Fake tech support scam is trouble for legitimate remote help company


Fraudsters who use remote desktop support programs while scamming their victims have made it difficult for at least one legitimate IT company to convince users that it's not trying to steal their money.

As we've written on numerous occasions, scammers have made an estimated tens of millions of dollars by tricking computer users into thinking their PCs are infected. The scammers cold call people, tell them that harmless error messages in the Windows Event Viewer are actually signs of a major problem, and then convince them to install a remote desktop program that gives the scammer access to their computer. The scammers pretend to fix the computer and charge its owner for the unnecessary and imaginary service. The same tricks can be used to steal users' passwords and private information.

Commonly used remote desktop programs include TeamViewer and LogMeIn, the latter of which posts a warning telling customers to beware of "malicious third parties posing as LogMeIn."

Read 11 remaining paragraphs | Comments


Red October crypto app adopts “two-man rule” used to launch nukes

Engineers at content delivery network CloudFlare have released open source encryption software that's designed to prevent rogue employees from accessing sensitive information by decrypting data only when two or more people provide keys.

The open source software combines known cryptographic protections with the so-called "two-man rule," which militaries have relied on for decades to prevent the accidental or unauthorized launching of nuclear weapons. Just as armaments of mass destruction can be unleashed only when two authorized service members turn their unique keys at the same time, the data encrypted by the CloudFlare tool can be unlocked only when two or more employees provide passwords that briefly unlock their private cryptographic keys. The software has been dubbed "Red October," a nod to a key scene in the Tom Clancy novel and movie The Hunt for Red October.

The aim of Red October is to fuse trusted cryptographic algorithms with a front-end programming interface that makes them work only when keys possessed by multiple people are presented. It assigns each user a randomly generated 2048-bit RSA key pair. Each user's private key is then encrypted using a separate key based on the 128-bit AES algorithm and a user-chosen password that is cryptographically salted and then stored as a cryptographic hash using the scrypt key derivation function.

Read 3 remaining paragraphs | Comments


Ichitaro Vulnerability Successfully Exploited in the Wild

In a previous blog, Symantec reported a new Ichitaro zero-day vulnerability known as the Multiple Ichitaro Products Unspecified Remote Code Execution Vulnerability (CVE-2013-5990). This flaw was being actively exploited in the wild, but the exploit was not properly working to compromise computers. A week after that, we confirmed a working exploit in multiple incidents which is actually capable of infecting targeted computers with a back door used typically in targeted attacks. The format of the file used to exploit the vulnerability, as was the case in previous attacks, is a rich text format which targets the word processing software Ichitaro, developed by Justsystems.
In the earlier cases where the exploit was unsuccessful, variants of Backdoor.Vidgrab were planted along with the shell codes in the malicious documents. The shell code was never able to drop the back door in our testing environment for these samples. The latest malicious document files come with a shell code to drop various types of malware detected as Backdoor.Korplug, Backdoor.Misdat and Trojan Horse, all of which are back door Trojans typically observed in targeted attacks. Backdoor.Korplug has been commonly used in targeted attacks ever since it surfaced in 2012. Backdoor.Misdat was mainly observed back in 2011 when it was used to target organizations in locations such as the United States and Japan, but it has not be observed in recent attacks.
The tactic has shifted from consistently using Backdoor.Vidgrab as the payload during the failed exploit attempts to now using a variety of back doors for the successful exploits. We have also observed that the targeted audience has been expanded to include a larger pool of organizations. This may signify that the attackers are now performing real, meaningful attacks on their prey by exploiting the Ichitaro vulnerability as opposed to running a testing operation to confirm if the exploitation has succeeded or failed. It could perhaps be an indication that the attackers have potentially started sharing a tool kit that puts together attacks exploiting Ichitaro with others attackers. Whatever the case may be, we are observing an increase in attacks exploiting this vulnerability and Ichitaro users should be should be wary of these attacks.
The discovery of multiple attacks that successfully exploit the vulnerability shouldn’t be a huge concern to Ichitaro users though. A patch for the flaw has already been released and is available to download. If customers have not applied the fix yet, we urge them to take the time now to do so. Symantec detects the malicious rich text files described in this blog as Trojan.Mdropper.

vBulletin.com Hacked – Forum User Emails & Encrypted Passwords Leaked

vBulletin.com hacked is the latest news going around, there seems to have been a spate of these lately, with huge numbers of user accounts leaked. Thankfully this time, the passwords are actually hashed, but with what algorithm – we aren’t quite sure. Perhaps someone could figure it out with HashTag. I do have some vBulletin [...] The...

Read the full post at darknet.org.uk