Is Waledac spam dirtying the Russian 2012 elections?

Symantec Connect: Recently there have been several reports about the re-emergence of a botnet variant (Kelihos), which Symantec detects as W32.Waledac.C. The Waledac family is a threat that has been monitored by Symantec for many years and was featured in numerous blogs as well as a white paper. In the past, Waledac gained its infamy as a spamming botnet that utilized compromised systems to send out spam.  The purpose of these spamming campaigns had usually been for self-propagation of the threat through spam emails containing a link, often (but not always) pointing to a Waledac binary file hosted on a malicious website.  The variant W32.Waledac.C is also sending out spam emails, but with a twist.

In one spam campaign, we observed it sending out the email seen below to only Russian target email addresses.


Email translation (Rough translation)

This year Rospres celebrates another birthday – we are now 5 years old.

All these years we were trying our best to bring to you the latest available information in its full integrity. In the nearest future we intend to work even harder for our readers, so they come back to our web portal again and again. We will be very happy to work for all visitors to !

With best wishes, Ruspres.

The link seen in the spam email leads to a slanderous article hosted on the site and can be seen in the picture below. We have found no evidence that the link contained in the spam email is used to propagate the threat. The site seems to contain numerous articles on high profile Russian individuals such as politicians and businessmen that could be considered slanderous.


The individual in this article is Mikhail Prokhorov a Russian billionaire oligarch and an independent candidate in the Russian 2012 elections this March.  While it is not clear whether the intent of this Waledac spam campaign has been to push the site or to smear the election campaign of any individual, it does question the exact motivation of the malware gang controlling the W32.Waledac.C variant.

Mozilla Firefox 10.0.1 Update About To Be Released

logo-wordmark-verticalgHacks: Mozilla, developers of the popular Firefox web browser, have just released an update for the browser’s stable branch that moves the version to 10.0.1. The release may come as a surprise to users of Firefox 10, who were updated to that version only ten days ago.

This is not the first occurrence that a critical update is released shortly after a major version upgrade of the web browser. Similar updates had to be delivered after the release of Firefox 9 and Firefox 8.

Firefox 10.0.1 fixes critical issues that came to light shortly after Firefox 10 had been released to the public. This includes at least one startup crash when the browser is opened by the user, and one Java related issue that is causing text fields to hang in the browser. Firefox users can resolve the issue manually by minimizing or resizing the browser. The patch released later today will fix the issue permanently though.

The product planning summary lists additional issues that the developers are currently looking into. This includes issues with AVG’s SafeSearch extension that is blocking the enter key. While it it possible to click on the go button to be taken to the site, it is a issue that the developers want to resolve as quickly as possible.

Other issues mentioned in the summary are additional crashes, and incompatibilities with Norton products and RealPlayer Video Downloader.

The release is already available on the Mozilla release ftp server and on third party download portals such as Softpedia. It is likely that the new version will be pushed to all users later today. At that point it will also be offered for download on the Mozilla website and as an update in the browser.

Please note that both the standard Firefox 10 build and Firefox 10 ESR will receive the update to Firefox 10.0.1.

Boston Police hits back at Anonymous with sarcasm

SophosLabs: Is it possible to fight Anonymous?

The movement is proud of saying that an idea can’t be arrested or killed, but it seems like the Boston Police Department has thought of one way of fighting back: sarcasm.

A week ago, the website which provides news about the Boston police and crime in the area was hacked by Anonymous. The hackers replaced the home page of the site with a message and a video of American rapper KRS-One performing his song “Sound of Da Police”.


After almost a week of downtime, Boston Police have managed to bring their website back up – and have proven they have got a sense of humor by making a video about the hack.

With straight faces, police officers explain how they were in Dunkin’ Donuts when they first heard about the hack, and how they are struggling to make sense of a world without access to

No further updates for Debian 5.0 Lenny

Debian_5.0_Lenny_logoThe H-Online: The Debian developers have pointed out, in an announcement on the debian-announce mailing list, that – three years after it was released –Debian GNU/Linux 5.0 (Lenny) has reached its “End of Life”. Debian GNU/Linux 5.0 was originally released in February 2009 and on 6 February 2012, the developers stopped providing security updates for that version of the distribution.

Users have now had a year to update their systems to Lenny’s successor, Squeeze, which was released on 6 February 2011. The Debian developers recommend that any installations that are still using Debian 5.0 should be updated to version 6 of the distribution immediately. The Debian community recently released version 6.0.4 of Debian Squeeze which includes all the updates that have been released for Squeeze since its release.

63 Vulnerabilities on United Nation Website Exposed Online

united-nations-flagThe Hacker News: Latest Notification in The Hacker News Vault by a Hacker named “Xenu (Casi)” from r00tw0rm Team that There are 63 Blind SQL injection Vulnerabilities exist on United Nation’s Website ( Blind SQL injection is identical to normal SQL Injection except that when an attacker attempts to exploit an application rather then getting a useful error message they get a generic page specified by the developer instead. This makes exploiting a potential SQL Injection attack more difficult but not impossible. An attacker can still steal data by asking a series of True and False questions through sql statements.

Information purported to be stolen from the organization was posted on the site Pastebin on Thursday morning. Martin Nesirky, a spokesperson for the Secretary General of the United Nations, confirmed the breach.”A case of unauthorized access to the UN website is still being investigated,” Nesirky said in a statement. “Whoever sought access was able to read some data from databases but was not able to modify content and was not able to prevent public access to the website.

63 Blind SQL injection Vulnerabilities

Hacker posted the Reason of Hacking The United Nation’s site that “I fuck actually system… I fighting for Internet Freedom, equiality & rights for all. You’re FREEDOM my brothers & my sisters ! <3“. To Prevent from Such types of Hacking attacks, Firewalls and similar intrusion detection mechanisms should be used against full-scale web attacks.

Google: No, We’re Not Launching Retail Stores Yet

Google-logo-istock-600-275x171Mashable: Google planned to open its first-ever public store at its European headquarters in Dublin, if you believed a rumor reported by Bloomberg. But according to a company spokesperson, no plans are definite right now.

A Google planning application for an expansion of its Dublin office indicated plans for an employee swimming pool, a restaurant and a store. But Google says the company doesn’t have plans to get into the retail business right now.

“We already have an online store selling things like Google T-shirts and pens,” a Google spokesperson told Mashable. “We have the option of a small space doing the same in our Dublin office, but we’ve not made any decisions. It’s simply a planning application.”

It’s standard planning protocol to have the option of store space built into a new location, but that doesn’t mean the company will use it for that purpose. The planning application showed 1,323 square feet that could be used to open a store.

The planning application for the largest Google office outside of the U.S. was approved by the Dublin City Council last month. The office will hold more than 3,000 employees once the new building opens.

Google recently tested a store-within-a-store concept inside electronics retailer Currys and PC World in London to promote the sale of Google Chromebooks.

Love-Seekers Beware: Online Dating Fraud Rose 150% Last Year

Dating600Mashable: Lonely hearts seeking love this Valentine’s Day, be wary. Online dating fraud rose by 150% percent in 2011 as scammers and hucksters turned up the false charm and predatory trolling.

That’s according to data shared with Mashable by fraud protection agency Iovation, which works with several major Internet dating services. Iovation reached that number by employing patented technology that analyzes hardware and software, rather than mine for personal information, says Molly O’Hearn, vice president of operations.

Iovation found that in 2011, 3.8% of all transactions it processed for online dating sites were fraudulent. That includes users misrepresenting themselves to try to acquire personal information, directing users to phishing sites, spamming people with unrelated messages, or persistently harassing users.

From 2009 to 2010, dating fraud on the sites Iovation monitors declined slightly, from a rate of 1.5% to 1.4%.

The spike in 2011 was due to two trends in the industry, according to O’Hearn. The first is that “while dating sites have been around for several years, we’re now entering an era where the later adopters are willing to give it a go,” she says. “With that growth comes more bad guys, because it represents an opportunity.”

Another emerging opportunity, O’Hearn said, is the proliferation of dating sites targeted at specific niches — people who are Catholic, Jewish, virgins or pot users. This narrowing of the field allows scammers to better target their marks and tailor their nefarious strategies.

O’Hearn said that one common scheme involves trying to direct conversations off-site to personal email or instant messaging accounts, where it’s easier to mine for information. Another preys on the sympathy of possible paramours by asking for money to deal with crises like huge medical bills or the need to visit a dying relative.

O’Hearn said that two main giveaways of swindlers are the use of the world “love” in the early stages of correspondence, and people whose syntax and use of language don’t jibe with their pictures or where they claim to be from.

So, if that charming blue-eyed farm boy from Nebraska suddenly tells you he wants to “make nice date with you, love” for Valentine’s Day, take the suger with a few grains of salt.

Do you believe that online dating fraud is on the rise? Why or why not? Let us know in the comments.

LinkedIn Hits 150 Million Members

LinkedIn_logo_initialsMashable: LinkedIn on Thursday announced it has 150 million members in its network, a 20 million increase over November.

The figure was disclosed in a press release the company issued Thursday announcing its fourth quarter and full-year 2011 results.

The company posted revenues of $167.7 million, beating the analysts’ consensus of $160 million for Q4. Adjusted profit was $0.12 cents per share, which beat analysts’ projections of 7 cents a share. LinkedIn’s stock was up more than 5% in after-hours trading.

The Q4 revenue figure was a 105% jump over the same period in 2010. Revenues for full-year 2011 was $522.2 million, a 115% increase over 2010′s $243.1 million. Once again, Hiring Solutions was the company’s largest source of revenues, providing $84.9 million for the quarter. Marketing Solutions, meanwhile, brought in revenues of $49.5 million, while revenues from Premium Subscriptions totaled $33.3 million.

“Q4 once again exceeded our expectations for member engagement and business growth. It was a fitting end to a memorable year in which we reinforced our position as the pre-eminent professional network on the web,” said Jeff Weiner, CEO of LinkedIn. “We believe continued focus on our members and technology infrastructure positions us well for accelerated product innovation in 2012.”

Is Digital Pearl Harbor THE most tasteless term in IT security?

digital-pearl-harbor-170SophosLabs: Can hackers really cause as much bloodshed as 353 Imperial Japanese Navy fighters, bombers and torpedo planes launched from six aircraft carriers? Can hackers really kill 2,402 U.S. citizens, leave 1,282 wounded, lose 65 of their own attackers in the process, and plunge the United States into a World War?

Heaven only knows. Maybe they can. The lack of security around Supervisory Control And Data Acquisition (SCADA) systems is scary.

And unsecured SCADA systems are everywhere. They control nuclear and chemical plants, gas pipelines, dams, railroad switches, water treatment plants, air traffic control, metropolitan transportation networks, and the cash flow via financial transaction systems.

At any rate, the lack of security around infrastructure has been the cause of hand-wringing in the 12 years since former counter-terrorism czar Richard A. Clarke coined the term “digital Pearl Harbor.”

The term has been trotted out most recently in the wake of a report from Bloomberg Government and the Ponemon Institute.

Bloomberg Television has been comparing an electronic attack with a surprise strike that slaughtered thousands, and assuring us that spending by government and industry on cybersecurity has to increase by a factor of almost nine to prevent digital Pearl Harbor from “plunging millions into darkness, paralyzing the financial system or cutting communications.”

Cybersecurity spending must increase by a factor of nine?! Bonus!! Upgrade your champagne stock for RSA, security peeps, cuz the good times are here again!

That estimate is based on Bloomberg/Ponemon interviews with technology managers from 172 U.S. organizations in six industries and the government. Survey respondents were granted anonymity, Bloomberg said, owing to “the sensitivity of discussing cybersecurity weaknesses.”

In other words, one assumes that we’ll have to take that mind-boggling figure on faith.

Mind you, SCADA hacks, and hacks in general, are nothing to sneeze at.

But how much bloodshed have we seen, exactly? How does it compare to a surprise military attack like Pearl Harbor?

Well, there was the November 2011 attack on the South Houston water supply, in which a hacker going by the name pr0f penetrated the water supply network.

Terrible! How many people did we lose?

0, that’s right, we lost zero. All pr0f did was post images showing that he had access to the water supply SCADA.


Embarrassing to U.S. government security people? Yes. Resulting in carnage? No. Here’s what pr0f had to say about his choice to keep South Houston hydrated:

I'm not going to expose the details of the box. No damage was done to any of the machinery; I don't really like mindless vandalism. It's stupid and silly. On the other hand, so is connecting interfaces to your SCADA machinery to the internet. I wouldn't even call this a hack, either, just to say. This required almost no skill and could be reproduced by a two year old with a basic knowledge of Simatic.

Gosh, that sounds so, let’s see, what’s the word?


Why do security experts choose to terrorize people with a culture of fear in which terms such as “Armageddon” and “digital Pearl Harbor” get tossed about and blazoned across headlines? Why do we instead not substitute a reasoned discussion of the threat and how to secure the systems in question?

SCADA threats are real. They could, indeed, result in a body count. But let’s keep the rhetoric sane. Let’s be mindful of the fact that there has been no “digital Pearl Harbor” in the 12 years since we first heard of it.

Let’s concentrate on making improvements instead of cooking up apocalyptic metaphors.