Mac Botnet Generated $10,000 A Day

Flashback was robbing Google of advertising dollars by redirecting clicks from infected Mac OS X machines and stealing the ad revenue.

Security researchers at Symantec are estimating that the cyber-crimibals behind the Flashback Mac OS X botnet may have raked in about $10,000 a day.

In a new blog post that discusses the business model of the botnet, Symantec found that Flashback was robbing Google of advertising dollars by redirecting clicks from infected Mac OS X machines and stealing the ad revenue.

At its height, Flashback contained more than 700,000 Mac machines and Symantec calculates that a botnet of that size could easily generate about $10,000 a day in click-fraud.

I guess you MAC users feel pretty violated. Don't worry about it, us PC users have been having sex without kisses for years. Welcome to the club!!!                                ...Butch

P. S. Tell me Cyber Crime doesn't pay, when was the last time you made $10,000 a day?

Mystery Group Hacks US military, Harvard, NASA, More

The Unknowns says it has hacked ESA, NASA, US military, US Air Force, Thai Royal Navy, Harvard, Renault, French ministry of Defense, Bahrain Ministry of Defense, and Jordanian Yellow Pages.

A hacker group calling itself “The Unknowns” claims to have hacked 10 organizations around the world, gaining administrator access for all and leaking data for some. Most are related to the U.S. government or another international legislative body, while the rest just seemed like random targets.

The Unknowns yesterday set up the Twitter account “1_The_Unknown_1” and released their results on Pastebin. Apparently, the group’s slogan is “We are The Unknowns; Our Knowledge Talks and Wisdom Listens…”

The Unknowns listed 10 victim websites for which it publicly posted administrator accounts and passwords: 

NASA - Glenn Research Center
U.S. military
U.S. Air Force
European Space Agency
Thai Royal Navy
Harvard University
Renault
French ministry of Defense
Bahrain Ministry of Defense
Jordanian Yellow Pages

Good news though.

NASA and the European Space Agency (ESA) have confirmed they were recently hacked. The hacking group The Unknowns says most of the 10 companies it attacked have patched their systems.

Isn't this like shutting the barn door after the (Trojan)horse ran away.                   ...Butch

3 Million Hacked Bank Accounts

An Iranian security researcher recently hacked 3 million accounts across at least 22 banks in the country. Now, Google has taken down the blog on which he posted the account details of his victims.
Khosrow Zarefarid, an Iranian security researcher who hacked 3 million bank accounts, has had his blog taken down by Google. Zarefarid did not steal money from the accounts; he merely dumped the account details of around 3 million individuals, including card numbers and PINs over at ircard.blogspot.ca. I found the link via his Facebook account, along with the question “Is your bank card between these 3000000 cards?” As you can see in the screenshot above, however, the blog is no longer operational.

Hold on it gets even better!

Zarefarid is still, however, allowed to blog on Blogger; it appears Google is comfortable with him doing so as lomg as he doesn’t post stolen data. In fact, Zarefarid has at least two other blogs:irbanks.blogspot.ca (called Banking Problems in Iran, written in Persian) and zarefarid.blogspot.ca(his personal one).
Reference:

Gartner Study On Internet Identity Theft

According a Gartner Study on Internet identity theft, based on a survey of 5000 U.S. adult Internet users, it has been estimated that:

• 1.78 million adults could have fallen victim to the scams
• 57 million adults have experienced a phishing attack
• The cost of phishing… 1.2 billion dollars!

It ‘clear that the figures mentioned are a great attraction for criminal organizations that are devoting substantial resources and investments in the sector. An increasing component of organized crime is specializing in this kind of activity characterized by high profits and low risks compared to traditional criminal activities. In the US The Federal Trade Commission is monitoring the phenomenon of Identity Theft with main national agencies promoting several activities to aware the population regarding the risks derived to the crime exposure.

________________________________________________________________________

Data we give up over the internet...

Digital Identity

Particularly alarming is the growth of such crimes in computers. Which are the information that compose our digital identity?

On the Internet, our identity composed by:

1. IP (Internet Protocol) address
2. address where we live
3. usernames
4. passwords
5. personal identification numbers (PINs)
6. social security numbers
7. birth dates
8. account numbers
9. our names
10. our families names
11. our interests and hobbies
12. our personalities (likes and dislikes)
13. social profiles
14. religious beliefs
15. where we lived as children 
16. pictures of everyone we know and ourselves
17. where we go on vacation and when our house will be empty
18. what we own(personal property)
19. personal beliefs
20. whether we possess or believe in firearms rights
21. other personal information

..it is this author's belief at the present rate of information seepage, that soon organizations like the Census Bureau will no longer be needed, because some of us will voluntarily give up our personal lives to social media.                                                            Butch Morton

Reference:

Seven Facebook Crimes

There’s no doubt that Facebook has completely revolutionized the way people interact. But there’s a dark side to the world’s love affair with social media. Criminals are finding new ways to utilize Facebook to commit new and disturbing crimes that authorities don’t necessarily know how to police. That’s why if you want to continue to enjoy social media, you should be aware of the common crimes committed on Facebook so that you can avoid becoming a victim. Here are the seven most common Facebook crimes.


Scams
Criminals have been utilizing the scam for centuries. In the Facebook world, scams are particularly effective at drawing people in by simply enticing an individual to click on a link that would interest almost anyone, such as an innocent-looking notification that you’ve won a free prize like a gift card. Then, in order to claim the prize, scammers require you to submit some information, such as a credit card number or Social Security number. This description may make it seem like scams are easy to spot, but even the most savvy social media user has to be on the lookout for illegitimate requests for information.


Cyberbullying
Cyberbullying is a common occurrence among teenagers on Facebook and one that can result in serious criminal charges if it goes far enough. Cyberbullying on Facebook has contributed to the deaths of several teens who either committed suicide or were killed by a peer. Cyberbullying that involves hacking or password and identity theft may be punishable under state and federal law. When adults engage in this kind of online behavior it is called cyber-harassment or cyberstalking.


Stalking
The term “stalking” is thrown around a lot on Facebook, and it is often meant as a joke for regularly looking at someone’s profile. However, the actual act of cyberstalking is a common crime on the social networking site and can result in a serious offense. Cyberstalking typically involves harassing a person with messages, written threats, and other persistent online behavior that endangers a person’s safety. Although cyberstalking may seem like nothing more than annoying behavior, it is a legitimate cause for concern in many cases and can even lead to in-person stalking or endangerment if not treated seriously.


Robbery
It doesn’t take much for a thief to find out where you live, go to school, work, or hang out if you make that information readily available on Facebook. If you use Facebook’s check-in or Google Maps feature, then you could be in a heap of trouble if a robber is paying attention. This person isn’t always a complete stranger either; they may be an old acquaintance or someone else you’d never expect to come rob you.


Identity theft (# 1 crime in America)
With the large amount of personal information swarming around Facebook these days, it has become fairly easy for criminals to steal users’ identities. Hackers often break into users’ e-mails and make fake Facebook accounts. From there they can access personal and bank information and cause havoc to your sense of security. Protect yourself from identity theft on Facebook by keeping your profile very secure and free of personal information that a criminal would love to have.


Defamation
An individual commits the crime of defamation when they communicate a false statement to a third party that paints another individual or entity in a negative light. Facebook makes communicating defamatory statements frighteningly easy, and the exposure Facebook provides makes it more likely that businesses or individuals will be harmed by the defamatory statement, and thus more likely to pursue legal remedies. Be careful what you say on Facebook; you may be committing a crime without even knowing it.


Harassment
Harassment happens all the time on Facebook. From sexual harassment to assault threats, there has been a significant increase in the number of harassment cases happening on Facebook. It’s not uncommon for sex offenders and sexual predators to prey on unsuspecting victims on Facebook and even pose as a teen or college student. Harassing messages, inappropriate comments, and other persistent behaviors should be reported to Facebook and your local police station.


Reference:

SIRv12: The Obstinacy Of Conficker

Conficker is one of the most significant threat families facing organizations worldwide today; its initial impact along with its continued obstinacy shows that clearly. In the fourth quarter of 2011,  three years after its initial release, it attempted to infect just over 1.7 million computers. 


Conficker’s persistence is illustrated not only by the number of computers it has attempted to infect, but also by the nearly 59 million attacks launched against those computers in the fourth quarter of 2011. But perhaps the most interesting manifestation of its obstinacy is that it has been the number one threat facing businesses for the past two and a half years.

The China States of America – Unethical Marketing Tactics?

I recently had the fortune of investigating a case where a unsuspecting Internet user received an email that looked suspicious. I see a lot of SPAM that comes through like that and suspect it is something that goes wrong during the language translation that often result in text that just doesn't make any sense. 


Anyway, my gut feeling is that this is a site setup by Chinese Scammers with fake online electronics for sale. Another scenario would be an unethical marketing company hired to drive traffic to this Chinese electronics site and they are using illegal tactics by exploiting user email accounts.


Give them your credit card and you lose!


Reference:

Iran Admits Expanded Cyberattacks

The Iranian government acknowledged today that authorities have found evidence of recent cyber-attacks against several agencies, according to reports by state-sponsored media outlets.

A week ago, the country's oil ministry confirmed that it and other facilities in the energy industry had been targeted by malware attacks. Today, the Mehr News Agency said that Esmaeil Ahmadi-Moqaddam, Iran's national police chief, had claimed that his office has "found clues about recent cyberattacks on a number of Iranian ministries and companies." Mehr is a semi-official arm of the Iranian government. The report did not spell out what "clues" police had found, or which ministries and companies had been attacked. 

 "In cooperation with the Information and Communications Technology Ministry, the Intelligence Ministry, and the ministries which have been targeted by cyber attacks, we are investigating and pursuing the matter...and we have found clues in this relation," Mehr quoted Ahmadi-Moqaddam as saying.

Word 4 2day

Honeymonkey

Automated system simulating a user browsing websites. The system is typically configured to detect web sites which exploit vulnerabilities in the browser. Also known as Honey Client.


Reference:

Facebook Security

Facebook Safety Tips 

1. Add a mobile number to your account from the Mobile tab of your Account Settings page. This way we can help you get back into your account if you are locked out or compromised.
Pick a security question for your Facebook account. You can do this from the Account Settings page. If you don’t see the option to add a security question, this means that you already have one.

2. Become a fan of the Facebook Security Page for updates on new security features and information on how to protect yourself online.

3. Remember that you choose what you share. And whom you share with. Think before you post, especially if what you’re sharing is sensitive. You can learn more about how to control your information on Facebook, including how to choose an audience for each and every post you make, in our Privacy Guide. 

4. Be careful when accessing or sending information over an unsecured public wireless network. For extra protection when you browse, turn on Secure Browsing (https). From your Account Settings page, click the "Change" link next to Account Security, check the box under "Secure Browsing (https)" and then click the "Save" button.

5. Turn on login approvals. With login approvals, we text you a code anytime you log in from a new computer or mobile device. This way, no one can get into your account without access to your phone or one of your recognized devices (ex: the computer or phone you’ve saved on your Facebook account). Learn more about login approvals. 

6. Try a One-time Password when using public computers. If you’re ever worried about the security of the computer you’re using, we can text you a one-time password to use instead of your regular password. Once you add your mobile phone number to your account, simply text "otp" to 32665 (U.S. only) and we’ll send you a password that can be used only once.

7. Keep your security information updated. This information helps us verify who you are and get you back into your account quickly if you ever get locked out. You can update your security information at any time from this page.

8. Forgot to sign out of Facebook? You can now log out from anywhere. From the Account Security section of your Account Settings, you can see your recent activity (where and when you logged in) and log yourself out remotely by clicking “end activity.”

9. Make sure you're logging in from a legitimate Facebook page with the facebook.com domain. Phishers use fake sites with URLs that look like Facebook.com to try to trick you into entering your login information. When in doubt, you can always type "facebook.com" into your browser to get back to the real Facebook site.

10. Learn more about how Facebook keeps you safe with opt-in security features. 

Reference: