Hack

The H-Online: Online forums have, for some time, apparently been the target of hackers who inject additional code. However, the attackers aren’t interested in publishing cool slogans or political messages, they’re looking for money. They steal Google traffic from the forums and exploit this traffic via ads. Their main targets appear to be forums that are based on the vBulletin software. Unlike the “Look how cool I am” crackers, these attackers have very discreet working methods. They hide their code deeply within the system and ensure that their redirections don’t attract much attention. Only users who visit forum pages for the first time via a search engine such as Google are redirected to a url123.info URL. This site initially displays a strange blocking alert (“Access denied”) followed by some arbitrary text and then loads a full-page ad by InfinityAds. The ads are probably a direct source of income for the intruders even though each ad is only worth a few pennies. However, as some forum operators have reported that their traffic has dropped by more than 70 per cent, and the phenomenon seems to be a rather wide-spread one, the overall yield is likely to be considerable. ...

The H-Security: The head of Google’s Webspam team, Matt Cutts, announced on Twitter that Google has sent out a message to the webmasters of 20,000 sites informing them that their sites may have been hacked. In the email message, the company warns operators that the affected sites appear to be being used to redirect visitors to a malicious site. Google asks the site administrators to check the files in their web space for an eval(function(p,a,c,k,e,r) JavaScript code segment. The eval() function can be used to execute JavaScript character strings that may have previously been decrypted using an unpack feature. Google also warns of specially crafted .htaccess files. These may cause a file to be redirected only in certain circumstances, for example, when a visitor accesses the page via Google. Consequently, regular visitors to a site, such as the webmaster, will be unaware of the infection. ...

As I said in the other post, Iran’s Central Bank has announced that the electronic information of 3 million customers of 10 Iranian banks have been compromised. These banks now require their customers to change their ATM pin numbers before they can access their account. This has caused a rush to the ATM machines by the worried customers. The hacker was identified as Khosro Zare’, a former bank-system specialist in Iran who recently left the country. Zare’ claimed in a blog that he hacked the PIN codes to highlight the vulnerability of Iran’s banking system. ...

An Iranian hacker published the information about some 3 million debit cards of 10 Iranian banks, including codes and passwords. The information has been published by someone named “Khosrow Zare Farid” who was the manager of a company which operates SHETAB payment network in Iran and produces and installs POS devices. “Around one year ago I found a critical bug in the system. Then I wrote and sent a formal report to all the CEO of banks in Iran but none of them replied to me. Now I decided to publish the information. Governments tried to catch me by Iran Cyber Army but they failed,” he said, according to Kabir News website ...

SophosLabs: Brian Krebs is reporting that MasterCard and Visa are warning member-banks of a payment processor breach that may impact more than 10,000,000 credit cards. It is important to note that MasterCard and Visa’s own networks were not involved in the attack, it appears to be related to payment processor Global Payments. Reuters is reporting that Global Payments stock was suspended for trading after falling more than 9% on the Nasdaq stock exchange. ...

The Register: Pro-China hackers have started spoofing security firm AlienVault’s email address in spam messages in an attempt to infect pro-Tibetan recipients with malware. The move follows days after the security tools firm warned that AlienVault about spear phishing attacks against a number of Tibetan organizations. The spear-phishing messages relate to the Kalachakra Initiation, a Tibetan religious festival that took place in early January. The closely targeted messages – sent to organizations such as the Central Tibet Administration and International Campaign for Tibet – carry an infectious Office file attachment with a malware payload, a digitally signed variant of Gh0st RAT (remote access Trojan). ...

SophosLabs: A group of hackers are claiming to have stolen the details of more than 70,000 users of the Digital Playground porn website. The group, calling itself “The Consortium”, appears to have scooped up some 40,000 financial details (including credit card numbers, names, CCV numbers, and expiration dates) as well as the email addresses and passwords of 72,000 users. According to the hackers, who appear to be affiliated with the Anonymous movement, the sensitive information was not encrypted. ...

SophosLabs: Heather Morris, famous for playing cheerleader Brittany in the popular “Glee” TV show, is said to be the latest celebrity to have had nude photos leak onto the web. The naked pictures are alleged to have been stolen by hackers from the 25-year-old actress’s mobile phone. Of course, Heather Morris isn’t the first celebrity to have fallen victim to a nude photo hacker. Nude photos and videos of Vanessa Hudgens, the star of “High School Musical”, surfaced on the net in 2011, after it was claimed the actress’s Gmail account was hacked. ...

SophosLabs/NakedSecurity: With alleged Anonymous hackers belonging to the LulzSec group arrested and charged yesterday, and the startling relevation that prominent hacker Sabu had been working undercover for the FBI for months, hacktivists defaced a number of websites belonging to anti-virus firm Panda Security overnight. The hackers changed two dozen pandasecurity.com subdomains to include a YouTube video, showing a pot pourri of Anonymous/LulzSec activity during 2011, and posted what appeared to be the username and password details of over 100 Panda employees. ...

BBC: Hackers gained “full functional control” of key Nasa computers in 2011, the agency’s inspector general has told US lawmakers. Paul K Martin said hackers took over Jet Propulsion Laboratory (JPL) computers and “compromised the accounts of the most privileged JPL users”. He said the attack, involving Chinese IP addresses, was under investigation. In a statement, Nasa said it had “made significant progress to protect the agency’s IT systems”. ...