[+]d'ZheNwaY's Blog[+]: Malicious spam campaigns proliferating

id='post-body-6791725755399361126'>

Summary: In a recent blog post, researchers from Commtouch have summarized their observation status, and pointed out that someone is actively building crimeware-friendly botnets.

With spam continuing to represent the distribution vector of choice for the majority of cybercriminals, it shouldn’t be surprising that the volume of malicious spam campaigns is proliferating.

In a recent blog post, researchers from Commtouch have summarized their observation status on the malicious spam campaigns from last month, namely, UPS/FedEx, Map of love and Hotel charge error and pointed out that someone is actively building crimeware-friendly botnets:

“Pre-outbreak levels varied between a few hundred million emails to around 2 billion per day.  The peak outbreak included distribution of nearly 25 billion emails with attached malware in one day.”

Malware campaigns have cyclical pattern of distribution, namely, cybercriminals constantly rotate and introduce new topics, once the lifecycle of the previous campaign have reached the maturity stage. Meanwhile, users continue interacting with spam emails, clicking on links, downloading attachments and unsubscribing themselves, prompting the success of spam in general.

Now, that the cybercriminals have set up the foundations for their botnet aggregation practices by spamvertising billions of emails, it’s worth keeping an eye on the actual response rate of the command and control servers used in the campaigns in order to roughly estimate the damage caused by the campaigns.

nb : zdnet

Source: http://dzhenway.blogspot.com/2011/09/malicious-spam-campaigns-proliferating.html

»»  read more

[+]d'ZheNwaY's Blog[+]: Homeless hacker arrested by FBI in LulzSec ...

id='post-body-2667302627901596215'>

According to media reports, the FBI has arrested two alleged hackers in San Francisco and Phoenix, believed to be associated with the LulzSec and Anonymous hacktivist groups.

And one of them is homeless.

FoxNews reports that search warrants have also been executed in the states of Minnesota, Montana and New Jersey as part of a wider FBI investigation into the groups who have launched attacks against government websites as well as corporations such as Sony.

23-year-old Cody Kretsinger, from Phoenix, Arizona, has been charged with computer offences, and is alleged to be the LulzSec member known as "Recursion". Kretsinger is accused of being involved in an SQL injection attack that stole information from Sony Pictures in June, exposing users email addresses and passwords.

According to the indictment against Kretsinger, he is accused of using the hidemyass.com proxy service to cloak probes he made of Sony Pictures' computer systems in May 2011, hunting for vulnerabilities.

Approximately 150,000 confidential records were subsequently published online by LulzSec who criticised Sony's weak security.

Authorities allege that Kretsinger wiped the hard drives used to carry out the attack on Sony in an attempt to hide forensic evidence.

"Recursion" is one of many handles used by members of the LulzSec hacking gang, and features in internet chat logs that have previously published of the group having what they believed to be private conversations.

Meanwhile, the FBI arrested an alleged Anonymous member in San Francisco. The man, who is reported to be homeless, is said to have been involved in internet attacks against Santa Cruz County government websites.

Just because a man is homeless, of course, doesn't mean that he can't get an internet connection. Coffee houses, cafes, libraries, etc can all offer cheap or free internet access - and because the computer being used can be a shared device, it may be harder to identify who might have been responsible for an attack compared to a PC at a home.

At the same time, public places are often watched with CCTV cameras which means that if the authorities were able to identify a time and place, they may also be able to gather evidence as to who was at the location when an attack was begun from a particular computer.

Both LulzSec and the larger Anonymous hacktivist collective have had a tough time of late, with a series of arrests in the USA, UK and elsewhere around the globe.

Wannabe hackers might be wise to read the FBI's press release about the Kretsinger arrest, which points out that if convicted of the hacking offences he could face up to 15 years in prison.

nb : nakedsecurity.sophos

Source: http://dzhenway.blogspot.com/2011/09/homeless-hacker-arrested-by-fbi-in.html

»»  read more