If you use your debit or credit card to buy groceries or get cash out of an ATM you might want to know that the bad guys could have a piece of it.
Researchers at Russian security firm Group-IB say that customers from some of the largest US banks have been affected by malware that steals credit card data directly from ATMs as well as point-of-sale (POS) terminals found at regular retailers. Cyber-crooks are infecting the Operating System that powers ATMs and point-of-sale terminals with malware capable of stealing financial data.
The business model behind going directly to the source is efficient because criminals only need to compromise a few ATMs to collect hundreds, if not thousands, of credit card numbers which can immediately be sold on the black market.
Recently a Microsoft blog was released describing a new Facebook Trojan classified as JS.Febipos.A by several AV vendors. Febipos is currently active in Brazil and takes control of your Facebook profile using a Firefox and/or Chrome extension that’s installed during execution. I managed to obtain several copies of the Febipos executable, which uses Facebook-like icons in an attempt to appear legitimate, along with being signed by digital certificates from ‘Updates LTD’.
Have you ever received a call from someone with a heavy Indian accent from Microsoft saying your computer had errors or viruses? The purpose of these calls is to get an easy $299 (or whatever amount they choose) by scaring you into thinking there’s something really wrong with your computer and that they can fix it for you.
These telephony scams have been going on for many years and scammers keep robbing innocent people sadly because their success ratio is still worth their time and effort. It happens that I got ‘the call’ while minding my own business on a regular work day. I immediately recognized what this was all about and decided to play the game to see how far this would go. Continue reading
My colleague Adam Kujawa recently wrote a great post about the Malwarebytes experience at the hacker convention DefCon this year.
By popular demand, here's a round-up of my top four favorite DefCon talks from a development perspective:
1. “Stiltwalker”, by “DC949” (http://www.dc949.org/projects/stiltwalker)
I am sure everyone is familiar with reCAPTCHA. You have likely wasted hours of your life (in the aggregate) on it. The basic idea is that there are tasks (image or audio recognition of words or letters) that a machine cannot successfully do reliably (usually!) but that are very easy for humans, and so performance on these tasks can distinguish a real person from a machine, like a bot on a forum or message board. The Stiltwalker talk was about a machine-learning attack on audio CAPTCHA: the speakers found that they could train a neural net to “beat” it using not much more than a few basic background-subtraction tricks. Depending on the precise implementation of CAPTCHA they tested, they could get 60-99% accuracy. This is easily enough to consider the system “broken.” Really cool! Actually, I notice it's already up on Wikipedia: http://en.wikipedia.org/wiki/ReCAPTCHA#Security
2. “Hammer: Smashing Binary Formats into Bits” by Meredith Patterson and Dan “TQ” Hirsch
The lead-in to this talk was something to the effect of “have you ever used parser generators like Yacc or Bison? Don't you hate them? Here's something better.” Patterson and Hirsch then launched into an argument for “language-theoretic security” (basically, how virtually every parsing-bug-turned-security-flaw could be obviated with intuitive robust parsing – think along the lines of SQL injection). See http://www.cs.dartmouth.edu/~sergey/langsec. Then they showed a parsing library they have written called “Hammer” (https://github.com/UpstandingHackers/hammer) which has quite honestly the prettiest syntax I've ever seen in a parsing library. I really want to find some time to play around with it.