Symantec: Proxy Service Users Ends up with Malware
A number of users who signed up for an reasonably-priced proxy service with the name of proxybox.name leads towards the installment of a Trojan horse that can be connected to a botnet on their computers, as per the security firm Symantec.
Researchers at Symantec reverse engineered the Trojan, called Backdoor.Proxybox malware and uncovered a major black hat operation and perhaps the actual malware developer.
The investigation began with an authentic-looking Russian website that promotes the access to thousands of proxies for a extremely low monthly fee that could be paid through Web Money, Liberty Reserve, and Robokassa. Proxy services are frequently employed towards covering a location and sending incognito information.
Shedding light on the work of the malware, Symantec Researcher claimed that the dropper installed the payload as a service on the computer that can shift the payload executable to the system while installing the root kit. The root kit attempts to put aside the spiteful payload and all additional files associated with the threat to surge the threat's persistence. The root kit equipment a novel method to neglect device-stack file scanning. The payload itself is a DLL, which is executed when the computer starts and behaves as a low-level proxy service that penetrates the compromised computer into a large botnet utilized for funneling traffic, as published by Symantec.com on October 8, 2012.
When the computer begins, the payload associate a hard-coded server address and appeal for a set of PHP pages to arrange itself, set up backup command servers, test connection speed, and set up client authentication. The command server's provides many peer servers to use as backups, runs a speed check on the corrupted computer, and assigns a password for an alternative authentication. Assessment of the command server also created a lot of public PHP pages that provided statistic on the botnet also as database credentials.
A Quicker inspection of the command-and-control server display the botnet maintains some 40,000 users online at any time. Endorsement for Proxybox.name appears on four other websites all of which are connected to the same author.
Symantec revealed the uniqueness of the individual it fingered as being concerned in some of the financial operations through Web Money payment system, but an unpredicted copy of the same page suggests that the person could be Kramarenko Bogdan Yurievich.
5 lakh cyber warriors to bolster India’s e-defence
NEW DELHI: Recognizing the threat of cyber attacks from a host of hostile entities — ranging from domestic saboteurs to foreign rivals — a new initiative intends to train five lakh cyber warriors in the next five years to meet a critical gap in India's defences.
A government-private sector plan will look at beefing up India's cyber security capabilities in the light of a group of experts reckoning that India faces a 4.7 lakh shortfall of such experts despite the country's reputation of being a IT and software powerhouse.
Efforts to draw a strategic plan for India, being overseen by National Security Advisor ( NSA) Shivshankar Menon, may need to be speeded up as India lags the research and planning leading western and Asian nations have already undertaken.
Cyber warfare has emerged a top threat to national security with India's systems subjected to an increasing number - and more sophisticated — cyber attacks. India faced a severe test during the 2010 Commonwealth Games when cyber attacks from Pakistan and China sought to damage information systems.
Most of the attacks India deals with originate from countries like the US, China, Russia, a few east European countries and Iran. Chinese hackers have targeted a large number of institutions, even stealing data from schools run by the armed forces.
A Canadian investigation in 2010 revealed that Chinese hackers had reached Indian missions at Kabul, Moscow, Dubai, Abuja, US, Serbia, Belgium, Germany, Cyprus, the UK and Zimbabwe. A machine at the National Security Council secretariat was tapped as were computers at military engineering services (MES).
for more info on this article go to:-http://timesofindia.indiatimes.com/india/5-lakh-cyber-warriors-to-bolster-Indias-e-defence/articleshow/16828463.cms?
Twitter-scam-account-stealing
A quick and urgent warning for Twitter users, If you receive a direct message (DM) on Twitter saying "My profile was viewed..times..today" with a link then please don't click it. If you do, you will run the risk of having your Twitter account hijacked, your account turned into a spam-spewing tweet factory and all of your Twitter followers will be sent a personal copy of the same DM saying "My profile was viewed..times..today".
The direct message is a Scam aimed at stealing your twitter account. Or If any of this phishing scheme sounds familiar, it’s because this scam and others like it have been going around for quite some time now. Reason being, they’re all highly effective. Sure, the verbiage in the Twitter DMs may change periodically, but the goal of stealing your Twitter username and password stays the same.
We recommend you to:
DO not click the link.
DELETE that message
ONCE REVIEW all the application you have allowed in your twitter profile, Here.
REVOKE access of the suspicious applications immediate.
“itsoknoproblembro” DDoS Toolkit Was Used in Recent Debilitating Cyber Attacks
A series of unusually large and highly sophisticated DDoS attacks that hit various organizations last month appear to have used a highly sophisticated toolkit said a tech firm
A distributed denial of service toolkit called "itsoknoproblembro" was behind some of the largest attacks recently,the firm said in a statement on Tuesday. The toolkit is capable of simultaneously attacking various components of a Website's infrastructure and flooding the servers with sustained traffic peaking at 70 Gbps, the company said. Most mitigation providers would struggle to combat DDoS attacks with these characteristics, according to the firm
“What we are experiencing is a dramatic uptick in the size and sophistication of DDoS attacks to a level not previously observed,” said the tech firms ceo
Last month, a number of U.S.-based financial institutions, including Bank of America, JPMorgan Chase, PNC Bank, and others, were suspected of being crippled by powerful distributed denial of service attacks. While not all the institutions have confirmed being hit by DDoS attacks, they all experienced extremely high traffic volumes that affected the availability of their sites within days of each other. the firm did not explicitly say the toolkits were used in these banking attacks in the report, but stuck to the vague phrase, "end of quarter" attacks.
This tool has been used "in conjunction with sophisticated attack methods" that indicate the attackers are quite familiar with common DDoS mitigation methods. The toolkit includes multiple infrastructure and application-layer attack vectors, such as SYN floods, that can simultaneously attack multiple destination ports and targets, as well as ICMP, UDP and SSL encrypted attack types,. These attacks often take the form of a large UDP flood targeting DNS infrastructures, according to the company.
It appears that the attacking botnet contains many legitimate IP addresses, which makes it harder to use anti-spoofing mechanisms to block the junk traffic.
The itsoknoproblembro kit doesn't appear to be widely marketed on underground forums at this time
“The size and sophistication of this threat has created a high-alert within various industries and with good reason,”
BackTrack 5r3 more exciting and powerful
Backtrack 5 R3 focuses on bug-fixes as well as the addition of over 60 new tools
What are the new utilities included with Backtrack 5r3?
This is not a Perfect list, but hopefully it will help you see some of the very cool new tools and programs added to Backtrack 5 r3.
Following list of the new tools:-
>Identify Live Hosts:
dnmap – Distributed NMap
address6 (The Second “Alive6? entry) – IPV6 address conversion
>Information Gathering Analysis
Jigsaw – Grabs information about company employees
Uberharvest – E-mail harvester
sslcaudit – SSL Cert audit
VoIP honey – VoIP Honeypot
urlcrazy – Detects URL typos used in typo squatting, url hijacking, phishing
>Web Crawlers
Apache_users – Apache username enumerator
Deblaze – Performs enumeration & interrogation against Flash remote end points
Database Analysis
Tnscmd10g – Allows you to inject commands into Oracle
BBQSQL – Blind SQL injection toolkit
>Bluetooth Analysis
Blueranger – Uses link quality to locate Bluetooth devices
>Vulnerability Assesment
Lynis – Scans systems & software for security issues
DotDotPwn – Directory Traversal fuzzer
>Exploitation Tools
Netgear-telnetable – Enables Telnet console on Netgear devices
Termineter – Smart Meter tester
Htexploit – Tool to bypass standard directory protection
Jboss-Autopwn – Deploys JSP shell on target JBoss servers
Websploit – Scans & analyses remote systems for vulnerabilities
>Wireless Exploitation Tools
Bluepot – Bluetooth honeypot
Spooftooph – Spoofs or clones Bluetooth devices
Smartphone-Pentest-Framework
Fern-Wifi-cracker – Gui for testing Wireless encryption strength
Wi-fihoney – Creates fake APs using all encryption and monitors with Airodump
Wifite – Automated wireless auditor
>A Bunch of Password Tools
Creddump
Johnny
Manglefizz
Ophcrack
Phrasendresher
Rainbowcrack
Acccheck
smbexec
Introduction to Hping
Hping is tool used by VAPT,Network professional for network scanning and crafting TCP/IP packets.Hping is tool providing testing against firewalls ,security auditing and now implemented in the one of best tool Nmap scanner available on various platforms.
Hping is command-line based TCP/IP packet assembler/analyzer.hping isn’t only able to send ICMP requests,It supports ICMP,UDP and Raw-IP protocols, also has a traceroute capability,enable to send files between covered channel.
The stuff we can do using Hping :-
Firewall testing Advanced port scanning Network testing, using different protocols, TOS, fragmentation Manual path MTU discovery Advanced traceroute, under all the supported protocols Remote OS fingerprinting Remote uptime guessing TCP/IP stacks auditing hping can also be useful to students that are learning TCP/IP.
There are two version of Hping present in cyber world.Hping 2 and Hping 3 ,since version 3 which is in alpha state they are trying to not be just little tool but to make it a framework for scripting TCP/IP.Hping 3 comes with two new thing : the first isa an engine called APD that is able to translate simple packet description in form of string into packet to be sent and the reverse.The second is TCL scripting language,which makes it scriptable TCP/IP stack.
hping2 was used (in the past) to...
Traceroute/ping/probe hosts behind a firewall that blocks attempts using the standard utilities.Perform the idle scan (now implemented in nmap with an easy user interface). Test firewalling rules. Test IDSes. Exploit known vulnerabilties of TCP/IP stacks.Networking research.Learn TCP/IP (hping was used in networking courses AFAIK).
Hping3 should be used to...
Write real applications related to TCP/IP testing and security.Automated firewalling tests. Proof of concept exploits.Networking and security research when there is the need to emulate complex TCP/IP behaviour.Prototype IDS systems. Simple to use networking utilities with Tk interface.
DNA,Pune. Article on cyber warfare
A day after Union home secretary RK Singh said that the bulk of rumours of imminent attacks on northeastern people for the killings of Muslims in Assam originated from Pakistan, experts said that this could be Pune’s first brush with cyber warfare. They also fear that all this is an indication of a major form of subversive warfare in the future. Cyber warfare refers to politically motivated hacking to conduct sabotage and espionage. It is a form of information warfare sometimes seen as analogous to conventional warfare although this analogy is controversial for both its accuracy and its political motivation. Hackers and other individuals trained in software programming and exploiting the intricacies of computer networks are the primary executors of these attacks. These individuals often operate under the auspices and possibly the support of nation-state actors. Talking to DNA, security expert Niranjan Reddy, founder and chief technology officer of NetConclave Systems and a member of Indian Cyber Police, said, “Bullets are being replaced with bytes.”
“Cyberspace is the new warfront. As August 15 was approaching, Pakistani hacker attacked Indian sites,” he added. Reddy said that underground hacking groups had carried out systematic attacks on 100 sites, especially government ones in the past. Cyberspace, according to Reddy, is now the new battle ground for Kashmir as hackers are finding new means to demand emancipation of Kashmir by attacking various websites. These kinds of attacks can disable official websites and networks, disrupt or disable essential services, steal or alter classified data and cripple financial systems among many other possibilities. Rohit Srivastwa, expert on cyber security, told DNA, “The use of technology is used in spreading wrong messages. Earlier, people communicated inflammatory sentiments though emails and telephones. Now, the modus operandi has changed.” “They are circulating video clips which can move rapidly and create panic among the people at large. This cannot be ceased by the government by just banning bulk SMSes or MMSes. Efforts should be taken to thwart such processes from the beginning,” he added. Deepak Shikarpur, chairman of the IT Committee of Mahratta Chamber of Commerce Industries and Agriculture, said, “Yes, it is the initial stage of cyber warfare and the issue is not just limited to Pune. It is a threat to the entire country. “A decade ago, the national conference of Indian Science Congress took place in Pune. It was a big event as the prime minister and other dignitaries were part of it. Just before the event, its website was hacked and it took two days to restore the entire thing. Problem does not lie with technology alone. It’s the intention of those trying to misuse it,” he said. “Our Information Technology Act is very strong, but we need to have a fast track court so that the conviction rate in such kind of cases increases,” he added. “We cannot link the current issues with cyber warfare as they are more technical. However, whatever has taken place recently is a new way of utilising the social media. Earlier, brainwashing was done verbally. Now, people are playing with the technology,” an officer of the cyber cell said.
Hackers can get sneak peek into the brain
Call this a sneak into the future, but it’s now possible to read your brain, or rather hack it. Indeed. Researchers at Usenix Security conference have used a commercially available BCI or a brain-computer interface to demonstrate the very same. The brain-computer interface’s hardware includes a headset (an electroencephalograph or EEG) with sensors which sits up comfortably on your scalp, while the software deals with your brain activity trying to understand it. The BCIs are generally used in medical settings along with expensive equipments, but past few years have seen the emergence of similar cheaper products that are commercially available, like Emotiv BCI .
This BCI has an interface (API) that allows developers to employ BCI’s output in their respective programs.The security researchers from various renouned Universities made up a custom program that was designed solely to trace out sensitive data- like your credit card number, your DOB, etc. Then this programme was tested on 28 participants who were unaware that their brain’s being hacked. Now the information was to be extracted using the P300 response, which is a brainwave pattern that appears when you recognize a meaningful object or activity. Analyzing this patterns and pictures, the data is dug out with great accuracy. Well, in the real world, the researchers predict of a game where the hackers could dig out some of your sensitive information while promising you a false sense of security. And as the BCIs continue to get cheaper, the chances of this happening is pretty high
Kaspersky Labs uncover ‘Gauss’ an Espionage Malware that hit Middle East banks
A new cyber surveillance virus was found in the Middle East that can spy on banking transactions and steal login and passwords, according to Kaspersky Lab, a leading computer security firm.
After Stuxnet, Duqu, and Flame, this one seems to mainly spy on computer users in Lebanon. It has been dubbed Gauss
Gauss is a complex cyber-espionage toolkit, highly modular and supports new functions which can be deployed remotely by the operators in the form of plugins. The currently known plugins perform the following:
•Intercepting browser cookies and passwords.
•Harvesting and sending system configuration data to attackers.
•Infecting USB sticks with a data stealing code.
•Listing the content of the system drives and folders.
•Stealing credentials for various banking systems in the Middle East.
•Hijacking account information for social networks, emails and IM accounts.
The researchers at Russian-based Kaspersky Labs who discovered it have named it Gauss, and say it is aimed at pinching the secrete information of its intended targets, whoever they may be, not only stealing account information of customers of certain banks in Lebanon, but also customers of Citibank and of PayPal. An analysis of the new malicious software shows it was designed to steal data from Lebanese lenders including the Bank of Beirut (BOB), BomBank and Byblos Bank, Kaspersky said. Gauss has infected 2,500 machines, while Flame hit about 700.
Two groups Russian-based Kaspersky Labs, which first published information on Gauss and Flame, and the Hungarian research lab Crysys are detecting the malware by looking for a font that shows up on infected machines called "Palida Narrow.Roel Schouwenberg", senior researcher at Kaspersky Labs, said that researchers still don’t know why Gauss’s creators included the font file.
One of the firm's top researchers said Gauss also contains a module known as "Godel" that may include a Stuxnet-like weapon for attacking industrial control systems. Kaspersky researchers said Gauss contained a “attack vector” that seeks a very specific computer system with no Internet connection and installs itself only if it finds one.
Pakistani hackers deface Indian Southern Railways website
Website of the Southern Railways www.southernrailway.gov.in had been defaced apparently by Pakistani hackers.
The group calls itself 'Pak Cyber Pyrates' apparently replaced the home page of the website with a page that contained contents that denounces India's role in Kashmir.
Indian and Pakistani hacking groups are engaged in a cyber war with websites in both the countries being regularly attacked or defaced.