Alleged botnet mastermind and his coders busted by Russian, Ukrainian security

Over a year after the arrest of eight of its members in Russia, the alleged leader of the original Carberp botnet ring that stole millions from bank accounts worldwide has been arrested, along with about 20 other members of the ring who served as its malware development team. The arrests, reported by the news site Kommersant Ukraine, were a collaboration between Russian and Ukrainian security forces. The alleged ringleader, an unnamed 28-year-old Russian citizen, and the others were living throughout Ukraine.

Initially launched in 2010, Carberp primarily targeted the customers of Russian and Ukrainian banks and was novel in the way it doctored Java code used in banking apps to commit its fraud. Spread by the ring through malware planted on popular Russian websites, the Carberp trojan was used to distribute targeted malware that modifies the bytecode in BIFIT's iBank 2 e-banking application, a popular online banking tool used by over 800 Russian banks, according to Aleksandr Matrosov, senior malware researcher at ESET. The botnet that spread the malware, which was a variant of the Zeus botnet framework, also was used to launch distributed denial of service attacks.

In February of 2011 the group put its malware on the market, selling it to would-be cybercriminals for $10,000 per kit—but it pulled the kit a few months later.

Read 1 remaining paragraphs | Comments

Microsoft Releases April 2013 Security Bulletin

Original release date: April 04, 2013 | Last revised: April 09, 2013

Microsoft has released updates to address vulnerabilities in Microsoft Windows, Office, Internet Explorer, Server Software, and Security Software as part of the Microsoft Security Bulletin summary for April 2013. These vulnerabilities could allow remote code execution, elevation of privilege, denial of service, or information disclosure.

US-CERT encourages users and administrators to review the bulletin and follow best practice security policies to determine which updates should be applied.



This product is provided subject to this Notification and this Privacy & Use policy.

Anonymous hackers take control of North Korean propaganda accounts

One of the images posted to North Korea's Flickr account.

A Twitter and Flickr account associated with a North Korean news agency has been taken over by hackers claiming to be from the hacktivist collective Anonymous. Instead of pro-North Korea propaganda, the accounts are now criticizing North Korea and its leader Kim Jong-un for building nuclear weapons. The hackers controlling the Twitter account also claimed to have hacked the news agency's website and other North Korean websites, which appear to be offline.

The Twitter and Flickr accounts represent Uriminzokkiri (meaning "Our Nation"), a North Korean news and propaganda site. When Uriminzokkiri established a Twitter account in 2010, the IDG News Service described the news site as "the closest thing North Korea has to an official home page" and "one of the few Web sites believed to be run from the secretive nation."

The Twitter page, with 14,000 followers, switched from posting in Korean to English this morning. The profile picture was changed to an illustration of two dancers wearing Guy Fawkes masks. The hackers of the Flickr account are posting various pro-Anonymous and anti-North Korea pictures. One depicts Kim Jong-un with pig ears and a Mickey Mouse picture on his chest and says he is "threatening world peace with ICBMs and Nuclear weapons."

Read 3 remaining paragraphs | Comments

Possible security disasters loom with rollout of new top-level domains

Plans to populate the Internet with dozens of new top-level domains in the next year could give criminals an easy way to bypass encryption protections safeguarding corporate e-mail servers and company intranets, officials from PayPal and a group of certificate authorities are warning.

The introduction of Internet addresses with suffixes such as ".corp", ".bank", and ".ads" are particularly alarming to these officials because many large and medium-sized businesses use those strings to name machines inside their networks. If the names become available as top-level domains to route traffic over the Internet, private digital certificates that previously worked only over internal networks could potentially be used as a sort of skeleton key that would unlock communications for huge numbers of public addresses.

A secure sockets layer certificate used by employees to access a company intranet designated as ".corp", for instance, might be able to spoof a public credential for the website McDonands.corp or Ford.corp. Employee laptops that are used at an Internet cafe or other location outside of a corporate network might also be tricked into divulging private information.

Read 12 remaining paragraphs | Comments