Full Disclosure mailing list archives
Re: [botnets] [funsec] Haxdoor: UK Police Count 8, 500 Victims in Data Theft (So Far) (fwd)
From: bf <illuminatus.master () gmail com>
Date: Mon, 30 Oct 2006 14:47:15 -0500
"So, knowing full-well security is out of our hands, and relies on the security of our users. Knowing full-well that the same technology can be used to bypass 2-factor authentication, how do organizations handle their own security, if they are to have clients?" Organizations make attempts to protect the resources immediately under their control and the losses incured by end user compromise are written off as a loss. Indeed, this sort of loss is so hard to quantify that the end user and "affected organization" (Bank for example) have no way of knowing how or why the account or identity of the end user was ever compromised. IE: End user: "Wow my identity was stolen, how did that happen?" Bank: "No problem, we'll issue you a new card/account/what-have-you. But you know this already. On 10/24/06, Gadi Evron <ge () linuxbox org> wrote:
To report a botnet PRIVATELY please email: c2report () isotf org ---------- So, here we go. Real-life uses for vulnerabilities. Below is an example of just ONE "drop-zone" server in the United States, which has "600 financial companies and banks". Several gigs of data. How do these things work? They get installed by the use of a web vulnerability, an email attachment of network scanning, utilizing several vulnerabilitie. One drop zone, and all this noise gets made. I am very happy to hear that the UK police (which are good people) are doing something about this, however, banks, eCommerce sites, dating sites, etc. all get attacked by these things, by the users being infected. These trojan horses use rootkit technology, with a hook, using man in the middle attacks to bypass the SSL encryption, and steal any HTTPS credentials they come across. These things are so wide-spread, this news item made me raise my eye-brow, at first. So, knowing full-well security is out of our hands, and relies on the security of our users. Knowing full-well that the same technology can be used to bypass 2-factor authentication, how do organizations handle their own security, if they are to have clients? The point is, though, that this is a well planned operation, with new samples being released with new vulnerabilities to exploit, constantly. This should not be considered a "one time cease" or a "lost laptop containing private data". This is what vulnerabilities are about - the damage and operations they are used for. Gadi. ---------- Forwarded message ---------- Date: Tue, 24 Oct 2006 21:24:20 GMT From: Fergie <fergdawg () netzero net> To: funsec () linuxbox org Subject: [funsec] Haxdoor: UK Police Count 8, 500 Victims in Data Theft (So Far) Via InfoWorld. [snip] British electronic-crime detectives are investigating a massive data theft operation that stole sensitive information from 8,500 people in the U.K. and others in some 60 countries, officials said Tuesday. In total, cybercriminals targeted 600 financial companies and banks, according to U.K. authorities, who have worked over the past week to identify and notify victims. Through intelligence sources, U.K. police were given several gigabytes of data -- around 130,00 files -- that came from a server in the U.S., said Charlie McMurdie, detective chief inspector for the Specialist Crime Directorate e-Crime Unit of the London Metropolitan Police. Most of the data related to financial information, she said. The data was collected by a malicious software program nicknamed Haxdoor that infected victims' computers. Some 2,300 machines were located in the U.K. McMurdie said. [snip] More: http://www.infoworld.com/article/06/10/24/HNukdatatheft_1.html - ferg -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg(at)netzero.net ferg's tech blog: http://fergdawg.blogspot.com/ _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. _______________________________________________ To report a botnet PRIVATELY please email: c2report () isotf org All list and server information are public and available to law enforcement upon request. http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- [funsec] Haxdoor: UK Police Count 8, 500 Victims in Data Theft (So Far) (fwd) Gadi Evron (Oct 24)
- Re: [funsec] Haxdoor: UK Police Count 8, 500 Victims in Data Theft (So Far) (fwd) Marshall Eubanks (Oct 28)
- Re: [botnets] [funsec] Haxdoor: UK Police Count 8, 500 Victims in Data Theft (So Far) (fwd) bf (Oct 30)