The Hacker News

Someone Hijacks Botnet Network & Replaces Malware with an Antivirus

vendredi 5 février 2016 à 10:28

The Dridex banking trojan that is widely being used by cyber criminals to distribute malware onto users’ machines has now been found distributing a security software.

A portion of the Dridex banking Trojan botnet may have been hacked or compromised by an unknown Whitehat Hacker, who replaced the malicious links with Avira Antivirus installers.

What is Dridex Banking Trojan? How it Works?

Dridex malware – also known as Bugat and Cridex – is believed to have been created by cyber criminals in Eastern Europe in an effort to harvest online banking details. Even after a high-profile takedown operation in late 2015, the Dridex botnet seems to be active again.

The Dridex virus typically distributes itself through spam messages or emails that include malicious attachments, most often a Microsoft Office file or Word document integrated with malicious macros.

Once the malicious file has been clicked, the macros download and install the main payload of the virus – the trojan program itself – from a hijacked server, which installs and runs on the victim's computer.

The Dridex trojan program then creates a keylogger on the infected machine and manipulates banking websites with the help of transparent redirects and web-injects.

This results in stealing victim's personal data like usernames and passwords, with an ultimate aim to break into bank accounts and siphon off cash.

Hacker replaces Trojan with Anti-virus

However, the recent Hack Surprises: Instead of distributing banking trojan, a portion of the Dridex botnet currently seems to be spreading legitimate copies of the free anti-virus software from Avira, as the company has announced itself.

"The content behind the malware download [link] has been replaced, it is now providing [a legitimate], up-to-date Avira web installer instead of the usual Dridex loader," explained Avira malware expert Moritz Kroll, reported Reg.

Avira believes that the white hat hacker or hackers may have hacked into a portion of infected web servers using the same flaws the malware authors used and then replaced the malicious code with the Avira installer.

So, once infected, instead of receiving Dridex malware, the victims get a valid, signed copy of Avira antivirus software.

"We still don't know exactly who is doing this with our installer and why – but we have some theories," said Kroll. "This is certainly not something we are doing ourselves."

Although the motives behind including the Avira software is still unclear, these kinds of actions are considered to be illegal in many countries, said Kroll.

What can be done to protect From Malware Attacks?

The guidance for preventing yourself from being a part of the Dridex Banking Trojan botnet is:

Ensure you have an updated antivirus program running on your PC, which should be able to intercept the malicious attachments before they are opened.
One of the best measures for securing your online environment is to deploy an Intrusion Detection System (IDS) at the network layer, which is especially useful to quickly detect malware and other threats in your network when integrated with a real-time threat intelligence and SIEM (Security Intelligence and Event Monitoring) solution, such as AlienVault Unified Security Management (USM).
Be careful of opening email attachments sent from an unknown email address, particularly (in this case) Microsoft Word and Excel files.
Disable Macros in MS Office, or at least set the Macros to request permission before they run.

Latest Windows 10 May Have a Linux Subsystem Hidden Inside

mercredi 3 février 2016 à 17:42

A Few Months Back, Microsoft impressed the world with 'Microsoft loves Linux' announcements, including, development of a custom Linux-based OS for running Azure Cloud Switch and selecting Ubuntu as the operating system for its Cloud-based Big Data services.

Also Read: Microsoft Drops a Cloud Data Center Under the Ocean.

Now, a renowned Windows Hacker and computer expert, who goes by the name ‘WalkingCat’, discovered that the latest version of Windows 10 may have a Linux subsystem secretly installed inside.

According to his tweets, hacker spotted two mysterious files, LXss.sys and LXCore.sys, in the most latest Windows 10 Redstone Build 14251, which are suspected to be part of Microsoft’s Project Astoria.

Project Astoria, also known as Windows Bridge for Android, is a toolkit that allows running Android apps on Windows 10 Mobile devices.

The naming convention for latest discovered files is very similar to the Android Subsystem files from Project Astoria, i.e. ADss.sys.

So, the "LX" in these name, however, can only be taken for one thing, and that is LINUX, which suggests the Windows 10 will have access to a Linux subsystem also.

Why a Linux Subsystem?

Since Windows 10 has been introduced as a Universal Operating system for all devices, so it might be possible that Microsoft wants to expand Project Astoria from mobile devices to desktop users.

If this comes to be true, adding a Linux subsystem will be beneficial in case Microsoft has plans to offer support for Linux applications, especially servers related technology and software.

Isn't this exciting?

Stay tuned to The Hacker News Facebook page for further developments on this topic.

Comodo's so-called 'Secure Internet Browser' Comes with Disabled Security Features

mercredi 3 février 2016 à 12:01

Beware Comodo Users!

Have you Safeguarded your PC with a Comodo Antivirus? Then you need to inspect your system for privacy and security concerns.

First of all, make sure whether your default browser had been changed to "Chromodo" -- a free browser offered by Comodo Antivirus.

If your head nod is "Yes," then you could be at risk!

Chromodo browser, which is supplied along with the installation of Comodo Anti-Virus Software and marketed as 'Private Internet Browser' for better security and privacy, automatically overrides system settings to set itself as your 'Default Browser.'

And secondly, the main security concern about Comodo Antivirus is that the Chromodo browser has 'Same Origin Policy' (SOP) disabled by default.

Google's security researcher Tavis Ormandy, recently shouted at Comodo for disabling SOP by default in its browser settings that violates one of the strongest browser security policy.

Ormandy notes that "all shortcuts are replaced with Chromodo links and all settings, cookies, etc are imported from Chrome. They also hijack DNS settings, among other shady practices."

Moreover, this is a total unethical movement to change default browser settings without users' knowledge.

Same Origin Policy (SOP) is one of the browser security policies that permits scripts running in a web browser to only make requests to pages on the same domain.

If enabled, Same Origin Policy will prevent malicious scripts on one page from obtaining access to sensitive data on another web page.

What If, Same Origin Policy is Disabled

To understand this, assume you are logged into Facebook and somehow visits a malicious website in another tab.

With SOP disabled, various malicious script files on that website could take over the control of your Facebook profile, allowing malicious actors to compromise your account with access to your private messages, post status updates, etc.

The same thing Comodo is doing with its users, by default disabling SOP in Chromodo that could allow attackers to:

Steal session authentication cookies.
Perform malicious actions through script code.
Even Replace trusted websites with attacker-created HTML design.

How to Check, If your Browser has SOP Enabled/Disabled

If you are still unsure whether your browser is SOP disabled, then visit this link.

If you are getting a prompt as "Browser appears to be fine," then you are out of danger.

But, if you are getting a negative approach such as "Your browser is not enforcing the SOP," you are advised to migrate to other browsers such as Chrome or Firefox for your self-defense against any malicious attack.

Stay Safe! Safe Tuned!

Here's Why Microsoft Drops a Cloud Data Center Under the Ocean

mercredi 3 février 2016 à 11:30

Where tech companies like Facebook and Google prefer to move their data centers to colder countries to reduce their air conditioning bill, Microsoft has come up with an even better home for data centers while cutting high energy costs for cooling them: Under the Sea.

Here's what Microsoft says:

"50% of us live near the coast. Why doesn't our data?"

Building massive data centers underwater might sound crazy, but it is exactly something Microsoft is testing with its first submarine data center, dubbed Leona Philpot.

World's First Underwater Data Center

The testing is part of Microsoft’s plan dubbed Project Natick — an ongoing research project to build and run a data center that is submerged in the ocean, which the company believes, could make data centers faster, cost-effective, environmentally friendly and easier to set up.

Leona Philpot (named after the Halo character from Microsoft's Xbox) was tested last August, when engineers placed an enormous steel capsule a kilometer off the California coast, 30 feet underwater in the Pacific Ocean.

A single datacenter computing rack was placed in an eight-foot-wide steel capsule, which was covered in around 100 sensors to monitor every aspect of the underwater conditions: pressure, humidity, and, most importantly, motion.

The test ran from August to November last year (exactly 105 days) and the engineers said it was more successful than expected.

Why Underwater Data Center?

According to Microsoft, these are the main reasons for experimenting with underwater data centers:

1. Air conditioning cost is one of the biggest pain in running data centers. Traditional data centers are believed to consume up to 3 percent of the world's electricity.

So, placing the data centers in the ocean eliminated the need for cooling and will highly cut energy costs required to cool the heat generated by the racks upon racks of servers that process and store the world's digital lives.

2. Half of the world's population is located within 200 kilometers of the coast, so placing data centers in the sea would reduce latency – the time data takes to travel from its source to customers, which simply means faster delivery of data.

3. Reduce the time to build a data center from 2 Years to 90 Days. Microsoft believes that if it can mass produce the steel capsules, the company could build data centers in just 90 days.

This would make its operations cheaper and much quicker than the time needed to set a data center up on land.

Moreover, the capsules designed by the company would also adopt new, innovative rack designs that do not even need to consider human interaction.

4. Use of Renewable Energy. The project's engineers even believe that in future, underwater data centers might be able to power themselves by renewable energy, as in this case, perhaps underwater turbines or tidal power to generate electricity.

5. Environment-Friendly. Microsoft will also be tackling environmental concerns related to underwater data centers. The company says its current underwater data center prototype emits an "extremely" small amount of heat energy into the surrounding waters.

A Few Limitations:

Data centers on land are open for IT engineers to fix issues and replace servers whenever required, but the company wants its undersea data centers to go without maintenance for years at a time.

Since Microsoft doesn't have a team of Scuba engineers, each Natick data center unit would operate for over 5 years without maintenance and then it would be dragged up to the surface to have its internal parts replaced.

Other obvious risks for submarine data centers could be saltwater that is corrosive and weather that can also be a problem, to name just two potential hurdles.

Future Of The Data Center

The company started working on this idea in 2013, but the development of a physical prototype began in 2014 and August last year with its first ever submarine data server, Leona Philpot.

Since Microsoft's Project Natick has been in its "early days," it is hard to say when underwater data centers can actually adopted. However, Microsoft has plans to design a new version of underwater data centers that's three times larger than Leona Philpot.

It is not just Microsoft; many tech companies are considering new ways of housing data. In 2013, Facebook located one of its latest state-of-the-art data centers in Luleå, the far north of Sweden, to make use of cheap, renewable energy generated by hydroelectric schemes and outside air for cooling.

Wikileak's Julian Assange Could Be Set Free On Friday by United Nation

mardi 2 février 2016 à 18:15

The decision of the United Nations investigation into the Julian Assange case is set to be revealed and could order the release of Wikileaks founder on February 5.

"BREAKING: UN set to announce decision on #Assange's release on Friday,"BREAKING: UN set to announce decision on #Assange's release on Friday," Wikileaks has tweeted.

Assange has been living in the Ecuadorian embassy in London for over 3 years, after being granted political asylum by the Ecuadorian government of the South American country.

UN Working Group on Arbitrary Detention (WGAD)

Assange has been residing in the embassy since 2012 to avoid extradition:

First to Sweden where he is facing sexual assault allegations, which he has always denied.
Ultimately to the United States where he could face cyber espionage charges for publishing classified US military and diplomat documents via his website Wikileaks.

The leak of publishing secret documents has amounted to the largest information leak in United States history. The US also launched a criminal case against Assange following the leak.

However, Assange filed a complaint against Sweden and the United Kingdom in September 2014 that has been considered by the UN Working Group on Arbitrary Detention.

The decision on the case will be published on Friday, and if the group concludes that Assange is being illegally detained, the UN is expected to call on the UK and Sweden to release him.