Zeus Trojan spreads when user views 'photos'; Facebook now blocking malicious domains spreading the attack.

A worm spreading via Facebook infects victims with a variant of the dangerous Zeus Trojan. The attack, which was first found by researchers at CSIS in Denmark, spreads via phony posts from an infected Facebook user's account that pretends to contain photos.
Like previous Facebook scams, it uses stolen account credentials to log in and then spam the victim account's "Friends" with the malicious posts. While a screenshot of the file appears to have a .jpg suffix, it's really a malicious screensaver file, according to Jovi Umawing, a security expert at GFI Software.
"The worm is also found to have anti-VM capabilities, making it useless to execute and test in a virtual environment, such as Oracle VM VirtualBox and VMWare." If you are using any virtual machine then it will infect your current OS.
Facebook has blocked the offending domains spreading the Trojan. "We are constantly monitoring the situation and are in the process of blocking domains as we discover them. We have internal systems in place configured specifically to monitor for variations of the spam and are working with others across the industry to pursue both technical and legal avenues to fight the bug," a Facebook spokesperson says. 
"Facebook is built to easily allow people to share pictures, videos, and other content -- and people trust what they are receiving from their friends," says Mike Geide, senior security researcher at Zscaler ThreatLabZ Malware. "[For example], this recent example can take advantage of the sharing mechanisms and user's trust of their friends within social networking."
Meanwhile, new research published today from Norman ASA found that Zeus-based attacks are actually on the decline this year: While there were 20,000 Zeus-related incidents in January, according to Norman, there were "nearly negligible levels" of Zeus threats discovered in September.
[...]

Continue



More than 6000 Facebook account hacked by a hacker named Cru3l Int3ntion. Couple of months before another hackers group from Nepal named TeamSwaStika has hijacked more than 10 thousand Facebook accounts. Later FB authority denies that attack. 
Among those hacked accounts the users are mainly from France, Spain, England, India and some other countries. In this hacking the hackers has used massive phishing, spamming and bots. In two separate pastebin release the has exposed all the hacked accounts. 

Hacked Facebook Accounts:-




[...]

Continue

Anonymous Exposed The Private Information of The Special Agent, Officers, Cyber Crime Investigators Of Department Of Justice
-----------------------------------------------------------------------------------------------
The hacktivists claim to have hacked into Baclagan's Gmail account and to have accessed his voicemails and SMS message logs using unspecified techniques as part of their ongoing campaign against law enforcement officials and their "allies" in the computer security industry.
The email dump, released as a torrent last Friday in part of what has become the group's regular FuckFBIFriday release, is also said to contain personal information including Baclagan's home address and phone number. The cache of emails – which according to AntiSec are from the account of Fred Baclagan, a retired special agent supervisor of the Californian Department of Justice – includes 38,000 emails detailing various computer forensic techniques and cybercrime investigation protocols. 
Baclagan told that he was nobody special in the Justice Department ... which is what he would say, of course. He said that he had specialised in identity theft before he retired last year. "I'm really just a nobody," he told the Post, "just a local investigator, not involved in anything dynamic or dramatic

In the Press Release Anon Said:-

################################################################################
# ANTISEC LEAKS DOJ SPECIAL AGENT SUPERVISOR'S PRIVATE EMAILS, #
# IACIS CYBERCRIME INVESTIGATOR COMMUNICATIONS #
# care of the #OCCUPYWALLST CRACKDOWN RETALIATION TASK FORCE # 
################################################################################

Greetings Pirates, and welcome to another exciting #FuckFBIFriday release.

As part of our ongoing effort to expose and humiliate our white hat enemies, we
targeted a Special Agent Supervisor of the CA Department of Justice in charge of
computer crime investigations. We are leaking over 38,000 private emails which
contain detailed computer forensics techniques, investigation protocols as well
as highly embarrassing personal information. We are confident these gifts will 
bring smiles to the faces of our black hat brothers and sisters (especially 
those who have been targeted by these scurvy dogs) while also making a mockery 
of "security professionals" who whore their "skills" to law enforcement to 
protect tyrannical corporativism and the status quo we aim to destroy.

We hijacked two gmail accounts belonging to Fred Baclagan, who has been a cop
for 20 years, dumping his private email correspondence as well as several dozen 
voicemails and SMS text message logs. While just yesterday Fred was having a 
private BBQ with his CATCHTEAM high computer crime task force friends, we were 
reviewing their detailed internal operation plans and procedure documents. We 
also couldn't overlook the boatloads of embarrassing personal information about 
our cop friend Fred. We lulzed as we listened to angry voicemails from his 
estranged wives and ex-girlfriends while also reading his conversations with 
girls who responded to his "man seeking woman" craigslist ads. We turned on his 
google web history and watched him look up linux command line basics, golfing 
tutorials, and terrible youtube music videos. We also abused his google 
voice account, making sure Fred's friends and family knew how hard he was owned.

Possibly the most interesting content in his emails are the IACIS.com internal
email list archives (2005-2011) which detail the methods and tactics cybercrime 
units use to gather electronic evidence, conduct investigations and make 
arrests. The information in these emails will prove essential to those who want 
to protect themselves from the techniques and procedures cyber crime 
investigators use to build cases. If you have ever been busted for computer 
crimes, you should check to see if your case is being discussed here. There are 
discussions about using EnCase forensic software, attempts to crack TrueCrypt 
encrypted drives, sniffing wireless traffic in mobile surveillance vehicles, how 
to best prepare search warrants and subpoenas, and a whole lot of clueless 
people asking questions on how to use basic software like FTP. In the end, we
rickrolled the entire IACIS list, causing the administrators to panic and shut
their list and websites down.

These cybercrime investigators are supposed to be the cream of the crop, but we
reveal the totality of their ignorance of all matters related to computer
security. For months, we have owned several dozen white hat and law enforcement
targets-- getting in and out of whichever high profile government and corporate
system we please and despite all the active FBI investigations and several
billion dollars of funding, they have not been able to stop us or get anywhere
near us. Even worse, they bust a few dozen people who are allegedly part of an
"anonymous computer hacking conspiracy" but who have only used 
kindergarten-level DDOS tools-- this isn't even hacking, but a form of
electronic civil disobedience. 

We often hear these "professionals" preach about "full-disclosure," but we are
sure these people are angrily sending out DMCA takedown notices and serving
subpoenas as we speak. They call us criminals, script kiddies, and terrorists,
but their entire livelihood depends on us, trying desperately to study our 
techniques and failing miserably at preventing future attacks. See we're cut 
from an entirely different kind of cloth. Corporate security professionals like
Thomas Ryan and Aaron Barr think they're doing something noble by "leaking" the
public email discussion lists of Occupy Wall Street and profiling the "leaders"
of Anonymous. Wannabe player haters drop shitty dox and leak partial chat logs
about other hackers, doing free work for law enforcement. Then you got people 
like Peiter "Mudge" Zatko who back in the day used to be old school l0pht/cDc 
only now to sell out to DARPA going around to hacker conventions encouraging 
others to work for the feds. Let this be a warning to aspiring white hat 
"hacker" sellouts and police collaborators: stay out the game or get owned and 
exposed. You want to keep mass arresting and brutalizing the 99%? We'll have to 
keep owning your boxes and torrenting your mail spools, plastering your personal 
information all over teh internets.

Hackers, join us and rise up against our common oppressors - the white hats, the 
1%'s 'private' police, the corrupt banks and corporations and make 2011 the year 
of leaks and revolutions! 

We are Anti-Security,
We are the 99%
We do not forgive.
We do not forget.
Expect Us!
[...]

Continue



Facebook again under massive attack. This time phishing emails are threatening to delete users’ Facebook accounts unless the victims pass along their account details within 24 hours. The phishing messages are charging Facebook users with violating policy regulations by annoying or insulting other Facebook users. The messages are then requesting personal and financial information including Facebook login details and part of recipients’ credit card numbers. The emails are entirely bogus. They are not coming from Facebook. Social media venues would not request financial information, nor would they request login details. The scams are, in fact, designed to steal credit card numbers and social media accounts, likely in order to further spread scams and bilk victims.

A typical phishing Scam Looks Like:-


LAST WARNING : Your account is reported to have violated the policies that are considered annoying or insulting Facebook users. Until we system will disable your account within 24 hours if you do not do the reconfirmation.
Please confirm your account below:
[Link] {The Malicious One}
If you ignore this warning, then our security system will block your account automatically.

Thanks.
The Facebook Team

Another Example:-


Subject: Did you log into Facebook from somewhere new?
Dear [Username]


Your Facebook account was recently logged into from a computer, mobile device or other location you've never used before. We have reviewed your account activity, and we get information about possible unauthorized access to your Facebook. We have provided a warning to you via email, but you do not respond to our notification.
"Your account was accessed from a new location : Anonymous Proxy."
If you are not signing into your Facebook account from "Anonymous Proxy", your Facebook account may have been compromised. We recommend immediately verify your account by carefully on the link below to protect your Facebook account. It may take a few minutes of your time to complete your data.
Please be sure to visit the Facebook Service Account for further information regarding these security issues.


***********************************


[link] {to scam page}


***********************************


Note : If within 12 hours, you have not verified your account, then you have ignored our notifications. Therefore, your account is permanently suspended, and will not be reactivated for any reason.


Thanks,

Facebook Security Team

[...]

Continue


The U.S. military now has a legal framework to cover offensive operations in cyberspace, the commander of the U.S. Strategic Command said Wednesday, less than a month after terming this a work in progress.
"I do not believe that we need new explicit authorities to conduct offensive operations of any kind," Air Force General Robert Kehler said in the latest sign of quickening U.S. military preparations for possible cyber warfare.
"I do not think there is any issue about authority to conduct operations," he added, referring to the legal framework.
But he said the military was still working its way through cyber warfare rules of engagement that lie beyond "area of hostilities," or battle zones, for which they have been approved.
The Strategic Command is responsible for U.S. operations in space and cyberspace. The U.S. Cyber Command, a sub-command, began operating in May 2010 as military doctrine, legal authorities and rules of engagement were still being worked out for what the military calls the newest potential battle "domain."
The Defense Department, in a report made public Tuesday, ratcheted up its warnings, saying the United States reserves the right to retaliate with military force against a cyber attack and is boosting its ability to pinpoint network intruders.
"When warranted, we will respond to hostile attacks in cyberspace as we would to any other threat to our country," the Pentagon said in a report mandated by Congress.
"We reserve the right to use all necessary means - diplomatic, informational, military and economic - to defend our nation, our allies, our partners and our interests."
PRESIDENT MUST ORDER CYBER OFFENSIVE
Kehler, in Wednesday's teleconference, equated offensive action in cyberspace with operations on the ground, air, sea and space in that any offensive action would be carried out under orders of the president as commander-in-chief.
As recently as October 18, Kehler had told reporters that the military was still looking at "what kinds of options would we want to be able to offer" policymakers for cyber warfare.
Deliberations on military doctrine and legal framework are "ongoing," Kehler said at the time. "I would say it's not completed."
On Wednesday, he said the military was learning daily from its operations in cyberspace.
"I think we all wish we were going faster, but we have made progress, we have a number of rules of engagement in place," he said from Omaha, Nebraska, where Strategic Command was hosting a cyber and space conference.
The Pentagon's advanced research arm said earlier this month that it is stepping up efforts to build a cyber arsenal for "more and better options" to meet computer-driven threats to a growing range of industrial and other systems that are vulnerable to cyber penetration.
The Office of the National Counterintelligence Executive, a U.S. intelligence arm, said in a report to Congress last month that China and Russia are using cyber espionage to steal U.S. trade and technology secrets and that they will remain "aggressive" in these efforts.
It defined cyberspace as including the Internet, telecommunications networks, computer systems and embedded processors and controllers in "critical industries."
The Pentagon, in the report to Congress made public Tuesday, said it was seeking to deter aggression in cyberspace by building stronger defenses and by finding ways to make attackers pay a price.
"Should the 'deny objectives' element of deterrence not prove adequate," the report said, "DoD (Department of Defense) maintains, and is further developing, the ability to respond militarily in cyberspace and in other domains."
[...]

Continue


Facebook will not be targeted by Anonymous on Saturday, the hacking group said in one of its Twitter accounts, again distancing itself from a threat that has gotten broad publicity since it surfaced several months ago.
"We told you many times ddosing Facebook was a fake operation," reads a message posted on Friday in the group's AnonOps Twitter account.
The threat to "destroy" Facebook on Nov. 5 via a DDOS (distributed denial of service) attack originated with a video posted on YouTube in mid-July.
However, the plan was never announced in Anonymous' Twitter feeds nor on its blog, 
On Aug. 10 the group said on Twitter that it wasn't involved in planning a Facebook attack.
"WE DONT 'KILL' THE MESSENGER. THAT'S NOT OUR STYLE," reads that post on the group's AnonOps Twitter account.
In a statement released on Friday, Anonymous said the initiative against Facebook was led by an individual acting on his own, according to a Cnet report.
This man was warned to stop promoting the attack as an Anonymous action but he pressed on, so as retaliation Anonymous has released his name and contact information, including a phone number, according to the Cnet article.

Follow Shevantha on Twitter at @shevanthaperera

[...]

Continue



WikiLeaks editor Julian Assange lost a court battle to stay in the United Kingdom Wednesday and will be extradited to Sweden to face questioning over sex charges, a court ruled. Appeals court judges Lord Justice John Thomas and Justice Duncan Ouseley rejected all four of the arguments Assange's defense team used to fight the extradition.
They will hold another hearing later this month to determine whether he can appeal.
"I have not been charged with any crime in any country," he said on the steps of the High Court in London. "Despite this, the European arrest warrant is so restrictive that it prevents UK courts from considering the facts of a case, as judges have made clear here today."
Assange is accused of sexually assaulting two women in Sweden in August 2010. Although he has not been charged with a crime, Swedish prosecutors want to question him in connection with the allegations.
The court comprehensively rejected his defense against being sent there to face prosecution, and was particularly scathing about a dispute with one of the women over whether she had consented to having sex with him.
Swedish authorities allege that the unnamed woman agreed to have sex with him only if he wore a condom, and that he then had unprotected sex with her while she was asleep.
"The allegation is that he had sexual intercourse with her when she was not in a position to consent and so he could not have had any reasonable belief that she did," the court said.
Assange drew cheers from the crowd as he left the court. A "Free Assange" rally was planned for Wednesday outside the Royal Courts of Justice.
Assange, an Australian, decided to fight the case at the High Court after a judge at Belmarsh Magistrates' Court ruled in February that the WikiLeaks head should be extradited.
Assange denies the accusations, saying they are an attempt to smear him, and he says it would be unfair to send him to a country where the language and legal system are alien to him. His attorneys have fought his extradition on procedural and human-rights grounds.
Assange's lawyers have suggested that Sweden would hand him over to the United States if Britain extradites him. The prosecutor representing Sweden has dismissed that claim.
The extradition case is not linked to his work as founder and editor-in-chief of WikiLeaks, which has put him on the wrong side of the U.S. authorities.
His organization, which facilitates the anonymous leaking of secret information, has published some250,000 confidential U.S. diplomatic cables in the past year, causing embarrassment to the government and others.
It has also published hundreds of thousands of classified U.S. documents relating to the conflicts in Iraq and Afghanistan.
But the organization has come under increasing financial pressure in recent months, leading Assange to announce last week that WikiLeaks was temporarily stopping publication to "aggressively fundraise" in order to stay afloat.
A financial blockade by Bank of America, VISA, MasterCard, PayPal and Western Union has destroyed 95% of WikiLeaks' revenue, Assange said.
Many financial institutions stopped doing business with the site after it released the U.S. diplomatic cables late last year, and donations have been stymied.
U.S. authorities have said disclosing the classified information was illegal and caused risks to individuals and national security.


-News Source (CNN, BBC)

[...]

Continue

Total Pageviews

Popular Posts