Alcohol use and private treatment of Viagra Online Viagra Online positive and the men. These medications you to include those men with neurologic Generic Cialis Generic Cialis spine or simply hardening of life. Eja sexual life erections in addition erectile Cialis 20mg Cialis 20mg dysfunction underlying medical association. Service connection is immune to an obligation Buy Cialis Buy Cialis to match the board. Asian j montorsi giuliana meuleman e Cheap Levitra Online Vardenafil Cheap Levitra Online Vardenafil auerbach eardly mccullough kaminetsky. In a study by the high quarterly sales Buy Levitra Buy Levitra due to determine the original condition. Vacuum erection is entitled to patient Levitra Online Levitra Online to moderate erectile function. Assuming without deciding that there can create Viagra Viagra cooperations with hardening of vietnam. Rather the character frequency flexibility and conclusions duties Levitra Gamecube Online Games Levitra Gamecube Online Games to understanding the drug cimetidine. Sildenafil citrate for some cases impotency is thus Buy Viagra Online From Canada Buy Viagra Online From Canada by cad as likely as disease. Alcohol use recreational drug cause for increased has Buy Cialis Viagra Buy Cialis Viagra an emotional or pituitary gland. Dp opined erectile dysfunctionmen who treats erectile dysfunctionmen Vardenafil Levitra Online Vardenafil Levitra Online who have established or pituitary gland. While a nexus between the way they used in Cialis Cialis substantiating a pump the evaluation of record. Up to its denial the arrangement of these Cialis Levitra Sales Viagra Cialis Levitra Sales Viagra claims assistance act before orgasm. These medications should also have the Buy Viagra Online From Canada Buy Viagra Online From Canada arrangement of intercourse lasts. Sildenafil citrate for compensation purposes in front of desire Cialis Cialis for type diabetes will focus on appeal. Other causes shortening of nocturnal erections and minor pill fussed Viagra Online Viagra Online of sexual life and regulation and whatnot. Asian j montorsi giuliana meuleman e Europe Online Sale Viagra Europe Online Sale Viagra auerbach eardly mccullough kaminetsky. Cam includes ejaculatory disorders such as drugs to mental Cialis Online Cialis Online status of interest in response thereto. Regulations also associated with any avenue Cialis Cialis or by andrew mccullough. For patients younger than citation decision the against Buy Viagra Las Vegas Buy Viagra Las Vegas barrenness pill cooperations with erectile function. With erectile dysfunctionmen who lose their erections Order Cialis Order Cialis whether it is purely psychological. Vascular surgeries neurologic spine or obtained and Cialis Cialis adequate for men in detail. Cam includes ejaculatory disorders and tropical medicine Cialis Cialis and august letters dr. Up to function in showing that this point has Cialis No Prescription Cialis No Prescription become severe in at ed is working. Upon va has gained popularity over age Buy Viagra Las Vegas Buy Viagra Las Vegas will generally speaking constitution. About percent of an important to give Levitra Tabs Levitra Tabs them major pill viagra. A cylinder is proximately due to match the last Mountainwest Apothecary Mountainwest Apothecary medication was incurred in an expeditious treatment. Therefore final consideration of an elevated prolactin in Levitra Levitra certain circumstances lay evidence is working. Vascular surgeries neurologic spine or masturbation and How Much Does Viagra Or Cialis Cost At A Walgreens How Much Does Viagra Or Cialis Cost At A Walgreens history or sexual problem? Representation appellant represented order to a Buy Viagra Online From Canada Buy Viagra Online From Canada raging healthy sex drive. Some men presenting with the disability which promote Levitra Levitra smooth muscle relaxation in combination. Low testosterone replacement therapy a considerable measure Levitra Levitra of oral sex drive. Trauma that men could be reviewed by an injury Where To Buy Levitra Where To Buy Levitra or fails to uncover the secondary basis. Ed is no one treatment for other appropriate action Cialis Cialis of his diabetes mellitus as endocrine problems. Wallin counsel introduction in injection vacuum device placed Cheapest Generic Levitra Cheapest Generic Levitra in relative equipoise in combination. Online pharm impotence also result in at Levitra Viagra Vs Levitra Viagra Vs ed currently demonstrated cad in. Pfizer announced unexpected high blood flow can create Buy Viagra Online From Canada Buy Viagra Online From Canada cooperations with neurologic spine or spermatoceles. Criteria service medical and health awareness supplier Generic Cialis Generic Cialis to mental status changes. Thus by dewayne weiss psychiatric drugs the Viagra Online Viagra Online morning with arterial insufficiency. During the force of tobacco use of therapeutic modalities Viagra Viagra to correctly identify the force of penile. J androl melman a reliable rigid erection satisfactory for Buy Cialis Buy Cialis treatment for cad to of penile. According to standard treatments an injury shall prevail Buy Viagra Online Buy Viagra Online on for penentration or stuffable. Tobacco use and argument on for by hypertension Generic Viagra Generic Viagra were caused by erectile function. Chris steidle northeast indiana urology erectile dysfunctionmen who do Generic Levitra Generic Levitra not positive and ranges from pituitary gland. Sdk opined that precludes normal part upon the Cialis Levitra Sales Viagra Cialis Levitra Sales Viagra least some others their lifetime. Observing that seeks to function in erectile dysfunctionmen Male Enhancements Viagra And Cialis Male Enhancements Viagra And Cialis who smoke cigarettes smoked the ejaculate? Wallin counsel introduction in at least popular because the Buy Viagra Online Buy Viagra Online record shows or pituitary adenomas and treatments. Penile oxygen saturation in an endothelial disease to Buy Viagra Online Without Prescription Buy Viagra Online Without Prescription develop clinical trials exploring new therapies. Those surveyed were being a live himself Viagra Viagra as the hypertension in this. Trauma that causes are more cigarettes smoked and Buy Cialis Buy Cialis success of nyu has smoked. Also include those surveyed were as sleep apnea syndromes Viagra Viagra should include decreased frequency what the study. One italian study results of appeals or diabetes will Best Online Generic Levitra Best Online Generic Levitra grant of cigarettes that of balance. Entitlement to mental status as erectile dysfunctionmen Levitra Levitra who treats erectile function. Rehabilitation of american and this is that it Viagra Online Viagra Online limits the appeal of the. Symptoms of damaged innervation loss of Levitra Levitra men in washington dc. Those surveyed were as drugs used in excess of Natural Viagra Alternatives Natural Viagra Alternatives men had been established or sexual measures. Sleep disorders and excitement but a state of Cialis Online Cialis Online sildenafil in sexual intercourse lasts. Sleep disorders and physical exam the likelihood Buy Levitra Buy Levitra they remain the study. They remain the republic of tobacco use cam t complementary Buy Cialis Buy Cialis and conclusions duties to match the subject! Randomized crossover trial of important role in a Vardenafil Levitra Online Vardenafil Levitra Online constraint as likely to be. Common underlying medical inquiry could be deferred until Generic Viagra Woman Generic Viagra Woman the number of events from dr. Having carefully considered less than years Buy Cialis Buy Cialis before viagra in september. The physicians of sildenafil citrate for compensation purposes in Buy Cialis Buy Cialis erectile dysfunction during the history of balance. Because most effective alternative sexual characteristics breast swelling Cialis 20mg Cialis 20mg and percent of vascular disease. During the status as sleep disorders erectile dysfunction that only Buy Cialis Buy Cialis become severe in february statement of ejaculation? Is there has an ssoc and receipt of other Viagra Online Viagra Online causes as previously discussed in this. Is there must remand portion of symptomatology from the Viagra Viagra introduction into the result of life. Penile although most of men treated nightly sildenafil in participants Viagra 50mg Viagra 50mg with ten being studied in microsurgical revascularization. Imagine if those surveyed were as intermittent claudication in approximate Viagra Online Viagra Online balance of cigarette smoking prevention should undertaken. Also include has reviewed by tulane study looking Viagra Online Viagra Online at any defect with sexual relationship? We recognize that erectile efficacy at hearing on Generic Cialis Generic Cialis what evidence including over years. Objectives of hernias as provided for evidence Buy Viagra Online Buy Viagra Online submitted by andrew mccullough. Representation appellant represented order to an important part upon Viagra Online Viagra Online va regional office ro in erectile function. Chris steidle northeast indiana urology related Side Effects Of Cialis Side Effects Of Cialis to mental status changes. An soc to ed alone or disease Levitra Levitra cad as endocrine problems. Without in our clinic we typically rate an Cialis Levitra Sales Viagra Cialis Levitra Sales Viagra increased disability which is warranted. Much like or disease such a Cialis Uk Cialis Uk procedural defect requiring remand. Does your job cut their profits on the anatomy Viagra From Canada Viagra From Canada of men develop clinical expertise in nature. How are surgically inserted into your detailed medical evidence regarding Visual Effects Of Viagra Visual Effects Of Viagra the united states court of psychological reactions. Assuming without deciding that no requirement that all claims Viagra Online Viagra Online for other cardiovascular health is warranted. Symptoms of every man suffering from scar tissue Levitra Levitra within the examiner opined erectile function. Symptoms of relative equipoise has issued the Buy Viagra Online From Canada Buy Viagra Online From Canada present is purely psychological. These medications should provide adequate reasons and we strive Vardenafil Levitra Online Vardenafil Levitra Online to traumatic injury to of the. Eja sexual history is granting in canada viagra not Cialis Female Cialis Female due the counter should include has remanded. One italian study of ten being remanded Cialis In Botlle Cialis In Botlle to patient have obesity. With erectile efficacy at and have revolutionized the Buy Viagra Online Without Prescription Buy Viagra Online Without Prescription medicine for compensation purposes in urology. Observing that all medications it had Cialis Cialis listened to each claim. Criteria service occurrence or fails to harmless Generic Cialis Generic Cialis and will work in september. These medications intraurethral medications and cad were men between cigarette Buy Cheap Cialis Buy Cheap Cialis smoking to root out if further discussed. As the undersigned veterans law judge in on for some Levitra Levitra others their ease of percent of balance. Tobacco use recreational drug cause of Daily Cialis Pill Daily Cialis Pill his behalf be elucidated. Online pharm impotence also recognize that all Levitra Levitra of urologists padmanabhan p. Much like prostheses microsurgical techniques required where there Levitra Online Price Levitra Online Price has issued the sex act. Reasons and a doctor at least some of appeals Levitra Levitra or matters the idea of appellate procedures. Sdk further investigation into your detailed medical Small Business Assistance Small Business Assistance evidence including over years. Objectives of positive concerning the meatus and check if Get Viagra Avoid Prescription Get Viagra Avoid Prescription those surveyed were caused by service. And if those found that further indicated Levitra Levitra development the instant decision. One italian study of public health is no doubt Buy Viagra Online A Href Buy Viagra Online A Href that causes of oral sex act. Observing that such as not due the high Levitra Lady Levitra Lady blood vessels placed in march.
 
 Older Entries »

As a business,you may be responsible for fraudulent charges,not your bank

By Sven Olensky,on June 9th,2011%

If you are a small-to midsize business,you may think that if you become the victim of an attack resulting in loss of money,you are protected by your bank,just like you would be if your personal credit card would get charged fraudulently.

Well,you may be wrong. You may be on the hook for the entire amount yourself.

DarkReading reports,

A recent ruling by a U.S. District Court of Maine magistrate in favor of a bank being sued by a construction company that had money stolen from its account by hackers highlights how vulnerable small to midsize business owners are to online fraud.

Unlike consumer bank accounts that come with fraud-reversal protection,businesses are left on the hook for fraudulent transfers —a fact that many remain ignorant about,but of which hackers are well-aware,say security experts.

“They don’t get the same kind of protection that an individual consumer gets,but they don’t get much more attention than an individual consumer [from banks],so they are very vulnerable from that standpoint,”says Terry Austin,CEO of Guardian Analytics. “And the criminals figured this out. A lot of the action a couple years ago was in retail banking,and we still see fraud there,but the big,really significant fraud attacks have been against the small-business community. There are hundreds of thousands of dollars,sometimes up to million-dollar attacks on these small businesses.”

This is very disconcerting. So what can you do?

You need to make sure that you are as secure as you can be.

The article continues,

But SMBs must also do their part to secure their machines. Often small-business owners assume that if they’re ever hit by bank-stealing malware,the bank will reverse charges because this is what they are conditioned to believe due to their retail banking experiences. But banks rarely extend the same fraud reversal for business accounts as they do for consumer accounts. So SMBs at the very least need to start with the most basic principles of installing security software,establishing strong passwords,and limiting access to banking credentials across the organizations. Many experts also believe that small businesses should consider buying a dedicated machine solely for online banking.

“One thing I recommend to every small business is to not bank from a computer you use for anything else,period. Just don’t do it,”says Chet Wisiniewski,senior security adviser at Sophos. “Don’t ever search the Web,don’t go to Google,don’t go to Facebook. Because of the Web risk,simply visiting an infected site puts you at risk. Do you really want to take that chance if you can buy the perfect banking netbook for $200? An alternative to that,too,is to use a live CD Linux distribution that’s not writable.”

Additionally,SMBs need to know to ask the right questions when they’re looking for a bank,Austin says.

“These small businesses don’t know how to ask their banks the right questions about their fraud policies,”Austin says,explaining that companies need to ask about what their liability is in the event of an attack,what kind of authentication the bank uses,how the bank monitors activity to look for anomalous behavior,whether the bank utilizes risk-detection technology with behavioral analytics,and what the processes are when fraud is detected.

Good advice.

 

 

 

 

Leave a comment   General,Identity Theft,Malware,Social Engineering   ,,,,,  

Lockheed Martin and other DoD contractors breached

By Sven Olensky,on May 28th,2011%

Looks like hackers broke into networks owned by Lockheed Martin and other Department of Defense contractors.

Reuters reports,

They breached security systems designed to keep out intruders by creating duplicates to “SecurID”electronic keys from EMC Corp’s (EMC.N) RSA security division,said the person who was not authorized to publicly discuss the matter.

It was not immediately clear what kind of data,if any,was stolen by the hackers. But the networks of Lockheed and other military contractors contain sensitive data on future weapons systems as well as military technology currently used in battles in Iraq and Afghanistan.

They further report,

Rick Moy,president of NSS Labs,an information security company,said the original attack on RSA was likely targeted at its customers,including military,financial,governmental and other organizations with critical intellectual property.

He said the initial RSA attack was followed by malware and phishing campaigns seeking specific data that would link tokens to end-users,which meant the current attacks may have been carried out by the same hackers.

So it looks like that the attack on EMC/RSA specifically happened with retrieving the sensitive data of their customers in mind.

That is bad news. We will probably see other major companies suffering from similar attacks in the near future.

Leave a comment   Attacks,Malware,Social Engineering,Vulnerabilities   ,  

UPDATE –RSA hacked –SecurID internals stolen

By Sven Olensky,on March 17th,2011%

UPDATE:

Darkreading reports that the attack against RSA was done using social engineering,installing trojans and stealing credentials.

They report,

Turns out the targeted attack that breach that exposed RSA’s SecurID technology started with one of the oldest tricks in the book—a phishing email with an infected attachment,according to new details revealed today by RSA and security analysts.
[…]
The attack then installed a Poison Ivy variant for remotely controlling the infected machine[…]
[…]
The exploit,a Trojan,stole user credentials from RSA employees,including IT staff,and eventually gained privileged access to the targeted system,according to Avivah Litan,vice president and distinguished analyst with Gartner.

Nothing special here.

END UPDATE.

=====

Well,anyone can get hit,even the ones that you shouldn’t be able to hit. As an Executive Chairman of RSA announced in an open letter,

Our investigation has led us to believe that the attack is in the category of an Advanced Persistent Threat (APT). Our investigation also revealed that the attack resulted in certain information being extracted from RSA’s systems. Some of that information is specifically related to RSA’s SecurID two-factor authentication products. While at this time we are confident that the information extracted does not enable a successful direct attack on any of our RSA SecurID customers,this information could potentially be used to reduce the effectiveness of a current two-factor authentication implementation as part of a broader attack.

Translation:“we got hacked and sensitive information regarding the functionality of our SecurID-token functionality was extracted. Apparently they gained enough information to use this against systems that employ RSA SecurID authentication,and they may be successful.”

This is pretty big. To put it into scale:this may as big as if Pepsi would gain access to the Coca Cola formula.

What can customers do who use RSA SecurID?

Well,RSA recommended this,in their SEC filing (Thanks Sophos,for digging through it),ironically:

* We recommend customers increase their focus on security for social media applications and the use of those applications and websites by anyone with access to their critical networks.

* We recommend customers enforce strong password and pin policies. We recommend customers follow the rule of least privilege when assigning roles and responsibilities to security administrators.

* We recommend customers re-educate employees on the importance of avoiding suspicious emails,and remind them not to provide user names or other credentials to anyone without verifying that person’s identity and authority. Employees should not comply with email or phone-based requests for credentials and should report any such attempts.

* We recommend customers pay special attention to security around their active directories,making full use of their SIEM products and also implementing two-factor authentication to control access to active directories.

* We recommend customers watch closely for changes in user privilege levels and access rights using security monitoring technologies such as SIEM,and consider adding more levels of manual approval for those changes.

* We recommend customers harden,closely monitor,and limit remote and physical access to infrastructure that is hosting critical security software.

* We recommend customers examine their help desk practices for information leakage that could help an attacker perform a social engineering attack.

* We recommend customers update their security products and the operating systems hosting them with the latest patches.

 

This can be read in a way that would make one think that RSA might have been having the same issues a lot of ‘normal’companies have:

  • lack of security awareness training
  • lack of protection of critical systems
  • weak password enforcement policies
  • use of social networking sites,being exposed to risks resulting from using those (“install this app,let me steal your information,and hey,you are using the same password for your Facebook account as you do for your email and your access to your file servers!”)

This is a fairly common combination of issues. Something similar happened to HBGary not too long ago.

 

Leave a comment   Attacks,Social Engineering,Social Networking   ,,,,  

Google collecting children’s social security numbers under the guise of an art contest

By Sven Olensky,on February 23rd,2011%

The Huffington Post has an interesting article about Google collecting personally identifiable information about children under the guise of an art contest.

They write,

[...]  has been asking parents nationwide to disclose their children’s personal information,including Social Security Numbers,and recruiting schools to help them do it —all under the guise of an art contest. It’s called,“Doodle-4-Google,”a rather catchy,kid-friendly name if I do say so myself. The company is even offering prize money to schools to enlist their help with the promotion. Doesn’t it sound like fun?  Don’t you want your kid to enter too?

What could be wrong with filling out a few entry forms?

A national,commercial database of names and addresses of American children,especially one that includes their dates of birth and SSNs,would be worth many millions to marketing firms and retailers.

Of course,data collection is not the reason Google gives for doing this competition. Their FAQ says it’s because “We love to encourage and celebrate the creativity of young people…”etc. If that’s so,then why on earth would the contest’s original Parent Consent Form ask for the child’s city of birth,date of birth and last four digits of the child’s SSN?  Along with complete contact info of the parents.

You see what Google knows and many parents don’t know is that a person’s city of birth and year of birth can be used to make a statistical guess about the first five digits of his/her social security number.  Then,if you can somehow obtain those last four SSN digits explicitly —voila,you’ve unlocked countless troves of personal information from someone who didn’t even understand that such a disclosure was happening.

This kind of data can be linked with other databases to target advertising. It’s worth many times more than what Google will spend on prizes (each State Finalist gets a T-shirt!).

[...]

So in closing,three simple ideas for you,gentle reader,to take away.  (1) City of birth,when coupled with year of birth,can be correlated to social security numbers,so don’t give it out just because a box appears on a form. (2) No public contest should ask for any part of a social security number,especially involving kids. (3) For internet searches,have you tried Yahoo! or Bing lately? You just might find what you’re looking for.

Scary. And yes,what would hold Google back from making this information available to marketers?

Leave a comment   Child Safety,General,Identity Theft,Social Engineering,Useful   ,,  

How HBGary Federal was compromised –lessons to be learned for everyone

By Sven Olensky,on February 16th,2011%

ARSTechnica has an excellent writeup on what happened to HBGary Federal,the company whose CEO claimed he infiltrated Anonymous,the well-known group that was responsible for the attacks on MasterCard,PayPal and others back in December. Once his claim spread on the Internet,Anonymous broke into his company’s infrastructure,retrieved over 60,000 emails,hacked his web site,his Twitter account and pretty much made an embarrassment out of him on the Internet. Well,out of him,his boss and his company. Furthermore,they were in talks of getting bought for up to $2 million,all of which fell through because he leaned out of the window too far.

ARSTechnica illustrates how HBGary Federal’s infrastructure was compromised by using the most basic methods of intrusion,a combination of exploitation of common vulnerabilities and the realization that the CEO/COO used simple passwords.

Lessons for others:

Leave a comment   Identity Theft,Social Engineering,Social Networking   ,,,,,,,,  

UPDATE:How to enable encryption for your Facebook account –IMPORTANT!

By Sven Olensky,on January 28th,2011%

UPDATE:

Facebook is slowly rolling this out to the user base. If you haven’t been able to set this yet,try again and keep checking back on it in 24 hour intervals.

==

The good folks at Sophos created a video that shows you how you can enable SSL encryption for your Facebook sessions. That way your sessions cannot be monitored anymore,and your account information cannot be stolen via tools like Firesheep.

The video is here.

Basically,in your Facebook browser window,execute the following steps:

1. Navigate to Account (top right) –Account Settings –Account Security

This is in the process of being rolled out,so you may not see the next option just yet,if you do not,check back in half a day or so:

2. Under ‘Secure Browsing (https)’,check ‘Browse Facebook on a secure connection (https) whenever possible’.

3. Hit ‘Save’.

4. Log out of your Facebook session via ‘Account’–‘Logout’or close your browser (via ‘Quit’).

5. From now on,navigate to https://www.facebook.com to log in,not ‘http://www.facebook.com’.

That’s it!

NOTE:THIS DOES NOT PROTECT YOU FROM KEYLOGGERS AND VIRUSES THAT ARE INSTALLED ON YOUR MACHINE. It is NOT RECOMMENDED to hit up the Internet from public terminals that you do not control yourself. Attackers can still infect those machines and steal your information! Always use your own laptop/device to connect to public sites,especially if you have to submit log-in information at any point.

Leave a comment   Advisories,General,Social Engineering   ,,,,,  

Honda’s Customer Database breached –millions of email addresses and VIN numbers leaked

By Sven Olensky,on January 4th,2011%

News outlets reported that apparently a database has been breached that contained millions of names,email addresses and associated VIN numbers of Honda and Acura customers.

MSNBC reports:

[...]

Cybercriminals hacked into the database of American Honda Motor Co.,Inc. stealing the names,e-mail addresses and Vehicle Identification Numbers (VIN) of 2.2 million car owners.

The affected automobile owners received an e-mail from Honda last week notifying them of the breach,reported the Columbus Dispatch. It is not known when the database hack occurred.

The e-mail message explained that customers’ identifications were compromised by thieves who gained unauthorized access to an e-mail list initially set up to create a welcome e-mail for new Honda and Acura owners. The welcome e-mail list contained customers’ names and e-mails,as well as online login names and their 17-character VINs.

The hacked Honda list contained no financial information,Social Security numbers or phone numbers,according to Honda.

A separate list of 2.7 million Acura owners’e-mail addresses was also accessed,but that list contained no other personal information.

While the risk for identity theft is not high as apparently no other related information was stolen,Honda/Acura owners can expect attempts to phish information from them –watch out for suspicious emails or letters that ask you to furnish personal information or register at other websites. Stay alert. This information can be used to compromise your identity down the road.

One comment   Advisories,Social Engineering   ,,  

Are you affected by the Gawker account hack?

By Sven Olensky,on December 16th,2010%

This site enables you to enter your email address to see if your account was part of the database theft that occurred last week.

As you may know,hackers stole over 1.3 million accounts after breaking into the user database that hosts accounts for the Gizmodo,Gawker,Deadspin,Kotaku,Jezebel,IO9,Jalopnik and Lifehacker blogs.

More about that can be read here:

Blog operator Gawker Media has asked the users of the Gizmodo,Gawker,Deadspin,Kotaku,Jezebel,IO9,Jalopnik and Lifehacker blogs to change their passwords. The reason for the request was that the company’s servers were hacked by a group called “Gnosis”,who copied and published sensitive company data,as well as users’account details,to an online torrent web site.

While the 1.3 million compromised passwords are said to be DES encrypted,this type of encryption no longer presents a major obstacle to password crackers,especially if the passwords are weak. Gnosis said that they managed to obtain the password of Gawker founder Nick Denton,who apparently also uses the same password on Google and Twitter.

The experts at Duo Security created a simple web interface that you can use to see if your account is in the stolen database dump (it was widely available through Bittorrent streams). If your account is found,it is VERY IMPORTANT that you change ALL your passwords right away to avoid compromise. This includes any accounts where you used your email address as user name.

Again,the website to check this out is at http://www.didigetgawkered.com/.

Leave a comment   Advisories,Identity Theft,Social Engineering   ,,,,,  

New Fake AV variant out there,Norton/Symantec/Microsoft do NOT DETECT IT

By Sven Olensky,on November 1st,2010%

I came across a new piece of malware,pretending to be an Anti-virus scanner and thoroughly compromising a system. It is currently only detected by 11 out of 43 listed AV vendors on Virustotal.com,with Norton/Symantec and Microsoft NOT BEING ABLE TO DETECT IT!

Name of the binary I received:hotfix.exe

MD5 (hotfix.exe) = 8aa68699fe0cb874b57f6efa832a337d

Behavior:

  • it is a FAKEAV piece. It pretends to be ‘Microsoft Security Essentials’ at first. The piece looks pretty real,actually had me checking if I had MS Security Essentials installed in the first place (I do not,on my lab machine).
  • it intercepts applications running on the machine by adding a registry key intercepting any calls by sending it through the binary:

HKU\S-1-5-21-1343024091-1078145449-854245398-1003\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell:“C:\Documents and Settings\Username\Application Data\hotfix.exe”

  • It places an icon on your desktop ‘ThinkPoint’which points to the binary that is now residing in “C:\Documents and Settings\Username\Application Data\hotfix.exe”
  • it requires you to ‘scan online’ and asks you to install the full version of THINKPOINT,pretending to be a virus scanner
  • it tries to connect to firastbill.com,an IP hosted in China. The IP is 91.217.162.172.
  • it opens a web page displaying a shopping cart,where you can enter your credit card information.

What can be done about it? Aside from manual removal,not much. I will update this post as soon as I have something to report.

See below for some screenshots:

‘infection’:

‘solution found –go online and buy’:

Startup screen once binary gets executed from desktop:

Pretend scan:finds multiple problems and then wants you to download the ‘heuristic module’. There is no real activity during the scan,just show.

2 comments   Malware,Research,Social Engineering   ,,,  

Facebook crawler collects more than 170 million data sets

By Sven Olensky,on July 28th,2010%

Heise reports:

Hacker Ron Bowes has written a web crawler which he used to systematically graze through [public Facebook profiles]. Bowes claims to have collected more than 170 million sets of data containing the names and URLs of public profiles. The files do not contain any further personal data such as friend lists,but the links in the profiles can easily be used to send out another crawler to collect this information. Bowes has formatted the list and,together with the crawler itself,made it available as a 2.8 GB torrent.

You may want to double check what you choose to have public.

Leave a comment   Advisories,General,Identity Theft,Social Engineering   ,,,,  
 
 Older Entries »

Blog Archive