Sign up for our Technology Newsletter 
Powerful “Flame” Virus Found In Iran
Security experts have uncovered a highly sophisticated computer virus in Iran and other Middle Eastern states that they believe was deployed at least five years ago to engage in state-sponsored cyber espionage.
Evidence suggest that the virus, dubbed Flame, may have been built on behalf of the same nation or nations that commissioned the Stuxnet worm that attacked Iran’s nuclear program in 2010, according to Kaspersky Lab, the Russian cyber security software maker that claimed responsibility for discovering the virus.
Kaspersky researchers said on Monday they have yet to determine whether Flame had a specific mission like Stuxnet, and declined to say who they think built it.
Iran has accused the United States and Israel of deploying Stuxnet.
Cyber security experts said the discovery publicly demonstrates what experts privy to classified information have long known: that nations have been using pieces of malicious computer code as weapons to promote their security interests for several years.
A cyber security agency in Iran said on its English website that Flame bore a “close relation” to Stuxnet, the notorious computer worm that attacked that country’s nuclear program in 2010 and is the first publicly known example of a cyber weapon.
Iran’s National Computer Emergency Response Team also said Flame might be linked to recent cyber attacks that officials in Tehran have said were responsible for massive data losses on some Iranian computer systems.
Is A Cyber Warfare On The Horizon?
F-secure’s chief security researcher, Mikko Hypponen, has warned that we are entering into a cyber warfare revolution, and that governments will soon attempt to outdo each other based on their computer weapons’ prowess.
The internet security expert said-any future crisis between technically advanced nations will involve cyber elements.
His comments came after hearing last week that China and the US have been engaging in “war games” simulations.
“I wasn’t expecting [war games] so soon,” Hypponen said.
“I’m surprised and I think it is a good move because everybody is worried about escalation. The way to fight unnecessary escalations is that you know more about how the perceived enemy would act if there would be an escalation. War games are exactly that.”
It was Hypponen’s observations on the war games which led him to remark that we must look at “the bigger picture”.
“We’ve seen a revolution in defence technology and in technology generally over the past 60 to 70 years and I believe we are right now seeing the beginning of the next revolution: a cyber warfare revolution, which is going to as big as the revolutions we’ve seen so far in technology becoming part of defence, and part of wars,” he added.
Hypponen also predicted that it won’t be long before the world sees its first cyber arms race, including cyber war rehearsals to prove how strong countries are and boasting about their cyber skills to make other countries pay attention.
“Like nuclear in the sixties, cyber attacks are a deterrent and deterrents only work if your perceived enemies know that you have it,” he said.
DoJ Charges Clickjacking Perpetrators
Comments Off on DoJ Charges Clickjacking Perpetrators
The U.S. Department of Justice is charging seven individuals with 27 counts of wire fraud and other computer-related crimes, accusing the group of hijacking 4 million computers across 100 countries in a sophisticated clickjacking scam.
According to the indictment, the defendants had set up a fake Internet advertising agency, entering into agreements with online ad providers that would pay the group whenever its ads where clicked on by users. The group’s malware, which it had planted on millions of user computers, would redirect the computers’ browsers to its advertisements, thereby generating illicit revenue.
The malware worked by capturing and altering the results of a user’s search engine query. A user would search for a popular site, such as ones for Netflix, the Wall Street Journal, Amazon, Apple iTunes and the U.S. Internal Revenue Service. Whenever the user would click on the provided link, however, the browser would be redirected to another website, one that the group was paid to generate traffic for.
The malware the group used also blocked antivirus software updates, which left users vulnerable to other attacks as well, according to the DOJ.
Tool Created To Hack BlackBerry Passwords
October 7, 2011 by admin
Filed under Smartphones
Comments Off on Tool Created To Hack BlackBerry Passwords
A Russian security firm has upgraded a phone-password cracking software with the ability to figure out the master device password for Research in Motion’s BlackBerry devices.
Elcomsoft said on Thursday that before it developed the product, it was believed that there was no way to uncover a device password on a BlackBerry smartphone or PlayBook tablet. BlackBerry smartphones are configured to wipe all data on the phone if a password is typed incorrectly 10 times in a row, the company said.
Elcomsoft said it figured a way around the problem using a BlackBerry’s removable media card, but only if a user has configured their smartphone in a specific way. In order for Elcomsoft’s software to be successful, a user must have enabled the feature to encrypt data on the media card.
The feature is disabled by default, but Elcomsoft said around 30% of BlackBerry users have it enabled for extra security.
The company’s software can then analyze the encrypted media card and use a brute-force method to figure out a password, which involves trying millions of possible password combinations per second until one works.
Elcomsoft said it can recover a seven-character password in less than an hour if the password is all lower-case or all capital letters. The software does not need access to the actual BlackBerry device but just the encrypted media card.
SpyEye Poses Risk To Banking Defenses
Financial institutions are facing more trouble from SpyEye, a piece of malicious software that steals money from customers online bank accounts, according to new research from security vendor Trusteer.
SpyEye is a dastardly piece of malicious software: it can harvest credentials for online accounts and also initiate transactions as a person is logged into their account, literally making it possible to watch their bank balance drop by the second.
In its latest versions, SpyEye has been modified with new code designed to evade advanced systems banks have put in place to try and block fraudulent transactions, said Mickey Boodai, Trusteer’s CEO.
Banks are now analyzing how a person uses their site, looking at parameters such as how many pages a person looks at on the site, the amount of time a person spends on a page and the time it takes a person to execute a transaction. Other indicators include IP address, such as if a person who normally logs in from the Miami area suddenly logs in from St. Petersburg, Russia.
SpyEye works fast, and can automatically and quickly initiate a transaction much faster than an average person manually on the website. That’s a key trigger for banks to block a transaction. So SpyEye’s authors are now trying to mimic — albeit in an automated way — how a real person would navigate a website.
Hackers Go After WordPress
March 6, 2011 by admin
Filed under Around The Net
Comments Off on Hackers Go After WordPress
We found out Bloggers using the WordPress platform was shutdown by a DDos attack yesterday that apparently affected many blog sites.The DDos hostilities began in the morning and lasted for a couple of hours. The estimates on the DDos attack was thought to be “multiple Gigabits per second and tens of millions of packets per second”, according to sources, WordPress is working with their providers to prevent such acts from ever taking place again.WordPress the attack is over, though in Chicago, Dallas and San Antonio. The good news is that the site is back up. However, while the attack was in progress sources say it was on of the “largest” the organization has ever seen. Even centersThe attack unfortunately hit main three data. Read More…..