Showing posts with label Virus. Show all posts
Showing posts with label Virus. Show all posts

Tuesday, 10 December 2013

Neverquest – a virus designed to empty your bank accounts


By 
Kaspersky Lab has recently published an article about a new “banking Trojan”, called Neverquest, which is a new Trojan horse virus, capable of recognising hundreds of financial sites, including hundreds of English, German, Italian and Indian banking platforms. This Trojan is particularly dangerous, as it spreads itself via social media, email and file transfer protocols.

How it can drain your accounts

When the infected users try to login to their banking sites the virus reacts by activating itself and stealing user credentials. Neverquest then sends the stolen credentials to its command and control server. After getting the credentials, attackers can use them to remotely log into compromised accounts via virtual network computing (VNC). With this technique, attackers are basically using the victim’s own computer to (potentially) empty their bank accounts, which makes it very hard to distinguish between legitimate transactions and thefts.

When your account is breached...

Once the attacker has complete control over the victim’s account, he can empty it into a different account under his control. However, to make the money more difficult to be traced, attackers often make several transfers to other victims’ accounts, before obtaining the money themselves.

It's not a new thing

Banking Trojans have been around for some time. According to Sergey Golovanov, principal security researcher at Kaspersky Lab, Neverquest is trying fill in some holes in the market:

“After wrapping up several criminal cases associated with the creation and proliferation of malware used to steal bank website data, a few ‘holes’ appeared on the black market. New malicious users are trying to fill these with new technologies and ideas. Neverquest is just one of the threats aiming to take over the leading positions previously held by programs like ZeuS and Carberp.”

To read more about Neverquest, visit the official blog of Kaspersky

About the Author:       
Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself. Sarah has 11 years of experience in the IT industry. 

Tuesday, 30 October 2012

A new Cold War - worlds most complex virus

Stuxnet was what many call a wake-up call to countries around the globe (read about Stuxnet here). Iran has already responded to this attack by amassing the second largest online army in the world. The internet has taken over and is quickly becoming the next platform for war. The only problem is, you don’t know who is waging it.

Stuxnet was a weapon, and the first to be made entirely from code. Since then, several viruses have been identified. One in particular, which has been dubbed Wiper was believed to be deleting data in the Middle East and from computers belonging to the Iranian oil industry.

Future Cyber Security
By DGH source: Technology Moral Dilemma blog
July 1, 211
Wiper was so complex and sophisticated that even Kaspersky, the Russian security could not find the virus or any information on the creator/s. The malware wiped hard drives clean, including its own coding.

But who could finance this kind of technology? It was clearly not a teenage boy in his room doing a prank. This virus had a goal and a target.

The 15 year old security firm did not give up. They eventually found an MD5 hash and file name on computers in Iran. When they put everything together they found something big, of a complexity never seen before… Flame.

Kaspersky Lab researcher Alexander Gostev stated that “Flame is a huge package of modules almost 20mb in size when fully deployed. Because of this, it is an extremely difficult piece of malware to analyse”

He added “Overall, we can say Flame is one of the most complex threats ever discovered. In addition, the geography of the targets and the complexity of the threat leave no doubt it being a nation state that sponsored the research behind it.”

Competitor security firm Symantec agreed with Kaspersky, stating that “This code was not likely to have been written by a single individual but by an organised, well-funded group of people working to a clear set of directives. Certain file names associated with the threat are identical to those described in an incident involving the Iranian oil ministry.”

Morgan wright – Cyberterrorism Analyst stated that the virus had 20 times more coding in it than Stuxnet, the virus that knocked down Iran’s nuclear centrifuges. He added that Flame was not only designed for recognisance, but also to steal documents, audio data, screenshots and to wipe clean hard drives with important information.

For the victims of Flame, it was like having a spy with direct control of their computer.

Learn how to take Flame and Stuxnet apart and use forensic techniques to uncover the culprits. The EC-Council C|HFI v8 certification course will teach you the entire digital forensics process. You'll learn how to secure the scene, collect evidence, and send it to the lab for testing. You will learn the following:
  • How to investigate cyber crime, and the laws involved
  • Different types of digital evidence, and the examination process
  • The first responder toolkit - how to secure, preserve and evaluate the electronic crime scene
  • How to recover deleted files and partitions in Windows, Mac OS X, and Linux
  • How to use steganography, and the AccessData forensic toolkit
  • Password cracking and how to investigate password-protected file breaches
  • Log capturing and management
  • How to investigate logs, network traffic, wireless attacks, and web attacks
  • How to track emails and investigate e-mail crimes
Train to be the police of the future - get certified.

Here is an interesting video on the deconstruction of the Flame virus:


Monday, 29 October 2012

Stuxnet – 2 years on and what we’ve learned

In June two years ago, the most sophisticated computer virus was discovered in power-plants,  factories and traffic control systems all around the world. It was said to be 20 times more complex than any other virus code created before.

Of course, we are talking about Stuxnet…

As a virus, it had a number of capabilities. It was able to turn up the pressure in nuclear reactors, switch off oil pipelines and while doing all this; it would tell all the system operators that everything was ok.

Unlike viruses before it, Stuxnet didn't forge fake security clearance. It actually had a real clearance stolen from one of the most reputable security systems in the world: Realtek. It also exploited security gaps that system creators where unaware of. These are called ‘Zero Days’ and they can go for up to $100,000 in the black market. How many ‘Zero Days’ did Stuxnet use? 20!

In the coding, it was designed to keep dormant until it reached its specific target, without that target it did not activate.

What was it planning to shut down?
It was designed to shut down the centrifuges that spin nuclear material at Iran’s enrichment facilities.

Stuxnet was a weapon, and it was the first to be made entirely out of code

The ISIS has stated that Stuxnet may have shut down over 1000 centrifuges at Natanz (Iran’s main enrichment facility). Last year, the Iranian government stated that the virus’s infection of the Bushehr’s nuclear facility meant that turning on the plant could lead to a national electricity blackout.

So what does that kind of scare do to a country?
Well Iran gathered an army of online security experts and is now said to have the second largest online army in the world.

Who created the Stuxnet virus?
There is no direct evidence as to who created it. But some believe that Israel was responsible as the code contains references to the Hebrew bible. Others believe it was the US. But it seems as though we will never know for sure.

How to be a hacker and get paid for it - legally
Yep that’s right, you can now be a hacker and get paid for it. In fact, the average salary of an ethical Hacker is over £40,000! (itjobswatch.co.uk) But what is this ethical hacker? Aka a white hat hacker is someone who hacks and exploits zero days from companies who are looking to increase their security. As simple as that; they will pay you to find and exploit zero days in order and get rid all possible risks.

EC-Council logoBecome a Certified Ethical Hacker (CEH) and be a respected hacker defending companies and even countries from viruses such as Stuxnet itself.

EC-Council is a very well know vendor for professional certifications in the IT security field. Here are some of their powerful certifications:


Friday, 3 August 2012

$2.5 billion taken from world banks: OPERATION HIGH ROLLER


McAfee

In a recent report by McAfee and Guardian Analytics, it was found that a highly sophisticated and reoccurring cyber-attack has taken as much as $2.5 billion from bank accounts around Colombia, Europe and the U.S.A.


The report states that the organized criminal who deal with the malware have attempted to take $78 million  from accounts at 60 or more institutions, but it is stated that the total attempted fraud could go up to $2.5 billion if all were as successful as those discovered in the Netherlands.
It was named "Operation High Roller” and is formed by combination of a large understanding of banking transaction systems (highly possible from an insider) with a malicious code. The code requires no human interaction. 60 servers were found processing thousands of attempted thefts from high-value commercial accounts which included  large global banks, very rich individuals and credit unions.
The malware finds a victim automatically by searching for the highest value accounts and then transfers money to a prepaid debit card which is quickly emptied anonymously. It does this by altering the target's bank statement to conceal the theft. 
Reuters stated that “The new software allows the criminal to siphon money out at all hours, potentially increasing the number of hacked accounts and the speed with which they are drained.” It is said to be an advanced version of two existing malicious software, known as SpyEye and Zeus.