WARNING - Internet Under Attack - MUST READ

[stealthyaroura]

had me paypal account hacked after changing password AGAIN! got it under control before out got taken.
some one called luckyluck from a Chinese proxy maybe. cheeky bastards.

Oh on "ghostery" i find it a good tool. on here just Amazon (no problem), on Alpha Tango Spooks, jesus i have never seen so much crap! it fills the right hand side of me screen.

[Ellirium113]

Well if the economy wasn't bad enough how about a FLAME type virus that targets the banks. My prediction...next it will hit the stock market if that is not already a part of this.

Gauss: Nation-state cyber-surveillance meets banking Trojan

Gauss is the most recent cyber-surveillance operation in the Stuxnet, Duqu and Flame saga.

It was probably created in mid-2011 and deployed for the first time in August-September 2011.

Gauss was discovered during the course of the ongoing effort initiated by the International Telecommunications Union (ITU), following the discovery of Flame. The effort is aimed at mitigating the risks posed by cyber-weapons, which is a key component in achieving the overall objective of global cyber-peace.

In 140 chars or less, "Gauss is a nation state sponsored banking Trojan which carries a warhead of unknown designation". Besides stealing various kinds of data from infected Windows machines, it also includes an unknown, encrypted payload which is activated on certain specific system configurations.

Just like Duqu was based on the "Tilded" platform on which Stuxnet was developed, Gauss is based on the "Flame" platform. It shares some functionalities with Flame, such as the USB infection subroutines.

What is Gauss? Where does the name come from?
Gauss is a complex cyber-espionage toolkit created by the same actors behind the Flame malware platform. It is highly modular and supports new functions which can be deployed remotely by the operators in the form of plugins. The currently known plugins perform the following functions:

Intercept browser cookies and passwords.
Harvest and send system configuration data to attackers.
Infect USB sticks with a data stealing module.
List the content of the system drives and folders
Steal credentials for various banking systems in the Middle East.
Hijack account information for social network, email and IM accounts.
The modules have internal names which appear to pay tribute to famous mathematicians and philosophers, such as Kurt Godel, Johann Carl Friedrich Gauss and Joseph-Louis Lagrange.

The module named "Gauss" is the most important in the malware as it implements the data stealing capabilities and we have therefore named the malware toolkit by this most important component.

Is there any special payload or time bomb inside Gauss?

Yes, there is. Gauss' USB data stealing payload contains several encrypted sections which are decrypted with a key derived from certain system properties. These sections are encrypted with an RC4 key derived from a MD5 hash performed 10000 times on a combination of a "%PATH%" environment string and the name of the directory in %PROGRAMFILES%. The RC4 key and the contents of these sections are not yet known - so we do not know the purpose of this hidden payload.

We are still analyzing the contents of these mysterious encrypted blocks and trying to break the encryption scheme. If you are world class cryptographer interested in this challenge, please drop us an e-mail at theflame@kaspersky.com

How is this different from the typical backdoor Trojan? Does it do specific things that are new or interesting?

After looking at Stuxnet, Duqu and Flame, we can say with a high degree of certainty that Gauss comes from the same "factory" or "factories." All these attack toolkits represent the high end of nation-state sponsored cyber-espionage and cyberwar operations, pretty much defining the meaning of "sophisticated malware."

Why were the attackers targeting banking credentials? Were they using it to steal money or to monitor transactions inside accounts?

This is unknown. However, it is hard to believe that a nation state would rely on such techniques to finance a cyber-war/cyber-espionage operation.

What kinds of data was being exfiltrated?

The Gauss infrastructure was shut down before we had the chance to analyze a live infection and to see exactly how much and what kind of data was stolen. So, our observations are purely based on analyzing the code.

Detailed data on the infected machine is also sent to the attackers, including specifics of network interfaces, computer's drives and even information about BIOS. The Gauss module is also capable of stealing access credentials for various online banking systems and payment methods.

It's important to point out that the Gauss C2 infrastructure is using Round Robin DNS - meaning, they were ready to handle large amounts of traffic from possibly tens of thousands of victims. This can offer an idea on the amount of data stolen by Gauss' plugins.

http://www.securelist.com/en/blog/208193767/Gauss_Nation_state_cyber_surveillance_meets_banking_Trojan

Full technical paper:
http://www.securelist.com/en/downloads/vlpdfs/kaspersky-lab-gauss.pdf



Latest Market Glitch Shows 'Trading Out of Control'

Wednesday morning's stock snafu had a familiar ring to it — mysterious volume in trades that simply could not have been made by a human comes surging out of nowhere, causing brief but acute market mayhem.

 
By now, many players on trading floors have gotten used to the disruptions that can come from the highly automated new world of high-frequency trading.

But that doesn't mean they like it.

"This algorithmic trading is kind of out of control," Phil Silverman, managing partner at Kingsview Capital, said as officials at the New York Stock Exchange tried to make sense of what happened. "It seriously hurts investor confidence."

http://www.cnbc.com/id/48443271

Saddle-up everyone looks like NEO is loose in the MATRIX. 

[lookfirst]

Latest buzz word - cyber warfare. It's on every other page of Stars and Stripes.

[zorgon]

SPAMMERS ON THE LOOSE

The past few weeks we have been seeing hits on our forum from spammers. While they cannot get past the Admin approval, they CAN now get past the three questions and the captcha.

We have been wondering how this was possible. But just a few minutes ago I got the answer from the latest 'new member' attempted signup...

I am going to post this example for all to see because this is going to be a problem that concerns many forums so pass it along if you are posting anywhere else...

One of the first tools we use to check new members is a place called Stop Forum Spam. They have a data base of known spammer accounts and track them by user name, email and IP address.

Have a look at this last user...  and yeah I will publish the IP

544    ErikB    admin@SEOGURUBD.com    174.140.171.218

So a search on the IP address at Stop forum Spam produces...

Found 5 entries for "174.140.171.218"

A search on the email produces...

Found 5 entries for "admin@SEOGURUBD.com"
Date    IP Address    Username    Email    Location    Evidence
15-Jun-12 13:39   184.22.194.179   captcha solver   admin@seogurubd.com   United States   
10-Jun-12 10:31   208.100.18.189   myadtools   admin@seogurubd.com   United States   
5-Jun-12 16:26   209.105.227.52   eJanisArnoldv   admin@SEOGURUBD.com   United States   
5-Jun-12 15:01   203.42.246.231   xJanisArnoldb   admin@SEOGURUBD.com   Australia   
10-Apr-12 20:12   178.32.156.196   bypass captcha   admin@seogurubd.com   France

StopForumSpam then lets you click on any one of those five IPs on that list... results...

184.22.194.179 appears in our database 6 times
208.100.18.189 appears in our database 79 times
209.105.227.52 appears in our database 545 times
203.42.246.231 appears in our database 5367 times

Try it yourself....

http://www.stopforumspam.com/ipcheck/203.42.246.231

Now looking through the user names and email address you find...

captcha solver
bypass captcha
admin @CaptchaBypass.org

CaptchaBypass.Org
No captcahs, No annoying! No hand SEO

SENuke Review – Senuke is a TOOL, a seo tool plus you really need to end taking Senuke Analysis in the event you don't know regarding keywords plus SEO.

Right, you need to absolutely acknowledge which ranking significant up inside the various search engines may indicate big money along with a boost with the advertising advertisments. The most intriguing thing is the fact that most persons worried inside web advertising are using the same schemes. With SEnuke SEO software, you'll be arming oneself with topmost tips which top web advertising experts employ with achieving with the best. With SEnuke SEO technique, you'll have the completed formula, plus the web advertising is advanced. SEnuke is the full right all-in-one web plus associate advertising tool I've found.

Lots more here about breaking down defenses. Our lives just got more complicated

http://captchabypass.org/

Picture-Recognition CAPTCHAs



So these Smegheads are selling code breaking to allow spammers to hit your forums

[zorgon]

What all can these new robots do?
Well they can even make POSTS once they get in...

This section of Rank Builder Review is to elaborate all the options that this so referred to as finest search engine optimisation automation suite contains. What does this link builder software deliver in order that it can be known as multi functional automation search engine marketing instrument? Let us see...

* Automated LinkWheel Creation – robotically register accounts, click the email verification links and submit your spun articles to top 15 net 2.zero properties (and rising).
* Computerized RSS Feed Submission – mechanically create RSS Feed from a LinkWheels plus submit it with significant 10 RSS Feed directories.
* Automatic Social Bookmarking – integrates with OnlyWire with regularly submit a sites with top 30+ social bookmarking service.
* Computerized Profile Hyperlink Building – regularly register accounts, check the emails plus submit the hyperlinks with tons of of significant PR conversation board websites (you can even add a individual checklist of boards!).
* Automated Captcha Breaking – integrates with Decaptcher plus Death By Captcha captcha breaking service for automated captcha solving.
* Link Booster Function – enhance a hyperlink juices by robotically create an RSS Feed from your record of hyperlinks, submitting it with excellent RSS Feed directories plus integrates with Ping.fm for automated submission with 40+ social networking websites.
* Stealth Function – help http proxies, password protected (private) proxies plus post spinning syntax.
* Run Within the Background – you might minimize it throughout the submission procedure plus this program might run inside the background thus you can do different function found on the desktop.

And this is legal? 

At the moment its manageable  - we get about 5 to 10 a day spread out over the 24 hours but its annoying as hell and we are likely to miss the odd good member trying to sign on.

Hopefully there will be a solution so we don't have to make it even harder to sign up for those who really want to participate.

I can understand legitimate marketers looking for way to increase sales but THIS? Should round up all these jerks and bring back the Guillotine

[lookfirst]

Good evening! Something in the remote viewing section of the forum is being flagged as malware every time I go there. It actually opens up another page, some form of google security alert for content from a page called arkcode. Is this something others have experienced or maybe due to reasons listed at the top of the post? The antivirus software on my computer has detected nothing.

[Littleenki]

You may want to PM zorgon, Dood!
le

[lookfirst]

Sure thing, Thanks!

[Littleenki]

Oops, sorry Lookfirst, I called you Dood, DOH!

Cheers!
Le

[thorfourwinds]

Good evening! Something in the remote viewing section of the forum is being flagged as malware every time I go there. It actually opens up another page, some form of google security alert for content from a page called arkcode. Is this something others have experienced or maybe due to reasons listed at the top of the post? The antivirus software on my computer has detected nothing.

Greetings:

We're on it.

Let's take a look:

Google:
About 333,000 results (0.20 seconds)

WHAT ELSE IS ON THIS SITE?
www.arkcode.com/This site may harm your computer.
For 15 years I've studied the Bible Code to learn if it contains the site of the Ark of the Covenant. Why? Michael Drosnin's (1997) book, THE BIBLE CODE, ...


What is the current listing status for arkcode.com?
Site is listed as suspicious - visiting this web site may harm your computer.

Part of this site was listed for suspicious activity 3 time(s) over the past 90 days.

What happened when Google visited this site?
Of the 73 pages we tested on the site over the past 90 days, 22 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2012-08-16, and the last time suspicious content was found on this site was on 2012-08-10.
This site was hosted on 1 network(s) including AS13446 (NETZERO).

Has this site acted as an intermediary resulting in further distribution of malware?
Over the past 90 days, arkcode.com did not appear to function as an intermediary for the infection of any sites.

Has this site hosted malware?
No, this site has not hosted malicious software over the past 90 days.

How did this happen?
In some cases, third parties can add malicious code to legitimate sites, which would cause us to show the warning message.

Next steps:
Return to the previous page.
If you are the owner of this web site, you can request a review of your site using Google Webmaster Tools. More information about the review process is available in Google's Webmaster Help Center.

To be continued...

Peace Love Light

tfw   

Liberty & Equality or Revolution

[zorgon]

Okay I temporarily removed the link in two posts. The relevant material is in the post anyway.

I then clicked ignore  warning and the site loaded fine with no attempts to download anything

Looks like they were hijacked at some point and google hasn't cleared the flag

In any case the link is disabled for now

Good work tracking it down 

[SarK0Y]

if something suspicious out the, Just load webpage w/o active content + keep in mind 2nd trap: too lengthy links can trigger buffer overflow $h!t.  actually, most number of resources doesn't deserve to be loaded with active content  anyway

[Ellirium113]

OK WTH!!!  Did hackers just take down Russia Today website again?

http://rt.com/

[thorfourwinds]

Our post from yesterday...


This is probably the Sarge's black-ops friends at work...

kicked off line and look at what happened today:

4,292,608.0 TB DOS attack



And then this whilst visiting overseas:




This recently behind a 29 TB attack:







At least we have 'interesting' activity documented.

tfw

[Ellirium113]

Well if the economy wasn't bad enough how about a FLAME type virus that targets the banks. My prediction...next it will hit the stock market if that is not already a part of this.

Well I would say this virus is starting to rear it's ugly head...

Mysterious Algorithm Was 4% of Trading Activity Last Week

A single mysterious computer program that placed orders — and then subsequently canceled them — made up 4 percent of all quote traffic in the U.S. stock market last week, according to the top tracker of high-frequency trading activity. The motive of the algorithm is still unclear. 

The program placed orders in 25-millisecond bursts involving about 500 stocks, according to Nanex, a market data firm. The algorithm never executed a single trade, and it abruptly ended at about 10:30 a.m. ET Friday.

"Just goes to show you how just one person can have such an outsized impact on the market," said Eric Hunsader, head of Nanex and the No. 1 detector of trading anomalies watching Wall Street today. "Exchanges are just not monitoring it."

http://www.cnbc.com/id/49333454

Things are going to get bumpy folks put on your seatbelts.