RLS BLOG

5 ferrari's aangehouden bij wegmisbruikers :D

2007-09-09T23:15:00.000-07:00

Hierbij dus de beelden -->

http://youtube.com/watch?v=qTMDAwlwIbI

Pirate bay Legal fun

2007-09-07T02:33:00.001-07:00

Prachtig mooi om de reacties van the pirate bay te zien op mails/brieven van advocaten.

http://thepiratebay.org/legal

Storm Botnet

2007-09-07T02:25:00.001-07:00

Er is een nieuwe bot in het wild gesignaleerd. STORMBOT, ik zal proberen hier flink wat informatie over te verzamelen.

iSECURE:
We've gotten a number of submissions about the new tricks the massive Storm botnet has been up to. Estimates of the size of this botnet range from 250K-1M to 5M-10M compromised machines. Reader cottagetrees notes a writeup at Exploit Prevention Labs on a new social engineering attack involving YouTube. The emails, which may be targeted at people who use private domain registrations, warn the recipient that their "face is all over 'net" on a YouTube video. The link is to a Storm-infected bot that attacks using the Q4Rollup exploit (a package of about a dozen encrypted exploits). And reader thefickler writes that the recent wave of "confirmation spam" is also due to Storm, as was the earlier, months-long "e-card from a friend" series of attack emails.

THNX FS @ Ryan :

A new round of storm worm attacks are playing on people's paranoia against being watched online.

This time the lure leads users to a "TOR download" page, which is... surprise, surprise... fake.

Clicking on the button in that webpage will download a malicious file called tor.exe into the system. This file is already detected as Email-Worm:W32/Zhelatin.IL.

Do note that the real TOR application is hosted on http://tor.eff.org/. For those unfamiliar with it, it is a system designed to enable its users to communicate anonymously over the Internet.

THNX FS @ ryan:

Stormbot Hits Blogger:
Researchers have discovered the Storm Trojan nestled in hundreds of blog sites in Google's Blogger network, according to an article in Dark Reading. And this isn't simple comment spam, but actual blogs that post spam, and now, Storm executable files. A researcher who's been tracking the Storm-infested blog sites says he's working with Google to clean up this latest appearance of Storm."

Careful whose blog you're reading these days: Researchers have discovered the Storm Trojan nestled in hundreds of blog sites in Google's Blogger network.

This Storm infection is not simple comment spam, where spammers post their junk messages and malware as blog comments. "These are blogs that post spam," says Alex Eckelberry, CEO of Sunbelt Software, who has been studying the posts. He says he hasn't seen any legitimate blogs bites being hacked and sprinkled with Storm, but he's still researching the trend.

Eckelberry, who first discovered Storm executable files on several blogger sites this week, says Storm is showing up on blogs that use the mail-2-blogger feature, where bloggers can post via email. Google does have a CAPTCHA defense in place to prevent this kind of infection, requiring some bloggers to manually enter their code in order to post their blogs.

"But these guys are somehow flying under the radar," Eckelberry says. "I have no idea how they are doing this."

One site he found that's laden with Storm as well as spam junk is http://www.visionbuzz.blogspot.com/, for instance. And a Google search for Storm's infamous keywords, including "dude what if you wife finds this" and "man your insane," comes up with hundreds of blog sites, he says.

Storm is often referred to as a worm, but it's technically a Trojan. It relies on social engineering, with a tempting message and link, and it's all about expanding spam and the underlying botnet behind it, notes Joe Stewart, senior security researcher for SecureWorks. Although it's less dangerous than a traditional worm, it ranks in the top five most prolific threats, he says.

"You're not in danger of identity theft -- it's really not all that dangerous to the person who's been infected... It's really more dangerous to the Internet architecture as a whole," he says.

The Trojan gives Storm's bot army the ability to launch powerful distributed denial of services attacks, Stewart says. "But that's not its only purpose. It's also to make money, [such as from] stock spam."

"It's very disturbing to have Storm executables being linked onto sites we can control. But blog sites that Storm is operating off of are hard to control," Eckelberry says. "We've been working with Google in getting this shut down, and Google has been very helpful."

Why are the bad guys starting to plant Storm executables in blogs? "It's all about the numbers," says Randy Abrams, director of technical education for Eset, an anti-malware vendor. "The more places you can get the links out to, the more uneducated users you will trick into clicking on them and then infecting themselves. This, in turn, expands the botnet, which increases the profitability of [the exploit]."

Zodra ik meer info vind plaats ik het hier :)

Vind exploits voor geld!

2007-09-07T02:22:00.000-07:00

Er is een beloning uitgeloofd voor de gene die een Zero day Remote exploit vind in : Apache, BIND, Sendmail, OpenSSH. IIS, or Exchange. De beloning is $16.000

iDefense just announced a bounty of $16,000 for remotely exploitable zero-day flaw in Apache, BIND, Sendmail, OpenSSH. IIS, or Exchange. This comes on the heals of the $10,000 plus a MacBook recently awarded by CanSecWest for remotely exploiting an OSX laptop.

While there are similarities between the two offers (not to mention iDefense and others standing bounty programs) both of these challenges raise the bar for spl0its. While $10K isn’t exactly chump change it is definitely worth a few days of banging away to find a hole in a system. In the case of iDefense’s latest offer of $16K many researchers are claiming that it is just not enough to motivate them to invest the work required to find such a hole in the listed software packages.

For the vast majority of researchers I suspect that this is true. The people capable of finding these holes all have jobs that pay at least five times that much if not more and if they don’t they should. $16K to them is probably chump change, at least compared to the effort and work required to find a viable exploit in these very robust packagaes.

However, I suspect that there are smart people elsewhere in the world for which 16,000 United States dollars might actually mean something. People who might be willing to put in the long hours and hard work required to find such a hole. If such a hole is found the question then becomes if it is worth only $16K or can they make more from it elsewhere? Think about it. A remote code execution vulnerability found in Sendmail, Apache or OpenSSH, what could you do with such a hole if not tied down by morals and ethics? Would you sell it for a measly $16K?

But really, sploits for dollars? Is that really the type of security model we should be promoting? Unfortunately the days of finding holes for sheer thrill, the glory, and the girliez seem to be far behind us. Is finding holes for a bounty any different than finding them for a salary?

The bigger question of course is disclosure. How holes are found isn’t as big an issue as what happens after they are discovered. Should the hole be disclosed or kept secret. If it is to be disclosed should there be a delay until a patch is available or announce immediately and leave unknowing people vulnerable? Should all holes even be patched?

US Defense Department Mail servers Gehackt

2007-09-07T02:20:00.000-07:00

Het lijkt dat china bezig is geweest enkele servers van Het US Defense Department te hacken, zo bericht securityfocus!

We've all seen in the news that the US Defense Department's mail servers were hacked earlier this year in June apparently by China. Just last week German news magazine Der Spiegel alleged that the Chinese had hacked into German government computers.

Now, the Guardian newspaper has accused the Chinese government of penetrating systems belonging to the United Kingdom to steal sensitive data.
British government agencies have, according to the report, been targeted by Chinese hackers for years. Attacks, which may have originated from Chinese army circles, have been directed at targets including the network at the British Foreign Office. According to the newspaper, government sources have stated that other major government departments may also have been affected. The Ministry of Defence has refused to comment on whether it too has been affected. Security and defence officials are coy about what they know of specific attacks. However, they say several Whitehall departments have fallen victim to China's cyberwarriors. One expert described it as a "constant ongoing problem".

The Chinese military has demonstrated its ability to carry out attacks which disable US government systems, according to information provided by a former Pentagon employee on the results of investigations aimed at conclusively identifying the origin of the attacks. According to The Guardian, US security agencies have assigned the growing number of Chinese cyber attacks the codename "Titan Rain". The recent infection of German government computers with trojans can also allegedly be traced back to the Chinese People's Liberation Army.

refs:-
http://www.guardian.co.uk/technology/2007/sep/04/news.internet
http://www.heise-security.co.uk/news/95515
http://www.securityfocus.com/news/11485

Hackers Selling Vista Zero-Day Exploit

2007-09-07T02:15:00.000-07:00

Vista lijkt toch niet zo veilig als Microsoft beweerd, op de zwarte markt zijn tegenwoordig vista exploits te koop voor $50.000 per stuk.

Bron : eweek

Underground hackers are hawking zero-day exploits for Microsoft's new Windows Vista operating system at $50,000 a pop, according to computer security researchers at Trend Micro.
The Windows Vista exploit—which has not been independently verified—was just one of many zero-days available for sale at an auction-style marketplace infiltrated by the Tokyo-based anti-virus vendor.

In an interview with eWEEK, Trend Micro's chief technology officer, Raimund Genes, said prices for exploits for unpatched code execution flaws are in the $20,000 to $30,000 range, depending on the popularity of the software and the reliability of the attack code.
Bots and Trojan downloaders that typically hijack Windows machines for use in spam-spewing botnets were being sold for about $5,000, Genes said.
The Trend Micro discovery highlights the true financial value of software vulnerability information and serves as further confirmation that a lucrative underground market exists for exploit code targeting unpatched flaws.
Back in December 2005, researchers at Kaspersky Lab in Moscow found evidence that the exploit code used in the WMF (Windows Metafile) attack was being peddled by Russian hacker groups for $4,000.
However, according to Genes, the typical price of a destructive exploit has increased dramatically, driving an underground market that could exceed the value of the legitimate security software business.
"I think the malware industry is making more money than the anti-malware industry," Genes said.

Trend Micro's researchers also found the underground marketplace saturated with personal data stolen in phishing attacks and virtual currency hijacked from online gamers.
Genes said the average prices for credit card and bank log-in data can vary dramatically, depending on the bank's brand and the way the data is mapped to names, Social Security numbers, dates of birth and physical addresses.
A custom Trojan capable of stealing online account information can be bought for between $1,000 and $5,000, while a botnet-building piece of malware can cost between $5,000 and $20,000, Genes said.

Credit card numbers with valid PINs are sold for $500 each, while billing data that includes an account number, physical address, Social Security number, home address and birth date can be found for between $80 and $300.
The auction marketplace is also selling driver's licenses for $150, birth certificates for $150, Social Security cards for $100, and credit card numbers with security code and expiration date for between $7 and $25.
PayPal or eBay account credentials are available for $7, Genes said.