Category Archives: Internet crime

Exploit for unpatched Flash vulnerability found in leaked material

July 8, 2015 jrivett 4 Comments

Hacking Team is an Italian company that develops counter-security (i.e. hacking) software. They claim to provide their tools only to NATO partners, but there have long been suspicions that their client list includes oppressive governments. These claims have always been denied by the company, but a recent, comprehensive hack against their servers has confirmed Hacking Group sells their software to anyone who asks, including Kazakhstan, Sudan, Russia, Saudi Arabia, Egypt and Malaysia.

Nobody has yet claimed credit for the hack and data scoop, but whoever did it, they have done the world a favour in exposing the practices of Hacking Group. Unfortunately, in publishing the information obtained in the hack, at least one serious – and unpatched – Flash vulnerability has also been exposed.

Adobe responded to the publication of the vulnerability with a Flash security bulletin, in which they confirm that the vulnerability and exploit exist, and that they are currently working on a fix (expected later today). Meanwhile, the exploit has already found itself into hacking toolkits.

Anyone still using a web browser with Flash enabled should consider disabling Flash until this vulnerability is patched.

Update 2015Jul08: Bruce Schneier points out that Hacking Team’s practices are even worse than predicted, and doesn’t expect the company to survive.

Internet, Internet crime, Security

Web-based password manager LastPass hacked

June 16, 2015 jrivett Leave a comment

One of the more popular online password managers has been hacked. LastPass’s servers were breached and user data stolen, including hashed user passwords, cryptographic salts, password reminders, and e-mail addresses.

According to LastPass staff, your passwords are still secure, because only the encrypted versions were obtained. Analysts have confirmed that the risk to LastPass users is minimal, mostly due to safeguards employed by the service.

Still, if you use LastPass, you should immediately change your master password. You will in fact be prompted to do so when you log in.

Although LastPass had effective safeguards in place, the fact that they were hacked (again) leaves me wondering whether it’s ever a good idea to use any Internet-based password manager. I strongly recommend using an offline password manager like the excellent Password Corral or Password Safe. Both are freeware.

Ars Technica and Brian Krebs have more details on the hack and its implications for users.

*nix, Hardware, Internet, Internet crime, Linux, Malware, Mobile, Privacy, Security

Security roundup – May 2015

May 28, 2015 jrivett Leave a comment

Recent security breaches at mSpy and AdultFriendFinder are a gift for Internet extortionists. mSpy hasn’t helped matters by first denying the problem, and then trying to downplay its impact.

A serious vulnerability called Logjam has been discovered in the Diffie-Hellman Key Exchange software, which is used to secure communications on many web and email servers. Meanwhile, despite its many flaws, it’s still a good thing that the web is moving towards HTTPS encryption everywhere.

In the world of network-attached hardware, malware called Linux/Moose is exploiting vulnerabilities in routers and spreading across the Internet. A security flaw in NetUSB is making many consumer routers vulnerable.

A serious vulnerability in many virtual hardware platforms, including Oracle’s popular VirtualBox, is making life difficult for many service providers.

Those of you who monitor traffic arriving at your home or work network are no doubt aware that your network is being constantly scanned for vulnerabilities. Brian Krebs rightly points out that much of this scanning activity is not malicious.

And finally, before you exchange that Android device, you should know that even if you’ve performed a full reset, your personal data is not being completely erased.

Internet, Internet crime, Malware, Spam and scams

Test your skill: spot the phishing email

May 21, 2015 jrivett Leave a comment

A short quiz, provided by anti-malware software maker McAfee, allows you to test your skill at identifying phishing email.

In the quiz, you are presented with ten email samples, and asked to decide whether they are phishing email.

What is phishing? From Wikipedia: “Phishing is the illegal attempt to acquire sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money), often for malicious reasons, by masquerading as a trustworthy entity in an electronic communication.”

Hint: look for links in each of the sample messages. Hover your mouse over each link, and compare the address with the supposed sender. If a link points to a site that’s unrelated to the supposed sender, the email is probably not legitimate.

Hat tip to reader tap tap.

Hardware, Internet crime, Malware, Security

Insecure routers home to vast botnets

May 14, 2015 jrivett Leave a comment

Huge networks of compromised network routers form the basis of several large botnets. These botnets – described as ‘self-sustaining’ by security researchers – are only possible because routers are shipped with common, known passwords, and because users fail to change those passwords, or leave remote administration features enabled. The compromised routers are mostly used in DDoS attacks.

Users should not depend on their ISP to secure their router. There are numerous guides for improving the security of routers, but this one at HowToGeek is particularly good.

Adware, Chrome, Google, Internet crime, Malware, Spam and scams

Google’s efforts to clean up ad injection on the web

May 12, 2015 jrivett Leave a comment

A recent post on the Chrome blog discusses Google’s recent efforts to clean up the growing problem of ad injection on the web.

From the post: “Ad injectors are programs that insert new ads, or replace existing ones, into the pages you visit while browsing the web.” If you’re seeing a lot of advertising on all the sites you visit, and much of it seems unrelated to the site, your computer may be running one or more ad injectors.

Ad injectors are unwanted software that is surreptitiously installed on victims’ computers through a variety of tricks, including “marketing, bundling applications with popular downloads, outright malware distribution, and large social advertising campaigns.”

The ad injection ‘ecosystem’ is complex, and at any given time there are thousands of injection campaigns affecting web surfers.

To combat this problem, Google has identified and removed 192 apps – identified as contributing to ad injection systems – from the Chrome Web Store. Improvements in the Chrome Web Store and Chrome itself help to protect against ad injection software. And Google is reaching out to advertising networks, to assist them in eliminating ad injection. Most importantly, Google’s AdWords network policies have been tweaked, to make it more difficult for the perpetrators of ad injection schemes to promote malicious software.

Internet, Internet crime, Malware, Security, Spam and scams, WordPress and other CMS

Recent surge in spam likely due to Mumblehard botnet

May 7, 2015 jrivett Leave a comment

If you noticed more spam than usual in your inbox in recent months, you’re not alone. You may also have noticed that using your email client to block the sender is typically ineffective. That’s because the spam is coming from thousands of different domains, each corresponding to a different compromised web server.

This is the work of the Mumblehard botnet, which was observed sending mass spam starting about seven months ago by ESet researchers. The Mumblehard code has existed on the web for at least five years, but seems to have started its spamming activities on a large scale only in the last year or so.

Computers infected with Mumblehard are typically Linux web servers. It remains unclear exactly how servers become infected, but researchers suspect that unpatched WordPress and Joomla vulnerabilities provide the key.

Internet, Internet crime, Security

User and sysadmin mistakes allow intruder access in most cases

May 2, 2015 jrivett Leave a comment

Recent studies from Verizon and Symantec show that malicious hackers almost always gain unauthorized access to computer systems because of misconfigured software and user errors. You don’t have to be a genius hacker to get into a supposedly secure system if a sysadmin left the door wide open, or if you can fool a gullible user into revealing their password.

As a user, you’re probably getting tired of being told to be careful when clicking links on the web and in email. But it’s good advice. If you receive an email message that includes a link, and tells you to click the link, think before you click. If someone asks you for your password, do not give it to them.

Adware, Flash, Google, Internet crime, Malware, Security

Malvertising shows no sign of slowing down

April 18, 2015 jrivett Leave a comment

Nasty malware, hidden inside a phony ad that appeared on the Huffington Post web site, was exposed to thousands of users earlier this week. The Flash-based ad was delivered via Google’s Doubleclick advertising network. And this wasn’t even the largest malvertising exposure this week.

Google had better get to work on fixing this, or it will start eating into their primary revenue source.

Internet crime, Malware, Security

Simda botnet taken down

April 16, 2015 jrivett Leave a comment

Law enforcement and security organizations have once again combined their efforts in taking down another large botnet: Simda. The takedown involved seizing fourteen command and control computers in various locations around the world. At its peak, Simba affected over 700,000 computers worldwide.

boot13