Tech News

Butterfly flapped its wings and caused internet hurricane. A Slovenian virus writer who created an infamous strain of malware used to infect an estimated 12 million computers worldwide has been jailed for almost five years. Matjaž Škorjanc (who operated under the handle Iserdo) was sentenced by a Slovenian court for writing the code used to create the infamous Mariposa botnet. The virus writer, 27, was arrested in 2010 following a two-year-long investigation by the FBI as well as Spanish and Slovenian police. He had been a student of medicine and, later, computing. He was sentenced in late December for offences related to the creation of Rimecud, a malware starter pack that spreads by copying itself to removable storage devices, instant messaging and P2P file-sharing systems. Once infected, compromised computers became part of an information-stealing botnet which hoovered up passwords and credit card details from victims. Škorjanc\'s code was sold through underground forums to other cyber-criminals, including a trio of chancers in Spain who proved especially adept at spreading the malware. Their actions earned the whole malware outbreak a Spanish name - Mariposa being Spanish for \"butterfly\" - even though it spread worldwide. The network of compromised PCs established using the Mariposa code was taken down back in 2009. A regional court in the Slovenian city of Maribor convicted Škorjanc of malware creation and money laundering, jailing him for 58 months (four years and 10 months) in total. In addition, he was fined €3,000 and had his apartment and car, which were judged as being bought with the proceeds of crime, confiscated. Prosecutors claim that Škorjanc earned up to €114,000 from his crimes, while estimating the damage caused by Mariposa to run into tens of millions of euros. Škorjanc\'s ex-girlfriend, Nuša Čoh, also received a punishment of eight months\' probation for-money laundering as part of the same prosecution. Škorjanc plans to appeal against his conviction. Submitted By: Vandal

The new year begins as the old year ended: with yet more vulnerabilities turning up in consumer-grade DSL modems. A broad hint for any broadband user would be, it seems, to never, ever enable any kind of remote access to the device that connects you to the Internet. However, the hack published by Eloi Vanderbeken at github, resets devices to factory default, enabling a remote attack without the password. Vanderbeken says the backdoor is confirmed in devices from Cisco (under both Cisco and Linksys brands, the latter since offloaded to Belkin), Netgear, Diamond, LevelOne and OpenWAG. According to a post on HackerNews, the common link between the vulnerable devices is that they were manufactured under contract by Sercomm. Trying to access a Linksys WAG200G device for which he\'d forgotten the password, Vanderbeken noticed the device was listening on Port 32764, an undocumented service noted by other users. Reverse engineering the MIPS code the device\'s firmware is written in, he says he located a way to send commands to the router without being authenticated as an administrator. In particular, the backdoor allowed him to brute-force a factory reset without providing a password – meaning that on his next login, he had access to everything. Vanderbeken\'s proof-of-concept python code includes reporting on whether the device it\'s running against is vulnerable or not. It seems to The Register that at least this vulnerability doesn\'t permit a silent attack: if an outsider ran the code against someone\'s router, the crash and resulting reset to default passwords would at least alert the victim that something had happened. Source: theregister Submitted By: Vandal

Dutch cybersec firm estimates 27,000 infections per hour through Java vulnerabilities. Yahoo\'s ad network may have exposed the Web giant\'s public users to massive volumes of malware over the past few days at a rate as high as 27,000 infections every hour, according to a Netherlands-based cyber security company. The Dutch firm, FoxIT, said some ads caused on-click redirects to infected sites. The sites then installed a range of malware, using exploits tailored to vulnerabilities in the Java runtime library. FoxIT, reported on its blog that a number of its clients had encountered infections on or before 3 January after they visited yahoo.com. The blog listed a number of domains to which the ads redirected users and also said the domains were served by a single IP address that \"appears to be hosted in the Netherlands\". The redirect led to the download of an exploit kit called Magnitude, which installed malware such as infamous banking Trojan ZeuS and Andromeda, which has a variety of uses including joining a machine to a botnet. \"Based on a sample of traffic we estimate the number of visits to the malicious site to be around 300,000 per hour,\" FoxIT claimed on its blog. \"Given a typical infection rate of 9% this would result in around 27,000 infections every hour. Based on the same sample, the countries most affected by the exploit kit are Romania, Great Britain and France.\" \"We recently identified an ad designed to spread malware to some of our users,\" CNET quoted Yahoo as saying. \"We immediately removed it and will continue to monitor and block any ads being used for this activity.\" FoxIT said a traffic drop to the Magnitude exploit suggested that Yahoo was starting to address the issue. Source: itp Submitted By: rex_mundi

The National Security Agency has a lot of employees divided into many departments, but its hacking unit may be the most important of them all. The purpose of the Tailored Access Operations (TAO) is to infiltrate computers around the world and break into the most protected data centers. According to Der Spiegel, the elite hackers\' team is specialized in \"getting the ungettable.\" As an unnamed official told the magazine, the unit obtained “some of the most significant intelligence” the United States has ever seen. The hackers conducted thousands of operations worldwide. For instance, back in 2010, files indicate that they ran 279 operations. Aside from infiltrating worldwide computer networks, TAO also specializes in intercepting computer deliveries around the world and infecting them with malware or adding hardware that helps it spy on its targets. Der Spiegel writes that the department has access to a wide range of high tech gadgets used for its operations, including monitor cables modified to record what\'s being typed on screen and radio transmitters fitted in USB sticks.

Researchers have revealed how cyber-thieves sliced into cash machines in order to infect them with malware earlier this year. The criminals cut the holes in order to plug in USB drives that installed their code onto the ATMs. Details of the attacks on an unnamed European bank\'s cash dispensers were presented at the hacker-themed Chaos Computing Congress in Hamburg, Germany. The crimes also appear to indicate the thieves mistrusted each other. The two researchers who detailed the attacks have asked for their names not to be published.

If you own a world-renowned Security Product or a Service, National Security Agency (NSA) is ready to pay you 10 Million or more bribe for keeping intentional backdoor for them. According to an exclusive report published by Reuters, there is a secret deal between the NSA and respected encryption company RSA to implement a flawed security standard as the default protocol in its products. Earlier Edward Snowden leaks had revealed that the NSA created a flawed random number generation system (Dual_EC_DRBG), Dual Elliptic Curve, which RSA used in its Bsafe security tool and now Snowden has revealed that RSA received $10 million from NSA for keeping Encryption Weak.