Guard Privacy & Online Security News & Information

Guard Privacy & Online Security Home : Guard Privacy Blog Home : April 2008

April 1, 2008 18:33 - Teenager Admits To Million-PC Botnet Scam

A teenager has been found guilty of masterminding botnet attacks that are estimated to have infected over a million computers and created havoc for computer users at home and in business.

Eighteen-year-old Owen Thor Walker from New Zealand pleaded guilty to six charges of international computer attacks carried out between January 2006 and November 2007.

He is accused of writing the code that created a botnet that allowed an online gang to bypass anti-malware filters and install a Trojan. The Trojan specifically harvested bank account details from at least 1.3 million computers worldwide and skimmed an estimated $20m from their bank accounts.

Walker was caught in November, 2007, during the FBI's Operation Botroast II, which is hunting virus writers and botnet owners.

The prosecution summary said his was "amongst the most advanced bot programming" that local cyber crime investigators had encountered. His botnet included many sophisticated features, such as disabling anti-virus software on computers it attacked and preventing the software from updating itself.

A botnet is a system of computers that have been compromised by malicious code and then secretly used to collect information such as users' bank accounts and credit cards. For more details and how to protect yourself, see Why Many Home Users Need A Zombie PC Fix - But Don't Know It!

To reference this entry please copy the url in this link: (Permalink)

April 15, 2008 16:55 - Bank Details And Identities Sold From $1 On Web

A full identity can be purchased in the underground economy for as little as $1 and bank account credentials are selling for as little as $10.

According to Symantec's Internet Security Threat Report, there is a maturing underground economy to buy, sell and trade stolen information. For example, credit card information, which has become plentiful in this underground environment, accounted for 13 percent of all advertised goods -- down from 22 percent in the previous period and sold for as low as $0.40. The price of a credit card in this underground market is determined by factors such as the location of the issuing bank. Credit cards from the European Union, for example, cost more than those from the United States, most likely due to the smaller supply of cards circulating in the E.U which makes the card more valuable to a criminal.

Worryingly, the report states that online users can increasingly be infected simply by visiting everyday Web sites. In the past, users had to visit intentionally malicious sites or click on malicious email attachments to become a victim of a security threat. Today, hackers are compromising legitimate Web sites and using them to attack home and enterprise computers. Symantec noticed that attackers are particularly targeting sites that are likely to be trusted by end users, such as social networking sites.

The report also stresses that phishing remains a problem. In the last six months of 2007, Symantec observed 87,963 phishing hosts -- computers that can host one or more phishing Web sites. This is an increase of 167 percent from the first half of 2007. Eighty percent of brands targeted by phishing attacks during the study period were in the financial sector.
Read the report

To reference this entry please copy the url in this link: (Permalink)

April 30, 2008 13:52 - ISP And UK Server Leaves Web Open To Hackers

ISPs were criticised for creating a huge security exploit in the name of further increasing profits. US based Earthlink outsourced the interception of traffic from mistyped web page requests to a company in London whose servers lacked even the most basic security and web programming techniques.

Instead of returning a normal error message page, the London company, Barefruit, provides a list of suggestions for the site the reader may have intended to visit, as well as a series of ads.

However, security researcher Dan Kaminsky claims Barefruit's servers were vulnerable to a Javascript attack that made it possible to serve up any links the attacker wanted, whilst still having the appearance of an official site.

Hackers could have developed special links to unused subdomains of legitimate websites that would deliver whatever content the hacker liked... and be used to fool people into divulging personal data.

Kaminsky said that, while Barefruit fixed the immediate Javascript hole, the underlying problem is that ISPs should not be pretending to be sites that don't exist. For instance, if someone types in a subdomain that doesn't exist for a real website, such as 'ibank.firstbank.com', third party adverts would be served while still displaying the firstbank.com domain name and bypassing any anti-phishing browser protection.

Mistyped domain name redirection is not new. Since 2001, Microsoft's Internet Explorer Browser redirected "Page Not Found" repackaged 404 errors to redirect to Microsoft's own search function.

Earthlink has redirected Non-Existent Domain (NXDOMAIN) query responses to Barefruit servers since August 2006.

To reference this entry please copy the url in this link: (Permalink)

March 2008 « 

 

 RSS
RSS Feed For This News

Guard Privacy Blog Home | Archives | Guard Privacy... Hot New Topics | Internet Privacy & Security Risks... News! | Spyware & Spyware Blockers... News! | | Guard Privacy From Spyware | Guard privacy With Anonymizers