Two million logins and passwords from services such as Facebook, Google and Twitter have been found on a Netherlands-based server, part of a large botnet using controller software nicknamed “Pony.”
Another company whose users’ login credentials showed up on the server was ADP, which specializes in payroll and human resources software, wrote Daniel Chechik, a security researcher with Trustwave’s SpiderLabs.
It’s expected that cybercriminals will go after main online services, but “payroll services accounts could actually have direct financial repercussions,” he wrote.
ADP moved US$1.4 trillion in fiscal 2013 within the U.S., paying one in six workers in the country, according to its website.
Facebook had the most stolen credentials, at 318,121, followed by Yahoo at 59,549 and Google at 54,437. Other companies whose login credentials showed up on the command-and-control server included LinkedIn and two Russian social networking services, VKontakte and Odnoklassniki. The botnet also stole thousands of FTP, remote desktop and secure shell account details.
It wasn’t clear what kind of malware infected victims’ computers and sent the information to the command-and-control server.
Trustwave found the credentials after gaining access to an administrator control panel for the botnet. The source code for the control panel software, called “Pony,” was leaked at some point, Chechik wrote.
The server storing the credentials received the information from a single IP address in the Netherlands, which suggests the attackers are using a gateway or reverse proxy in between infected computers and the command-and-control server, he wrote.
“This technique of using a reverse proxy is commonly used by attackers in order to prevent the command-and-control server from being discovered and shut down — outgoing traffic from an infected machine only shows a connection to the proxy server, which is easily replaceable in case it is taken down,” Chechik wrote.
Information on the server indicated the captured login credentials may have come from as many as 102 countries, “indicating that the attack is fairly global,” he wrote.
Source: Network World
I am going to post this article here from TorrentFreak mainly because this is the site I have recommended to convert mp3′s in my article How to Download Free Music on the BlackBerry PlayBook and BlackBerry 10.
One of the world’s largest sites dedicated to converting YouTube videos to downloadable MP3s has lost a court battle with representatives from the music industry. YouTube-MP3, a site that was also threatened by Google in 2012, agreed to cease and desist from its current mode of operation after it was revealed it was not only ripping music from YouTube, but also archiving the MP3s for future download. Despite the loss, the site remains online – legally.
In addition to obtaining music from file-sharing networks, those looking for free tracks often get them from so-called tube-rippers, sites and services that transform YouTube videos into downloadable MP3s.
These tools are available in several formats including desktop packages, apps for mobile devices, and more commonly browser-based tools. In mid-2012 YouTube owners Google, believed to be under pressure from the music industry, started to make life more difficult for web-based YouTube converters and some cases issued threats to sue.
While some sites decided to shut down, many others continued business as usual, including the German site YouTube-MP3, one of the largest YouTube ripping services around with around 30 million visits per month. The site has long insisted that it has a right to provide ripping services but having fought off Google it recently found itself up against fresh adversaries.
Three music companies under the umbrella of industry group BVMI challenged YouTube-MP3′s assertion that it operates legally and sued it in the Hamburg District Court. The companies said that while YouTube-MP3 claimed to be offering only a rip-and-download service, there were serious technical issues behind the scenes that rendered the site in breach of copyright law.
YouTube-MP3 claimed that users of its service could enter the URL of a YouTube video and have the site convert and churn out an MP3 for download. Apparently, however, that wasn’t always the way it worked. Once a video had been converted to MP3, that audio was stored on YouTube-MP3′s servers. If another user subsequently entered the same YouTube URL, no conversion or ripping was carried out. They were simply handed a copy of the previously stored MP3 for download.
In a statement sent to TorrentFreak, BVMI said that this was a clear breach of copyright law.
“Contrary to the common assumption that YouTubeMP3 is a streamripper that allows users to record songs from the Internet (much as cassette recorders were used to record music from the radio back in the day), in fact the online converter often simply made the pieces available for download without a license,” BVMI said.
BVMI said that by the time the case had arrived in court last month the owner of YouTube-MP3 had already signed cease and desist declarations and agreed to refrain from reproducing and distributing copyright content.
“The current case provides deep insights into the workings of so-called ‘recording services’
and exposes a trick that not only hoodwinks the rights owners but also misleads the users of
these services,” said BVMI Managing Director Dr Florian Drücke.
“Under the guise of private copying [YouTube-MP3] deceives people into thinking that
everything is above-board, even though the user – unwittingly – avails himself of an illegal download platform. We have for some time pointed out that the vague definition of ‘private copies’ encourages cat-and-mouse games in matters of streamripping, so a clarification at the political level is needed here.”
With the signing of the declarations the Hamburg District Court considered the case closed but ordered YouTube-MP3 to pay everyone’s costs.
TorrentFreak contacted the site’s owner for a comment but as yet we’ve received no response. Presumably life at YouTube-MP3 will continue, but without storing converted MP3s for subsequent download. The end result, of course, is that users of the site will still get ripped MP3s just as they did before, a point not lost on BVMI.
“One thing is clear: this platform, as well as most other streamripper sites, generate considerable advertising income that is not shared with the artists or their partners. This has nothing to do with fairness, nor does it fit with our current digital age, when many music sites – some of them free – can be used perfectly legally on the Internet,” BVMI conclude.
If an Android device (phone or tablet) has ever logged on to a particular Wi-Fi network, then Google probably knows the Wi-Fi password. Considering how many Android devices there are, it is likely that Google can access most Wi-Fi passwords worldwide.
Recently IDC reported that 187 million Android phones were shipped in the second quarter of this year. That multiplies out to 748 million phones in 2013, a figure that does not include Android tablets.
Many (probably most) of these Android phones and tablets are phoning home to Google, backing up Wi-Fi passwords along with other assorted settings. And, although they have never said so directly, it is obvious that Google can read the passwords.
Sounds like a James Bond movie.
Android devices have defaulted to coughing up Wi-Fi passwords since version 2.2. And, since the feature is presented as a good thing, most people wouldn’t change it. I suspect that many Android users have never even seen the configuration option controlling this. After all, there are dozens and dozens of system settings to configure.
And, anyone who does run across the setting can not hope to understand the privacy implication. I certainly did not.
In Android 2.3.4, go to Settings, then Privacy. On an HTC device, the option that gives Google your Wi-Fi password is “Back up my settings”. On a Samsung device, the option is called “Back up my data”. The only description is “Back up current settings and application data”. No mention is made of Wi-Fi passwords.
In Android 4.2, go to Settings, then “Backup and reset”. The option is called “Back up my data”. The description says “Back up application data, Wi-Fi passwords, and other settings to Google servers”.
Needless to say “settings” and “application data” are vague terms. A longer explanation of this backup feature in Android 2.3.4 can be found in the Users Guide on page 374:
For details and more information click the source link below.
A new piece of Android malware has been discovered that can intercept your incoming text messages and forward them on to criminals. Once installed, the trojan can be used to steal sensitive messages for blackmailing purposes or more directly, codes which are used to confirm online banking transactions.
The malware in question, detected as “Android.Pincer.2.origin” by Russian security firm Doctor Web, is the second iteration of the Android.Pincer family according to the company. Both threats spread as security certificates, meaning they must be deliberately installed onto an Android device by a careless user.
Upon launching Android.Pincer.2.origin, the user will see a fake notification about the certificate’s successful installation but after that, the trojan will not perform any noticeable activities for a while. Here are a few screenshots:
The malware is loaded at startup via CheckCommandServices, a service that runs silently in the background (right-most screenshot above). It will then connect to a remote server and send over the following information about the mobile device to those behind the attack: handset model, device’s serial number, IMEI, carrier, cell phone number, default system language, operating system, and availability of the root account.
The threat then awaits instructions that contain commands in the following format: command:[command]. Doctor Web has found criminals can send the following instructions to the trojan:
• start_sms_forwarding [telephone number]— begin intercepting communications from a specified number
• stop_sms_forwarding — stop intercepting messages
• send_sms [phone number and text] — send a short message using the specified parameters
• simple_execute_ussd — send a USSD message
• stop_program—stop working
• show_message—display a message on the screen of the mobile device
• set_urls – change the address of the control server
• ping – send an SMS containing the text ‘pong’ to a previously specified number
• set_sms_number—change the number to which messages containing the text string ‘pong’ are sent.
The first one allows attackers to indicate the number from which the trojan should intercept messages, meaning this can be used for targeted attacks to steal specific messages. The third one from the bottom shows the criminals have planned for changing servers in case they believe the current one will be shut down.
Although Doctor Web doesn’t say so, the good news here is that Pincer2 is not likely to be very prevalent. It has not been found on Google Play, where most Android users should be getting their apps, and appears to be meant for precise attacks, as opposed to being aimed at as many users as possible.
In short, this malware threat isn’t one that you will likely be hit with, but it is an interesting example of how Android malware is evolving. Our advice is the same as always: only install apps that you know are safe.
Malware that avoided detection and made its way onto the official Google Play store has been downloaded at least 2 million times, a security firm warned today.
Google was notified of the outbreak by Lookout and all affected rogue apps have been removed from the Android store. As many as 9 million could have downloaded the dirty code.
Lookout found 32 applications contained code from the “BadNews” software development kit, which masqueraded as a standard advertising network SDK.
But it was particularly aggressive, sending phone number and device IDs to their command and control servers, and prompting users to install applications, including AlphaSMS, a “well-known premium rate SMS fraud malware”, which can cost users plenty of money.
“It is not clear whether some or all of these apps were launched with the explicit intent of hosting BadNews or whether legitimate developers were duped into installing a malicious advertising network,” the company wrote in a blog post.
“However, based on our analysis of the backend code behind a number of these purported ad networks there is little doubt that BadNews is a fraudulent monetisation SDK.”
“Further, it is clear that a substantial amount of code in BadNews has previously appeared in other families associated with Eastern European toll fraud.”
Lookout identified three C&C servers, in Russia, Ukraine and Germany.
It’s another big outbreak of Android malware, which has been spreading rapidly in recent years. NQ Mobile reported earlier this week that mobile malware jumped 163 percent in 2012, with almost all threats aimed at Android.
Governments appear to be using mobile Trojans too. China was this month implicated in attacks on Tibetan activists, which sought to get malicious kit on Android devices.
Source: Tech Week Europe
The Google Play store is no stranger to malware-infested apps or scam related apps, so we can add this one onto its list. According to its research, Symantec states that there are over 200 apps in the Google Play store that scam people into paying money in order to view adult-rated videos. They have discovered that there are at least 50 developers involved in the scam, and their apps have been downloaded at least 5,000 times in the past couple of months.
Symantec states that as of right now, the situation seems to be limited only to Japan, however these apps could easily be released throughout the world. It says that these apps are able to obtain up to $1,000 from just one person. It also states that since these apps have been operating for more than two months, it seems that the scammers are finding the fraudulent operations to be “worth the time and effort”.
These apps require little to no permissions to run. Some apps, at most, require only permissions to access your network. Normally, one-click billing fraud is limited to PC users, however, now that smartphone usage has skyrocketed, scammers are changing platforms. Scammers are also branching out to other methods of fraud as well. The same developers who released the apps with one-click billing fraud have also released fraudulent dating service apps as well.
So here’s a piece of advice that’s common to most of you: Only download apps from trusted developers. Like I said before, this isn’t the first time Google Play has been hit by dangerous apps. Late in 2012, a developer had dozens of fake apps in the Google Play store that utilized the same names as some very popular apps, such as Temple Run. To further protect yourself, you should install an anti-virus program onto your Android smartphone.
Installing malware on your smartphone devices is something no one wants to do, but it does happen, especially for Android owners. A new Android malware has been uncovered that not only affects your Android device, but it’s also capable of targeting a user’s PC in order to spy on them.
The Android malware is called “DroidCleaner” and poses as an application to help free your Android device’s memory by “cleaning” the device. Researchers at security firm Kaspersky Lab discovered the application and say the malware infects the user’s device and can even infect their computer if they plug the infected device into it.
Infected computers can then have the microphone tapped as the software can begin to record audio once the microphone detects any sort of sound. The recorded audio can then be sent back to the creators of the malware.
Fortunately, if your device is infected by the malware and plug it into a computer with the latest version of Windows, the function to automatically install itself onto your PC won’t work as the setting needed by the malware has been disabled. But if you haven’t updated your Windows machine, then you might want to be careful of what you say near your microphone.
Many of us whiled away untold hours of our youth mashing the D-pad, A and B buttons of the original Game Boy, which is why we’ve seen many hacks using its iconic hardware. Gaming on mobile touchscreens isn’t nearly so tactilely pleasing as that portable, however, so nostalgic modder Chad Boughton decided to swap out his GB’s dot-matrix display for the Super AMOLED of a Galaxy Nexus.
He first removed the screen and trimmed the chassis so that a GNex case could be bolted flush with the rest of the body. The more involved part of the mod, however, was getting the buttons to work wirelessly with the phone. To accomplish the trick, he trimmed the Game Boy’s circuit board to make room for the guts of a Wiimote, which he then connected to the buttons. From there, he installed the Wii Controller IME app to get the GB talking with the phone, and presto! One of the coolest Android gamepads we’ve seen was born. You can see how it works in the video after the break, and there’s a slew of shots showing the mod in progress at the source below.
Youtube video demonstration is Here.