Help | Contact | Forum | Affiliates | Press
Purchase
Download
Features
Screenshots
Demo
The FBI for at least seven years has relied on a home-brewed package of spyware to infiltrate the computers of criminals and secretly send a wide range of information to servers controlled by the bureau, according to an investigation by Wired.com. The software, dubbed CIPAV, or computer and internet protocol address verifier, played a starring role in the investigations of a cast of criminals, including a Massachusetts man who tried to extort Verizon and Comcast by cutting off telephone, cable TV, and internet service for thousands of Boston residents and then demanding protection money. Agents trying to track the man's whereabouts were thwarted by his use of a German anonymization service until they obtained a warrant to use CIPAV in February 2005. Although documents didn't provide the criminal's name, the facts of the case closely match those of Danny Kelly, an unemployed Massachusetts engineer who later pleaded guilty to extortion and was sentenced to five years probation. According to a 2007 affidavit, CIPAV "gathers and reports a computer's IP address; MAC address; open ports; a list of running programs; the operating system type, version and serial number; preferred internet browser and version; the computer's registered owner and registered company name; the current logged-in user name and the last visited URL." It then settles into silent mode, in which it surreptitiously monitors the machine's internet usage, including the IP address of every site it visits. Documents suggest that agents in some cases may exploit browser vulnerabilities to sneak CIPAV onto machines of suspects. In the case of a 15-year-old Washington state student suspected of making bomb threats, agents installed CIPAV after planting it in the private chat room on his MySpace account.
Almost a third of users of social networking websites such as Facebook and MySpace are fed up with receiving requests to join online groups or try new applications, according to a study. The study, for industry body the Interactive Advertising Bureau, found that 31% of social networking website users disliked the barrage of notifications and requests to join various groups or try applications. Research by the IAB also suggested that despite the rush by brands to tap into the potential of websites such as Facebook and MySpace, the reality is that users are turned off by marketing tactics. Only 5% of those surveyed said they had signed up to a social networking profile set up or sponsored by a brand. The report also found that 12% of those surveyed do not like the fact that other people can monitor online activity on websites such as MySpace and Facebook. The survey concluded that this suggested that users were not particularly aware of the privacy functions that can be set to limit what can be seen. However, the survey, carried out by research firm Opinion Matters for the IAB, found that 28% of social networkers were happy to join a new group if it offered exclusive content.
Spyware increased by 10 percent in the first quarter of 2009, compared to the same period last year, says Panda Security. According to PandaLabs, the security vendor's malware detection and analysis centre, the number of Trojans released onto the web increased by 31.5 percent compared to Q1 2008, while there was 21 percent more adware than in the same period last year. PandaLabs also said that Trojans accounted for 73 percent of all new malware indentified during the first quarter. "We have seen a dramatic increase in the amount of spyware in circulation over this period, probably aimed at saturating laboratories and consequently infecting more users," said Luis Corrons, technical director of PandaLabs.
Waledac is once again using its well proven social engineering tactics by introducing a “fake SMS spying tool” (free.exe; smstrap.exe; install.exe; setup.exe etc.) and Online Casinos theme, in an attempt to further expand the botnet. No client-side vulnerabilities are used for the time being, instead the cybercriminals are relying on their persistent rotation of the themes, and the end user’s lack of awareness. Here are more details on the subjects/message used: Can your love life be re-ignited? Are you sure in your partner’s faithfulness? Now, It’s possible to read other people’s SMS We will tech you to be the master of making love art Just type the phone number and read SMS Do you want to test your partner? Have more fun and pleasure in your intimate life Now, you can read any SMS messages from any mobile phones Keep a spy eye on your Girlfriend’s mobile What’s Your Hall of Shame Are you redy to know the truth? The message itself: “Get Your Free 30-Day Trial! Do you want to test your partner or just to read somebody’s SMS? This program is exactly what you need then! It’s so easy! You don’t need to install it at the mobile phone of your partner. Just download the program and you will able to read all SMS when you are online. Be aware of everything! This is an extremely new service!” Having migrated from a P2P communications model to a web based communications model (see live sample of Waledac attempting to connect to infected hosts), taking into consideration the similarities in the spam templates used, as well as network level connections, Waledac may not just be a successor to the Storm Worm, but may in fact be a reincarnated version of Storm.
A new "ransomware" threat described by Symantec uses SMS as part of the scheme. Meanwhile, according to F-Secure, the Waledac botnet is pushing fake programs that supposedly let you monitor other people's SMS messages. The ransomware threat is in Russian and identified by Symantec as Trojan.Ransomlock. The software locks up the system and demands a code from the user in order to unlock it. The window in which it presents this demand resembles vaguely the Windows activation screens, perhaps attempting to look legitimate in that way. The demand states (the numbers here are just examples): To unlock you need to send an SMS with the text 4113558385 to the number 3649 Enter the resulting code: Any attempt to reinstall the system may lead to loss of important information and computer damage Symantec did not test the actual SMS sequence. Probably the attackers receive money for each SMS sent to that number. Instead, Symantec reverse-engineered the code generator and created a tool to generate codes. It should also be possible to remove Trojan.Ransomlock by booting off a separate operating system and removing the relevant files and registry keys. After you enter the unlock code, the message goes away, but Windows could still be locked up. At this point you can use Ctrl-Alt-Del (which doesn't work before you enter the code), log off and the log back in. The Trojan is gone at this point.
Malware (malicious software) seems to be getting worse. No surprise since there's big money in it as a recent article in the Wall Street Journal pointed out. Typical scams aim to scare unsophisticated users with phony warnings that their computer is infected with a virus. Conveniently, the warning is followed by prompts to install software to remove the virus. Victims pay for the phony antivirus software and end up infected to boot. The term for this is scareware. A recent Microsoft report found one particular scareware program installed on 4.4 million computers. Scareware is not something that Vista's UAC can prevent since the user invites it in. Among the scareware programs are Antivirus'09, Personal Antivirus, WinDefender 2008, P Antispyware 09, WinPC Antivirus, RapidAntivirus, WinAntivirus, XP Antivirus and DriveCleaner. So, many people need malware removal. But how? BACKUP FIRST I suggest that the first step be to make a disk image backup of the infected machine. A disk image backup insures that all your files are backed up. No matter how well meaning any person or software may be, things can go wrong in the cleanup process. Any worthwhile disk image backup program should be able to run from a bootable CD or USB flash drive and write the backup to an external hard drive or another computer on a LAN. You should then be able to mount the backup on another computer and copy off individual files as needed.
More records were breached in 2008 than in the previous four years combined as a result of a few large breaches involving payment cards, according to a report released on Wednesday. Last year, 295 million records were compromised and there were 90 confirmed breaches, the Verizon Business 2009 Data Breach Investigations Report (PDF) found. The top five breaches accounted for 93 percent of total records compromised and as a percentage of caseload, 80 percent were payment card breaches while payment card data represented 98 percent of all records compromised last year. PIN data was increasingly targeted in 2008 in attacks in which magnetic-stripe data and PIN data was used for identity fraud. For example, criminals used the data to make ATM withdrawals from victim's accounts. PIN data stolen in a breach at payment processor RBS WorldPay was used to clone cards and withdraw millions of dollars from victim bank accounts last year. Meanwhile, payment processor Heartland had a huge data breach of its own last year that it reported in January and there have been reports of another breach at an unidentified institution.
Spyware increased by 10 percent in the first quarter of 2009, compared to the same period last year, says Panda Security. According to PandaLabs, the security vendor's malware detection and analysis centre, the number of Trojans released onto the web increased by 31.5 percent compared to Q1 2008, while there was 21 percent more adware than in the same period last year. PandaLabs also said that Trojans accounted for 73 percent of all new malware indentified during the first quarter. "We have seen a dramatic increase in the amount of spyware in circulation over this period, probably aimed at saturating laboratories and consequently infecting more users," said Luis Corrons, technical director of PandaLabs.
Ford Motor Co.’s name and products are being used as bait to lure unsuspecting consumers into downloading fake and malicious software onto their computers, the automaker warned late Tuesday. PandaLabs, an information technology analysis and detection laboratory, said it has discovered 1.2 million searches related to Ford that direct people to malicious Web pages and programs. Ford said today it is collaborating with Google and other search engine companies to mitigate the impact. According to Panda, people using search terms such as “Ford finance,” “Mustang Ford,” and “2009 Ford” are directed to link that appears to be informative, but are then taken to a Web page with a fake video. If users try to play the video they are prompted to download a fake antivirus program. The fake antivirus programs are designed to make the user believe their computer has been infected by malicious software and also asks for personal information in order to purchase an antivirus program. If the victim does not purchase the bogus antivirus software, the malicious code prevents the computer from operating properly in an attempt to coax users into buying the product.
Here's another reason to despise spam e-mail: It's bad for the environment. According to a study released Wednesday by McAfee Inc., the security technology company in Santa Clara, the amount of energy it takes annually to transmit, process and filter spam from around the world is estimated to be equal to the electricity used in 2.4 million homes in a year. Put another way: Those annoying e-mails produce the same amount of greenhouse gas emissions as 3.1 million passenger cars using 2 billion gallons of gasoline. "The important takeaway from the study is that spam does add up and the emissions from spam received by one individual e-mail account are negligible, but if you add up millions and millions in the world, it actually becomes a big number," said Cody Taylor, senior energy and climate consultant for ICF International. ICF teamed up with spam experts in researching McAfee's report, "Carbon Footprint of Spam." Just how big is the problem? According to Sara Radicati, whose Palo Alto consulting group tracks this sort of thing, the number of spam messages globally in 2008 was 164 billion per day worldwide.
