You might have already heard that last month’s traffic within the Tor network saw a significant increase. Over 1.2 million users during the month of August to be exact–that’s more than twice the amount of average traffic going through their network.
Tor, sometimes referred to as the “onion-routing” network, exists as a volunteer effort to conceal the identity of its users.
Conversely, Tor has also been used by criminals to peddle wares and offer illegal services. Continue reading
WordPress & Joomla! in the bull’s eye
If you run your own website – but not Blogger and other free ones – chances are it is powered by one of the two most common Content Management Systems (CMS) on the planet: WordPress and Joomla!.
There are very active campaigns making the rounds right now targeting these two platforms. A botnet comprised of nearly 25,000 infected computers is attacking login pages by performing ‘brute-force attacks’.
The Fort Disco botnet tries tens of thousands username/password combinations until a match is found. Once logged in, the bad guys use your website to host phishing, spam or even malware.
At the same time, a critical security flaw has been discovered in Joomla! where an attacker could easily upload a backdoor by simply adding a ‘.’ at the end of the file name.
Trojan (horse) in computer-terms is a type of malware that does not replicate itself.
The name is based on the mythological tale of Greek warriors who hid inside a giant wooden horse that was suppose to be “present” to the city of Troy. After dark, the Greek warriors opened the previously impenetrable gates of Troy to let in the rest of their army and sacked the city.
So, the name is very fitting, because computer Trojans often disguise themselves as something useful or at least innocent. Once they are inside, however, they often download or install other malware on the user’s computer.
In old times, a citadel was a fortress used as the last line of defense. For cyber criminals it is a powerful and state-of-the-art toolkit to both distribute malware and manage infected computers (bots). Citadel is an offspring of the (too) popular Zeus crimekit whose main goal is to steal banking credentials by capturing keystrokes and taking screenshots/videos of victims’ computers. Citadel came out circa January 2012 in the online forums and quickly became a popular choice for criminals. A version of Citadel (184.108.40.206) was leaked in late October and although it is not the latest (220.127.116.11), it gives us a good insight into what tools the bad guys are using to make money.
In this post, I will show you how criminals operate a botnet. This is not meant as a tutorial and I do want to stress that running a botnet is illegal and could send you to jail.
As mentioned last week, the Malwarebytes crew made it out to DefCon this year to check out all of the interesting talks and presentations given by various members of the computer/intelligence security community. This blog is meant to summarize most of what we saw, giving a brief explanation of which talks we thought were the most valuable and what topics should be of the most concern to our readers and customers.