Home Of Teddy Bears Picnic Gets Hacked By Cyber-jihadists

Algerian hackers made a slight mistake when they defaced the website of an English stately home instead of the website for Belvoir Fortress in Israel.

The cyber-jihadis of Dz-seC, a previously unknown group, commandeers the website of Belvoir Castle in order to post and an anti-Zionist rant and an image of the Algerian national flag.

Belvoir Fortress in Israel was a Christian outpost in the time of the crusades, Belvoir castle was a Royalist stronghold during the English civil war. and these days is best know for it’s annual teddy bears’ picnic.

a Belvoir Castle spokesman, when speaking with the daily telegraph: “We’ve nothing to do with the Middle-East, I just help to organise the teddy bears’ picnic. It does make more sense that they meant to target the fortress in Israel rather than the castle in Leicestershire.”

Belvoir Castle’s website has since been restored since the attack of the geographically misguided jihadists.

Certificate Of Approval For Microsoft Security Essentials

AV-test.org is a group with over 25 years experience in anti-virus research and data security. And they have awarded Microsoft Security Essentials their certificate of approval. A total of 19 AV and security applications were tested, all but 4 got certified: Trend Micro Internet Security Pro 2010, BullGuard Internet Security 9.0, Norman Security Suite 8.0 and McAfee Internet Security 2010.

The team at AV-Test said: "During April, May and June 2010 we continuously evaluated 19 security products using their default settings. We always used the most current publicly available version of all products for the testing. They were allowed to update themselves at any time and query their in-the-cloud services. We focused on realistic test scenarios and challenged the products against real-world threats. Products had to demonstrate their capabilities using all components and protection layers."

The products were tested in the following categories:

  • Protection – static and dynamic malware detection, including testing for real-world 0-Day attacks.
  • Repair – system disinfection and rootkit removal
  • Usability – amount of system slow-down caused by the tools and the number of false positives.

    AV applications were scored between 0.0 (worst)-6.0 (best). Security Essentials scored 4.0 for protection, 4.5 for repair and 5.5 for usability.

    The Windows Security Blog was pleased with the certification and said the following:

    "the most important validation of AV quality comes from independent certification organizations like VB100, AV-Test and others. With the current version of Microsoft Security Essentials and the new version now available in beta, our commitment remains constant: to provide security you can trust that is easy to use and provides protection that runs quietly and efficiently in the background, ensuring a great Windows user experience."

    The top three AV applications were Panda Internet Security 2010, Norton Internet Security 2010 and Kaspersky Internet Security 2010. but none got higher than a score of 5.5.

  • Android App Steels GPS Data

    Symantec researchers have outted an Android gaming App that tracks user’s locations so that they can be secretly monitored in real time.

    Known as Tapsnake, the free app is an Android version of the old school video game. but that’s not all it is, every 15 minutes it uploads GPS coordinates from the users device to a server that can be monitored by people who are running an app called GPS Spy. Made by the same developer, this app will cost you $4.99.

    Symantec’s advisory warns: “GPS Spy then downloads the data and uses this service to conveniently display it as location points in Google Maps. This can give a pretty startling run-down of where someone carrying the phone has been.”

    Tapsnake has seen 1,000 to 5,000 downloads, while GPS spy 100 to 500. This discovery comes after a suspicious wall paper app was downloaded millions of times. Which is now believed to be the first in the wild SMS Trojan for the platform.

    Researchers have pointed out that an stalker would need to have physical access to the device of the user being targeted. Since account details must be inputted into the device running Tapsnake. Android always notifies users installing apps about the types of resources it will access. So those that innocently install the application, if paying attention, will have reason to be suspicious.

    Symantec has made the decision to class the app as malicious due to the fact that it doesn’t disclose it’s snooping features. They also pointed out that the app continues to run in the background after being killed by the user. very unsavoury behaviour indeed!

    Kernel-Level Vulnerability In Windows

    A kernel-level vulnerability has been identified by researchers, and is present in all Windows versions even W7. The flaw allows attackers to gain escalated privileges and possibly remotely execute malicious code.

    The buffer overflow can be used to crash vulnerable machines as well as elevate privileges. IT research company, Vupen has said that it may also be possible for attackers to execute arbitrary code with kernel privileges.

    Secunia have also posted a warning:

    “The vulnerability is caused due to a boundary error in win32k.sys within the "CreateDIBPalette()" function when copying colour values into a buffer allocated with a fixed size when creating the DIB palette. This can be exploited via the "GetClipboardData()" API to cause a buffer overflow by specifying a large number of colours (greater than 256) via the "biClrUsed" field in a BITMAPINFOHEADER structure.
    Successful exploitation may allow execution of arbitrary code with kernel privileges.”

    The flaw effects fully patched installations of every supported Windows platform from XP SP3 to Server 2008. And is likely to affect earlier versions too. There have not been any reports that the vulnerability is being exploited in the wild, but now the cat is out of the bag. Microsoft has said it is investigating the issue.

    100m Facebook Accounts Have Data Published To BitTorrent

    A security researcher has compiled the names and URLs of over 100 million Facebook accounts and made it available as a BitTorrent download.

    Self titled certified penetration tester, Ron Bowles, said he used some quickly written code to collect the names of over 100 million who had made their account accessible to Google and other search engines. The list also includes the unique web address of each account. This means that even if the user sets their account to be private later, the pages can still be accessed.

    In a blog post, Bowles wrote: “Once I have the name and URL of a user, I can view, by default, their picture, friends, information about them, and some other details. If the user has set their privacy higher, at the very least I can view their name and picture. So, if any searchable user has friends that are non-searchable, those friends just opted into being searched, like it or not! Oops :)

    Facebook does strictly forbid the scraping of it’s content, so Bowles’ unauthorized move may well incur some action. Bowles’ website at skullsecurity.org and skullsecurity.net also went down shortly after the revelation. It’s now back up and worth a visit to read his Facebook blog. Over 10,000 people have tried to download the file.

    Facebook has reminded users that they can make their account inaccessible to search engines, but as Bowles pointed out that makes no difference to those who make the change after the fact.

    It’s not a total surprise that information users have made available on the internet has ended up being available else where. When it on the internet, it’s on the internet. This is something that many netizens fail to recognise. Once something is on any website it becomes a permanent part of the internet record. Even when information is made “private” that’s often not the case. A wealth of web applications means a wealth of vulnerabilities.

    Fake Firefox Update Scareware In Disguise

    Scareware posing as a Firefox update has been developed by cyber criminals.

    This tactic marks a change in approach from the usual for this kind of scam. Typically surfers are lured to malicious sites via search engine manipulation. Fake scans then ensue on their systems, reporting it as riddled with viruses. Marks are then conned into buying AV that is more than useless and often left with annoying alerts popping up constantly.

    The scam uses Firefox’s “just updated” page that is display after an update is completed. The fake page tells users that they need a flash update. When he users go to download the update they receive a malicious payload instead. The attack launches once a user visits the fake site, which is not associated with Firefox.

    F-secure has a full write up on the attack on it’s site.

    On a related tip, McAfee have warned of a fake trial version of it VirusScan software. which is actually a Trojan in disguise. New variants of the Bredolab Trojan were attached to spam emails.

    Windows Shortcut security Hole Exploited By Zeusbot

    An unpatched shortcut handling flaw in Windows has begun to be exploited by the infamous Zeusbot. The flaw was first used by the sophisticated Stuxnet worm to target SCADA-based industrial control and power plant systems.

    Attacks began appearing last week, and now the criminals behind the Zeusbot toolkit have joined in. The toolkit is used frequently to steal back login details from compromised systems.

    the appearance of Zeus strains taking advantage of the flaw was first reported by F-Secure. E-mails posing as security messages from Microsoft are infected with the Zeusbot. The e-mails contain Zip attachments that dump the malicious payload onto systems once unzipped.

    Other viruses have also joined in the exploitation, including the polymorphic Sality virus. Trend Micro have picked up variant strains of Zeus and Sality, while McAfee report the Downloader-CJX Trojan as having begun to exploit the bug too. So it seem inevitable that even more malware will start targeting the Windows hole.

    the good news is that the all attackers a re currently using the same exploit method which makes it easier to block. A temporary work around has been provided by Microsoft until a full patch is released. Sophos have released a Shortcut exploit protection tool, which sys admins can obtain free of charge regardless of what AV they are using.

    You can read more about the exploit in a previous blog here.

    User Data Could Be Stolen Through Safari Vulnerability

    A Safari vulnerability revealed today can be exploited in order to steel users address book contact details through the autofill feature.

    Apple was apparently notified about the vulnerability a month ago by blogger Jeremiah Grossman. Details that can be stolen from a users contacts include names, place of work, address and e-mail address.

    The malicious code is powered by JavaScript and scans autofill information and anything that can be, without alerting the user. Grossman posted proof of concept code to a site that scans users info and displays what it has captured to the user.

    It’s possible that the code could be hidden in websites via advertisements or other means, stealing a users information with out them knowing it. The code however, can’t scan numbers so your phone number is safe.

    The vulnerability can only be exploited on Safari 4.x and 5.0 and takes information from the Address Book located on a Mac. Which is something users have to fill out when they boot up for the first time. So the code does struggle to capture information from Safari when run on a Windows machine but does still grab some.

    The vulnerability is easily blocked, just turn of autofill. Users should do this until Apple provides a fix.

    Google Questioned By 38 States About The Wifi Slurp

    38 US states have formed a coalition to probe Google on how the software that captured payload data from WiFi networks was included in their Street View cars.

    attorney general of Connecticut, Richard Blumenthal, said in a statement issued Wednesday:

    “We are asking Google to identify specific individuals responsible for the snooping code and how Google was unaware that this code allowed the Street View cars to collect data broadcast over WiFI networks. Information we are awaiting includes how the spy software was included in Google’s Street View network and specific locations where unauthorized data collection occurred.”

    According to Blumenthal 38 states and the District of Columbia have joined the probe. Connecticut, Florida, Illinois, Kentucky, Massachusetts, Missouri, and Texas are on the coalition’s executive committee. The aim of the investigation is to determine whether any laws have been broken and whether legislation is needed to prevent similar events from occurring again.

    The data was captured over a period of three years. During this period Google asserted that only network SSIDs and device MAC addresses were being collected. In May this year Google admitted that the Street view cars had collected payloads from unencrypted Wi-Fi networks that were within range. But that the software responsible was included by accident. The company reasserted this claim on Wednesday.

    A spokeswoman for Google wrote in an e-mail: “As we’ve said before, it was a mistake for us to include code in our software that collected payload data, but we believe we did nothing illegal. We’re continuing to work with the relevant authorities to answer their questions and concerns.”

    Blumenthal added, in his statement: “Google’s responses continue to generate more questions than they answer.”

    There have been at least 7 civil lawsuits filed against Google over the WiFi grab. Canadian, Australian and European agencies have also opened investigations. The FTC has been called on by American Lawmakers to start it’s own enquiry. Blumenthal has said he is still recruiting other states to join the coalition.

    New Zeus Crimeware Toolkit Out Now.

    A new version of the Zeus crimeware toolkit has been created by Hackers. It has been design to steel account etails for UK, US, Spanish and German banks.

    CA has named the malware payload as Zeus v3 which is more selective about the banks it targets. Before, Zeus targeted financial institutions around the world. But this latest variant has two strains. One targets banks in Spain and Germany, and the other, banks in the UK and US.

    this new version also makes it far harder for security researchers find out what it’s doing. The Zeus zombie drones operate in a more covert manner.

    Senior research engineer with CA’s Internet Security Business Unit, Zarestel Ferrer says: "In earlier versions, Zeus handles this configuration file in a way that security researchers can easily manage to reverse engineer and capture the actual full configuration content. This is no longer the case for the latest Zeus bot version 3, which is already in the wild. It employs layers of protection by applying the principle of least privilege. It means that the bot must only access remote command, information and resources that are necessary to a specific function and purpose."

    The command and control servers for the bot seem to be mostly located in Russia. In previous version UK,US Spanish and German banks were targeted the most. The cyber crooks have concentrated this focus with v3 to meet customer demand it would seem, by releasing localised versions to key geographical markets.

     


    Virtualization Experts


    Microsoft Support


    IT Security Experts


    GFI Silver Partner