KOOBFACE: Inside a Crimeware Network
Total Page:16
File Type:pdf, Size:1020Kb
Load more
Recommended publications
-
(U//Fouo) Assessment of Anonymous Threat to Control Systems
UNCLASSIFIED//FOR OFFICIAL USE ONLY A‐0020‐NCCIC / ICS‐CERT –120020110916 DISTRIBUTION NOTICE (A): THIS PRODUCT IS INTENDED FOR MISION PARTNERS AT THE “FOR OFFICIAL USE ONLY” LEVEL, ACROSS THE CYBERSECURITY, CRITICAL INFRASTRUCTURE AND / OR KEY RESOURCES COMMUNITY AT LARGE. (U//FOUO) ASSESSMENT OF ANONYMOUS THREAT TO CONTROL SYSTEMS EXECUTIVE SUMMARY (U) The loosely organized hacking collective known as Anonymous has recently expressed an interest in targeting inDustrial control systems (ICS). This proDuct characterizes Anonymous’ capabilities and intent in this area, based on expert input from DHS’s Control Systems Security Program/Industrial Control Systems Cyber Emergency Response Team (ICS‐CERT) in coordination with the other NCCIC components. (U//FOUO) While Anonymous recently expressed intent to target ICS, they have not Demonstrated a capability to inflict Damage to these systems, instead choosing to harass and embarrass their targets using rudimentary attack methoDs, readily available to the research community. Anonymous does have the ability to impact aspects of critical infrastructure that run on common, internet accessible systems (such as web‐based applications and windows systems) by employing tactics such as denial of service. Anonymous’ increased interest may indicate intent to Develop an offensive ICS capability in the future. ICS‐CERT assesses that the publically available information regarding exploitation of ICS coulD be leveraged to reDuce the amount of time to develop offensive ICS capabilities. However, the lack of centralized leadership/coordination anD specific expertise may pose challenges to this effort. DISCUSSION (U//FOUO) Several racist, homophobic, hateful, and otherwise maliciously intolerant cyber and physical inciDents throughout the past Decadea have been attributeD to Anonymous, though recently, their targets and apparent motivations have evolved to what appears to be a hacktivist1 agenda. -
A the Hacker
A The Hacker Madame Curie once said “En science, nous devons nous int´eresser aux choses, non aux personnes [In science, we should be interested in things, not in people].” Things, however, have since changed, and today we have to be interested not just in the facts of computer security and crime, but in the people who perpetrate these acts. Hence this discussion of hackers. Over the centuries, the term “hacker” has referred to various activities. We are familiar with usages such as “a carpenter hacking wood with an ax” and “a butcher hacking meat with a cleaver,” but it seems that the modern, computer-related form of this term originated in the many pranks and practi- cal jokes perpetrated by students at MIT in the 1960s. As an example of the many meanings assigned to this term, see [Schneier 04] which, among much other information, explains why Galileo was a hacker but Aristotle wasn’t. A hack is a person lacking talent or ability, as in a “hack writer.” Hack as a verb is used in contexts such as “hack the media,” “hack your brain,” and “hack your reputation.” Recently, it has also come to mean either a kludge, or the opposite of a kludge, as in a clever or elegant solution to a difficult problem. A hack also means a simple but often inelegant solution or technique. The following tentative definitions are quoted from the jargon file ([jargon 04], edited by Eric S. Raymond): 1. A person who enjoys exploring the details of programmable systems and how to stretch their capabilities, as opposed to most users, who prefer to learn only the minimum necessary. -
Fortinet's March Threatscape Report Shows Domination of Ransomware and Troublesome Zero-Day
Fortinet's March Threatscape Report Shows Domination of Ransomware and Troublesome Zero-Day Rise of Ransomware Is Primarily Driven by Bredolab and Pushdo Botnets SUNNYVALE, CA, Apr 01, 2010 (MARKETWIRE via COMTEX News Network) -- Fortinet(R) (NASDAQ: FTNT) -- a leading network security provider and worldwide leader of unified threat management (UTM) solutions -- today announced its March 2010 Threatscape report showed domination of ransomware threats with nine of the detections in the malware top ten list resulting in either scareware or ransomware infesting the victim's PC. Fortinet observed the primary drivers behind these threats to be two of the most notorious botnet "loaders" -- Bredolab and Pushdo. Another important finding is the aggressive entrance of a new zero-day threat in FortiGuard's top ten attack list, MS.IE.Userdata.Behavior.Code.Execution, which accounted for 25 percent of the detected activity last month. Key threat activities for the month of March include: -- SMS-based Ransomware High Activity: A new ransomware threat -- W32/DigiPog.EP -- appeared in Fortinet's top ten malware list. DigiPog is an SMS blocker using Russian language, locking out a system and aggressively killing off popular applications like Internet Explorer and Firefox until an appropriate code is entered into a field provided to the user. To obtain the code, a user must send an SMS message to the provided number, receiving a code in return. Upon execution, DigiPog registers the user's MAC address with its server. It is the first time that SMS-based ransomware enters Fortinet's top ten list, showing that the rise of ransomware is well on its way. -
Symantec Report on Rogue Security Software July 08 – June 09
REPORT: SYMANTEC ENTERPRISE SECURITY SYMANTEC REPORT: Symantec Report on Rogue Security Software July 08 – June 09 Published October 2009 Confidence in a connected world. White Paper: Symantec Enterprise Security Symantec Report on Rogue Security Software July 08 – June 09 Contents Introduction . 1 Overview of Rogue Security Software. 2 Risks . 4 Advertising methods . 7 Installation techniques . 9 Legal actions and noteworthy scam convictions . 14 Prevalence of Rogue Security Software . 17 Top reported rogue security software. 17 Additional noteworthy rogue security software samples . 25 Top rogue security software by region . 28 Top rogue security software installation methods . 29 Top rogue security software advertising methods . 30 Analysis of Rogue Security Software Distribution . 32 Analysis of Rogue Security Software Servers . 36 Appendix A: Protection and Mitigation. 45 Appendix B: Methodologies. 48 Credits . 50 Symantec Report on Rogue Security Software July 08 – June 09 Introduction The Symantec Report on Rogue Security Software is an in-depth analysis of rogue security software programs. This includes an overview of how these programs work and how they affect users, including their risk implications, various distribution methods, and innovative attack vectors. It includes a brief discussion of some of the more noteworthy scams, as well as an analysis of the prevalence of rogue security software globally. It also includes a discussion on a number of servers that Symantec observed hosting these misleading applications. Except where otherwise noted, the period of observation for this report was from July 1, 2008, to June 30, 2009. Symantec has established some of the most comprehensive sources of Internet threat data in the world through the Symantec™ Global Intelligence Network. -
Watch out for Fake Virus Alerts
State of West Virginia Cyber Security Tip ALERT West Virginia Office of Information Security and Controls – Jim Richards, WV Chief Information Security Officer WATCH OUT FOR FAKE VIRUS ALERTS Rogue security software, also known as "scareware," is software that appears to be beneficial from a security perspective (i.e. free virus scan) but provides limited or no security, generates erroneous or misleading alerts, or attempts to lure users into participating in fraudulent transactions. How does rogue security software get on my computer? Rogue security software designers create legitimate looking pop-up windows that advertise security update software. These windows might appear on your screen while you surf the web. The "updates" or "alerts" in the pop-up windows call for you to take some sort of action, such as clicking to install the software, accept recommended updates, or remove unwanted viruses or spyware. When you click, the rogue security software downloads to your computer. Rogue security software might also appear in the list of search results when you are searching for trustworthy antispyware software, so it is important to protect your computer. What does rogue security software do? Rogue security software might report a virus, even though your computer is actually clean. The software might also fail to report viruses when your computer is infected. Inversely, sometimes, when you download rogue security software, it will install a virus or other malicious software on your computer so that the software has something to detect. Some rogue security software might also: Lure you into a fraudulent transaction (for example, upgrading to a non-existent paid version of a program). -
PC Anti-Virus Protection 2011
PC Anti-Virus Protection 2011 12 POPULAR ANTI-VIRUS PROGRAMS COMPARED FOR EFFECTIVENESS Dennis Technology Labs, 03/08/2010 www.DennisTechnologyLabs.com This test aims to compare the effectiveness of the most recent releases of popular anti-virus software1. The products include those from Kaspersky, McAfee, Microsoft, Norton (Symantec) and Trend Micro, as well as free versions from Avast, AVG and Avira. Other products include those from BitDefender, ESET, G-Data and K7. The tests were conducted between 07/07/2010 and 22/07/2010 using the most up to date versions of the software available. A total of 12 products were exposed to genuine internet threats that real customers could have encountered during the test period. Crucially, this exposure was carried out in a realistic way, reflecting a customer’s experience as closely as possible. For example, each test system visited real, infected websites that significant numbers of internet users were encountering at the time of the test. These results reflect what would have happened if those users were using one of the seven products tested. EXECUTIVE SUMMARY Q Products that block attacks early tended to protect the system more fully The nature of web-based attacks means that the longer malware has access to a system, the more chances it has of downloading and installing further threats. Products that blocked the malicious and infected websites from the start reduced the risk of compromise by secondary and further downloads. Q 100 per cent protection is rare This test recorded an average protection rate of 87.5 per cent. New threats appear online frequently and it is inevitable that there will be times when specific security products are unable to protect from some of these threats. -
Underground Hacker Markets ANNUAL REPORT—APRIL 2016
Underground Hacker Markets ANNUAL REPORT—APRIL 2016 1 Underground Hacker Markets | APRIL 2016 Contents 3 Introduction: Welcome Back to the Underground 4 Price List for Hacker Goods and Services 7 Russian Hackers Expand their Working Hours and Use Guarantors to Ensure Customers’ Happiness 9 Hacking Services for Hire 11 Business Dossiers for Companies in the Russian Federation Bank Account Credentials, Tax Identification Numbers (TINS), Articles of Incorporation, Phone Numbers, Lease Agreements 12 Hacker Goods for Sale Bank Accounts, Popular Online Payment Accounts, Airline Points Accounts, Credit Cards, Hacker Tutorials…You Name It 16 Is ATM Skimming Passé? Not on Your Life. 19 Security Measures for Protecting Against Cyber Threats 22 Conclusion 23 Glossary of Terms 2 Underground Hacker Markets | APRIL 2016 Introduction: Welcome Back to the Underground For our 3rd Annual Underground Hacker Markets Report, Dell SecureWorks engaged two of our top intelligence analysts from our CISO INTEL Team. The team members spend time tracking hackers on the numerous underground hacker forums and marketplaces all over the world. While much of the cybercrime hitting organizations throughout the world is the result of cooperation by hackers working outside the confines of publicly-accessible marketplaces, these underground forums provide a small window into the world cybercriminals occupy. In this report, we concentrated on marketplaces located on the Russian Underground and on English-speaking marketplaces between Q3 2015 and Q1 2016. Just as we did in the 2013 and 2014 Underground Hacker Reports, we wanted to see if any trends had emerged. For example, did prices for popular hacker goods such as stolen bank accounts, credit cards, and malware go up or down? What about services such as Distributed Denial of Service (DDoS) attacks or hacking company databases? Not only did we answer those questions, but we also found some intriguing new products for sale and some interesting new trends as well. -
The Botnet Chronicles a Journey to Infamy
The Botnet Chronicles A Journey to Infamy Trend Micro, Incorporated Rik Ferguson Senior Security Advisor A Trend Micro White Paper I November 2010 The Botnet Chronicles A Journey to Infamy CONTENTS A Prelude to Evolution ....................................................................................................................4 The Botnet Saga Begins .................................................................................................................5 The Birth of Organized Crime .........................................................................................................7 The Security War Rages On ........................................................................................................... 8 Lost in the White Noise................................................................................................................. 10 Where Do We Go from Here? .......................................................................................................... 11 References ...................................................................................................................................... 12 2 WHITE PAPER I THE BOTNET CHRONICLES: A JOURNEY TO INFAMY The Botnet Chronicles A Journey to Infamy The botnet time line below shows a rundown of the botnets discussed in this white paper. Clicking each botnet’s name in blue will bring you to the page where it is described in more detail. To go back to the time line below from each page, click the ~ at the end of the section. 3 WHITE -
Black Hat Hacker White Hat Hacker Gray Hat Hacker
Crackers or Malicious Hackers: System crackers attempt to access computing facilities for which they have not been authorized. Cracking a computer's defenses is seen as the ultimate victimless crime. The perception is that nobody is hurt or even endangered by a little stolen machine time. Crackers enjoy the simple challenge of trying to log in, just to see whether it can be done. Most crackers can do their harm without confronting anybody, not even making a sound. In the absence of explicit warnings not to trespass in a system, crackers infer that access is permitted. Others attack for curiosity, personal gain, or self-satisfaction. And still others enjoy causing chaos, loss, or harm. There is no common profile or motivation for these attackers. Classification of Hackers: Hackers can be classified broadly into three different categories: 1. Black Hat Hacker 2. White Hat Hacker 3. Grey Hat Hacker Black Hat Hacker Black-hat Hackers are also known as an Unethical Hacker or a Security Cracker. These people hack the system illegally to steal money or to achieve their own illegal goals. They find banks or other companies with weak security and steal money or credit card information. They can also modify or destroy the data as well. Black hat hacking is illegal. White Hat Hacker White hat Hackers are also known as Ethical Hackers or a Penetration Tester. White hat hackers are the good guys of the hacker world. These people use the same technique used by the black hat hackers. They also hack the system, but they can only hack the system that they have permission to hack in order to test the security of the system. -
MODELING the PROPAGATION of WORMS in NETWORKS: a SURVEY 943 in Section 2, Which Set the Stage for Later Sections
942 IEEE COMMUNICATIONS SURVEYS & TUTORIALS, VOL. 16, NO. 2, SECOND QUARTER 2014 Modeling the Propagation of Worms in Networks: ASurvey Yini Wang, Sheng Wen, Yang Xiang, Senior Member, IEEE, and Wanlei Zhou, Senior Member, IEEE, Abstract—There are the two common means for propagating attacks account for 1/4 of the total threats in 2009 and nearly worms: scanning vulnerable computers in the network and 1/5 of the total threats in 2010. In order to prevent worms from spreading through topological neighbors. Modeling the propa- spreading into a large scale, researchers focus on modeling gation of worms can help us understand how worms spread and devise effective defense strategies. However, most previous their propagation and then, on the basis of it, investigate the researches either focus on their proposed work or pay attention optimized countermeasures. Similar to the research of some to exploring detection and defense system. Few of them gives a nature disasters, like earthquake and tsunami, the modeling comprehensive analysis in modeling the propagation of worms can help us understand and characterize the key properties of which is helpful for developing defense mechanism against their spreading. In this field, it is mandatory to guarantee the worms’ spreading. This paper presents a survey and comparison of worms’ propagation models according to two different spread- accuracy of the modeling before the derived countermeasures ing methods of worms. We first identify worms characteristics can be considered credible. In recent years, although a variety through their spreading behavior, and then classify various of models and algorithms have been proposed for modeling target discover techniques employed by them. -
Address Munging: the Practice of Disguising, Or Munging, an E-Mail Address to Prevent It Being Automatically Collected and Used
Address Munging: the practice of disguising, or munging, an e-mail address to prevent it being automatically collected and used as a target for people and organizations that send unsolicited bulk e-mail address. Adware: or advertising-supported software is any software package which automatically plays, displays, or downloads advertising material to a computer after the software is installed on it or while the application is being used. Some types of adware are also spyware and can be classified as privacy-invasive software. Adware is software designed to force pre-chosen ads to display on your system. Some adware is designed to be malicious and will pop up ads with such speed and frequency that they seem to be taking over everything, slowing down your system and tying up all of your system resources. When adware is coupled with spyware, it can be a frustrating ride, to say the least. Backdoor: in a computer system (or cryptosystem or algorithm) is a method of bypassing normal authentication, securing remote access to a computer, obtaining access to plaintext, and so on, while attempting to remain undetected. The backdoor may take the form of an installed program (e.g., Back Orifice), or could be a modification to an existing program or hardware device. A back door is a point of entry that circumvents normal security and can be used by a cracker to access a network or computer system. Usually back doors are created by system developers as shortcuts to speed access through security during the development stage and then are overlooked and never properly removed during final implementation. -
Red Teaming the Red Team: Utilizing Cyber Espionage to Combat Terrorism
Journal of Strategic Security Volume 6 Number 5 Volume 6, No. 3, Fall 2013 Supplement: Ninth Annual IAFIE Article 3 Conference: Expanding the Frontiers of Intelligence Education Red Teaming the Red Team: Utilizing Cyber Espionage to Combat Terrorism Gary Adkins The University of Texas at El Paso Follow this and additional works at: https://scholarcommons.usf.edu/jss pp. 1-9 Recommended Citation Adkins, Gary. "Red Teaming the Red Team: Utilizing Cyber Espionage to Combat Terrorism." Journal of Strategic Security 6, no. 3 Suppl. (2013): 1-9. This Papers is brought to you for free and open access by the Open Access Journals at Scholar Commons. It has been accepted for inclusion in Journal of Strategic Security by an authorized editor of Scholar Commons. For more information, please contact [email protected]. Red Teaming the Red Team: Utilizing Cyber Espionage to Combat Terrorism This papers is available in Journal of Strategic Security: https://scholarcommons.usf.edu/jss/vol6/iss5/ 3 Adkins: Red Teaming the Red Team: Utilizing Cyber Espionage to Combat Terrorism Red Teaming the Red Team: Utilizing Cyber Espionage to Combat Terrorism Gary Adkins Introduction The world has effectively exited the Industrial Age and is firmly planted in the Information Age. Global communication at the speed of light has become a great asset to both businesses and private citizens. However, there is a dark side to the age we live in as it allows terrorist groups to communicate, plan, fund, recruit, and spread their message to the world. Given the relative anonymity the Internet provides, many law enforcement and security agencies investigations are hindered in not only locating would be terrorists but also in disrupting their operations.