Card sharks infect professional poker player’s laptop with a dirty RAT

If you think laptops used to move large sums of money are highly sensitive instruments, you're right. Just consider the experience of Jens Kyllönen, a high-rolling professional poker player who is a fixture in both real-world tournaments and online card rooms.

In September, while participating in the European Poker Tour event in Barcelona, Kyllönen returned to his hotel room to find that his room key no longer unlocked his door. After finally gaining access, he discovered the Fujitsu Celsius laptop that he left inside was missing. When he returned later, the computer was mysteriously back in its place. The poker player, who had winnings in the range of $2.5 million in the past year, suspected something was amiss, so he asked researchers at F-Secure, a Finland-based antivirus provider, to take a look.

Sure enough, the forensic examination revealed that a RAT—short for a remote access trojan—had been installed on the machine during a time coinciding with its brief disappearance in Barcelona. The RAT was programmed to silently start each time the computer was turned on. Among other things, it gave the operator the ability to view the cards Kyllönen was holding when playing online hands of poker. Assuming the operator was sitting at the same virtual table, this unfair advantage would allow him to know when to hold or fold based on the cards Kyllönen had.

Read 4 remaining paragraphs | Comments

Crypto weakness in Web comment system exposes hate-mongering politicians

Investigative journalists have exploited a cryptographic weakness in a third-party website commenting service to expose politicians and other Swedish public figures who left highly offensive remarks on right-wing blogs, according to published reports.

People have been warning of the privacy risk posed by Gravatar, short for Globally Recognized Avatar, since at least 2009. That's when a blogger showed he was able to crack the cryptographic hashes the behind-the-scenes service uses to uniquely identify its users. The Gravatar hashes, which are typically embedded in any comment left on millions of sites that use the avatar service, are generated by passing a user's e-mail address through the MD5 cryptographic function. By running guessed e-mail addresses through the same algorithm and waiting for output that matches those found in comments, it's possible to identify the authors, many of whom believe they are posting anonymously.

According to a post published Wednesday by IDG News, that's precisely the hack the Swedish publication Expressen, working with an investigative journalism group, carried out to expose the public figures who participated in the right-wing forums. According to an English translation of this article: "It is the hatred of immigrants that ties [the participants] together."

Read 7 remaining paragraphs | Comments

THC-Hydra 7.5 Released – Fast Parallel Network Logon Cracker

Hydra is a parallelized network logon cracker which supports numerous protocols to attack, new modules are easy to add, beside that, it is flexible and very fast. Features IPv6 Support Graphic User Interface Internationalized support (RFC 4013) HTTP proxy support SOCKS proxy support The tool supports the following protocols –...

Read the full post at darknet.org.uk

Spammers Leverage Binary Options Trading Hype

The latest trend in Russian language spam shows that spammers have started promoting Make Money Fast (MMF) schemes where users are told that money can be easily made with the use of binary options trading.

The sample observed by Symantec has the usual spam traits including a catchy subject, which highlights a large sum of money someone is making every month, to grab the attention of the recipient.

The spam is sent from mail.ru, the largest free email service in Russia, with the account name stating the age of the person linking it to the subject line. The following is a translation of the email header: 

Subject: $3700 a month – this retiree making more than you?
From: [email protected]

This is an effective trick, especially during the festive season when many peoples’ finances are stretched.

figure_0.jpg

Figure. Spam email highlights money-making pensioner

The body of the message advertises a Samara region pensioner’s high income made with the help of Binary Code. The recipient is asked to click on a hyperlink to get more information. The hyperlink leads to a hijacked domain, registered in 2008, that belongs to Web design company maxuz.com. The link is mainly used for redirection to another domain. The other domain, binarytraders.ru, was registered more recently in August 2013 and is likely to have been created specifically for this kind of spam. The domain’s main page lists advantages on why one should be involved in Binary Code trading along with a video with full instructions on how to get started. It also adds that binary options is currently the biggest money making tool available on the Internet.

Symantec has blocked this spam, but we wish to remind users to be alert this Christmas season and beware of Make Money Fast schemes.