http://www.hellboundhackers.org HellBoundHackers RSS Feed en-GB mr_cheese@hellboundhackers.org (Mr_Cheese) mr_cheese@hellboundhackers.org (Mr_Cheese) Thu, 10 May 2012 22:45:17 +0100 Thu, 10 May 2012 22:45:17 +0100 HellBoundHackers RSS 2.0 generation class http://www.hellboundhackers.org/news/rss.xml http://www.hellboundhackers.org/526-iran-confirms-cyberattacks-against-oil-facilities.html Iran's oil ministry today confirmed that it was the target of malware attacks over the weekend, adding to reports by state-run media that the country's oil industry was hit by hackers. The Mehr News Agency, which is a semi-official arm of the Iranian government, reported Monday that the country's principal oil terminal on Kharg Island was disconnected from the Internet as part of the response to the attacks. Email systems associated with the targets were also pulled offline. Kharg Island, which is in the Persian Gulf off the western coast of Iran, handles the bulk of the country's oil exports. A spokesman for the Ministry of Petroleum acknowledged the attacks, but said that critical servers at the reported targets -- the ministry, Iran's national oil company and Kharg Island -- were not affected because they are isolated from the Internet. The ministry spokesman also said that the malware, which he did not identify, resulted in the theft of some user information from websites and some minor damage to data stored on the web servers. According to the ministry, no data was actually lost because backups were available. Later Monday, Mehr reported that the attacks had prompted authorities to create a crisis management committee to counter the threats. Those reports were echoed Monday by the Fars News Agency, which also has ties to the Iranian government. The attacks immediately brought to mind Stuxnet, the worm that targeted Iran's nuclear fuel enrichment project in 2009, and reportedly set back the program after damaging hundreds of gas centrifuges. Tue, 24 Apr 2012 09:19:34 +0100 http://www.hellboundhackers.org/526-iran-confirms-cyberattacks-against-oil-facilities.html http://www.hellboundhackers.org/525-google-boosts-web-bug-bounties-to-20000.html Google today dramatically raised the bounties it pays independent researchers for reporting bugs in its core websites, services and online applications. The search giant boosted the maximum reward from $3,133 to $20,000, and added a $10,000 payment to the program. The Vulnerability Reward Program (VRP) will now pay $20,000 for vulnerabilities that allow remote code execution against google.com, youtube.com and other core domains, as well as what the company called "highly sensitive services" such as its search site, Google Wallet, Gmail and Google Play. Remote code flaws found in Google's Web apps will also be rewarded $20,000. The term "remote code execution" refers to the most serious category of vulnerabilities, those which when exploited allow an attacker to hijack a system and/or plant malware on a machine. A $10,000 bounty will be paid for SQL injection bugs or "significant" authentication bypass or data leak vulnerabilities, Google said in the revised rules for the program. Other bugs, including cross-site scripting (XSS) and cross-site request forgery (XSRF) flaws, will be compensated with payments between $100 and $3,133, with the amount dependent on the severity of the bug and where the vulnerability resides. Tue, 24 Apr 2012 09:10:23 +0100 http://www.hellboundhackers.org/525-google-boosts-web-bug-bounties-to-20000.html http://www.hellboundhackers.org/524-mac-flashback-malware.html Apple's Mac platform has long been promoted as safer than the competition, but as Mac sales and market share grow, it's become a bigger target. Nowhere is that clearer than with the Flashback Trojan, a gnarly piece of malware designed to steal personal information by masquerading as very mainstream browser plug-ins. Yesterday Russian antivirus company Dr. Web said that an estimated 600,000 Macs are now infected as a result of users unknowingly installing the software. So here's a quick FAQ on the Flashback Trojan, including information on what it is, how to tell if you have it, and steps you can take to get rid of it. What exactly is Flashback? Flashback is a form of malware designed to grab passwords and other information from users through their Web browser and other applications such as Skype. A user typically mistakes it for a legitimate browser plug-in while visiting a malicious Web site. At that point, the software installs code designed to gather personal information and send it back to remote servers. In its most recent incarnations, the software can install itself without user interaction. Flashback as we know it now appeared near the end of September last year, pretending to be an installer for Adobe's Flash, a widely used plug-in for streaming video and interactive applications that Apple no longer ships on its computers. The malware evolved to target the Java runtime on OS X, where users visiting malicious sites would then be prompted to install it on their machine in order to view Web content. More advanced versions would install quietly in the background with no password needed. Fri, 06 Apr 2012 17:24:02 +0100 http://www.hellboundhackers.org/524-mac-flashback-malware.html http://www.hellboundhackers.org/523-will-it-take-a-law-to-protect-online-privacy.html Following the release of two prominent reports advancing the federal government's policy for online privacy, members of a House subcommittee on Thursday again took up consideration of whether new legislation is needed to protect consumers on the Internet. At a hearing before the Energy and Commerce Committee's technology subcommittee, top officials with the Department of Commerce and the Federal Trade Commission walked a thin line in their remarks to lawmakers who at times appeared skeptical. Both officials expressed support for baseline privacy legislation that would implement consumer safeguards while avoiding burdensome mandates that could hinder the online economy. At the same time, they emphasized that their recent reports -- the consumer bill of rights that the Commerce Department developed in concert with the White House and the FTC's new report on best practices -- contain no new regulatory mandates. "These are to some extent aspirational," FTC Chairman Jon Leibowitz told the panel. "We wanted to make it very clear that this isn't a regulatory document or an enforcement document." Similarly, Lawrence Strickling, the Commerce Department's assistant secretary for communication and information, affirmed that the administration is backing a largely self-regulatory approach. Both officials expressed support for a rudimentary privacy law, though neither endorsed any specific proposal. The FTC and Commerce Department now plan to continue their collaboration with industry stakeholders to develop codes of conduct and implementation strategies to apply high-minded privacy concepts such as transparency and choice into practice. If the FTC wins formal commitments from industry players to adhere to certain behavior, such as abiding by the rules of the do-not-track mechanism it is endorsing, those firms would then be subject to agency oversight under its authorities relating to unfair and deceptive practices. But in the event that the FTC finds a company to be in violation of those standards and reaches a consent order, as it did last year with Google and Facebook, the agency has no authority to issue financial penalties for civil offenses, a power that it is seeking from Congress. Sun, 01 Apr 2012 17:35:14 +0100 http://www.hellboundhackers.org/523-will-it-take-a-law-to-protect-online-privacy.html http://www.hellboundhackers.org/522-microsoft-leads-seizure-of-zeus-cybercrime-servers.html Microsoft said on Monday it and several partners had disrupted several cybercrime rings that used a notorious piece of malicious software called Zeus to steal US$100 million over the last five years. The company said a consolidated legal case has been filed against those allegedly responsible that for the first time applies the Racketeer Influenced and Corrupt Organizations (RICO) Act. Zeus has been a thorn in the side for financial institutions due to its stealthy nature and advanced spying capabilities that center around stealing online banking and e-commerce credentials for fraud. According to a complaint filed under seal on March 19 in the U.S. District Court for the Eastern District of New York, Microsoft accused the defendants of infecting more than 13 million computers and stealing more than US$100 million over the last five years. The civil complaint lists 39 "John Doe" defendants, many of whom are identified only by online nicknames, such as "Gribodemon" and "Harderman." It marks the latest action led by Microsoft against botnet operators. The company has gone to court before to gain permission to take control over domain names associated with the command-and-control infrastructure of botnets such as Kelihos, Rustock and Waledac. The company has also initiated civil proceedings against unnamed operators but has had little success due to jurisdiction issues. Mark Debenham, senior manager of investigations for Microsoft's Digital Crimes Unit, said the creators of Zeus -- as well as related malware such as SpyEye and Ice-IX -- sold "builder kits" to other would-be cybercriminals. Simple versions sold for as little as $700, while more advanced versions could cost $15,000 or more, according to Debenham's affidavit. Mon, 26 Mar 2012 11:59:40 +0100 http://www.hellboundhackers.org/522-microsoft-leads-seizure-of-zeus-cybercrime-servers.html http://www.hellboundhackers.org/521-hackers-publish-exploit-for-wormable-rdp-hole.html On Tuesday, Microsoft issued a patch to plug a critical hole in Windows’ Remote Desktop Protocol. Fearing the possibility of an exploit being developed in the “next 30 days,” the company “strongly” advised the immediate deployment of this patch in a blog post detailing the said RDP vulnerability (CVE-2012-0002). Well, it seems that Microsoft was right about the vulnerability being highly attractive to hackers. Chinese hackers are said to have already published proof-of-concept (PoC) exploit code for the RDP hole. But there seems to be something even more troubling here than the exploit code itself. It’s feared that the hackers who published the code on a Chinese language forum might have had access to data from MAPP ( Microsoft Active Protections Program), which provides vulnerability information to security software partners prior to Microsoft's monthly installment of security updates “so partners can build enhanced customer protections.” Luigi Auriemma, the security researcher who first discovered the vulnerability, has alleged that the Chinese PoC is the “exact one” he provided to TippingPoint ZDI (Zero Day Initiative). He suspects a leak at either ZDI or Microsoft. “The packet I gave to ZDI wasn’t just a simple fuzzed packet. I modified at some points to make it unique,” Auriemma told ZDNet in an interview. If it’s indeed a MAPP leak than Microsoft has a huge problem on its hands. This is what Microsoft’s site says about MAPP: “You will receive advance vulnerability information for those vulnerabilities to be addressed in Microsoft’s regularly scheduled monthly security update releases. This information package will provide documents that outline our information on the vulnerability. These documents outline the steps used to reproduce the vulnerability as well as the steps used to detect the issue.” Sun, 18 Mar 2012 19:07:10 +0000 http://www.hellboundhackers.org/521-hackers-publish-exploit-for-wormable-rdp-hole.html http://www.hellboundhackers.org/520-us-charges-members-of-anonymous.html Six suspected leaders of the international hacking organization known as Anonymous were charged by U.S. authorities of computer crimes, dealing a major blow to the loose-knit group that has wreaked havoc on the websites of government agencies and major corporations. Among those charged was Hector Xavier Monsegur, known as "Sabu," who took responsibility for attacks on the websites of eBay's PayPal, MasterCard and Visa between December 2010 and June 2011, according to federal prosecutors and the FBI. The attacks were in retaliation for the refusal of those companies to process donations to Wikileaks, the group that leaked confidential diplomatic cables in 2010. The charges against Monsegur, in a case that was opened last summer, were filed in federal court in New York via a criminal information. Such a document typically means a suspect has been cooperating with the government. "Sabu was seen as a leader ... Now that Anonymous realizes he was a snitch and was working on his own for the Fed, they must be thinking: 'If we can't trust Sabu, who can we trust?' " said Mikko Hypponen, chief research officer at Finnish computer security company F-Secure. "It's probably not going to be the end of Anonymous, but it's going to take a while for them to recover, especially from the paranoia," Hypponen said. Monsegur pleaded guilty last August to 12 charges, including computer hacking and conspiracy, according to documents unsealed in New York federal court on Tuesday. He is free on a $50,000 bond. The charges carry a possible maximum prison term of 10 years. Thu, 08 Mar 2012 11:01:12 +0000 http://www.hellboundhackers.org/520-us-charges-members-of-anonymous.html http://www.hellboundhackers.org/519-new-mac-malware-exploits-java-bugs.html A new version of a well-known family of Mac malware exploits vulnerabilities in Java to steal usernames and passwords for online payment, banking and credit card websites. Flashback.G is the first variant of the Trojan horse to use an attack vector that doesn't require any user interaction, said Intego Security, a French firm that specializes in Mac antivirus software. Most Mac malware needs help from users to get on a machine, if only to okay an installation by entering the system password. When users come across the new malware -- it's being served from an unknown number of malicious websites -- Flashback.G first tries to exploit a pair of Java bugs, one harking back to 2008, the other discovered last year. Apple has patched both vulnerabilities in its Java updates, fixing the 2011 bug in the most recent Java security update, issued last November. While Apple no longer packages Oracle's Java with its Mac operating system -- it stopped that practice with OS X 10.7, aka Lion, in July 2011 -- it continues to issue Java security updates to people running Lion as well as Mac OS X 10.6, better known as Snow Leopard. Even though it doesn't come with Lion, Java may have be on those systems: Users are prompted to install the Oracle software the first time they try to run a Java applet. If Flashback.G is unsuccessful because both bugs have been plugged -- or if Java isn't present on the Mac -- the malware switches to a backup tactic, where it tries to dupe users into running the attack code by posing as content digitally signed by Apple. Tue, 28 Feb 2012 09:06:39 +0000 http://www.hellboundhackers.org/519-new-mac-malware-exploits-java-bugs.html http://www.hellboundhackers.org/518-iran-cuts-off--web-sites.html Iran has cut off access to the Internet, leaving millions of people without access to email and social networks. A source inside the country confirmed this morning that Gmail, Hotmail, and Yahoo email are no longer available. Ditto for Facebook. So far, the government has not made any announcement about the service interruption. But cyber-sophisticated Iranians are still able to circumvent the government by using proxy servers over VPN connections. "The interesting thing is that when asked, they deny the fact that all these services are all blocked," an Iranian contacted by CNET said. This individual asked to remain unidentified. However, the Iranian noted that the regime has cut off the Internet during protests and that the buzz on the streets is that anti-government protests are planned for Saturday. Last month the country's information minister told the Islamic Republic News Agency that a firewalled national Internet would soon become operational. There was no word on when the government might plan to throw the switch on what essentially would be a vast "intranet," but it could happen any day. And that prospect has cyber activists in Iran concerned. It would give the government a hand up in its cyber cat-and-mouse battle with opponents. Sat, 11 Feb 2012 18:22:58 +0000 http://www.hellboundhackers.org/518-iran-cuts-off--web-sites.html http://www.hellboundhackers.org/517-hbh-v2-update.html Note: Registration Issue Resolved We've had a lot of members asking about the status of HBH v2 ... and rightly so! I just got off the phone with Mordak. Sadly he's had some health issues which have taken priority over development. He's now got a colleague working on it along side him and it's sounding totally kick ass! Theres been considerable re-writes to his previous version and slight restructures which makes it much easier to develop with. Now theres a good framework and core in place, you should be seeing a lot more hbh v2 updates. Keep up to date and even get involved in the coding here! Sun, 05 Feb 2012 18:58:03 +0000 http://www.hellboundhackers.org/517-hbh-v2-update.html