F-Secure, a finnish security company recently found a malware which installs itself to almost all operating systems. It is a web exploit which recognizes the OS of the visitor and then installs the corresponding malicious code for that OS. This one is not installed on your system unless you approve a Java applet installation. In all operating systems the code does the same thing, it connects to a command and control server (with IP 188.8.131.52) and then it downloads additional code to execute. The name of this scary but intelligent malware is GetShell.A. There are millions of malware out there and you can’t be too careful.
Category Archive: Hacking
Yahoo! Voice has been hacked and 400,000 passwords were leaked. If you use Yahoo Voice then you should change your password A.S.A.P. Also, if you are using the same password on other websites and services, now it is a good time to change those too. Once again, the hack was based on SQL injection. Yahoo! has released a statement where apologizes for the attack to the users. If hackers have the password of your email account then they can access any other accounts where you used this email to sign up.
A flaw has been found on Intel chips and hackers can exploit that vulnerability to gain access to your computer using the operating system. So far hackers exploited the vulnerability on Windows 7 64bit, Free BSD, NetBSD and there is a big chance to be exploited also in OS X. Attackers can use the flaw to execute code on your system with kernel privileges. AMD processors do not have that flaw as they don’t use the buggy SYSRET instruction. Affected operating systems are aware of that and they are preparing a fix, some of them were even pushed an update so there is a big chance that your system is safe (if your OS is up to date).
Part of LinkedIn database was leaked and millions of (encrypted) passwords are now in the hands of hackers with potential malicious use. Even though encryption is strong this doesn’t mean your password is safe. They can find your password with a brute force attack and they will do it because they are not cracking one password which might not be worth the time but they can crack millions of passwords simultaneously. It is a matter of time until they crack the passwords and the best protection now is to change your password so even if they find which was the password it will now be different and don’t be able to access your account. If you don’t change the password and your account is hijacked then don’t complain about it because is your fault.
Iran has invested a lot in cyber capabilities, both offensive and defencive. They moved all government websites to local servers to protect them from attacks few months ago. Now they are hiring an army of hackers in order to become a cyber super power. According to rumors, they are building their arsenal and they will target US facilities like power grid and water systems. They will not attack just yet but they are being prepared for a future confrontation with the United States. One of the main reasons of Iran cyber decisions is the Stuxnet trojan and I can’t blame them. The soldiers of the future are hackers and the next war will most probably be electronic targeting valuable facilities.
Anonymous were using PasteBin as a tool to post and share information they acquired or exploits they found. PasteBin was their first choice until it decided to censor its content and comply with law enforcement requests. Anonymous decided to create their own, uncensored alternative called AnonPaste. The site is based on the open source project ZeroBin. AnonPaste server has no knowledge of the pasted data. Stored data is encrypted and decrypted by the browser with 256 bits AES encryption algorithm. Anyone can paste anything anonymously just by opening the site and paste your content. The only thing you set is the expiration limit with minimum 10 minutes and no maximum. The maximum is when the website is closed or decide otherwise but until then your pasted data will be there. If you want to share your information, now there is a secure way to do this.
After Lilupophilupop, which infected one million web pages, a new mass SQL injection campaign appears. The name of this new mass SQL injection campaign is Nikjju and has infected about 200000 URLs. It has targeted ASP and ASP.NET websites. Nikjju.com, the domain in the script of the injected code, was registered few days ago on April fool’s day. It appears that website owners and administrators still don’t care about security. SQL injections is one of the most popular security hole and it can be easily avoided with few steps.
As me mentioned in a previous post Flashback infected more than 600000 Macs. F-Secure released manual steps on how to remove the trojan from your computer. Now they have turned those steps into a tool that can check and remove the trojan for you automatically. On the other hand, Apple announced that they are working on a fix but until now there is no response. Maybe they are still working on it. Maybe they are still working on a Java vulnerability patch too. It seems that trojans and viruses are not Apple’s strong points. Visit the source link and download the Flashback removal tool, you can get rid of the trojan in 4 simple steps.
Anti-virus companies are doing a (very) good job at detecting malware in our computers but hackers are always one step ahead. Some users think that having an anti-malware software on their computers are safe and some others think that they don’t even need them because they are very carefull on what they download. For both categories, the reason they believe that is ignorance which is sometimes a bless but not in this case. Many malwares are injected to your system by a method called drive-by download or drive-by-installation. Malwares can be installed to your computer by just opening a malicious email or visiting a website. Recently security researches at Kaspersky lab discovered a malware that it does not even create any files on your hard drive and thus can not be found by (most of) anti-malware programs. It is injected in your RAM with the drive-by download method by exploiting a Java vulnerability and you are infected while your computer is not shutting down.