Nasty Trojan infects 100 hosts in sixty minutes

April 8, 2013

Russian anti-virus company Doctor Web has gained control over a botnet created with BackDoor.Bulknet.739 that, on average, is infecting as many as 100 computers per hour. The Trojan facilitates the sending of massive volumes of spam from infected computers. BackDoor.Bulknet.739 mainly targets machines located in Italy, France, Turkey, the USA, Mexico and Thailand.
The first time BackDoor.Bulknet.739 drew the interest of Doctor Web's analysts was in October 2012. They discovered that the Trojan was being used to connect computers into botnets and was enabling criminals to carry out mass spam mailings.
When the malicious code is executed in a compromised system, a Trojan downloader is extracted, after which another program, detected by Dr.Web as BackDoor.Bulknet.739, downloadsBackDoor.Bulknet.847. The program uses its hardcoded encrypted list of domain names to pick an address to download the spam module. In response, the Trojan obtains the site's main web page and parses the HTML code in search for the image tag. The encrypted code of the mainBackDoor.Bulknet.739 module is stored inside the image tag pair. The module is designed to send huge volumes of unsolicited e-mails.
BackDoor.Bulknet.739 receives from a remote server addresses to which it can send spam, an e-mail template file and a configuration file.BackDoor.Bulknet.739 utilizes a binary protocol to communicate with criminals. It can be directed to carry out updates, download new message templates and spam address lists, or stop sending messages. If the Trojan process terminates abnormally, it can generate a report and send it to the intruders.

Doctor Web's analysts managed to hijack a server used to control theBackDoor.Bulknet.739 botnet and gathered statistics. As of April 5, 2013, over 7,000 bots were connected to the server. The graph below illustrates how the number increased in the period from April 2 to 5:

At the moment, the botnet BackDoor.Bulknet.739 is continuing to grow quite rapidly—an average of 100 machines are being infected every hour. The Trojan is spreading most widely in Italy, France, Turkey, the USA, Mexico and Thailand. The smallest number of compromised hosts is found in Russia and Australia. Here's how the infection is spreading across countries and continents:

And here are the statistics regarding the operating systems of infected computers:

Doctor Web analysts are continuing to monitor the situation closely.BackDoor.Bulknet.739 poses no threat to systems protected with Dr.Web software since the malware's signature is present in the anti-virus's databases.

Source - ΠΗΓΗ

How hackers will jailbreak the iPhone 5

By Sebastian Anthony
Some of the world’s most tenacious hackers will begin the tricky task of jailbreaking the iPhone 5. 
To date, every single iPhone has been cracked wide open by hackers, blazing the trail for tethered and eventually untethered jailbreaks. Every year, Apple releases new products with increasingly complex security measures — and yet, without fail, they fall to the increasingly tenacious attacks of Apple hackers.
How does a hacker jailbreak an iPhone or iPad, though? Well, I’m glad you asked, because the answer is rather interesting.

Defining the problem

To begin with, hackers aren’t interested in hacking the iPhone 5 itself — they’re actually looking for a flaw in iOS 6 and the A6 SoC, both of which are brand new and relatively unknown. In the iPhone 4S’s case, it withstood hacking attempts for months — much longer than any other Apple device — before it finally fell.
To create an untethered jailbreak for the iPhone 5, hackers will first have to find an exploit in the iOS 6 kernel, and then they’ll have to work out a way of circumventing the hardware-level security provided by the SoC so that they can inject arbitrary, unsigned code into the boot ROM — the first code that is executed when an iDevice is powered on. This custom code will disable the iDevice’s security features, allowing you to install non-App Store programs, such as Cydia. Voila, one jailbroken iPhone.

Finding a kernel exploit

On something like a Linux PC, where you have full access to the source code and the ports on the back of the computer, finding a kernel exploit is relatively easy — it’s just a case of painstaking analysis, leaving no stone unturned. iOS’s source code is closed, however (though XNU, which it is based on, is open source), and the hardware is relatively locked down.
In the case of iOS 4 and 5, both of which have been jailbroken, the kernel has a built-in debugger — a tool that spits out a lot of information about the kernel’s behavior, so that Apple’s internal software team can find and squash bugs. This debugger is only accessible via serial connection, however — and obviously, the iPhone doesn’t have a serial connector on the bottom. Or does it?

It turns out that the old 30-pin Apple connector actually has two pins set aside for serial communications — and to use them, all you have to do is solder together a few simple components that can be bought for around $30.
With the home-brew cable made, an Apple hacker can open a serial connection with the iDevice, gaining access to the kernel debugger. Once you have access to the kernel debugger, it’s a matter of finding an exploit — a flaw in the kernel that can be used to gain root access to the device. This step is incredibly complicated, requiring a vast amount of software expertise. For more info, hit up Stefan Esser’s excellent Black Hat and CanSecWest [PDF] presentations on iOS kernel exploitation.

Tethered or untethered?

Once you’ve found a kernel exploit and gained root access, you have achieved a tethered jailbreak. If the hacker can also find a vulnerability in the device’s hardware-level security (as Limera1n did with A4-based iDevices), then the exploit can be loaded into the boot ROM and executed every time the device is powered on — an untethered jailbreak.
In the case of Apple’s A5 SoC, which debuted in the iPad 2 in March 2011, it took ten months to find an exploit that would allow an untethered jailbreak. In the words of a Chronic Dev Team spokesperson: “I don’t know if any iOS hacker anticipated how much the A5 chip would completely change the game & up the stakes. The endless war we fight to jailbreak has become more & more difficult with each new device released, and our recent battle against A5 only proved this further.”

Jailbreaking the iPhone 5 and A6 SoC

 
The iPad 2 and iPhone 4S, powered by the A5 SoC, were by far the hardest iDevices to crack — previous devices usually only lasted a few days or weeks. This was partly because Apple is continually working to thwart would-be hackers — and also because Apple hired Nicholas Allegra (aka Comex), one of the key members of the iDevice hacking community. Not only did this slow down the jailbreaking of the A5, but more importantly Comex will have spent the last year hardening the A6 SoC against as many attack vectors as possible.
There’s the matter of the new Lightning connector, too. I suspect it doesn’t have dedicated serial pins, which will add another layer of complexity that will need to be reverse engineered by the iDevice hackers. The is one possible glimmer of hope in that iOS 6 has already been jailbroken — but only on antiquated A4-based devices (iPhone 3GS/4), and it’s still only a tethered jailbreak.
Will the A6 fall? Will the iPhone 5 be jailbroken? If history has taught us anything it’s that nothing is truly secure. Given enough man hours, an exploit will be found.
Apple doesn’t need to make the iPhone 5 completely secure, though — it just needs to last a couple of generations, until the next upgrade cycle. Given Apple’s continued investment in security and the news that the A6 SoC features a highly customized in-house design, I wouldn’t be surprised if the iPhone 5 remains unjailbroken for a long time to come.
Now read: Black hat down: What happened to the world’s most famous hackers?
Updated: This story has been updated slightly to more accurately reflect some nuances of iOS hacking.

ΠΗΓΗ

Εφαρμογή - «υπερκατάσκοπος» σε smartphones!

Μία εφαρμογή - «υπερκατάσκοπο», για smartphone με Android, η οποία καταγράφει το περιβάλλον του χρήστη και στη συνέχεια το αναδημιουργεί ως ένα τρισδιάστατο virtual μοντέλο παρουσίασε το Naval Surface Warfare Center των ΗΠΑ.

 
Στο πλαίσιο της ανόδου των smartphones και...  
των tablets, έχει εξελιχθεί σε μεγάλο βαθμό και το malware που «στοχεύει» αυτές τις συσκευές. 
Κάποια από τα πλέον σύγχρονα κακόβουλα λογισμικά περιλαμβάνουν προγράμματα που παρακολουθούν με στόχο τον εντοπισμό αριθμών καρτών, είτε μέσω καταγραφής των πλήκτρων που πατιούνται, είτε μέσω ακρόασης.
Ο Ρόμπερτ Τέμπλμαν, του Naval Surface Warfare Center, και συνεργάτες του από το πανεπιστήμιο της Ιντιάνα αναπτύσσουν μία νέα γενιά malware, που είναι σε θέση να καταγράφει και να δημιουργεί τρισδιάστατες αναπαραστάσεις του περιβάλλοντος του χρήστη, επιτρέποντας την κλοπή στοιχείων όπως οικονομικά δεδομένα, πληροφορίες σε οθόνες υπολογιστών κ.α.
Σύμφωνα με δημοσίευμα του MIT Technology Review, το εν λόγω λογισμικό αποκαλείται PlaceRaider, και έχει αναπτυχθεί ως εφαρμογή που τρέχει στο background των smartphones με Android 2.3. 
Η κεντρική ιδέα είναι ότι το malware εγκαθίσταται σε εφαρμογή για κάμερα, την οποία ο χρήστης κατεβάζει και τρέχει, μία διαδικασία που δίνει στο λογισμικό τη δυνατότητα λήψης και αποστολής φωτογραφιών. 
Στη συνέχεια, λαμβάνοντας υπόψιν δεδομένα όπως η ώρα λήψης, η θέση και ο προσανατολισμός του τηλεφώνου, επιτρέπει τη δημιουργία ενός τρισδιάστατου μοντέλου χώρου (μετά την αποστολή του «πακέτου» των δεδομένων σε έναν κεντρικό server), αποκλείοντας παράλληλα φωτογραφίες που είναι υπερβολικά θολές ή σκοτεινές. 
Το εν λόγω λογισμικό επίσης καθιστά αθόρυβη τη λήψη φωτογραφιών, που θα έκανε αντιληπτή την κατασκοπευτική δραστηριότητα από το χρήστη.
Όπως αναφέρεται στο σχετικό paper, το PlaceRaider είναι ένα «πρωτοποριακό οπτικό malware, που επιτρέπει σε απομακρυσμένους εισβολείς να προβούν σε αναγνώριση και αυτό που θα αποκαλούσαμε virtual κλοπή. 
Μέσω ξεκάθαρα οπορτουνιστικής χρήσης της κάμερας στο τηλέφωνο και άλλων αισθητήρων, το PlaceRaider δημιουργεί πλούσια, τρισδιάστατα μοντέλα εσωτερικών περιβαλλόντων. 
Απομακρυσμένοι διαρρήκτες μπορούν έτσι να ʽκατεβάσουνʼ το φυσικό χώρο, να μελετήσουν το περιβάλλον και να κλέψουν εικονικά αντικείμενα, όπως οικονομικά αρχεία, πληροφορίες σε οθόνες υπολογιστών και προσωπικά στοιχεία».
Οι δοκιμές αυτές μέχρι τώρα έχουν αποδειχτεί επιτυχείς, καθώς έχουν οδηγήσει σε δημιουργία ακριβών τρισδιάστατων μοντέλων των χώρων όπου κινούνταν οι 20 χρήστες στους οποίους δόθηκαν μολυσμένα κινητά. 
Όπως αναφέρει ο Τέμπλμαν, μπορεί η εφαρμογή αυτή να είναι προς στιγμήν για Android, αλλά τίποτα δεν αποκλείει να εμφανιστούν αντίστοιχα λογισμικά για κάθε λειτουργικό φορητών συσκευών.
ΠΗΓΗ