Slashdot Mirror
Bank Accounts Vulnerable For Victims of ZeuS Trojan Variant 'Gameover'
tsu doh nimh writes "Organized crooks have begun launching debilitating cyber attacks against banks and their customers as part of a smoke screen to prevent victims from noticing simultaneous high-dollar cyber heists, the FBI is warning. The thefts, aided by a custom variant of the ZeuS Trojan called 'Gameover,' are followed by distributed denial of service (DDoS) attacks against banks and the victim customers. The feds say the perpetrators also are wiring some of the money from victim organizations directly to high-end jewelry stores, and then sending money mules to pick up the pricey items."
I keep all my money in my house! Perfectly safe. No organized crooks gonna steal my money.
"None can love freedom heartily, but good men; the rest love not freedom, but license." --John Milton
Who can resist an important message from Sandra, the topless 3 boobed Nigerian government official charged with distributing $10 million dollars in oil industry windfall profits and free samples of Viagra ?
Sounds hot, you got a link?
I find your comment interesting and would like to subscribe to your newsletter.
Moved to http://soylentnews.org/. You are invited to join us too!
You go to a legitimate page which has been compromised, or is hosting adds and the add site has been compromised. The page attempts to exploit your browser, usually with a disclosed vulnerability. If you haven't applied that latest patch you get knocked over without clicking any links.
After any big even there are usually malicious sites near the top of the Google rankings which will attempt to exploit any one who lands on them. After the tsunami in Japan there were fake news results in the top 10 with in 2-3 hours doing this.
SEO=Search Engine Optimized. So it's like this. Your Flash Player is a month out of date and has a secuity hole. You search for a popular term. Maybe something game related, or porn, or whatever. Bad guy has a carefully crafted page that has been SEOed to appeared fairly high in the rankings for your popular search. The exploit is in the Flash on the page. You don't have to do anything except click the link (which seems perfectly legitimate).
Of course if you've got No-script or Ad Block, you're probably fine, but most people don't use stuff like that. See above for "People expect their computers to be tools" rant. What they did might have been mildly stupid: They should upgrade their plugins, they should read links more carefully, they should use some kind of script blocker, but it falls well within what most normal users would consider reasonable. Still infected though.
I don't need a million points of light, just two points of multi-mode fiber and a 10 Gig-E router.
A large attack vector for SEO poisoning is image searches. Unless you're running with NoScript or JS disabled, all you have to do is click on the wrong link in a random image search result, and the rest happens in the background. While you're sitting there looking at images of Martin Luther King, Jr. (and wondering why there's a photo of chocolate cake on the page as well, and one of some puppies), a multi-exploit probe script starts up in the background, quickly figures out what OS, browser and general environment you're using (think malware author's version of 'make'), and then downloads and executes an exploit path custom to your configuration.
Of course, the term "drive-by download" does also include the FakeAV stuff that automatically downloads and sits in your download folder, waiting for you to say, "hey, what's this zipfile doing in here with the 'reallysuperantivirus.exe' inside? I guess I should run it to find out!"
One day, I was browsing Google Image Search, looking to identify an ambiguous connector. (it ended up being a connector from JST)
Suddenly, I'm greeted with a UAC prompt. Having done nothing to instigate a UAC prompt, I immediately killed firefox. Nonetheless, there was a rogue process on my machine that was attempting to gain root access by desperately popping up anti-virus messages. Being an intelligent user, I discovered what process was responsible and promptly killed and deleted the offending binary from my machine.
I never even clicked anything.
:(){
While having out of date software is asking for troubles, lately with the thriving zero-day exploit market, even performing that task is not guaranteed to protect you.
It really requires nothing more than clicking the first link in Google.
Scary world. But aside that, you can't possibly blame the person using the web for a zero day (That's addressed to you Mr GP, not the parent)
No one can program their own space shuttle launch. That's why it takes a team - even for NASA.
As for YOUR post - if you drive a car you are expected to know a) how an internal combustion engine works and what oil is for and why you should check it once in a while b) whether your car runs on diesel or gasoline/petrol c) how to change a flat tire and d) when to take your car in for service/repairs. If you don't know the preceeding, then you really shouldn't be driving a car. Likewise with computers.
Seven puppies were harmed during the making of this post.
>A large attack vector for SEO poisoning is image searches
I personally ran into this while looking for flooding pictures in Warwick RI a couple of springs back.
Nearly half the Google results on the first page were SEO malware sites.
--
BMO
Too many people confuse the right to privacy with the right of anonymity. Personal information on people existed prior to the Internet and IP addresses. Things like phone books, marriage records, birth certificates, home/auto loans, and property deeds which can be obtained at any local government that keeps track of property taxes. Utility bills, drivers licenses, education records, insurance policies, and bank records have been available easily with or without any subpoena for over the past 50+ years. Earn no income that is subject to state or federal taxes otherwise that information will also be available in hard copy. The Internet just makes collecting this information faster. If you really want privacy unplug, store your money in your mattress, use cash and barter for all financial transactions , never enter into any type of agreement that requires more than a handshake, move to the wilderness and be prepared to turn off any anything that shows up in infrared when the satellites make their pass over your place. If this all seems too much of bother you could just stop posting your life story on Face book. If someone wants your information they don't need the Internet to get it. We have finally entered into the era where a lot of people have never had to live without access to the Internet and unfortunately these people are turning out to be the biggest morons on the planet. If you want true facts good luck finding them on the Internet, If you want a real education stop using Internet searches to find your answers and do real research that *gasp* might rely on using hard copy books. The Internet was supposed to herald the age of free and easy information exchange unfortunately the majority of that free information is bullshit and all around mis-information that has only increased the amount of acrimony and animosity in the world.
I can hear the booo and hisses already, but this is a large reason why I fucking hate Windows. Let's be real here, everyone getting hacked by these knuckleheads are idiots themselves (to a degree) AND running windows. But what about this: I just imaged and updated my Windows 7 64 system, only use Firefox, and have Microsoft AV (free) enabled. I was minding my own business surfing the web in what I thought was a fairly secure setup, some random popup or link injected code through what I believe was a flash vulnerability (again the box was only a month old) and installed some fucked up rootkit that MS AV actually found the next day. WTF? 0-day exploits CRUSH windows, despite the UAV etc, some how this shit still gets through. Yes, I could have done probably xyz things to protect myself, which I would believe if I were running XP, but this is a 1Mo old version of 7, automatic updates, and I only use firefox. FML.
Web browsers should run in a VM session that is incompatible with the host operating system on a binary level. This kind of aformentioned horseshit rarely if ever happens to everyday average normal guys just browsing the web on their Macs or Ubuntu boxes. Also, fuck it, I'm only browsing the web on a Linux image from now on on this Windows box (and just for reference the box is only used for gaming, occasionally slashdot raging)