Jan 31 2011

Egypt’s Last-Standing ISP Goes Dark

A small Egyptian ISP that continued sputtering along after the government ordered Egypt off the internet Friday is now offline.

Security researcher Renesys said Monday the Noor Group, believed to be the last Egyptian ISP in operation, had provided access to the aviation, banking and financial sectors — including the Egyptian stock market.

“They are completely unavailable at present,” Renesys wrote of the ISP.

Egypt’s major providers — Link Egypt, Vodafone/Raya, Telecom Egypt, Etisalat Misr — and all their customers and partners, went dark Friday. Renesys said the Egyptian government’s actions were “unprecedented in internet history.”

The Egyptian net began going out Friday as Facebook, Twitter and other online forums helped fuel large-scale protests against President Hosni Mubarak’s 30-year rule. Mobile-phone communications have also been shut down.

Egypt has also closed Al Jazeera’s office in Cairo, arrested a half-dozen of the news outlet’s reporters, and seized their equipment.

See Also:

Jan 31 2011

Coming up Next – Chinese New Year

Giving gifts for Chinese New Year is a traditional custom, not only for families but also for businesses to show their gratitude to customers. While everyone is ready to welcome the Year of the Rabbit, spammers have already provided many holiday surprises for them.

Chinese New Year is on February 3 this year, about half a month earlier than last couple of years. Spammers have also adjusted their attack schedule for the upcoming festival.

Product and business promotion spam have been observed since last December. Most attacks have customized the ‘From’ line alias and use promotional ‘Subject’ lines related to Chinese New Year.

The following two samples are medical product promotions with a customized ‘From’ line and have a subject line related to the occasion.

From:可输入多个<[Details Removed]>

Subject:过年了!给领导送什么哪?(AD)

Translation:

From: you may enter multiple choices <[Details Removed]>

Subject: It's almost the new year! What kind of gift you will pick for your boss? (AD)

Translation:

It's almost the new year! What kind of gift you will pick for your boss? (AD)

Typical options are wine and gift cards… It’s time to change now……!

Healthy and luxury products - Vit Number 1 coming up this year…..

Gift targets:

1. Owners with more than 10 million dollars in assets!

2. Top level governors!

3. Second generation individuals from wealthy families, governors’ families, etc!

Purchase method:

[Details Removed]

Or add QQ[Details Removed]

Mobile:[Details Removed]

 

From: "" <Details Removed>

Subject: 过年了!孝敬父母什么哪(AD)?

Translation:

Subject: Chinese New Year is coming up! What kind of gifts are you getting for your parents (AD)?

Translation:

Chinese New Year is coming up! What kind of gifts are you getting for your parents (AD)?

Bei Jing<Details Removed> continues medical traditions by introducing:

Scorpion essence 1: “The refill station for men and beauty salon for women!” … See details here:

In store purchase - elite level supplement “Scorpion essence 1” Beijing<Details Removed>…See details here:

hxxp://<Details Removed>

//<Details Removed> purchase - elite level supplement “Scorpion essence 1”…See details here:

hxxp://<Details Removed>

Please add me QQ<Details Removed> Or mobile<Details Removed> !

 

Next is a food product promotion with links advertising known auction sites with randomization inserted in ‘Subject’ line and ‘From’ alias. The links in the body take you to the spammers' promotional products on the auction site.

From:中国信用卡<[Details Removed]>

Subject: 亲爱的会员[Details Removed]:春节到了,为您精心准备的食品!直接进入[Details Removed]购买~省心省力~

Translation:

From: China credit card <[Details Removed]>

Subject: Dear member [Details Removed]: It's almost Chinese New Year. We prepared a great food gift basket for you! Directly enter [Details Removed] shopping site~ save time and effort~

Translation:

This email is sent in HTML format. If you can't view it, please click on the link or copy the URL link and open it.

http://[Details Removed]

 

The last sample is for a sale on software; the business sent unsolicited promotional mail for Chinese New Year.

From:[Details Removed]

Subject: 春节前[Details Removed] 商城6折大促销了!

Translation:

Subject: [Details Removed] Shop sales of 40% OFF before Chinese New Year!

Translation:

[Details Removed] Software sale of 40% OFF before Chinese New Year. The sale applies to everyday goods, home decor, office stationary, books, hardware, machinery, electronics, financial management products, etc. [Details Removed] Shop http:// [Details Removed]

Jan 31 2011

Spammers Set for Valentine’s Day

Valentine’s Day brings excitement for celebrating love and affection between dear ones. Spammers are  gearing up for  Valentine’s Day with several offers like product spam, gift cards, personalised cards, and financial spam. Symantec has been  observing Valentine’s Day-related spam since early January and we have recently seen a spike in product spam related to the event.

Below are Valentine’s day related spam samples:

Subject: An original gift for Valentine's Day

Subject: Take Her Breath Away

Subject: Super great designer watches

Subject: Personalized gifts for your Valentine

Subject: Very Hush-Hush Valentines Day Offer

Subject: The best Valentines gifts

Subject: Quick and Easy Valentine's Day Gifts

Subject: $19.99 Flowers for Valentine's Day + FREE Vase

Spammers promoting fake product offers at discounted price and the URL mentioned in the message redirects the user to the spam Web page which asks for personal information.

We are also observing interesting phishing attacks based on the Valentine’s Day theme. The domains used in phishing attacks resemble the name of the event.

http://www.valentinegirlxxxx.co.uk/~friday/myca/us/logon/action.html

http://www.valentinegirlxxxx.co.uk/~logic/us/myca/logon/action.html

http://valentinexxx.org/~bloom/help/weurhwe9urh9w[removed]/Login.htm

Last year’s statistics show that product spam  was the most popular spam tactic. Continuing that trend, we expect product spam to remain the most dominant compared to other spam categories.

.

Symantec advises our readers to be cautious when handling unsolicited or unexpected emails.   Updating antispam signatures regularly helps prevent personal information from being compromised. We at Symantec are closely monitoring the Valentine’s Day spam attacks to keep our readers updated.

Note: Thanks to blog contributors, Anand Muralidharan and Amit Kulkarni.

Jan 30 2011

Hacker Challenging Court Order to Surrender Computer Gear to Sony

Hacker George Hotz must surrender his computer gear to Sony next week

The lawyer representing a hacker who published the first major PlayStation 3 jailbreak on the internet said Sunday he would challenge a federal judge’s order requiring his client surrender his computer gear to console-maker Sony.

New Jersey’s George Hotz, well-known in the jailbreaking community for unlocking the iPhone and other exploits, had published the jailbreak code on his website and on YouTube a month ago.

Sony, the maker of the 4-year-old console, sued Hotz in San Francisco federal court demanding a judge order him to remove the code. Sony also requested that the 21-year-old computer consultant surrender “any and all computer hardware and peripherals containing circumvention devices, technologies, programs, parts thereof, or other unlawful material, including but not limited to code and software, hard disc drives, computer software, inventory of CD-ROMS, computer diskettes, or other material containing circumvention devices, technologies, programs, parts thereof, or other unlawful material.”

The judge’s Thursday ruling (.pdf) did not sit well with Hotz’ attorney, Stewart Kellar of San Francisco.

“The information sought at issue is less than 100 kilobytes of data. Mr. Hotz has terabytes of storage devices,” Kellar said in a Sunday telephone interview. “Impounding his computers, it’s like starting a forest fire to cut down a single tree.”

Within days, Kellar said he would petition U.S. District Judge Susan Illston to reconsider her ruling — which came in the form of a temporary restraining order requiring Hotz surrender the equipment next week. Hotz, he said, has already abided by Illston’s decision ordering him to remove the code from his website and YouTube.

That said, the code has spread like wildfire. Yet Illston appears to be ordering Hotz to make sure all the code is eliminated from the net.

The defendant, Illston ruled, “shall retrieve” code “which he has previously delivered or communicated.”

Kellar said that was impossible. “Mr. Hotz can’t retrieve the internet,” he said.

Hotz, who goes by the online handle “Geohot,” accessed the so-called “metldr keys” or root keys that trick the PS3 system into running unauthorized programs, like pirated or homebrewed games. It was the first, full-scale root-level firmware hack of the console.

Sony, in its lawsuit, alleged the console jailbreak breached the Digital Millennium Copyright Act and other laws, and would eat into game sales for the 41 million PS3 units sold. Illston agreed that Hotz’ activities likely violated the DMCA, and made her order pending more litigation in the weeks-old case.

The DMCA makes it either a civil or criminal offense to traffic in wares meant to circumvent devices protecting copyrighted works. Ironically, performing a similar hack on a mobile phone is lawful. The U.S. Copyright Office exempted cell phone jailbreaking from being covered by the DMCA.

“At the heart of this whole issue is whether you truly own the device you purchased,” Kellar said.

Illston also tentatively agreed with Sony’s complaint that Hotz likely breached the Computer Fraud and Abuse Act by acquiring unauthorized access to the game console, access that Sony forbids.

That act, too, can be either a civil or criminal violation. It was unsuccessfully used to prosecute Lori Drew in the country’s first cyberbullying prosecution in 2009.

Sony, which is seeking unspecified monetary damages, has just released a firmware update designed to nullify Hotz’ code.

Photo: Courtesy of George Hotz