February 17, 2012
“Can you imagine what would actually happen if the FBI shut down the internet? We almost hope they actually do it. Talk about a negative PR strategy for the White House. This move would wake up a lot of people. Go for it, FBI. We dare you.” –KTRN
Millions of computer users across the world could be blocked off from the Internet as early as March 8 if the FBI follows through with plans to yank a series of servers originally installed to combat corruption.
Last year, authorities in Estonia apprehended six men believed responsible for creating a malicious computer script called the DNSChanger Trojan. Once set loose on the Web, the worm corrupted computers in upwards of 100 countries, including an estimated 500,000 in America alone. The US Federal Bureau of Investigation later stepped up by replacing the rogue Trojan with servers of their own in an attempt to remediate the damage, but the fix was only temporary. Now the FBI is expected to end use of those replacement servers as early as next month and, at that point, the Internet for millions could essentially be over.
When functioning as its creators intended, the DNSChanger Trojan infected computers and redirected users hoping to surf to certain websites to malicious ones. Traditionally, DNS, or Domain Name System, servers translate alphabetical, traditional website URLs to their actual, numeric counterpart in order to guide users across the World Wide Web. Once infected by the DNSChanger Trojan, however, websites entered into Internet browsers were hijacked to malicious servers and, in turn, directed the user to an unintended, fraudulent site.
In coordination with the arrests in Estonia, the FBI shut down the malicious DNSChanger botnet network, and, additionally, replaced them with surrogate servers to correct the problem. Those servers, however, were installed “just long enough for companies and home users to remove DNSChanger malware from their machines,” according to the court order that established them. That deadline is March 8, and those surrogate servers are expected to be retired then. At that point, computers still infected with the Trojan will be essentially unable to navigate the Internet.
October 18th, 2010
By: Sharon Weinberger
Worried about e-mails that appear to be from your bank but could well be part of a phishing scam? That may soon be the least of your problems. With concerns about cyberattacks on the rise, computer security experts are looking ahead to what they think might be the next wave of attacks.
What they find is that everything from your car to your computer webcam is vulnerable to attack. Here are five new types of attacks:
1) Social Network Attacks: Malware that steals your e-mail contacts, passwords and other personal information is old news. But a new technical paper by a group of Israeli researchers says the cybersecurity community is ignoring a new, more insidious type of attack: one that preys on your entire social network, working to slowly pilfer information about your behavior and life.
Dubbed “stealing reality,” these types of attacks, the researchers argue, are more insidious because the “victim of a ‘behavioral pattern’ theft cannot easily change her behavior and life patterns.”
“Most likely those attacks are currently happening,” lead author Yaniv Altshuler, a research scientist at Ben Gurion University, told AOL News.
Altshuler says the market for this sort of information already exists. “And If there is a buyer, there is a seller,” he added.
2) Attacks on Cars: Today’s automobiles often come equipped with the equivalent of advanced computer systems, which means that like your home computer, they could be vulnerable to attack. In a new paper, researchers at the University of Washington and the University of California, San Diego, say they have demonstrated “the ability to adversarially control a wide range of automotive functions and completely ignore driver input — including disabling the brakes, selectively braking individual wheels on demand, stopping the engine, and so on.”
Everything from your car’s wireless tire-pressure sensors to its stolen-vehicle tracking and recovery system provides opportunities for hackers to gain control of your vehicle without you even knowing.
3) Medical Devices: Today, wireless pacemakers can send your doctor or hospital real-time data on your heart, showing just how far medical devices have come with the help of modern electronics. But with that new technology comes a new threat: the possibility of someone hacking into your medical device or injecting malicious code that disrupts the lifesaving device. Prosthetic limbs, wireless pacemakers and other implantable medical devices might all be at risk.
“This is very real — the bad guys would buy the pieces and just work on them a little bit,” Greg Hoglund, who heads HBGary, a computer security company, told an audience earlier this year at a Northern California Hospital Cyberterrorism Seminar. “It’s amazing someone hasn’t pulled this off yet.”
4) Hacking Your Webcam: Watch out for the light on your computer that shows the webcam is on, even after you think you’ve turned it off. It could be a Trojan computer program operating the camera, taking pictures or even video, and sending it over the Internet without your knowledge. For those who leave their laptops on and open, that’s the equivalent of having Big Brother in your bedroom or office without you knowing.
There are already cases of this happening, for example, in Germany. “A man has been arrested for spying on more than 150 girls in their bedrooms by hacking into their computers and using their webcams to watch them, provoking warnings that others will be doing the same thing,” DPA, the German press agency, reported earlier this year.
5) Smart Phone Attacks: Most consumers worried about cyberattacks associate the threat with their home PCs or laptops. So they often think nothing of downloading applications to their smart phones, which often contain just as much personal information as their home computers.
“Nobody’s making money at the moment with mobile security,” said Mikko Hypponen, the chief research officer of Finland’s F-Secure, according to the San Francisco Chronicle. “But all the players assume that sooner or later we will see a major outbreak or some other major event that will change the situation forever.”
September 21, 2009
By Mike Harvey
Cyber criminals have created a highly sophisticated Trojan virus that steals online banking log-in details from infected computers.
The Clampi virus, which is spreading rapidly across hundreds of thousands of computers in Britain and the United States, infects computers when users visit websites that host a malicious code.
Once on the computer, the virus sits unnoticed until the user logs on to bank, credit card or other financial websites. It then captures log-in and password information and sends it to a server run by the attackers. They can then tell the compromised computer to send money to accounts that they control, or they can buy goods with the stolen credit card details.
The trojan has a list of more than 4,500 finance-related websites that it monitors, including British high street banks. Security experts warned that it was one of the stealthiest and most pervasive threats to computers using the Microsoft Windows operating systems.
Orla Cox, security operations manager with Symantec, the online security company, said: “Clampi is a complex threat. People are only just beginning to understand how it operates.”
Researchers have found that the list of sites that Clampi is monitoring includes banks, credit card companies, online casinos, e-mail, wire transfer services, retail sites, utilities, share brokerages, mortgage lenders and government sites.
Ms Cox said: “The first big wave was in the US in July, but it is spreading around the world, particularly English-language countries. We have seen samples of it targeting UK high street banks. There is potential for another wave to come.”
It is estimated that more than 1,000 out of 40,000 or more infected computers have been in Britain. Only computers running Microsoft Windows are affected. Most of the infections seem to have occurred among small and medium-sized businesses, many of which have been reluctant to reveal how they have fallen victim.
In America, $75,000 (£46,000) was stolen in July from Slack Auto Parts, a car parts supplier in Gainesville, Georgia. In August, criminals used Clampi to steal online banking details for the public school district in Sands Spring, Oklahoma. The attackers then submitted a series of false payroll payments, totalling more than $150,000.
The attack was one of a series on American schools in which criminals hired unsuspecting money mules — people who transfer money or fraudulently obtained high-value goods — to receive the transfers of stolen cash and then wire the money out of the country. Cyber criminals stole more than $700,000 from the Western Beaver School District in 74 fraudulent electronic transfers, The Washington Post reported.
Clampi is one of a new wave of viruses to target the online banking system. Its emergence came as security experts warned that malicious websites hiding trojan viruses were no longer confined to sites such as gambling and pornography.
A recent report by IBM security systems found an increase in malicious content such as viruses on trusted sites, including popular search engines, blogs, online magazines and mainstream news sites. The number of links to malicious web pages rose by more than 500 per cent in the first half of this year. Last week, attackers placed a virus in an advert on the website of The New York Times.
Trojan viruses such as Clampi accounted for 55 per cent of all new malicious software in the first half of the year, IBM said, up from 46 per cent for the same period last year. Researchers say that variants of Clampi — also known as Ligats or Ilomo — have been around since 2005, but the new version appears to be spreading more quickly.
Heading off hackers
Do not click on suspicious links to unknown sites within e-mails, instant messages or social networking sites
Be cautious about doing business with unknown e-commerce sites and always use a credit card, not a debit card
Install a comprehensive security solution and keep it up-to-date
Use a security solution that offers browser protection and a website rating service Browser protection will block questionable downloads from getting on to your computer, and website rating services can warn you if a site is infected
Secure your wi-fi connection with a strong password to ensure that others cannot connect to your network and access data stored on your computer
Any user whose system has been infected by Clampi should immediately change any and all passwords used on that system for any websites, but particularly financial credential.