Archive | April, 2012

Russian Cyber-Crime Market Doubled In 2011

Use Netsparker


It’s been quite a while since we’ve posted any news about Russia, so here’s an article which in some ways is quite scary.

The global cybercrime market is being dominated by Russian-speaking nations and their activity doubled in 2011. It’s certainly a disproportionate amount of crime when you look at their population size.

Cybercrime is a HUGE business, especially when it comes to malware and trojans targeting banking details and the follow on phishing scams.

Russian-speaking criminals grabbed more than a third of the entire global cybercrime market in 2011 as a growth in online fraud activity turned the country into a major digital crime superpower, a new report has suggested.

Russian cybercriminals earned $4.5 billion in 2011

The State and Trends of the Russian Digital Crime market 2011 from Russian security research company Group-IB estimates (using public and partner data) that the global cybercrime market reached around $12.5 billion (APS7.74 billion) in size during the year, with Russians and Russian speakers (including those outside the country) accounting for $4.5 billion of that total.

At the same time, using its own internally-collected analysis, the Russia-only cybercrime market doubled to $2.3 billion compared to 2010, a disproportionate level of activity considering the country’s modest 143 million population.

The top Russian cybercrime activity was online fraud, equivalent to almost a billion dollars in revenue, just ahead of spam on $830 million, internal market services on $230 million and DDoS on with $130 million.

As well as startling growth, the Russian cybercrime scene also saw consolidation into larger, more organised groups increasingly controlled by conventional crime mafias. There was also evidence of co-operation between these groups, and the growth of an important internal ‘crime-to-crime’ (C2C) market to support its activities.

$12.5 Billion dollars is a LOT of zeros, that was the estimate of the money lost in 2011 to cybercrime. That’s almost $2 per person for the ENTIRE population of the World, that’s what I would colloquially call a shitload of cash.

It doesn’t stop there too, it amazes me that DDoS attacks are a multi-million dollar business! In Russia alone, according to this report anyway, these crims earnt $130 million USD carrying out DDoS attacks!


Coming from a Russian-based group of researchers, the report makes fascinating reading. There is a wealth of anecdotal evidence from crime busts and malware trends that Russia is a key hub for crybercrime but hard numbers are seldom put on its inner workings or business model.

An obvious question is why Russia has become such an important country for cybercrime. Beyond the traditional explanation of the large number of relatively poorly-paid programmers in the country, Group-IB also underlines the importance of policing and local laws.

The researchers note the case of Yevgeniy Anikin and Viktor Pleschuk, who were part of the gang that stole $10 million from the Royal bank of Scotland’s WorldPay ATM system in 2008 And yet received suspended sentences from Russian courts.

“Thus, because of imperfections in Russian laws and the lack of severe penalties, stable law enforcement practice, and regular training regarding counter cybercrime measures, cybercriminals are disproportionately [not held] liable for the crimes they commit,” note the researchers.

“The cybercrime market originating from Russia costs the global economy billions of dollars every year,” said Group-IB’s CEO, Ilya Sachkov.

The lax laws when it comes to cybercrime in Russia aren’t going to help the situation, but sadly – I’m not sure if they will even care.

If you want to read the original report you can do so here:

State and Trends of the Russian Digital Crime market 2011 [PDF]

Source: Network World

Posted in: Malware, Phishing, Spammers & Scammers

Topic: Malware, Phishing, Spammers & Scammers


Latest Posts:


Gerix WiFi Cracker - Wireless 802.11 Hacking Tool With GUI Gerix WiFi Cracker – Wireless 802.11 Hacking Tool With GUI
Gerix WiFi cracker is an easy to use Wireless 802.11 Hacking Tool with a GUI, it was originally made to run on BackTrack and this version has been updated for Kali (2018.1).
Malcom - Malware Communication Analyzer Malcom – Malware Communication Analyzer
Malcom is a Malware Communication Analyzer designed to analyze a system's network communication using graphical representations of network traffic.
WepAttack - WLAN 802.11 WEP Key Hacking Tool WepAttack – WLAN 802.11 WEP Key Hacking Tool
WepAttack is a WLAN open source Linux WEP key hacking tool for breaking 802.11 WEP keys using a wordlist based dictionary attack.
Eraser - Windows Secure Erase Hard Drive Wiper Eraser – Windows Secure Erase Hard Drive Wiper
Eraser is a hard drive wiper for Windows which allows you to run a secure erase and completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns.
Insecure software versions are a problem Web Security Stats Show XSS & Outdated Software Are Major Problems
Netsparker just published some anonymized Web Security Stats about the security vulnerabilities their online solution identified on their users’ web applications and web services during the last 3 years.
CTFR - Abuse Certificate Transparency Logs For HTTPS Subdomains CTFR – Abuse Certificate Transparency Logs For HTTPS Subdomains
CTFR is a Python-based tool to Abuse Certificate Transparency Logs to get subdomains from a HTTPS website in a few seconds.


creepy – A Geolocation Information Aggregator AKA OSINT Tool

The New Acunetix V12 Engine


creepy is an application that allows you to gather geolocation related information about users from social networking platforms and image hosting services. The information is presented in a map inside the application where all the retrieved data is shown accompanied with relevant information (i.e. what was posted from that specific location) to provide context to the presentation.

Creepy

Features

  • Automatic caching of retrieved information in order to reduce API calls and the possibility of hiting limit rates.
  • GUI with navigateable map for better overview of the accumulated information
  • 4 Maps providers (including Google Maps) to use.
  • Open locations in Google Maps in your browser
  • Export retrieved locations list as kmz (for Google Earth) or csv files.
  • Handling twitter authentication in an easy way using oAuth. User credentials are not shared with the application.
  • User/target search for twitter and flickr.

Map Providers

  • Google Maps
  • Virtual Maps
  • Open Street Maps

Information Retrieval Using

  • Twitter’s tweet location
  • Coordinates when tweet was posted from mobile device
  • Place (geographical name) derived from users ip when posting on twitter’s web interface. Place gets translated into coordinates using geonames.com
  • Bounding Box derived from users ip when posting on twitter’s web interface.The less accurate source , a corner of the bounding box is selected randomly.
  • Geolocation information accessible through image hosting services API
  • EXIF tags from the photos posted.

Social Networking Platforms Supported

  • Twitter
  • Foursquare (only checkins that are posted to twitter)
  • Gowalla (only checkins that are posted to twitter)

Image Hosting Services Supported

  • flickr – information retrieved from API
  • twitpic.com – information retrieved from API and photo exif tags
  • yfrog.com – information retrieved from photo exif tags
  • img.ly – information retrieved from photo exif tags
  • plixi.com – information retrieved from photo exif tags
  • twitrpix.com – information retrieved from photo exif tags
  • foleext.com – information retrieved from photo exif tags
  • shozu.com – information retrieved from photo exif tags
  • pickhur.com – information retrieved from photo exif tags
  • moby.to – information retrieved from API and photo exif tags
  • twitsnaps.com – information retrieved from photo exif tags
  • twitgoo.com – information retrieved from photo exif tags

You can download creepy here:

CreepySetup_0.1.94.exe

Or read more here.

Posted in: Privacy, Web Hacking

Topic: Privacy, Web Hacking


Latest Posts:


Gerix WiFi Cracker - Wireless 802.11 Hacking Tool With GUI Gerix WiFi Cracker – Wireless 802.11 Hacking Tool With GUI
Gerix WiFi cracker is an easy to use Wireless 802.11 Hacking Tool with a GUI, it was originally made to run on BackTrack and this version has been updated for Kali (2018.1).
Malcom - Malware Communication Analyzer Malcom – Malware Communication Analyzer
Malcom is a Malware Communication Analyzer designed to analyze a system's network communication using graphical representations of network traffic.
WepAttack - WLAN 802.11 WEP Key Hacking Tool WepAttack – WLAN 802.11 WEP Key Hacking Tool
WepAttack is a WLAN open source Linux WEP key hacking tool for breaking 802.11 WEP keys using a wordlist based dictionary attack.
Eraser - Windows Secure Erase Hard Drive Wiper Eraser – Windows Secure Erase Hard Drive Wiper
Eraser is a hard drive wiper for Windows which allows you to run a secure erase and completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns.
Insecure software versions are a problem Web Security Stats Show XSS & Outdated Software Are Major Problems
Netsparker just published some anonymized Web Security Stats about the security vulnerabilities their online solution identified on their users’ web applications and web services during the last 3 years.
CTFR - Abuse Certificate Transparency Logs For HTTPS Subdomains CTFR – Abuse Certificate Transparency Logs For HTTPS Subdomains
CTFR is a Python-based tool to Abuse Certificate Transparency Logs to get subdomains from a HTTPS website in a few seconds.


Anonymous Take Down Official F1 Site As Bahrain Protest

Use Netsparker


It seems like the latest target for Anonymous is the F1 due to the race that took place in Bahrain and the human rights issues in the country.

They DDoSed the official F1 site (formula1.com), which was up and down on Saturday and defaced another related site (f1-racers.net) which also contains some details from ticket sales.

I’m not entirely sure if it’s really Anonymous behind this or another fragment as the Blogspot has been killed and the AnonOps Twitter account hasn’t been updated since March 22nd.

Hackers claiming to be from Anonymous have taken down the official Formula One website as protests grow over this weekend’s controversial Grand Prix in the Kingdom of Bahrain.

“The F1 Grand Prix in Bahrain should be strongly opposed. The Al Khalifa regime stands to profit heavily off the race and has promised to use live ammunition against protestors in preparation,” the group said in a statement.

“They have already begun issuing collective punishment to entire villages for protests and have promised further retribution ‘to keep order’ for the F1 events in Bahrain. The Formula 1 racing authority was well-aware of the Human Rights situation in Bahrain and still chose to contribute to the regime’s oppression of civilians and will be punished.”

The statement also called for the release of Abdulhadi Alkhawaja, a prominent local human rights activist who was arrested at his home in April 2011 and sentenced to life in prison two months later on charges of aiding terrorist organizations. Amnesty International has declared him a ‘prisoner of conscience’ and he is now in the 70th day of a hunger strike.

So far the race looks like it will be going ahead anyway, although some members of the Force India team have left the country following an incident earlier in the week where they were caught in a riot and tear gassed. The country’s Crown Prince said to cancel the race now would “empower extremists,” Reuters reports.

The F1 in Bahrain went ahead without incident, the race track was heavily guarded by police with dogs etc. Bernie Ecclestone has also stated that he sees no reason to drop Bahrain from future F1 schedules, despite the controversy it provoked.

It’ll be interesting to see if the F1 now becomes a mainstay target for the Anonymous movement and their offshoots – F1 could suffer some serious damage from this.

The race was cancelled last year due to protests.


Bahrain was the first Middle Eastern state to hold a Formula One race in 2004 and the ruling family has a significant stake in the McLaren racing team. The 2011 race was cancelled after protests erupted across the country.

The protests began on Valentine’s Day last year, as part of the wave of uprisings across the Arab world. While uprisings in Tunisia, Egypt and Libya were successful (with some help from NATO in the last case,) the Bahraini uprising, which saw over 100,000 people take to the streets, was quickly crushed when the royal family asked the Saudi Arabian army to intervene. The US Navy 5th Fleet, which is based in Bahrain, did not take part.

After the initial uprising the former Metropolitan Police assistant commissioner John Yates, who resigned after being heavily criticized for his conduct of an investigation into the News of The World hacking scandal, was hired by the Bahraini royal family to investigate human rights abuses that may or may not have taken place.

Yates reportedly wrote to FIA president Jean Todt earlier this month, telling him that the protests were not as serious as the media was reporting and said he felt safer in Bahrain than he did in some parts of London.

“These are criminal acts being perpetrated against an unarmed police force who, in the face of such attacks, are acting with remarkable restraint,” he wrote. “They are not representative of the vast majority of delightful, law-abiding citizens that represent the real Bahrain that I see every day.”

The whole Anonymous thing has been pretty quiet lately, the last major target I recall was OccupyWallStreet, the Vatican and a few others. The last time we reported on Anonymous was about – Former LulzSec Leader Sabu Flips Sides & Informs For The FBI.

I guess the movement might have gotten too much press and there have been a LOT of arrests so it’s probably fragmented and gone a lot more underground – communicating offline and over more secure channels.

Source: The Register

Posted in: Exploits/Vulnerabilities, Web Hacking

Topic: Exploits/Vulnerabilities, Web Hacking


Latest Posts:


Gerix WiFi Cracker - Wireless 802.11 Hacking Tool With GUI Gerix WiFi Cracker – Wireless 802.11 Hacking Tool With GUI
Gerix WiFi cracker is an easy to use Wireless 802.11 Hacking Tool with a GUI, it was originally made to run on BackTrack and this version has been updated for Kali (2018.1).
Malcom - Malware Communication Analyzer Malcom – Malware Communication Analyzer
Malcom is a Malware Communication Analyzer designed to analyze a system's network communication using graphical representations of network traffic.
WepAttack - WLAN 802.11 WEP Key Hacking Tool WepAttack – WLAN 802.11 WEP Key Hacking Tool
WepAttack is a WLAN open source Linux WEP key hacking tool for breaking 802.11 WEP keys using a wordlist based dictionary attack.
Eraser - Windows Secure Erase Hard Drive Wiper Eraser – Windows Secure Erase Hard Drive Wiper
Eraser is a hard drive wiper for Windows which allows you to run a secure erase and completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns.
Insecure software versions are a problem Web Security Stats Show XSS & Outdated Software Are Major Problems
Netsparker just published some anonymized Web Security Stats about the security vulnerabilities their online solution identified on their users’ web applications and web services during the last 3 years.
CTFR - Abuse Certificate Transparency Logs For HTTPS Subdomains CTFR – Abuse Certificate Transparency Logs For HTTPS Subdomains
CTFR is a Python-based tool to Abuse Certificate Transparency Logs to get subdomains from a HTTPS website in a few seconds.


NfSpy – ID-spoofing NFS Client Tool – Mount NFS Shares Without Account

The New Acunetix V12 Engine


We wrote about this tool originally last year – NfSpy – ID-spoofing NFS Client – Falsify NFS Credentials – and a new version just came out!

NfSpy has just been updated to support NFSv3, a more efficient and widespread protocol than the previous NFSv2. NfSpy is a FUSE filesystem written in Python that automatically changes UID and GID to give you full access to any file on an NFS share. Use it to mount an NFS export and act as the owner of every file and directory.

NFS before version 4 is reliant upon host trust relationships for authentication. The NFS server trusts any client machines to authenticate users and assign the same user IDs (UIDS) that the shared filesystem uses. This works in NIS, NIS+, and LDAP domains, for instance, but only if you know the client machine is not compromised, or faking its identity. This is because the only authentication in the NFS protocol is the passing of the UID and GID (group ID). There are a few things that can be done to enhance the security of NFS, but many of them are incomplete solutions, and even with all three listed here, it could still be possible to circumvent the security measures.

Features

  • Use filehandles from packet captures instead of asking mountd.
  • Hide from sysadmins by immediately “unmounting” while retaining access
  • Specify port/protocol for NFS or Mountd if you don’t have access to the portmapper

You can download NfSpy here:

NfSpy.zip

Or read more here.

Posted in: Hacking Tools, Linux Hacking, Networking Hacking

Topic: Hacking Tools, Linux Hacking, Networking Hacking


Latest Posts:


Gerix WiFi Cracker - Wireless 802.11 Hacking Tool With GUI Gerix WiFi Cracker – Wireless 802.11 Hacking Tool With GUI
Gerix WiFi cracker is an easy to use Wireless 802.11 Hacking Tool with a GUI, it was originally made to run on BackTrack and this version has been updated for Kali (2018.1).
Malcom - Malware Communication Analyzer Malcom – Malware Communication Analyzer
Malcom is a Malware Communication Analyzer designed to analyze a system's network communication using graphical representations of network traffic.
WepAttack - WLAN 802.11 WEP Key Hacking Tool WepAttack – WLAN 802.11 WEP Key Hacking Tool
WepAttack is a WLAN open source Linux WEP key hacking tool for breaking 802.11 WEP keys using a wordlist based dictionary attack.
Eraser - Windows Secure Erase Hard Drive Wiper Eraser – Windows Secure Erase Hard Drive Wiper
Eraser is a hard drive wiper for Windows which allows you to run a secure erase and completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns.
Insecure software versions are a problem Web Security Stats Show XSS & Outdated Software Are Major Problems
Netsparker just published some anonymized Web Security Stats about the security vulnerabilities their online solution identified on their users’ web applications and web services during the last 3 years.
CTFR - Abuse Certificate Transparency Logs For HTTPS Subdomains CTFR – Abuse Certificate Transparency Logs For HTTPS Subdomains
CTFR is a Python-based tool to Abuse Certificate Transparency Logs to get subdomains from a HTTPS website in a few seconds.


Android Trojan Targets Japanese Market – Steals Personal Data

The New Acunetix V12 Engine


Early last year we wrote about China Facing Problems With Android Handsets & Pre-installed Trojans, then later last year there was a possibility Cybercrooks May Be Able To Force Mobile Phones To Send Premium-Rate SMS Messages.

The latest news about Android malware is malicious apps that are in the official Google marketplace (called Play) – they are masquerading as apps to deliver trailers for various content – but in fact steals your data in the background.

Security experts are warning of yet more malicious applications found on Google’s official online apps market Play, this time designed to steal personal data in the background while promising to show trailers for Japanese anime, video games and porn.

McAfee malware researcher Carlos Castillo explained in a blog post that the new Android Trojan had been discovered in 15 applications on Google Play so far and downloaded by at least 70,000 users.

The malware, specifically designed to target Japanese users, is hidden in apps which show internet-based video trailers.

On installation, the malicious apps request the user grants them permission to read contact data and read phone state and identity which.

If granted by the user, this will enable them to pilfer Android ID, phone number and the victim’s entire contacts list including names, email addresses and phone numbers.

It will then attempt to send the data in clear text to a remote server and, if successful, will request a video from that same server to display, said Castillo.

I think most of us are pretty safe from this set of nasties though as it targets the Japanese market specifically. It is a general problem with Android apps though, most of them ask for far more permissions than they actually need to function (lazy devs perhaps?) so Android users are very used to granting all kinds of permissions to fairly simple apps.

Thankfully McAfee mobile security app does detect these as a threat (although how many people really have AV software on their phones?!).


“Due the privacy risk that these applications represent to Android customers, all of them have been removed from the market,” he cautioned.

“McAfee Mobile Security detects these threats as Android/DougaLeaker.A. Users should verify in the Google Play market prior installation that the application does not request permission to perform actions not related to its purpose.”

Google’s relatively open Android ecosystem has led to a huge surge in malware hidden in legitimate looking applications.

Apart from data-sucking Trojans, cyber criminals have looked to distribute apps containing premium dialler malware, SMS fraud Trojans and malware designed to turn a user’s handset into a bot.

Worryingly, two-thirds of Android anti-malware scanners are not up to the task, according to recent research from AV-Test.

The firm said that there are more than 11,000 strains of malware in the wild targeted at the platform – a figure growing at some pace.

Google does seem to be fairly on top of removing these apps from the marketplace as soon as they are reported and verified as malware. I’d have though they should integrate some kind of malware scan (including heuristic scanning for dodgy calls) to Google Play when someone adds a new app.

As always just be careful what you’re downloading and what you are giving permissions to. If you are paranoid, hook your phone up to your desktop and proxy all the traffic through there and get sniffing.

Source: The Register

Posted in: Malware, Privacy, Spammers & Scammers

Topic: Malware, Privacy, Spammers & Scammers


Latest Posts:


Gerix WiFi Cracker - Wireless 802.11 Hacking Tool With GUI Gerix WiFi Cracker – Wireless 802.11 Hacking Tool With GUI
Gerix WiFi cracker is an easy to use Wireless 802.11 Hacking Tool with a GUI, it was originally made to run on BackTrack and this version has been updated for Kali (2018.1).
Malcom - Malware Communication Analyzer Malcom – Malware Communication Analyzer
Malcom is a Malware Communication Analyzer designed to analyze a system's network communication using graphical representations of network traffic.
WepAttack - WLAN 802.11 WEP Key Hacking Tool WepAttack – WLAN 802.11 WEP Key Hacking Tool
WepAttack is a WLAN open source Linux WEP key hacking tool for breaking 802.11 WEP keys using a wordlist based dictionary attack.
Eraser - Windows Secure Erase Hard Drive Wiper Eraser – Windows Secure Erase Hard Drive Wiper
Eraser is a hard drive wiper for Windows which allows you to run a secure erase and completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns.
Insecure software versions are a problem Web Security Stats Show XSS & Outdated Software Are Major Problems
Netsparker just published some anonymized Web Security Stats about the security vulnerabilities their online solution identified on their users’ web applications and web services during the last 3 years.
CTFR - Abuse Certificate Transparency Logs For HTTPS Subdomains CTFR – Abuse Certificate Transparency Logs For HTTPS Subdomains
CTFR is a Python-based tool to Abuse Certificate Transparency Logs to get subdomains from a HTTPS website in a few seconds.


web-sorrow – Remote Web Security Scanner (Enumeration/Version Detection etc)

The New Acunetix V12 Engine


web-sorrow is a PERL based tool used for checking a Web server for misconfiguration, version detection, enumeration, and server information. It is NOT a vulnerability scanner, inspection proxy, DDoS tool or an exploitation framework.

Current Functionality

  • -S – stands for standard. a set of Standard tests and includes: indexing of directories testing, banner grabbing, language detection (should be obvious), robots.txt, and 200 response testing (some servers send a 200 ok for every req)
  • -Eb – stands for error bagging. The default config for servers is to put the server daemon and version and sometimes even the OS inside of error pages. web-sorrow reqs a URl of 20 random bytes with get and post methods.
  • -auth – looks for login pages with a list of some of the most common login files and dirs. We don’t need to be very big list of URLs because what else are going to name it?
  • -cmsPlugins – run a huge list of plugins dirs for cms servers. the list is a bit old (2010)
  • -I – searches the responses for interesting strings
  • -Ws – looks for web services such as hosting provider, blogging services, favicon fingerprinting, and cms version info
  • -Fd – look for generally things people don’t want you to see. The list is generated form a TON of robot.txt so whatever it finds should be interesting.
  • -proxy – send all http reqs via a proxy. example: 255.255.255.254:8080
  • -e – run all the scans in the scanner

web-sorrow also has false positives checking on most of it’s requests (it pretty accurate but not perfect).

Examples

basic:

look for login pages:

most intense scan possible:

You can download web-sorrow here:

Wsorrow_v1.3.0.zip

Or read more here.

Posted in: Hacking Tools, Networking Hacking, Web Hacking

Topic: Hacking Tools, Networking Hacking, Web Hacking


Latest Posts:


Gerix WiFi Cracker - Wireless 802.11 Hacking Tool With GUI Gerix WiFi Cracker – Wireless 802.11 Hacking Tool With GUI
Gerix WiFi cracker is an easy to use Wireless 802.11 Hacking Tool with a GUI, it was originally made to run on BackTrack and this version has been updated for Kali (2018.1).
Malcom - Malware Communication Analyzer Malcom – Malware Communication Analyzer
Malcom is a Malware Communication Analyzer designed to analyze a system's network communication using graphical representations of network traffic.
WepAttack - WLAN 802.11 WEP Key Hacking Tool WepAttack – WLAN 802.11 WEP Key Hacking Tool
WepAttack is a WLAN open source Linux WEP key hacking tool for breaking 802.11 WEP keys using a wordlist based dictionary attack.
Eraser - Windows Secure Erase Hard Drive Wiper Eraser – Windows Secure Erase Hard Drive Wiper
Eraser is a hard drive wiper for Windows which allows you to run a secure erase and completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns.
Insecure software versions are a problem Web Security Stats Show XSS & Outdated Software Are Major Problems
Netsparker just published some anonymized Web Security Stats about the security vulnerabilities their online solution identified on their users’ web applications and web services during the last 3 years.
CTFR - Abuse Certificate Transparency Logs For HTTPS Subdomains CTFR – Abuse Certificate Transparency Logs For HTTPS Subdomains
CTFR is a Python-based tool to Abuse Certificate Transparency Logs to get subdomains from a HTTPS website in a few seconds.