Backdoor action with Kama Sutra virus

Life immitating art. Nothing new. Just like the promise of seeing Britney Spears naked leads to a complete loss of data, the promise of gaining information and knowledge on the highly misunderstood Kama Sutra lures many. The trojan called Troj/Bckdr-RFM loads into the system (of course a windows OS) while the viewer is being distracted by illustrations from ancient texts in a powerpoint presentation. Some things will never change 🙂

Sophos picked up this little doozie labelled as the Troj/Bckdr-RFM. The hacker that sends it can steal personal information and spy on users’ activities or use the machine for nefarious deeds such as sending spam or attacking websites. It basically like most other trojans these days; uses your computer like SETI did, however instead of the promise of the chance of finding a callsign of alien life, you are part of a network of orchestrated attacks against “the man”.

I wonder if one day they will make “being infected by a virus through negligence, that leads to the contribution toward a bot army” a crime.

Adelaide Hacker Compromised 3000 Machines!

Adelaide Hacker compromised over 3000 machines and infected them with a known computer virus that can phish data like credit cards, banking logon details etc. He also tried to launch the virus globally and to potentially infect 74000 machines. He is facing a jail sentence of 2 to 10 years if convicted.

He is being charged with:

– unauthorised modification of computer data, supply and possession of a computer virus with intent to commit a serious computer offence,
– unlawful possession of a computer system, theft and
– trafficking a controlled substance.

“The arrest has resulted in the acquisition of intelligence which can be utilised to identify further offenders,” said Detective Inspector Jim Jeffrey of SAPOL.

Could this uncover a ring of hackers in Adelaide?

AdeladeNow Story: http://www.news.com.au/adelaidenow/story/0,22606,25923434-5006301,00.html

Black Hats no longer behind White Hats

Research has shown that Black Hat hackers in many cases are far ahead of their White Hat counterparts. Many of the wares produced by Black Hats are now “dormant” and waiting on your system to be activated when signaled. They are mainly trojans that wait for you use your online banking.   Viruses have quadrupled from over 15,000 in 2007 to almost 60,000 in 2008. F-Secure says there were 59,177 programs called “Trojans,” circulating on the Internet since last year, compared with 15,969 in 2007 (USA Today).

Things to consider to have a fighting chance:

  1. Keep your PC up to date. If running Linux, make sure you keep up with the system updates (especially the critical updates). On a Windows box, ensure that Updates are enabled.
  2. An anti-virus software must be installed. I suggest AVG. Even on a linux machine you should run anti-virus software to prevent the propagation of viruses to Windows based machines.
  3. Install some form of Spyware Removal Tool.
  4. It seems Microsoft’s Internet Explorer is at the top of the list of “most hacked” browser. Firefox and Chrome are far less susceptible to attacks, making them safer browsers. Use them instead.
  5. Secure your wireless network. Try to use WPA2-PSK at the very least with a more secure pseudo-random generated key. A good key generator is found here.
  6. Ensure a firewall of some sort is running. Windows Firewall is the absolute bare minimum.

It seems, after all that, it sometimes comes down to just plain common-sense sometimes. A lot of trojans and viruses make their way into your system when certain executables are run. If you receive a file by email, always check the extension on the file. For example, spears.jpg.vbs is not a picture but a vbscript that could be potentially dangerous.

Technorati Tags: , , , , , , , ,

Top 70 Hacking Methods

The List

  1. Cross-Site Printing (2007 issue)
  2. CUPS Detection
  3. CSRFing the uTorrent plugin
  4. Clickjacking / Videojacking
  5. Bypassing URL Authentication and Authorization with HTTP Verb Tampering
  6. I used to know what you watched, on YouTube (CSRF + Crossdomain.xml)
  7. Safari Carpet Bomb
  8. Flash clipboard Hijack
  9. Flash Internet Explorer security model bug
  10. Frame Injection Fun
  11. Free MacWorld Platinum Pass? Yes in 2008!
  12. Diminutive Worm, 161 byte Web Worm
  13. SNMP XSS Attack (1)
  14. Res Timing File Enumeration Without JavaScript in IE7.0
  15. Stealing Basic Auth with Persistent XSS
  16. Smuggling SMTP through open HTTP proxies
  17. Collecting Lots of Free ‘Micro-Deposits’
  18. Using your browser URL history to estimate gender
  19. Cross-site File Upload Attacks
  20. Same Origin Bypassing Using Image Dimensions
  21. HTTP Proxies Bypass Firewalls
  22. Join a Religion Via CSRF
  23. Cross-domain leaks of site logins via Authenticated CSS
  24. JavaScript Global Namespace Pollution
  25. GIFAR
  26. HTML/CSS Injections – Primitive Malicious Code
  27. Hacking Intranets Through Web Interfaces
  28. Cookie Path Traversal
  29. Racing to downgrade users to cookie-less authentication
  30. MySQL and SQL Column Truncation Vulnerabilities
  31. Building Subversive File Sharing With Client Side Applications
  32. Firefox XML injection into parse of remote XML
  33. Firefox cross-domain information theft (simple text strings, some CSV)
  34. Firefox 2 and WebKit nightly cross-domain image theft
  35. Browser’s Ghost Busters
  36. Exploiting XSS vulnerabilities on cookies
  37. Breaking Google Gears’ Cross-Origin Communication Model
  38. Flash Parameter Injection
  39. Cross Environment Hopping
  40. Exploiting Logged Out XSS Vulnerabilities
  41. Exploiting CSRF Protected XSS
  42. ActiveX Repurposing, (1, 2)
  43. Tunneling tcp over http over sql-injection
  44. Arbitrary TCP over uploaded pages
  45. Local DoS on CUPS to a remote exploit via specially-crafted webpage (1)
  46. JavaScript Code Flow Manipulation
  47. Common localhost dns misconfiguration can lead to “same site” scripting
  48. Pulling system32 out over blind SQL Injection
  49. Dialog Spoofing – Firefox Basic Authentication
  50. Skype cross-zone scripting vulnerability
  51. Safari pwns Internet Explorer
  52. IE “Print Table of Links” Cross-Zone Scripting Vulnerability
  53. A different Opera
  54. Abusing HTML 5 Structured Client-side Storage
  55. SSID Script Injection
  56. DHCP Script Injection
  57. File Download Injection
  58. Navigation Hijacking (Frame/Tab Injection Attacks)
  59. UPnP Hacking via Flash
  60. Total surveillance made easy with VoIP phone
  61. Social Networks Evil Twin Attacks
  62. Recursive File Include DoS
  63. Multi-pass filters bypass
  64. Session Extending
  65. Code Execution via XSS (1)
  66. Redirector’s hell
  67. Persistent SQL Injection
  68. JSON Hijacking with UTF-7
  69. SQL Smuggling
  70. Abusing PHP Sockets (1, 2)
  71. CSRF on Novell GroupWise WebAccess

Technorati Tags: , , ,

Source: Jeremiah Grossman

21000 Wyndham Credit card numbers stolen

The break-in occurred at a property belonging to a Wyndham franchisee, but that computer was linked to other company systems. That intrusion enabled a hacker to use the company server to search for customer information located at other franchised and managed property sites.

The hackers were able to get guest names, credit card numbers and expiration dates as well as data from the card’s magnetic stripe.  That magnetic stripe information, sometimes called a card verification value (CVV) code, is critical if the thieves want to make fake credit cards.

Technorati Tags: , , , ,

Source: www.networkworld.com

Govtrip.com hacked!

A prominent US Government travel website used by federal agencies has been hacked. The site which is operated by defence contractor Northrop Grumman Corp, was breached and changes made so that unsuspecting users would be redirected to a rogue URL where malicious software was thrust upon their systems.

GovTrip is used by several U.S. government agencies, including the EPA and the departments of Energy, Health and Human Services, the Interior, Transportation, and the Treasury, to make travel reservations, as well as to reimburse workers for travel expenses.

You would have to ask why federal agencies would need to expose a travel website to the WWW when they have their own intranets.

Technorati Tags: , , , ,

Source: www.computerworld.com

Security company’s customer database hacked by SQL Injection

Kaspersky Lab, a Moscow-based security company, admitted today that a database containing customer information had been exposed for almost 11 days and that it only learned of the breach when Romanian hackers told the firm about it (the hackers in this instance were white hats). No data was actually downloaded or looked at.

The hackers (presumed from Romania), went public in a blog post. They claimed that after launching a SQL injection attack on Kaspersky’s U.S. support site, they were able to access a customer database that included e-mail addresses and software activation codes.

Roel Schouwenberg,  a Kaspersky senior antivirus researcher,  confirmed that the database was hacked via a SQL injection attack, but he reiterated that only the database’s table labels had been accessed by the hackers, not the data itself. “A more advanced hacker could have gotten access to the information,”  Schouwenberg acknowledged, “including activation codes for the product and e-mail addresses. But that didn’t happen.”

A combination of vulnerable code crafted by an unnamed third-party vendor and poor code review by Kaspersky was to blame, thus an Application Security issue.

Kaspersky has hired Next Generation Security Software Ltd.’s David Litchfield, one of the world’s experts on SQL injection attacks and database security, to do an independent audit of the company’s systems.  Considering that if Kapersky had been using Rational Appscan to look after their site, they would have been notified during a scan of the vulnerability and other issues without having to extend to external “experts” in SQL injection.

SQL Injection seems to be the major choice by hackers to compromise applications through the web frontend. Rational Appscan can test and identify SQL Injection vulnerabilities in a given system being tested.

Technorati Tags: , , , , , ,

Source: www.computerworld.com

NT Government systems compromised

A former employee of the Northern Territory Government has admitted to deleting over 10,000 public servant records. The hacker, a computer engineer, used his flatmate’s computer and a former workmate’s access details to hack into the system. His cyber-sabotage crashed multiple government servers, including those of the Health Department, Royal Darwin Hospital, Berrimah Prison and the Supreme Court resulting in $1m in damage. He was previously cleared as part of his job to upgrade and maintain the NT Government’s computer system. He claims he committed the crime because of a perceived slight from his former employer.

Technorati Tags: , , , ,

Source: http://www.news.com.au/story/0,,24952994-17001,00.html

In an earlier report, the same hacker admitted to taking down other NT Government computers.

Source: http://www.news.com.au/story/0,,23707457-2,00.html

Compromised VOIP Racks Huge Bill

Hackers have compromised the VOIP communications of a company in WA. The hackers racked up a bill of  AU$120,000 when they used it to make 11,000 international calls in just 46 hours.  WA Police Technology Crime Investigations detectives have warned that hackers are targeting VOIP based iPBX systems. The Call-Forward functions are being used to make international calls.

Technorati Tags: , , , ,

Source: http://www.news.com.au/story/0,,24939188-2,00.html