Information Security News
Joe wrote this weekend that:
A customer called me yesterday to make me aware of their computer that was compromised by one of those scam websites, that pops up an 800 numbers and tells them to call. Against her knowing better, she STILL called in.... ugh.
The site, I wanted to make you aware of wasamvets.COMShe wanted to make a donation, but the real website isamvets.ORG
It is always sad to see how people with good intentions, willing to donate to a deserving cause, are being taken advantage of. So I took a bit time to investigate this particular case.
First of all: I do NOT recommend you go to the .com version of the site above. I didnt see anything outright malicious, other then popupsadvertising the fake tech support service, but you never know what they are going to send next.
The content returned from the page is very variable. Currently, I am getting index pages linking to various veterans related pages. Typically these pages are auto-created using key words people used to get to the page, or keywords entered in the search field on the page. So no surprise that this page knows it is mistaken for a veteran charity.
When it does display the Fake Virus Warning page, then it does so very convincingly:
- the lok and feel is adapted to match the users OS and browsers
- even on mobile devices, like my iPad, the page emulates the browser used
After a couple of visits to the site, it no longer displayed the virus warning to me, even if I changed systems and IPs. So I am not sure if they ran out of ad impressions or if they time them to only show up so often.
According to Farsight Securitys DNS database, 10,000 different hostnames resolve to this one IP address. Most of them look like obvious typo squatting domains:
www.googele.be, besbuy.ca, wwwhockey.ca.
For some of them, I still get ads for do nothing ware like Mackeeper. (looking at the page from a Mac)
German Chancellor Angela Merkel may not be the only high-ranking leader from that country to be spied on by the National Security Agency. According to a report published over the weekend, German authorities are investigating whether the head of the German Federal Chancellery unit had his laptop infected with Regin, a highly sophisticated suite of malware programs that has been linked to the NSA and its British counterpart, the Government Communications Headquarters.
As Ars reported almost 12 months ago, Regin is among the most advanced pieces of malware ever discovered, with dozens of modules that can be used to customize attacks on targets in the telecommunications, hospitality, energy, airline, and research industries. Its technical DNA bears some resemblance to previously discovered state-sponsored malware, including the espionage trojans known as Flame and Duqu, as well as Stuxnet, the computer worm and trojan that the US and Israel reportedly unleashed to disrupt Iran's nuclear program.
According to research published last year by security firm Kaspersky Lab, Regin was used to infect more than 100 targets and has been active since 2008. Kaspersky Lab researchers went on to say that the targets included Belgacom, the partly state-owned Belgian telecom, and Jean-Jacques Quisquater, a prominent Belgian cryptographer. Documents leaked by former NSA subcontractor Edward Snowden have further linked Regin to the NSA, specifically to an NSA attack tool dubbed QWERTY. According to German magazine Der Spiegel, QWERTY is a keylogging plugin that's part of a much larger framework described in Snowden-leaked documents as WARRIORPRIDE. The takeaway is that Regin and WARRIORPRIDE are the same thing.
Posted by InfoSec News on Oct 26http://arstechnica.com/business/2015/10/this-11-year-old-is-selling-cryptographically-secure-passwords-for-2-each/
Posted by InfoSec News on Oct 26http://www.defenseone.com/technology/2015/10/new-material-promises-nsa-proof-wallpaper/123066/
Posted by InfoSec News on Oct 26http://www.networkworld.com/article/2996762/russian-cyberspies-targeted-the-mh17-crash-investigation.html
Posted by InfoSec News on Oct 26http://www.telegraph.co.uk/culture/film/jamesbond/11874457/Real-life-James-Bonds-Actual-spooks-reveal-what-a-job-in-MI6-is-really-like.html
Posted by InfoSec News on Oct 26http://www.chicagotribune.com/suburbs/naperville-sun/news/ct-nvs-naperville-computer-hack-st-1025-20151023-story.html