Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Full-disclosure] [botnets] [funsec] Haxdoor: UK Police Count 8, 500

from [bf] Network Security [Permanent Link]
Subject: Re: [Full-disclosure] [botnets] [funsec] Haxdoor: UK Police Count 8, 500 Victims in Data Theft (So Far) (fwd)
Date: Mon, 30 Oct 2006 14:47:15 -0500 
"So, knowing full-well security is out of our hands, and relies on the
security of our users. Knowing full-well that the same technology can be
used to bypass 2-factor authentication, how do organizations handle their
own security, if they are to have clients?"

Organizations make attempts to protect the resources immediately under
their control and the losses incured by end user compromise are
written off as a loss. Indeed, this sort of loss is so hard to
quantify that the end user and "affected organization" (Bank for
example) have no way of knowing how or why the account or identity of
the end user was ever compromised.

IE:
End user: "Wow my identity was stolen, how did that happen?"

Bank: "No problem, we'll issue you a new card/account/what-have-you.

But you know this already.

On 10/24/06, Gadi Evron <ge@linuxbox.org> wrote:

To report a botnet PRIVATELY please email: c2report@isotf.org
----------
So, here we go. Real-life uses for vulnerabilities.

Below is an example of just ONE "drop-zone" server in the
United States, which has "600 financial companies and banks".

Several gigs of data.

How do these things work?

They get installed by the use of a web vulnerability, an email attachment
of network scanning, utilizing several vulnerabilitie.

One drop zone, and all this noise gets made. I am very happy to hear that
the UK police (which are good people) are doing something about this,
however, banks, eCommerce sites, dating sites, etc. all get attacked by
these things, by the users being infected.

These trojan horses use rootkit technology, with a hook, using man in the
middle attacks to bypass the SSL encryption, and steal any HTTPS
credentials they come across.

These things are so wide-spread, this news item made me raise my eye-brow,
at first.

So, knowing full-well security is out of our hands, and relies on the
security of our users. Knowing full-well that the same technology can be
used to bypass 2-factor authentication, how do organizations handle their
own security, if they are to have clients?

The point is, though, that this is a well planned operation, with new
samples being released with new vulnerabilities to exploit,
constantly. This should not be considered a "one time cease" or a "lost
laptop containing private data".

This is what vulnerabilities are about - the damage and operations they
are used for.

       Gadi.

---------- Forwarded message ----------
Date: Tue, 24 Oct 2006 21:24:20 GMT
From: Fergie <fergdawg@netzero.net>
To: funsec@linuxbox.org
Subject: [funsec] Haxdoor: UK Police Count 8,
    500 Victims in Data Theft (So Far)

Via InfoWorld.

[snip]

British electronic-crime detectives are investigating a massive data
theft operation that stole sensitive information from 8,500 people in
the U.K. and others in some 60 countries, officials said Tuesday.

In total, cybercriminals targeted 600 financial companies and banks,
according to U.K. authorities, who have worked over the past week to
identify and notify victims.

Through intelligence sources, U.K. police were given several gigabytes
of data -- around 130,00 files -- that came from a server in the U.S.,
said Charlie McMurdie, detective chief inspector for the Specialist
Crime Directorate e-Crime Unit of the London Metropolitan Police. Most
of the data related to financial information, she said.

The data was collected by a malicious software program nicknamed
Haxdoor that infected victims' computers. Some 2,300 machines were
located in the U.K. McMurdie said.

[snip]

More:
http://www.infoworld.com/article/06/10/24/HNukdatatheft_1.html

- ferg


--
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawg(at)netzero.net
 ferg's tech blog: http://fergdawg.blogspot.com/


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

_______________________________________________
To report a botnet PRIVATELY please email: c2report@isotf.org
All list and server information are public and available to law enforcement 
upon request.
http://www.whitestar.linuxbox.org/mailman/listinfo/botnets



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Nucleus Core v3.23 - Remote File Include, firewall1954
Next by Date:  Punbb <= 1.2.13 Multiple Vulnerabilities, Nms
Previous by Thread:  Re: [Full-disclosure] [funsec] Haxdoor: UK Police Count 8, 500 Victims in Data Theft (So Far) (fwd), Marshall Eubanks
Next by Thread:  Re: [Full-disclosure] [botnets] [funsec] Haxdoor: UK Police Count 8, 500 Victims in Data Theft (So Far) (fwd), Gadi Evron
Indexes:  [Date] [Thread] [Top] [All Lists]