Worm Could Break the Web

Mark Bowden, known as Black Hawk Down author, has written a book telling that the Conflicker worm could break the web.

Over 12 million PCs appeared to be infected with the self-updating worm, which got into the core of any PC. Mark Bowden’s recent book called “Worm: The First Digital World War” is telling about how the worm Conficker was discovered, how it is working, and the current programming battle trying to bring down the malware.

The most interesting part is where the book claims that if the malware was used nefariously, it could actually damage the entire world web and everyone sailing in it. In the newspaper interview, Mark Bowden explained that the Conflicker worm controllers were able to use all of the PCs that are connected, turning them into the largest and most powerful cloud ever.

The writer explained that the Conficker botnet was that powerful that it could take over computer networks controlling banking, telephones and security systems. Moreover, it could lay hold on air traffic control and even the web itself. Mark Bowden also believes that Conflicker is powerful enough to overwhelm not just its target of cyber attack, but also root servers of the web itself, which would result in crushing the whole bally thing. As you can understand, a botnet of such a size could also be used as a weapon.

The worm in question can also be used by the hackers for stealing passwords and codes. For example, some guys from Ukraine managed to lease a part of the computers infected by Conficker worm in order to drain American bank accounts. It’s that easy – you write a worm and you are rich. In our digital age the world and dubious money are open for some.

Mark Bowden is known as the author of a few books. His works include Black Hawk Down, Killing Pablo: The Hunt for the World's Greatest Outlaw and Guests of the Ayatollah. The famous author admitted that he was lucky the creator of Conficker thus far hadn’t considered the idea of taking down the entire world-wide web or, which might be even worse, using the bot to create a weapon of mass destruction. The matter is that it doesn’t mean the malware can’t be used for this by the others, especially after the new book will be distributed among many, including people longing for easy money. It is still not clear what effect the book will have, but its content is interesting at the very least.

Read More >>

Read More

MySQL Website Infected

According to the report of some Internet security outfit, the Mysql.com website has recently been hacked. They warn everyone that the site is currently serving malware.

Security outfit Armorize announced that they have found the intrusion through its site malware monitoring platform known as HackAlert. The latter also sends the Internet users angry emails most days.

It seems that the Mysql.com website has been injected with some script generating an iFrame, which redirects the Internet users to a jaw-breaker “http://truruhfhqnviaosdpruejeslsuy.cx.cc/main.php”. Once you get there, your browser will be tinkered by the BlackHole exploit pack, which is hosted at the abovementioned link. This wonderful pack permanently installs a piece of malware into your computer, and you won’t even notice the action. The matter is that the installation package doesn’t require you to click or agree to anything, so the malware will be integrated into your machine without your knowledge.

Since this kind of malware is still unknown for the most of the security labs, only 9% of anti-virus applications are able to detect and block it. You can imagine the number of the computers that will potentially be infected, turning out to be among the rest 91% of unprotected machines.

Meanwhile, the domain name you reach through the iFrame is located in Germany, but registered to Christopher J Klein from Miami. Meanwhile, the domain that distributes the exploit pack and the malware resides in Stockholm, Sweden.

The security experts are already investigating the problem. For example, Sucuri Security researchers have found out that the website has been compromised via JavaScript malware. In its turn, the malware infects online service via a compromised desktop. In addition, it is able to steal any stored password from the FTP client in order to use that to launch a cyber attack on the website.

Other security experts point out that this hack might be connected to the fact revealed recently by Trend Micro researchers, who announced to discover a denizen of some Russian underground forum engaged into selling root access to a number of the cluster servers of mysql.com, along with its subdomains. The guys ask at least $3,000 for each access. The security company admitted it has notified mysql.com admins of this fact more than a week ago.
Read More >>

Read More

FBI Arrests Suspected LulzSec Member For Sony Hack [UPDATED]

The FBI on Thursday arrested a suspected member of the hacker group LulzSec in connection with a cyber attack earlier this year against the computer systems of Sony Pictures.

Cody Kretsinger, 23, of Phoenix, was arrested and charged with helping LulzSec attack Sony's servers between May 27 and June 2. The group's hack compromised the personal data belonging to one million Sony customers, which the group then posted online.

Also on Thursday, the FBI arrested two other men with suspected ties to the hacker group Anonymous for allegedly crashing a county-run website in California, authorities said.

The arrests were the latest in an ongoing effort by authorities to crackdown on the hacker groups who have exposed widespread security lapses in government and corporate computer systems. In July, authorities arrested 14 suspected members of Anonymous for allegedly bringing down PayPal's website over four days in retaliation for the company suspending payments to the whistle-blower site Wikileaks.

In June, British authorities arrested Ryan Cleary, 19, for his suspected involvement in a cyberattack by LulzSec on the CIA website. He was charged with building a botnet, or a network of remotely-controlled computers to overwhelm websites with traffic.

Authorities say Kretsinger, also known by the online nickname “recursion,” is believed to be a current or former member of LulzSec, which has also taken credit for hacking the website of PBS. He has been charged with conspiracy and the unauthorized impairment of a protected computer, the FBI said.

To carry out the attack, Kretsinger allegedly used a proxy server to disguise his computer's IP address, then obtained confidential information from Sony's network using an SQL injection - a technique used by hackers to exploit vulnerabilities and steal information, according to the FBI. The indictment also alleges that, in order to avoid detection by law enforcement, Kretsinger erased the hard drive of the computer he used to conduct the attack.

Kretsinger was scheduled to appear Thursday before a federal magistrate in U.S. District Court in Phoenix. If convicted, he faces a maximum sentence of 15 years in prison.

Meanwhile on Thursday, authorities also charged Christopher Doyon, 47, of Mountain View, Calif., and Joshua John Covelli, 26, of Fairborn, Ohio, with bringing down the website of Santa Cruz County last December. Doyon and Covelli were allegedly assisting the People’s Liberation Front, which has been associated with Anonymous, in a denial of service attack, which floods a website with so much traffic that it crashes, authorities said.

The attack, which was nicknamed “Operation Peace Camp 2010," was in retaliation for the Santa Cruz police cracking down on a protest last summer outside the county courthouse. The protesters were supporting the homeless and hoping to ban a city ordinance that prohibited camping within city limits, according to the Santa Cruz Sentinel. Several protesters were charged with misdemeanors during the protest, including Doyon, the paper reported.

For the attack against the county's website, Doyon and Covelli were charged with conspiracy to cause intentional damage to a protected computer, causing intentional damage to a protected computer, and aiding and abetting, authorities said. They both face a maximum of 15 years in prison.

Covelli has also been charged with participating in a cyberattack that brought down the PayPal website last December, authorities said.
Read More >>

Read More

UK VPN Service Will Disclose Users’ Details

British VPN service called Hide my Ass confirmed that it will hand over the details of its subscribers to the FBI if they show up with a court order.

This may be something new for those believing that using the VPN service would ensure them certain a degree of anonymity, even if they were carrying out cyber attacks on others. The news emerged after Hide my Ass began receiving letters from the users that said its services were used by large hacker groups like Lulzsec. On its official page, the company told that when Lulzsec IRC chat logs had been released, Hide my Ass turned out to be in the list of the VPN services they used for cyber attacks.

However, the service did nothing about this fact, because there wasn’t enough evidence to prove the wrongdoing, as well as to identify which particular accounts were used. But later the organization got a court order asking for data regarding to one of the accounts allegedly involved in the leak. The company’s terms of service and privacy policy state that their services are not to be used for unauthorized activity. Consequently, being a legitimate firm, Hide my Ass will cooperate with the law enforcement provided they receive a court order.

The company clarified that its VPN service, as well as VPN services in general, are not designed to be used for any kind of unauthorized activity. That’s why it is naive for hacktivists to believe that by paying a small subscription fee to a company providing VPN service they may feel free to violate the law without fearing consequences. Meanwhile, Hide my Ass pointed out that it’s true not only for them, but even hardcore privacy services, advertising their service as the one that would never let identify you, will most likely to have their network tracked and tapped by the police.

Hide my Ass was founded back in 2005 as a way to bypass filtering of the Internet, and it still believes that the web shouldn’t be filtered. In case the FBI shows up with a court order, the company will only provide them with the logging times that users connect and disconnect from the VPN network. Although the service doesn’t monitor the traffic once it is running, it is still possible to locate abusive users.

Hide my Ass added that it is a company residing in the United Kingdom, and therefore it will only obey British laws. So, if any other government wants log details, it will have to prove the subscribers violated British laws, not its own.

Read More >>

Read More