A recent FDIC Technology Incident Report, compiled from suspicious activity reports banks file quarterly, lists 536 cases of computer intrusion, with an average loss per incident of $30,000. That adds up to a nearly $16-million loss in the second quarter of 2007. Computer intrusions increased by 150 percent between the first quarter of 2007 and the second. In 80 percent of the cases, the source of the intrusion is unknown but it occurred during online banking, the report states.

The design flaws Prakash and his team looked for are:

v Placing secure login boxes on insecure pages: A full 47 percent of banks were guilty of this. A hacker could reroute data entered in the boxes or create a spoof copy of the page to harvest information. In a wireless situation, it's possible to conduct this man-in-the-middle attack without changing the bank URL for the user, so even a vigilant customer could fall victim. To solve this problem, banks should use the standard "secure socket layer" (SSL) protocol on pages that ask for sensitive information, Prakash says. (SSL-protected pages begin with https rather than http.) Most banks use SSL technology for some of their pages, but only a minority secure all their pages this way.

v Putting contact information and security advice on insecure pages: At 55 percent, this was the flaw with the most offenders. An attacker could change an address or phone number and set up his own call center to gather private data from customers who need help. Banks tend to be less cautious with information that's easy to find elsewhere, Prakash says. But customers trust that the information on the bank's site is correct. This problem could be solved by securing these pages with the standard SSL protocol.

v

v Having a breach in the chain of trust: When the bank redirects customers to a site outside the bank's domain for certain transactions without warning, it has failed to maintain a context for good security decisions, Prakash says. He found this problem in 30 percent of the banks surveyed. Often the look of the site changes, as well as URL and it's hard for the user to know whether to trust this new site. The solution, Prakash says, is to warn users they'll be moving off the bank's site to a trusted new site. Or the bank could house all of its pages on the same server. This problem often arises when banks outsource some security functions.

v Allowing inadequate user IDs and passwords: Researchers looked for sites that use social security numbers or e-mail addresses as user ids. While this information is easy for customers to remember, it's also easy to guess or find out. Researchers also looked for sites that didn't state a policy on passwords or that allowed weak passwords. Twenty-eight percent of sites surveyed had one of these flaws.

v E-mailing security-sensitive information insecurely: The e-mail data path is generally not secure, Prakash says, yet 31 percent of bank Web sites had this flaw. These banks offered to e-mail passwords or statements. In the case of statements, users often weren't told whether they would receive a link, the actual statement, or a notification that the statement was available. A notification isn't a problem, but e-mailing a password, a link or a statement, isn't a good idea, Prakash says.

Thursday, July 24, 2008

Quote of the day

Quote of the day

Believe nothing just because a so-called wise person said it.

Believe nothing just because a belief is generally held.

Believe nothing just because it is said in ancient books.

Believe nothing just because it is said to be of divine origin.

Believe nothing just because someone else believes it.

Believe only what you yourself test and judge to be true.

Gautam Buddha

New IT Term of the day

New IT Term of the day


privacy statement


A Web document found on a company or organization's Web site that details the type of personally identifiable information the company collects about its site visitors, how the information is used — including who it may be shared with — and how users can control the information that is gathered.

Cybercrime Trends in 2008

TRENDS : Cybercrime Trends in 2008

Symantec

22 July 2008

http://www.symantec.com/norton/clubsymantec/library/article.jsp?aid=cs_cybercrime_trends_2008

Every year, Symantec’s Internet security experts look ahead to new trends in the threat landscape. “Forewarned is forearmed,” says Kevin Haley, Director of Product Management for Symantec Security Response. “We make these predictions to help raise awareness, and to help guide Symantec product development.”

Here’s a look at anticipated threats for 2008.

Bot Evolution

Bots are programs that secretly download and install themselves on a victim’s computer. Cybercrooks can then remotely control the machine, using it for such criminal activities as sending spam or launching denial-of-service attacks.

Bot networks will continue to diversify and evolve. For example, criminals may use infected machines to host phishing sites.

Political Campaigns

The increasing reliance of political campaigns on Web sites for fundraising and organizing opens the door to serious security risks, including:

* Diversion of online campaign donations or donor information

* Web site hacking to present misinformation about candidates’ positions and conduct

* Crashing of the Web site at a crucial time

Advanced Web Threats

Java-based Web applications—small programs, such as video players or interactive maps, that launch themselves from a Web page—are proliferating, which will provide a growing opportunity for cyberthieves to spread bots, keyloggers, and other malicious software.

Spam Evolution

Spammers will find new ways to evade traditional blocking systems and to trick users into reading their messages. For example, spammers are now using pictures of their text, rather than actual text, to evade content filtering. And in November 2007, Symantec observed spam in the form of an MP3 file: People who clicked a link expecting to hear a song instead heard a stock tip.

Mobile Platforms

As mobile phones support a greater range of applications, hackers will move in and find vulnerabilities to exploit.

Virtual Worlds

Cybercriminals will focus on communities of persistent virtual worlds and multiplayer online games. Stolen passwords and game resources are a growing segment of the underground economy.

Conclusion

Cyberthreats will continue to evolve, finding vulnerabilities in new software, applications, and devices. Consumers can protect themselves by using reasonable precautions online, keeping their security software current, and updating all their applications with the latest security patches.

U.S. Fears Threat of Cyberspying at Olympics

FEAR : U.S. Fears Threat of Cyberspying at Olympics

By SIOBHAN GORMAN with Jason Dean in Beijing

The Wall Street Journal

July 17, 2008

http://online.wsj.com/article_email/SB121625646058760485-lMyQjAxMDI4MTE2NzIxNTc2Wj.html

WASHINGTON -- A debate is brewing in the U.S. government over whether to publicly warn businesspeople and other travelers heading to the Beijing Olympics about the dangers posed by Chinese computer hackers.

According to US government officials and security consultants, U.S. intelligence agencies are worried about the potential threat to U.S. laptops and cellphones. But others, including the State and Commerce departments and some companies, are trying to quiet the issue for fear of offending the Chinese, these people say.

U.S. intelligence and security officials are concerned by the frequency with which spies in China and other countries are targeting traveling U.S. corporate and government officials. The Department of Homeland Security issued a warning last month to certain government and private-sector officials stating that business and government travelers' electronic devices are often targeted by foreign governments. The warning wasn't available to the public.

The spy tactics include copying information contained in laptop computers at airport checkpoints or hotel rooms, wirelessly inserting spyware on BlackBerry devices, and a new technique dubbed "slurping" that uses Bluetooth technology to steal data from electronic devices.

In addition to cybersecurity threats in other countries, "so many people are going to the Olympics and are going to get electronically undressed," said Joel Brenner, the government's top counterintelligence officer. He tells of one computer-security expert who powered up a new Treo hand-held computer when his plane landed in China. By the time he got to his hotel, a handful of software programs had been wirelessly inserted.

Mr. Brenner says he doesn't take a laptop to China and uses disposable cellphones while there.

Asked about potential electronic surveillance during the Olympics, a spokesman for China's Ministry of Foreign Affairs said: "Allegations that China supports hacker attacks against U.S. computer networks ... are entirely fabricated, and seriously misleading."

Some companies are taking steps to increase security. General Electric Co. encourages traveling employees to leave laptops behind or use a stripped-down travel laptop and encrypted hard drives, said spokesman Jeff DeMarrais. Pfizer Inc. is evaluating a policy that would require employees to take travel laptops to a number of countries, including China, said spokesman Chris Loder.

Despite the risks, many government and corporate officials are leery of discussing the security risks and singling out countries, such as China, for fear of damaging diplomatic and business relationships. One member of a task force at the Office of the Director of National Intelligence, the U.S.'s top spy agency, said the prospect of an Olympics warning comes up repeatedly, but is never resolved, with technology experts advocating a warning and government officials arguing against it.

One credit-card company executive said many in his industry "are becoming almost afraid of the security issue." Lawyers at credit-card companies have advised against taking some security measures, fearing the company could be liable if they fail, this person said.

Western companies' responses to the problem have ranged from "very concerned to positively ostrich-like," said Mr. Brenner.

The government has no established system for telling travelers about cybersecurity risks. The State Department issues alerts for terrorism and health risks, but not for cybersecurity. That's inconsistent with the government's position on terrorism alerts, says Paul Kurtz, a former National Security Council official who is now a cybersecurity consultant. The government is prohibited from withholding terrorist threats from the public, but that's effectively what it's doing with cyberthreats, he says.

The State Department mentions Chinese cyberthreats briefly on its Web site, noting that computers in hotel rooms may be searched. That information "is basically the extent of any concerns," a department official said.

Mr. Kurtz suggests that the government develop a warning system assigning countries a threat level. Intelligence agencies already produce an annual classified country-by-country report on cyberspying abilities.

Homeland Security's nonpublic assessment, issued last month, doesn't single out any countries. It was issued less than two months before the Olympics and shortly after reports that a U.S. government laptop may have been hacked during a December trip to China by the U.S. Commerce secretary.

This unclassified document wasn't made public. Department spokesman Russ Knocke said the assessment was shared with the department's "state, local, and private-sector partners" but not with the public because such notices are usually the State Department's responsibility and the assessment didn't point to a specific threat. The department tries to avoid inundating the public with nonspecific information, he said.

TV-anchor Charged for hacking colleague's e-mail

HACK : TV-anchor Charged for hacking colleague's e-mail

By PATRICK WALTERS

22 July 2008

http://ap.google.com/article/ALeqM5hJTfkKbkepLvlZpmZY5PUtwK5M2AD922H23OA

PHILADELPHIA (AP) — A fired TV newscaster was charged Monday with hacking into the e-mail of his glamorous younger co-anchor hundreds of times for more than two years, as leaked information about her personal life helped lead to her own downfall.

Federal prosecutors say former KYW-TV anchor Larry Mendte gained access to Alycia Lane's accounts from home and at work — about 537 times between January and May alone — and shared some of the information he found with a reporter. Lane's attorney said the motive was jealousy, but authorities were silent on Mendte's motive and his method.

"The mere accessing and reading of privileged information is criminal," acting U.S. Attorney Laurie Magid said. "This case, however, went well beyond just reading someone's e-mail."

The allegations are the latest in what is playing out as a titillating local news rivalry that has already ended Lane's career at KYW-TV, the CBS affiliate in Philadelphia. She was fired in January after a series of embarrassing off-camera incidents, including a scuffle with a New York City police officer.

Now the scandal revolves around Mendte's alleged off-camera conduct. A one-count information charges Mendte, who co-anchored the news with Lane for more than four years, with a felony count of intentionally accessing a protected computer without authorization.

Mendte, 51, was fired last month after FBI agents searched his home and seized his computer.

"As we continually have said from day one, Larry has been cooperating fully with the investigators," said his attorney, Michael Schwartz. "He continues to cooperate and will accept full responsibility for his actions."

After accessing Lane's e-mail, Mendte contacted a Philadelphia Daily News reporter and relayed details about her criminal case in New York, including a change in a hearing date and other information, prosecutors said.

Lane's attorney Paul Rosen said he believes Mendte also was behind other leaks that got his client into the gossip pages, including one last year in which she e-mailed photos of herself in a bikini to NFL Network anchor Rich Eisen. Eisen's wife intercepted the pictures.

Authorities found a picture of Lane in a bikini on Mendte's computer, though there are no charges connected to the image.

Rosen alleged that Mendte acted out of jealousy, starting when Lane was offered a new contract in February 2005. Lane was making $780,000, or about $100,000 more than her co-anchor, he said.

"Her star was climbing, while his was not climbing," Rosen said. "... His conduct was designed to undermine her."

Mendte and Lane anchored the 6 p.m. and 11 p.m. newscasts from September 2003 until Lane was fired. In a statement, a station official declined to comment on the charge against Mendte.

Mendte has been off the air since May 29, the day his home was searched and computer seized. He was fired June 23, days after Lane filed a lawsuit in which she alleged, among other things, that keeping Mendte on the payroll during a federal probe amounted to sex discrimination.

In firing Lane, the station said her confrontation with a New York police officer made it "impossible for Alycia to continue to report the news as she, herself, has become the focus of so many news stories."

New York prosecutors in February downgraded felony charges that Lane struck the officer, and a judge pledged to drop the remaining charges in August if she is not arrested again.

US Federal guidelines call for a sentence of up to six months in prison if Mendte is found guilty.

DDoS attack on Georgia president website

ATTACK : DDoS attack on Georgia president website

By John Leyden

21st July 2008

http://www.theregister.co.uk/2008/07/21/georgia_presidential_site_ddos/

A denial of service attack hit government websites in the former Soviet republic of Georgia over the weekend amid growing diplomatic tensions between the country and Russia.

The DDoS assault on the website (http://www.president.gov.ge) of Georgian President Mikhail Saakashvili rendered it unavailable over the weekend. The attack was run via botnet networks of compromised PCs. Shadowserver charts the command and control servers used in the attack, in an analysis (http://www.shadowserver.org/wiki/pmwiki.php?n=Calendar.20080720).

The identities of those behind the attack are unknown, but Jose Nazario, security analyst at security tools firm Arbor Networks, reports that some among the messages contained in the floods of spurious traffic (HTTP, SYN, ICMP) read "win+love+in+Rusia", indicating a possible political motive for the attack.

Communications between compromised clients and the command and control network coordinating the attack are taking place over encrypted SSL channels, as per security vendor PC Tools.

Tensions between Russia and Georgia have flared over Georgia's proposed membership of NATO. Over the weekend Russian warplanes flew over Georgia's rebel region of South Ossetia, in a show of military muscle.

Interest in tracking and preventing incidents of politically-motivated cyber attacks has risen up the political agenda since a sustained series of assaults took out the internet infrastructure of Estonia last year. Russian nationalists were blamed for those attacks amid dark mutterings from Estonian ministers that Moscow might be to blame. Such accusations have never been substantiated and only one arrest - of a locally-resident ethnic Russian - was made.

Monday, July 21, 2008

Quote of the day

Quote of the day

Never let your sense of morals get in the way of doing what's right.

Isaac Asimov

New IT Term of the day

New IT Term of the day


Pretty Good Privacy (PGP)


Abbreviated as PGP, a technique developed by Philip Zimmerman for encrypting messages. PGP is one of the most common ways to protect messages on the Internet because it is effective, easy to use, and free. PGP is based on the public-key method, which uses two keys -- one is a public key that you disseminate to anyone from whom you want to receive a message. The other is a private key that you use to decrypt messages that you receive.

To encrypt a message using PGP, you need the PGP encryption package, which is available for free from a number of sources. The official repository is at the Massachusetts Institute of Technology.

PGP is such an effective encryption tool that the U.S. government actually brought a lawsuit against Zimmerman for putting it in the public domain and hence making it available to enemies of the U.S. After a public outcry, the U.S. lawsuit was dropped, but it is still illegal to use PGP in many other countries.

Is Limbo 2 the ultimate trojan?

NEW TROJAN : Is Limbo 2 the ultimate trojan?

Sue Marquette Poremba

July 18 2008

http://www.scmagazineus.com/Is-Limbo-2-the-ultimate-trojan/article/112637/

Prevx, an internet security company headquartered in Derby, England, has discovered a new trojan designed to steal information from large banking institutions. Jacques Erasmus, director of malware research, told SCMagazineUS.com on Friday that the Limbo 2 trojan may be the most sophisticated trojan yet released.

Erasmus said he had been monitoring some underground Russian forums and managed to get a sample of the Limbo 2 trojan a week ago.

“This was by far the most sought-after trojan in the underground,” he said.

Part of the attraction of this trojan is its stealth characteristics. It offers its own cryptor that obfuscates the trojan, making it virtually impossible to detect. Erasmus said that the Limbo 2 trojan has been able to bypass anti-virus software.

“It also has a unique technique to steal bank information,” he added. “It can inject a code into a live banking site. If you log into a bank, it is able to hijack your connection and adds an extra field into the page.”

That extra field then harvests the user's personal information.

“This is a very organized and cataloged trojan,” Erasmus explained.

Computers are infected with the trojan through various methods: botnet deployments, bundled into downloaded installs, and through web exploits.

Even though the Limbo 2 trojan is able to sneak past anti-virus vendors today, Dave Marcus of McAfee Avert Labs, says that once vendors confirm the existence of Limbo 2, protection against it would quickly be made available.

“Information about this trojan is very sketchy, and we haven't been able to find anything under the name Limbo 2 yet,” Marcus told SCMagazineUS.com on Friday.

When a new piece of malware comes out, it isn't uncommon for it to evade anti-virus scanners, Marcus continued.

“But it doesn't go unnoticed for long,” he said, “and once someone gets a sample of it, information is shared among the malware researchers so everyone has protection.”

Dismissed Engineer Locked San Francisco WAN

INSIDER : Dismissed Engineer Locked San Francisco WAN

Chuck Miller

July 15 2008

http://www.scmagazineus.com/Angry-insider-locks-down-San-Francisco-WAN/article/112487/

Network administrators in San Francisco could not access the city's new wide area network (WAN) because a disgruntled engineer refused to divulge his exclusive credentials.

The engineer, Terry Childs, set up passcodes that locked out everyone except himself, possibly because he was upset at his attempted dismissal, according to a report Monday in the San Francisco Chronicle. Childs, who remains in jail, was charged with four counts of computer tampering – a felony in California.

San Francisco officials said they are trying to crack his credentials and hope to regain access to the systems where emails, payroll files, law enforcement documents and arrest records are stored, the report said.

But this may prove difficult, Raj Rajamani, product manager at Solidcore Systems, provider of change control solutions, told SCMagazineUS.com on Tuesday.

“With modern forensic tools, they will probably be able to crack the passwords he set up, but it may never be possible to know what kind of damage has been done," he said.

Authorities said that considering the denial-of-access to other personnel that occurred, the incident may translate into millions of dollars.

The systems affected continue to work, though with only limited or no access.

“They are probably OK until some minor problem arises, such as a hard disk filling up or a tape backup failing," Jeff Nielsen, senior product manager at identity management provider Symark Software, told SCMagazineUS.com on Tuesday. "Such problems are normally handled by system administrators easily, but if they're locked out, they've got big problems.”

How can businesses protect against such malicious insider attacks? According to Rajamani, first they must understand that this could happen anywhere.

“Many organizations are aware they should protect data, but have not matured enough to fully recognize the danger, or have not come to a point where they feel compelled to protect it completely,” he said. "One way to help protect against this is to first determine what information is in your systems, where any critical information is, as opposed to non-critical data. And you want to certify access – who has privileged access and how are settings being altered?”

“This points out an age-old problem," said Nielsen. "Most access is done on a trust basis. Ideally, what you should do is move to a process-based framework, where access is granted on a one-time basis, based on a business need and where logs can be created to trace back changes.”

NZ Hacker Charges Dropped, Gets a Police Job

ACQUITTED : NZ Hacker Charges Dropped, Gets a Police Job

BBC NEWS

2008/07/16

http://news.bbc.co.uk/go/pr/fr/-/2/hi/asia-pacific/7509052.stm

A New Zealand teenager who admitted to taking part in an international cyber-crime network has been discharged without a conviction.

Police said the group hijacked more than one million computers and used them to take at least $20.4m (£10.3m) from private bank accounts.

Owen Thor Walker, 18, was ordered to pay $10,000 (£5,000) in damages and hand over his computer-related assets.

Police said they were interested in using his skills to fight cyber-crime.

Investigators called Mr Walker's programme one of the "most advanced" they had seen, prosecutors said.

He did not take money from people's accounts, but he was paid nearly $31,000 (£15,500) for software he designed that gave the cyber-ring access usernames, passwords and credit card details.

Judge Judith Potter dismissed the charges, relating to a 2006 attack on a computer system at a US university, saying a conviction could jeopardise a potentially bright career.

Bank details

Mr Walker was detained in the North Island city of Hamilton last November as part of an investigation with US and Dutch police into global networks of hijacked PCs, known as botnets.

A botnet can be controlled over the internet by a single computer.

It installs malicious software on PCs to collect information such as login names, bank account details and credit card numbers.

Mr Walker pleaded guilty to charges of accessing a computer for dishonest purposes, interfering with computer systems, possession of software for committing crime and accessing computer systems without authorisation, the New Zealand Press Association said.

New Zealand police said he had begun committing the crimes at school, and had designed an encrypted virus that was undetectable by anti-virus software.

Cybercrime is an Organised Business Enterprise

MAFIA : Cybercrime is an Organised Business Enterprise

Ankur Goyal with CRPCC Team

July 21, 2008

Cybercrime is being run like an organised business activity are the findings of a research done by Malicious Code Research Center of Finjan Inc., a manufacturer of secure web gateway products.

Malicious Code Research Center (MCRC) of Finjan Inc. announced the findings in its latest trends report for Q2 2008. The report identifies and analyzes the latest Crimeware business operations, and provides a first-of-its-kind insider’s look at the organizational structure of Cybercrime organizations. It all makes the cybercrime more successful and profitable than ever.

The report includes real documented discussions conducted by Finjan’s researchers with resellers of stolen data and their “bosses”, confirming Finjan’s analysis of the current state of the cybercrime economy.

“Over the course of the last 18 months we have been watching the profit-driven Cybercrime market maturing rapidly. It has evolved into a booming business, operating in a major shadow economy with an organizational structure that closely mimics the real business world. This makes businesses today even more vulnerable for cybercrime attacks, especially considering the maturity of the cybercrime market and its well-structured cybercrime organizations,” said Yuval Ben-Itzhak, Finjan’s CTO. “Recent industry reports containing record numbers of malware infections during the first half of 2008 alone underline again the huge impact of cybercrime on today’s businesses.”

The report explores the trend of loosely organized clusters of hackers trading stolen data online being replaced by hierarchical cybercrime organizations. These organizations deploy sophisticated pricing models, Crimeware business models refined for optimal operation, Crimeware drop zones, and campaigns for optimal distribution of the Crimeware.

These cybercrime organizations consist of strict hierarchies, in which each cybercriminal is rewarded according to his position and task.

The “boss” in the cybercrime organization operates as a business entrepreneur and does not commit the cybercrimes himself. Directly under him is the “underboss”, acting as the second in command and managing the operation. This individual provides the Trojans for attacks and manages the Command and Control (C&C) of those Trojans. “Campaign managers” reporting to the underboss lead their own attack campaigns. They use their own “affiliation networks” as distribution channels to perform the attacks and steal the data. The stolen data is sold by “resellers”, who are not involved in the Crimeware attacks themselves.

“In our report we provide a closer look at today’s cybercrime enemy, indicating how it organizes, operates and benefits from stolen data. We unveil the business cycle of data collecting and trading by today’s cybercriminals, said Yuval Ben-Itzhak, CTO of Finjan. “We also show examples of the highly effective tools and methods that are being used to steal data from enterprises around the world.”

As a preventative measure, businesses should look closely at their security practices to make sure they are protected. A layered security approach is a highly effective way of handling these latest threats, and applying innovative security solutions, such as real-time content inspection, designed to detect and handle them is a key factor is being adequately protected.

The report can be downloaded at -

http://www.finjan.com/content.aspx?id=1994&objid=620

http://www.finjan.com/Pressrelease.aspx?id=1998&PressLan=1819&lan=3

This Day in History

Thanks for your Visit