Guard Privacy & Online Security News & Information

Guard Privacy & Online Security Home : Guard Privacy Blog Home : July 2007

July 9, 2007 20:34 - New Kit Sets Up Phishing Sites In Seconds

A new 'plug and play' phishing kit can let fraudsters create phishing sites in two seconds.

Discovered by security firm RSA's Anti-Fraud Command Center (AFCC), the plug-and-play” phishing kit consists of a single electronic file that fraudsters can upload to a compromised server, creating a fully functional phishing site.

The traditional method of creating phishing sites involves installing various files one-by-one in corresponding directories. This process requires multiple visits to the compromised server and manual installation, which increases the chance of detection, says RSA. By automating this installation process, it means a criminal need only visit the server once, which decreases the chance of detection.

This new development in online fraud could also enable online attackers to automatically search for vulnerable servers without actually hacking into the server, warned RSA Security in its Monthly Online Fraud Report.

Attackers already use tools to automatically scan and detect vulnerable servers. The RSA warned stated, The potential combination of these methods - tracing and compromising vulnerable servers, along with plug-and-play phishing kits - would significantly decrease the workload involved in creating and launching new attacks, says the report.

The report also stated that the UK is the number two hot spot for phishing attacks for the fifth consecutive month.

To reference this entry please copy the url in this link: (Permalink)

July 22, 2007 15:54 - Policeware - The Spyware With A Badge

FBI agents trying to track the source of e-mailed bomb threats against a Washington high school last month sent the suspect a secret surveillance program designed to surreptitiously monitor him and report back to a government server.

Using a fake profile, the FBI sent a message to Timberlinebombinfo -- his MySpace profile -- that installed a hacker-style trojan horse on his PC. The FBI spyware collected a wide range of information including the computer's IP address, MAC address, open ports, a list of running programs, the operating system type, version and serial number, preferred Internet browser and version, the computer's registered owner and registered company name, the current logged-in user name, the last-visited URL and the IP Address of every computer it connects to... demonstrating the power of spyware.

The existence of "policeware" is not well-known, but the US government has used this sort of software before. The rationale for this unusual mode of investigation was to get around encryption software such as PGP and the web e-mail service, Hushmail, that the suspect was using.

The court filing offers the first public glimpse into the bureau's long-suspected spyware capability, in which the FBI adopts techniques more common to online criminals.

The FBI was able to install this program without a suspect or wiretap warrant because "under a ruling this month by the 9th U.S. Circuit Court of Appeals ... Internet users have no 'reasonable expectation of privacy' in the data when using the Internet."

So, what happens when suspects run antispyware programs? A CNET survey of top antispyware vendors found that of 13 software companies, all of them stated that it is currently their policy to detect police spyware. When asked if they had ever received a court order to stop detecting police spyware, nine of the companies denied having received such a request, Computer Associates said they were not sure, and both Microsoft and McAfee declined to comment on the question. When asked, a few companies admitted that they would whitelist policeware if it were requested.

Perhaps the only consolation we can take from this is that if we are law abiding citizens, policeware is spyware that we shouldn't ever see installed on our computers. However, there's a good chance that our antispyware might not tell detect it anyway!

To reference this entry please copy the url in this link: (Permalink)

July 25, 2007 19:00 - Here Are The Threats We Face In 2007

The Sophos Security Threat Report 2007 examines the top ten malware threats and confirms that malware authors are continuing to turn their backs on large-scale attacks in favor of more focused strikes against computer users.

Microsoft Windows continues to be the primary target for hackers, with internet criminals increasingly manufacturing downloading Trojan horses rather than mass-mailing worms to do their dirty work for them. The report predicts malware and spam developments during 2007, enabling us to beef up our security software to repel these predicted attacks on our computers.

Here are the main points of the report...
  1. The US remains a hot spot for online criminal activity, and despite authorities' continued efforts to clamp down on cybercrime, too many US-hosted websites still have lax security measures in place. The US top spot is followed by China, Korea, France and Spain
  2. Sophos predicts that 2007 is likely to see a significant shift away from the use of email security threats, with cybercriminals instead looking to exploit the continued global growth in web use, as well as user-defined web content.

    Email will continue to be an important vector for malware authors, though the increasing adoption of email gateway security is making hackers turn to other routes for infection. The number of websites being infected with malware is on the rise. SophosLabs is currently uncovering an average of 5,000 new URLs hosting malicious code each day
  3. During 2006 Sophos saw a decrease in the use of traditional spyware, in favour of multiple Trojan downloaders. The hacker sends a 'special offer' (or similar) email in an attempt to dupe recipients into visiting a website containing a malicious downloader. The executable file will attempt to download additional Trojans, a process that may be repeated multiple times to try and disable all security defences, before it downloads a spyware component... which will then have a better chance of success. Trojans now account for 51.24%, and spyware-infected emails account for 41.87%. This trends looks set to continue into 2007 and beyond
  4. Sophos notes that 30% of all malware is now written in China, most of it taking the form of Trojans used for gaining a backdoor into users' computers. Surprisingly, 17% of malware written in China is designed for the specific purpose of stealing passwords from online gamers. In contrast, malware authors based in Brazil are responsible for 14.2% of all malware, the majority of which is designed to steal information from online bankers.

    "It's interesting to see how malware varies depending on location, often exploiting current country-specific online trends. Identifying the source of the malware helps security experts and authorities strengthen criminal profiles and bring the perpetrators to justice," added a Sophos source.

Download the full report

To reference this entry please copy the url in this link: (Permalink)

July 30, 2007 20:48 - Beware The 'Life Is Beautiful' ScreenSaver

SophosLabs have warned of a widespread email spam campaign that poses as a screensaver, but is really designed to install a Trojan horses and rootkits on infected Windows PCs.

The emails are being seen in inboxes worldwide, claim that the recipient has been sent a screensaver by a friend and tells the user to open the attachment, called bsaver.zip.

The emails used in the malicious spam campaign contain phrasing such as "Good morning/evening, man! Realy cool screensaver in your attachment!" and use a variety of subject lines including, "Life is beautiful", "Life will be better" and "Good summer".

Clicking on the file contained inside the ZIP attachment infects users with the Troj/Agent-FZB Trojan horse, which drops two rootkits to try and hide from security software.

"If you receive an unsolicited email with an encouragement to run the 'cool screensaver' attached then alarm bells should instantly be ringing in your head," said Graham Cluley, senior technology consultant at Sophos. "Hackers are using a mixture of social engineering and stealth-mode rootkits to try and take advantage of Windows users who forget to think before they click."

"Rootkits are software frequently used by third parties - usually a hacker - to hide other software and processes using advanced stealth techniques. Malicious code, such as spyware and keyloggers, can be invisibly cloaked from detection by conventional security products or the operating system making them hard to detect," explained Cluley. "Hackers use rootkit technology to maintain access to a compromised computer without the user's knowledge, so it's important to be properly defended from these sort of threats."

Read the full article

More information on rootkits

To reference this entry please copy the url in this link: (Permalink)

June 2007 « 

 

 RSS
RSS Feed For This News

Guard Privacy Blog Home | Archives | Guard Privacy... Hot New Topics | Internet Privacy & Security Risks... News! | Spyware & Spyware Blockers... News! | | Guard Privacy From Spyware | Guard privacy With Anonymizers