This week in computer security

Beware of "Superclean" and "Droidclean" from the "Google Play Store" ! : These are programs built to send EVERYTHING THEY CAN FIND to their "Masters" !
They even infect the Windows platform !

I read that they have already been withdrawn, but that there are new and similar looking "Apps" now there instead …

More about that here : http://www.securelist.com/en/blog/805/Mobile_attacks
 
Joined
Nov 5, 2006
Messages
21,893
Location
Old Europe
I just read than trying to start Linux with an UEFI-BIOS can literally destroy Samsung notebooks.

The bug, or whatever this is, is reported for Ubuntu, but is suspected to affect other Linux systems as well.

The article says that the following series is affected : 300E5C, 530U3C, 700Z3C, 700Z5C, 700Z7C, 900X4C.
 
Joined
Nov 5, 2006
Messages
21,893
Location
Old Europe
There's a new Trojan going round - this time using Skype.

The German version of it comes with Skype messages (in German language) "aren't these photos from you ?" - and links, which direct towards a site which has a name with looks similar to google - but only at first glance.

And this is the newest trend in Virus-making : Adressing people personally, with their exact personal names !

I recently had a Trojan embedded in an personally adressed ( yes, they used my personal real name ! ) billing message over several hundred Euros, together with an aggressive language ( meant to switch off pepople's Logik ! ) claiming that they would send an Inkasso bureau after me if I wouldn't pay this …
The E-Mail's attachment contained a Trojan in .com form, which was embedded twice in an .ZIP container.

Trojan makers explicitely use emotional, aggressive writings to make people literally "loose their heads".

Because in an emotionally unstable state, people not only do mass shootings, but they also klick on EVERY message link/button/attachment…

And Trojan/Virus makers are HUGE fans of the "shock moment" approach !
 
Joined
Nov 5, 2006
Messages
21,893
Location
Old Europe
I don't know if that's all THAT new. Virus programs have been poking through address books and contact lists for some years now.

In other news - hackers replace terrorists as the top security threat to the USA.
 
Joined
Aug 3, 2008
Messages
8,220
Location
Kansas City
Joined
Nov 5, 2006
Messages
21,893
Location
Old Europe
Just ignore it Alrik. It's impossible to steal the code that runs on a server. It's very possible however to steal, analyze and change the client code without "cyber attacks", hell ppl are doing that to cheat for years already. Take Maple Story for example, the server allows anything your client asks so you mess the data files on your PC where client is and you become a godlike character because server code has no restrictions and grants your "hero" anything client claims you should have.

The bigger problem, not addressed in that article is, if we're playing an always online DRM game, what happens if someone launches a ddos attack on game's autorization/authentication servers? The service goes down, for hours, even days and the game is unplayable. While so called f2p devs can use an excuse "so what, it's a free game", how would you explain to paying customers that they can't enjoy their singleplayer game because your DRM server can't respond to everyone because of too many fake requests?
 
Joined
Apr 12, 2009
Messages
23,459
Yes, of course, any DDOS attack on an offline singleplayer game is quite unsuccessful. :D
 
Joined
Nov 5, 2006
Messages
21,893
Location
Old Europe
My sister called me and asked if I'd started using Facebook again. No, I told her. I canceled it 5 years ago. Some russian hackers had started posting on my account again. Damn, I thought. Maybe they've hacked my email. Checked the IP-log and noone had accessed it. Reverted my password for Facebook and checked. Seems Facebook had added their own email to my old account. Don't know if its this email that got hacked. Regardless, one more reason to keep away from Facebook!

You can't really delete your Facebook account. Just alter everything to something random, including your name (preferably something obscene). Remember to delete your history and remove friends etc.
 
Joined
Mar 30, 2008
Messages
1,163
Location
Scandinavia
Joined
Nov 5, 2006
Messages
21,893
Location
Old Europe
Joined
Nov 5, 2006
Messages
21,893
Location
Old Europe
My computer at work appears to have been hacked. Someone wrote a check to someone in Romania for a lot of money with a fictious check number. I checked my bank balance online(they aren't open yet) and nothing is missing so far. The weird thing is there are all these ads for Quickbook fraud protection opened up on the program as well so I'm not sure if it's just a campaign to get me to buy more services. I bought Quickbooks online backup protection that runs everyday.

Checking online it seems Romania is #2 in the world behind China in hacking organizations so I'm getting a bit worried. Not sure how someone got in as e-mail is never used on that computer and no browsers were running. My firewalls and browser say everything is normal.
 
Joined
Oct 18, 2006
Messages
1,397
Location
USA-Michigan
Thanks but we do our own computers. Quickbooks was able to login and see where someone got on last night and tried to write himself several checks. He also(or she)
tried to get the creit card company to issue a very large credit back to our checking account. We don't transfer money from our account electronically so we lucked out but just the fact someone got in where all our information and S.S. numbers of our employees was bad enough. We changed all our bank numbers.

I looked in that computer using the netstat command and found a port opened with an ip located somewhere in Germany. I have turned off remote desktop but don't know what else to do other than running a scan. I might have to format. Its crazy because nobody does much with that computer especially not online.

Update. Scanning the computer revealed 33 trojans and all were removed. We have decided to shut this computer off when we are not using it and not to use the internet at all unless we have to update.
 
Last edited:
Joined
Oct 18, 2006
Messages
1,397
Location
USA-Michigan
True story:
The Economic Development Administration (EDA) is an agency in the Department of Commerce that promotes economic development in regions of the US suffering low growth, low employment, and other economic problems. In December 2011, the Department of Homeland Security notified both the EDA and the National Oceanic and Atmospheric Administration (NOAA) that there was a potential malware infection within the two agencies' systems.

EDA's CIO, fearing that the agency was under attack from a nation-state, insisted instead on a policy of physical destruction. The EDA destroyed not only (uninfected) desktop computers but also printers, cameras, keyboards, and even mice. The destruction only stopped—sparing $3 million of equipment—because the agency had run out of money to pay for destroying the hardware.

ArsTechnica.com: US agency baffled by modern technology, destroys mice to get rid of viruses
 
Joined
Mar 30, 2008
Messages
1,163
Location
Scandinavia
The 25 update of Firefox now has a new neat security feature under the Firefox -> Add-ons menu. I recommend you set Ask to Activate on all add-ons (Flash included). Then you can use the address bar to allow which sites can use each particular addons.
 
Joined
Mar 30, 2008
Messages
1,163
Location
Scandinavia
Thank you. Just did the Update.
 
Joined
Nov 5, 2006
Messages
21,893
Location
Old Europe
Firefox tip: If you set browser.link.open_newwindow.restriction to 0, all popup-windows will open in a new tab. This also removes the webpage ability to resize the window and remove menus. Type about:config in the address bar to find the option.
 
Joined
Mar 30, 2008
Messages
1,163
Location
Scandinavia
Got just another Battle-net related scam mail.

This is the WHOIS result I did of the domain "us.battle.net.long.ggmneg.info" :

ggmneg.info registry whois
Updated 9 minutes ago - Refresh

Domain ID:D50390975-LRMS
Domain Name:GGMNEG.INFO
Created On:04-Aug-2013 08:10:24 UTC
Last Updated On:03-Oct-2013 20:30:26 UTC
Expiration Date:04-Aug-2014 08:10:24 UTC
Sponsoring Registrar:Wild West Domains, LLC (R213-LRMS)
Status:CLIENT DELETE PROHIBITED
Status:CLIENT RENEW PROHIBITED
Status:CLIENT TRANSFER PROHIBITED
Status:CLIENT UPDATE PROHIBITED
Registrant ID:CR148410509
Registrant Name:cccd ss
Registrant Organization:
Registrant Street1:beijing
Registrant Street2:
Registrant Street3:
Registrant City:beijing
Registrant State/Province:beijing
Registrant Postal Code:100000
Registrant Country:CN
Registrant Phone:+1.3200903320
Registrant Phone Ext.:
Registrant FAX:
Registrant FAX Ext.:
Registrant Email:email@foxmail.com
Admin ID:CR148410511
Admin Name:cccd ss
Admin Organization:
Admin Street1:beijing
Admin Street2:
Admin Street3:
Admin City:beijing
Admin State/Province:beijing
Admin Postal Code:100000
Admin Country:CN
Admin Phone:+1.3200903320
Admin Phone Ext.:
Admin FAX:
Admin FAX Ext.:
Admin Email:email@foxmail.com
Billing ID:CR148410512
Billing Name:cccd ss
Billing Organization:
Billing Street1:beijing
Billing Street2:
Billing Street3:
Billing City:beijing
Billing State/Province:beijing
Billing Postal Code:100000
Billing Country:CN
Billing Phone:+1.3200903320
Billing Phone Ext.:
Billing FAX:
Billing FAX Ext.:
Billing Email:email@foxmail.com
Tech ID:CR148410510
Tech Name:cccd ss
Tech Organization:
Tech Street1:beijing
Tech Street2:
Tech Street3:
Tech City:beijing
Tech State/Province:beijing
Tech Postal Code:100000
Tech Country:CN
Tech Phone:+1.3200903320
Tech Phone Ext.:
Tech FAX:
Tech FAX Ext.:
Tech Email:email@foxmail.com
Name Server:F1G1NS2.DNSPOD.NET
Name Server:F1G1NS1.DNSPOD.NET
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
 
Joined
Nov 5, 2006
Messages
21,893
Location
Old Europe
Joined
Nov 5, 2006
Messages
21,893
Location
Old Europe
Back
Top Bottom