A beginner’s guide to building botnets—with little assembly required

Have a plan to steal millions from banks and their customers but can't write a line of code? Want to get rich quick off advertising click fraud but "quick" doesn't include time to learn how to do it? No problem. Everything you need to start a life of cybercrime is just a few clicks (and many more dollars) away.

Building successful malware is an expensive business. It involves putting together teams of developers, coordinating an army of fraudsters to convert ill-gotten gains to hard currency without pointing a digital arrow right back to you. So the biggest names in financial botnets—Zeus, Carberp, Citadel, and SpyEye, to name a few—have all at one point or another decided to shift gears from fraud rings to crimeware vendors, selling their wares to whoever can afford them.

In the process, these big botnet platforms have created a whole ecosystem of software and services in an underground market catering to criminals without the skills to build it themselves. As a result, the tools and techniques used by last years' big professional bank fraud operations, such as the "Operation High Roller" botnet that netted over $70 million last summer, are available off-the-shelf on the Internet. They even come with full technical support to help you get up and running.

Read 63 remaining paragraphs | Comments

More than 30 MMORPG companies targeted in ongoing malware attack

Researchers have uncovered an ongoing cyberespionage campaign targeting more than 30 online video game companies over the past four years.

The companies infected by the malware primarily market so-called massively multiplayer online role-playing games. They're mostly located in South East Asia, but are also in the US, Germany, Japan, China, Russia, Brazil, Peru, and Belarus, according to a release published Thursday by researchers from antivirus provider Kaspersky Lab. The attackers work from computers with Chinese and Korean language configurations. They used their unauthorized access to obtain digital certificates that were later exploited in malware campaigns targeting other industries and political activists.

So far, there's no evidence that customers of the infected game companies were targeted, although in at least one case, malicious code was accidentally installed on gamers' computers by one of the infected victim companies. Kaspersky said there was another case of end users being infected by the malware, which is known as "Winnti." The company didn't rule out the possibility that players could be hit in the future, potentially as a result of collateral damage.

Read 4 remaining paragraphs | Comments

US adds Russian supercomputer maker to list of nuclear threats

A T-Platforms supercomputer.

Six months ago, a company called T-Platforms triumphantly announced the "First Delivery of [a] Russian Supercomputer to [the] US."

The US government has since added T-Platforms to a list of entities that are "acting contrary to the national security or foreign policy interests of the United States" by having involvement with nuclear research. Specifically, T-Platforms' operations in Russia, Germany, and Taiwan were added to the Export Administration Regulations (EAR) Entity List by representatives of the US Departments of Commerce, State, Defense, and Energy. This will make it difficult for T-Platforms to do business with US companies, although it isn't an outright ban.

"The Entity List notifies the public about entities that have engaged in activities that could result in an increased risk of the diversion of exported, reexported, or transferred (in-country) items to weapons of mass destruction (WMD) programs," the Department of Commerce's Bureau of Industry and Security said in its notice that T-Platforms is now on the list. "Since its initial publication, grounds for inclusion on the Entity List have expanded to activities sanctioned by the State Department and activities contrary to U.S. National security or foreign policy interests, including terrorism and export control violations involving abuse of human rights."

Read 10 remaining paragraphs | Comments

Hacking commercial aircraft with an Android App (some conditions apply)

As if inexpensive attacks on mission-critical global positioning systems weren't enough, a researcher said he's developed an Android app that could redirect airplanes in mid-flight.

The frightening scenario was presented on Wednesday at the Hack in the Box security conference in Amsterdam. It's made possible by security weaknesses in the protocol used to send data to commercial planes and in flight-management software built by companies including Honeywell, Thales, and Rockwell Collins, Forbes reports. Vulnerable systems include the Aircraft Communications Addressing and Report System used for exchanging text messages between planes and ground stations using VHF radio or satellite signals. It has "virtually no authentication features to prevent spoofed commands."

Using a custom-developed Android app dubbed PlaneSploit, researcher Hugo Tesa of N.Runs showed how a virtual plane in a laboratory could be redirected. Because there's no means to cryptographically authenticate communications sent over ACARS, pilots have no way to confirm if messages they receive in the cockpit are valid. Malformed messages can then be used to trigger vulnerabilities, Tesa told Forbes.

Read 3 remaining paragraphs | Comments