Day: June 30, 2011
Its popularity dwarfs that of Twitter, but most people have probably never heard of the Sina Weibo micro-blogging site.
Weibo is huge in China, with over 140 million users merrily micro-blogging away in Mandarin and Cantonese, and following the latest updates from their favourite celebrities.
But all this popularity, of course, simply means that there’s an opportunity for more users to be hit by malware should one break out on the system.
Sina Weibo says that a worm broke out on their site at 8.20pm on Tuesday night, Beijing time, exploiting a cross-site scripting (XSS) vulnerability in the site to spread quickly.
According to online reports, the worm originated from a Weibo account called “@hellosamy” and worm forwarded itself to other users with a range of enticing subjects to catch out the unwary.
These ranged from claiming to be links to bloopers from a newly-released propaganda movie, nude pictures of popular actress Fan Bingbing, and phrases such as “Move a woman’s heart with 100 lines of poetry” and “Software to listen to other people’s phones.”
Clicking on any of the links meant that your own Weibo account would automatically repost the link, and send messages to your online friends. Some users reported having received thousands of affected messages.
Fortunately, Sina Weibo reports that they patched the vulnerability on the site in just over an hour – a good response, but still not quick enough to stop thousands of people from being put at risk.
The fact that the worm originated from an account called “@hellosamy” certainly caused me to raise an eyebrow. It seems to me that this is an homage to the Samy worm (also known as JS/Spacehero-A) which spread rapidly across the MySpace network in 2005, infecting many users’ accounts via a cross-site scripting vulnerability.
This isn’t the first time, of course, that an Asian social network has been hit hard by malware. For instance, in 2009 Naked Security reported on a cross-site scripting worm which spread across RenRen posing as a video of Pink Floyd’s classic song “Wish you were here”.
As more and more people put their trust in social networks, the sites themselves have to adopt a mature attitude to security and ensure that users are not being unnecessarily exposed to attacks.
FOR LATEST NEWS ON SCAM, SPAM ALERTS, HACKING, TECHNOLOGY NEWS. PLEASE
The international investigation into the notorious LulzSec hacking gang continues, with news that FBI agents have searched a house in Hamilton, Ohio.
According to local media reports, federal agents are said to have searched a teenager’s home in Jackson Road, Hamilton, although no-one was charged after the search warrant was served.
Whether the FBI was acting upon information gleaned from Ryan Cleary, the British teenager who was charged last week in relation to a series of denial-of-service attacks, is unclear.
However, there is speculation that US law enforcement officers may have been acting in part based upon information released by the LulzSec group earlier this group, outing members believed to have leaked the group’s private online chat logs.
A June 21st posting by LulzSec on PasteBin claimed to reveal the true identities of members who called themselves “m_nerva” and “hann”. Apparent real names and addresses were given for both individuals by LulzSec who said:
"These goons begged us for mercy after they apologized to us all night for leaking some of our affiliates' logs. There is no mercy on The Lulz Boat."
In m_nerva’s case, his address was listed by LulzSec as being in Hamilton, Ohio.
A tweet published at the same time as the information was posted indicated that there was little love between LulzSec members and the member they believed had snitched on them.
Hackers, eh? You just can’t trust ‘em..
With rival hackers apparently turning on each other, and with law enforcement agencies around the world on their tail, it certainly feels as if those who sailed on the Lulz Boat may not be quite so merry as they once were.
FOR LATEST NEWS ON SCAM, SPAM ALERTS, HACKING, TECHNOLOGY NEWS. PLEASE
Hackers have temporarily shut down Al Qaeda’s online distribution of videos and statements, NBC News reported today.
“Al-Qaeda’s online communications have been temporarily crippled, and it does not have a single trusted distribution channel available on the Internet,” Evan Kohlmann, of Flashpoint Global Partners, told NBC. Flashpoint monitors the extremist organization’s communications.
The attack happened within the past few days and was “well coordinated and involved the use of an unusual cocktail of relatively sophisticated techniques,” he said, adding that it could be several days before the network is up and running again.
No one has claimed credit for the attack, but Kohlmann said it could be government-sponsored.
Earlier this month, British newspapers reported that the UK government hacked an English-language Al Qaeda site and replaced bomb making instructions with cupcake recipes.
”I AM A BEGGAR_HOOD”
Nepali Documentary movie by “bijay acharya”[DEADBJ]
aimed to be released on 2013-2014 A.D.
5-8 PEOPLE NEEDED FOR PLAYING SERIOUS and MOST IMPORTANT ROLE. aNYONE INTERESTED ? LET US KNOW HERE IN THIS PAGE
Goal of movie : To give Catchy Dailouges,Scenes, and FX effects in Nepali Cinematic Field.
Director : Bijay Acharya [deadbj]
Film Length : About 30-35 Minutes
A Los Angeles man has been sentenced to a total of 13 years in jail after being found guilty of leading an international phishing operation, and growing marijuana on an industrial scale in his house.
27-year-old Kenneth Joseph Lucas II was sentenced after judges found the Los Angeles man guilty of leading the US branch of an international phishing operation that stole banking login details through spam email and bogus websites.
In addition, Lucas found himself on the wrong side of the law for growing more than 100 marijuana plants in his home, in a set-up which included an irrigation system, fans, indoor lighting and ventilation. He was clearly proud of his industrial scale marijuana operation as he posted videos on YouTube showing off his set-up.
What a plonker.
Lucas was the lead defendant in part of a multinational investigation known as “Operation Phish Phry”. The operation, which spanned the United States and Egypt, led to charges against 100 individuals in total – the largest number of defendants ever charged in a cybercrime case according to an FBI press release
As a result of Operation Phish Phry, 47 people have been convicted in federal court in Los Angeles.
Here’s how Operation Phish Phry worked.
Egyptian scammers would spam out emails that claimed to be from online banks. Victims would receive the emails, click on the links, and be directed to fake websites that pretended to be the online banks and enter their passwords, account numbers and other personal identifiable information.
The victims’ real bank accounts would be broken into, using the stolen information, and scammers in Egypt would transfer funds from the compromised accounts into other accounts.
Meanwhile, the US part of the phishing ring run by Lucas and two others recruited runners to set-up and use bank accounts which received the stolen funds.
The ring leaders would alert the runners through various methods (SMS, internet chat, and phone calls) to withdraw the cash and send it to them via Western Union. A portion of the money stolen was then transferred via wire services to the Egyptian gang members.
The total amount of money stolen in this way was estimated to be more than $1 million.
So, don’t doubt that the threat is real – and significant amounts of money have been stolen through phishing. Banks and consumers alike need to take security seriously and make it harder for criminals to break into accounts and steal our hard-earned cash.
Sophos has published some best practice guidelines to help you avoid being phished.