Translate

Nigeria 419 scam codenamed Silver Spaniel distributing Remote Access Trojan (RAT)

Almost all users know about the Nigerian 419 scams. These started with the traditional mail and later evolved to fax and are currently using emails to scam victims. Nigerian 419 are scamming/fraud scams which typically involves promising the victim a significant share of a large sum of money, which the fraudster requires a small up-front payment to obtain. If a victim makes the payment, the fraudster either invents a series of further fees for the victim, or simply disappears.  There are many variations on this type of scam, including advance-fee fraud, Fifo's Fraud, Spanish Prisoner Scam, the black money scam, and the Detroit-Buffalo scam. The number "419" refers to the article of the Nigerian Criminal Code dealing with fraud.  
Nigeria 419 scam codenamed Silver Spaniel distributing Remote Access Trojan (RAT)
However up until now this scam was used only for scaming and frauds. This is now going to change to a very severe crime.  Experts at Palo Alto Networks uncovered a new Nigeria 419 scam scheme which is specifically targeting businesses in a malicous campaign dubbed Silver Spaniel.  This is the first time a Nigeria 419 shema has been used by cyber criminals to distribute remote access trojans (RATs).

A report published by the Palo Alto Networks firm titled “419 Evolution” revealed that scammers are targeting businesses in Taiwan and South Korea with a malware purchased on hacker forums.  The new campaign called “Silver Spaniel” is explained by them as follows :
“Our team is tracking this activity under the code name Silver Spaniel. These attacks have deployed commodity tools that can be purchased for small fees on underground forums and deployed by any individual with a laptop and an e-mail address. Two specific tools were used in multiple attacks that gave the actors the ability to take control of a system without being detected by antivirus programs. Despite the effectiveness of these tools, some of these actors showed remarkably poor operational security that revealed their infrastructure and real world identities. ” They further added that, “This sample is a variant of the NetWire RAT crypted with a tool named DataScrambler to avoid AV detection”
The experts said that their research into this scam started in May 2014 after some customers of Palo Alto Networks detected a malicious phishing campaign, which used e-mail attachment named “Quatation For Iran May Order.exe”, “Samples Photos Oct Order.exe” and “New Samples Required.exe”

The Palo Alto experts noted that Silver Spanier did not build or author any malware, instead the operators behind the campaign purchased malware from the Tor underground forums where this kind of malwares are usually sold.

The experts believe the operators of Silver Spaniel may just be ordinary criminals without the sophisticated knowhow because they are relying  entirely on social engineering to trick victims into installing malware. 
“The tactics, techniques and procedures deployed by Silver Spaniel actors indicate their sophistication level is low compared to that of nation-state sponsored actors and advanced cyber criminals. While many actors use commodity RATs like NetWire, running an operation from a PC and not being careful to avoid exposing one’s actual IP address shows a lack of concern for or knowledge of operational security. “
This findings by the experts at Palo Alto are just a precursor to the larger things to come.  The Nigeria 419 scam is used massively in the cyberworld to fool victims and if very cyber criminal uses a similar trick to deliver malicious payload to the victims, the day will not be far when high risk trojans and worms are delivered to the victims. 


Torrent pirates leaks the Movie 'The Expendables 3' In DvdRip format 3 Weeks Ahead Of Release

04:27 Abhishek kumar 0 Comments
Movie Pirates has leaked a high quality version of the movie "The Expendables 3" online about 3 weeks before the theatrical release.
Torrent pirates leaks the Movie 'The Expendables 3' In DvdRip format 3 Weeks Ahead Of Release
A DVD quality of the movie started circulating on the torrent websites on Wednesday. the leaked version of the movie is expected to be downloaded more than 200,000 times in just few hours after the leak. The numbers which may look huge are infact too low because it accounts for few hours only, while the movie may have been downloaded more than 10-20 times of that till now. 

The Expendables 3, co-written by Sylvester Stallone, is a Multi-star Movie with Action overdose. Movies starring major Hollywood figures like Sylvester Stallone, Harrison Ford, and Jason Statham, "The Expendables 2" earned over $300 million worldwide. while this time the producer's dream to cross the previous mark with bigger cast, with bigger stars seems to be shattered.

This is not the first time when a movie like this was leaked before hitting the theaters, X-Men Origins: Wolverine leaked two months before its release date. However, that copy was of an incomplete workprint, with special effects still unfinished. 

"The Expendables 3" will hit the theaters on August 15th.


#OpSaveGaza, Hackers Targeting Israeli Cyber space, on Israel's Invasion of Gaza

With the Israel-Palestine war going on, it wasn't long before hackers attacked Israeli sites under the banner of #OpSaveGaza. Actually hacktivists groups have long been attacking Israeli websites but the latest attack comes on back of the deadly Israeli-Palestine war going on which has already claimed more than 900 victims. A hackers collective called AnonGhost had launched a massive Distributed Denial of Service (DDoS) attack and brought down leading Israeli news website Haaretz.
#OpSaveGaza, Hackers Targeting Israeli Cyber space, on Israel's Invasion of Gaza
(Image: Anonghost twitter picture)
A report published in Haaaretz confirmed that it was indeed DDoSed on for a entire day on 21st July, 2014.   The news also said that during the said attack, access to foreign websites that landed in Israel were blocked to stop the attack.  Haaretz also said that the above action was taken in active co-operation with the Israeli Internet authority and National Data Protection Agency GSS.  The following is a video put up by Haaretz.

AnonGhost has also hacked and defaced thousands of Israeli websites in the last few days under the operation #OpSaveGaza. reports suggest that hackers from different parts of the world are joining the operation too. 




In a separate incident, the Israeli Homeland Security agency confirmed a massive DDoS attack against a Israeli ISP making the browsing very slow for almost all users of the said ISP.  The ISP, which was not named, was slowed by DDoS attack has caused severe disruption on the network for two hours on 22nd July 2014. An increase of 1,000% in attacks from abroad has been noticed since the beginning of the military campaign, according to a report published by the newspaper.

With no signs of the conflict ending anytime soon, we expect more attacks on Israeli online entities from the hacker groups in near future


Central Bureau of Investigation (CBI) arrest an Indian for stealing Microsoft product keys and selling them for profit

India's premier investigating agency, the Central Bureau of Investigation (CBI) today arrested a man for stealing product keys of various Microsoft products and selling them to the unsusupecting customers for a ungainly profit.  CBI issued a statement saying that they had arrested a person named D.Prabhu.  D.Prabhu is not linked to any hacker groups and is a private individual.  CBI says that he was doing the about stealing for his personal profit. 
Central Bureau of Investigation (CBI) arrest an Indian for stealing Microsoft product keys and selling them for profit

A CBI spokesperson said: “The complaint was lodged by Microsoft. The agency took up the investigation as the alleged offence has larger ramifications.” According to the official, the quantum of loss suffered by Microsoft is yet to be quantified as the thief sold keys of various Microsoft products.

According to CBI, a case has been registered on the allegations that Microsoft Volume License Service Centre (VLSC) agreements in respect of different overseas and Indian customers of the Microsoft were unauthorisedly being accessed aka hacked for the purpose of stealing product keys of different Microsoft products.

CBI also said that searches made at Prabhu’s premises yielded substantial evidence about the theft including recovery of hard disks, a router, a numbers of Microsoft product kits and other documents. The CBI has also frozen the bank account of the accused used to collect the sale amount. The accused was Friday produced before a local court here and the agency obtained transit remand.