BitDefender : Tips for Safe Shopping on Mobile Devices

A small piece of advice by BitDefender on security aspects while using new generation mobile devices.Pls click HERE

Trojan.Spy.YEK : The Corporate Spying Tool

1. The Stuxnet trembles and quakes are still not over and unlikely to be forgotten for some years.After the stuxnet storm ,each one from the corporate sector IT bosses to IT admins in individual capacities,every one was trying to be careful of any sign of outside intrusion . These days when some e-threat comes along and sniffs for critical data, it could mean billions & trillions of money IN/OUT in seconds. 

2. Trojan.Spy.YEK is unlike a regular Spying Trojan that looks for documents and archives that may hold private information but also sends it back to the attacker.

3. Trojan.Spy.YEK has both spying & backdoor features with an encrypted dll in its overlay, this Trojan is easily saved in windows\system32\netconf32.dll and once injected in explorer.exe nothing can stop it from connecting (whenever necessary) to a couple of easy pings & sharing all with the attacker.

4. The backdoor component helps it register itself as a service so as to receive and follow instructions from a command and control center, while the spyware component sends away data about files, operating system, while also making screenshots(trying to make a user freindly hand guide for later action...isn't it so caring?????) of the ongoing processes.

5. Some of the commands it is supposed to execute are: sending the collected files using a GET request, sending info regarding the operating system and computer, taking screenshots and sending the results, listing the processes that run on the system and sends them away, finding files with a certain extension. Shortly put, it uploads all the interesting data on a FTP server without the user’s consent.

6. The fact that it looks for all that it is linked to archives, e-mails (.eml, .dbx), address books (.wab), database and documents (.doc, .odt, .pdf etc) makes Trojan.Spy.YEKa prime suspect of corporate espionage as it seems to target the private data of the companies.

7. This infection will change the registry settings and other important windows system files. If Trojan.Spy.YEK is not removed it can cause a complete computer crash.Some Trojan.Spy.YEK infections contain trojan and keyloggers which can be used to steal sensitive data like passwords, credit card, bank account information etc. 

8. On top of that, the Trojan can run without problems on all versions of Windows® from Win 95® to Seven®. 

FBI : A Parent's Guide to Internet Safety

A must read guide from  The Federal Bureau of Investigation (FBI), an agency of the United States Department of Justice for all the parents in the world, advising & trying to make them understand the complexities of online child exploitation.....please click HERE

Case of Albert Gonzalez : The Largest Online Fraud in U.S. History

1. This case that I recently read in brief pertains to an interesting online fraud case against Albert Gonzalez.I have made it in a sequential point to compress the complete story for easy reading and grasping :

(a) Albert started using computers at an early age, and while in high school, managed to hack into the Government of India's website[ :( ]. Sadly, he was not charged at this stage and only warned to stay away from computers for six months.

(b) At the age of 19, he started his own group of hackers, named ShadowCrew, which trafficked over a million credit card numbers for use in online fraud. When the FBI finally managed to shut the group down, Albert was charged. However, he worked with the investigators and gave away vital information on his cohorts and did not need to serve a sentence. 

(c) Still on,Albert after two years worth of hardwork(????) compromised on sensitive data including 45.6 million credit and debit cards.

(d) TJX Companies notified the authorities of their data leakage. Albert had the abilities to crack and hack his way through, but the low security measures didn't help TJX. Albert was able to install his malware and sniffing software onto the networks of TJX and all the stores operating under them, even outside of the United States. TJX discovered the breach in December of 2006 and was under the belief that they had only been losing data for the past six to seven months, dating back to May 2006. After further investigation, they found that they were losing sensitive data since 2005. Albert had already moved on to bigger and better operations by the time TJX had even started discovering the extent of their security breach.

(e) Gonzalez and his accomplices used SQL injection techniques to create malware backdoors on several corporate systems in order to launch packet sniffing (specifically, ARP Spoofing) attacks which allowed him to steal computer data from internal corporate networks.

(f) During his spree he was said to have thrown himself a $75,000 birthday party and complained about having to count $340,000 by hand after his currency-counting machine broke.(ha ha ha.....wow!!!!anyway)

(g) Gonzalez had three federal indictments:

- May 2008 in New York for the Dave & Busters case (trial schedule September 2009)

- May 2008 in Massachusetts for the TJ Maxx case (trial scheduled early 2010)

- August 2009 in New Jersey in connection with the Heartland Payment case.

(h). On March 25, 2010, Gonzalez was sentenced to 20 years in federal prison.

2. For details of the case with many links please visit HERE

Operation Pay Back & LOIC

A good one to read about the link between Mega D Botnet,Operation Pay Back with the aid of LOIC @ here

Full stop from being tracked online :An attempt from FIREFOX

1.  Firefox is working on a system which will provision web surfers to stop from being tracked online.We all know how  behemoths viz Google,Facebook and a plethora of OWMs use such information to sell targeted adverts and make money without ever asking the consent of the user.Such a move would be welcomed by privacy campaigners who have long complained that Google & Facebook are taking indecorums with the information .Currently these information seeking companies make use of 'cookies' that automatically save themselves onto users computer when they surf the web, and then keep a track of the browsing history.This data is then sold on to advertisers who put highly lucrative targeted ads on the individual's screen, depending on what internet pages they have recently been looking at. 

2.  Vice president of engineering at Mozilla,Mike Shaver,summed up the plan by saying the aim was to "put the user in control but not overwhelm them".And this would not only be a welcome step being used against information thefts but also actually be a booon for users who have been taken on a ride for so long on which they never ever desired to also......

Removing METADATA from JPEG & IMAGE FILES

1.    Invariably we all find various images from the net for our routine use,download them,modify them and use them in our sites and posts....but are we authorised to do so?...coz each jpeg and image file by a digital camera holds info in form of metadata and in few cases...the images may be copy right which may inadvertently rule against the user....so what to do to ensure safe...simple ...remove metadata from the image....but how?...here comes jhead for your help.Read and follow the instructions below :

- Press Start & Run or Windows key + R to open Run menu, type cmd.exe and press OK

- Type cd\     [To reach root directory]

- Type C:\md removemetadata     [To create a new directory by the name removemetadata]

- Type C:\cd removemetadata      [To reach the directory and Copy all pictures whose metadata is to be removed to this directory ]

- Download the program file jhead.exe to C:\removemetadata

- Type cd removemetadata

- To remove all metadata of all JPEG files in "this dir, type: jhead -purejpg * and press enter

- Done

2.    So doing this small,boring but important function will avoid case study like the mumbai case mentioned at an earlier post.

3.    Another easy way is to simply take a screen shot of the image and paste it in paint brush.But this would be cumbersome to do when the images are in bulk quantity.To download JHEAD...click here

Get Paid to Hack GOOGLE

1.    Google has made it official now vide which Google willl pay $500 and $3,133 to people who discover security vulnerabilities in its websites and online applications.......Google calls the program "experimental," but says it gives security researchers new incentives to report Web flaws directly and in real time to Google's security team thereby improving upon zero day exploit matters.

2.    This provisions  Google a chance to fix the vulnerabilities before it is exploited the way it should be. So, in order to qualify, security researchers must privately disclose new flaws to Google first before they go public with their research. Thus depending on the extent and scale of vulnerability made known to google,so will be the prize money awarded....And Google says that participants shouldn't use automated tools to search for flaws

 

MICROSOFT & Failures!!!

1.     For a IT giant like MicroSoft,this would not sync well,but for Microsoft,the year 2010 has seen more of closures of major projects launched with lots of promises and fanfare but somehow unfortunately it did not go the way microsoft desired tooo...and so had to be shut down in the same year....the list goes like this with some details in few lines ....

• February 2010 saw Microsoft announcing discontinuation of "Xbox Live service for original Xbox consoles and games.

• April 2010, Microsoft confirmed stopped working on tablet project, codenamed Courier which was touted to be an Apple iPad rival. 

• September 2010, Microsoft announced that the Windows Live Spaces blogging service will be Terminate gradually in favour of WordPress.com.

• May 2010, Microsoft announced halt on the Response Point phone system. 

• June 2010 saw Microsoft announcing discontinuation its new generation of smartphones.

• September 2010, Microsoft announced closure of Vine, a service built to help keep friends and family in touch during emergencies. 

2.      Thanks TimesofIndia

Mozilla @ Prone again!!!!

1.    Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, when JavaScript is enabled, allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the appendChild method, incorrect index tracking, and the creation of multiple frames, which triggers memory corruption, as exploited in the wild in October 2010 by the Belmoo malware.

2.    Thanks http://www.us-cert.gov