DDoS group Lizard Squad apparently caught and exposed

23:03 Anuran Barman 0 Comments
Gamers can get back to their seats as members of Lizard Squad appear to be have been tracked down.

Despite challenges to the “Feds” it looks like the group known as Lizard Squad who have been carrying out DDoS attacks on game services have been tracked down. A Tweet was posted on the Lizard Squad Twitter page indicating that that the net had closed in,
 The squad which came into news spotlight some day ago for DDosing Sony PS Network, seems to be in trouble.
DDoS group Lizard Squad apparently caught and exposed
whether you call it Team Rivalry it seems that other Teams, going with the online handle Activist Revolution has posted their personal details in a Pastebin Post and tweets were coming out regarding this. 
DDoS group Lizard Squad apparently caught and exposed
An earlier Tweet from the same account shows a picture of an apparent chat session with members of the Lizard Squad which also exposed their identities.

There has been no further updates since the top Tweet so they could be trying to keep their heads down as there’s been no confirmation of arrests.
DDoS group Lizard Squad apparently caught and exposed

The DDoS attacks started back on 23 August and the situation got more serious when SOE’s John Smedley’s flight was diverted after a bomb threat by the Lizard Squad. Attacks continued for a few more days with both Twitch and League of Legends being hit. There was also a threat of an attack of some kind during PAX during an AMA session.

It’s taken a while to track the group down but gamers should with any luck stop experiencing DDoS attacks from this group.

Update: Some fresh postings on twitter and at the Lizard Squad site suggest that, whatever else may be going on behind the scenes, the lizards are calling it a day.

We proved that even though we are little in this very big world, that a small group of friends who work together can cause a lot of havoc without legal repercussions. Today we will be disbanding, behind the green reptiles and other bullshit, we have lives believe it or not, things to do, people to meet.

James Foley beheading by ISIS video scam on Facebook, thousands being scammed

22:45 Vijay Prabhu 0 Comments
One of the most grotesque crimes committed recently has been a very highly prized source of income for Facebook scammers. The post which claims to contain the real video footage of American journalist James Foley’s execution by ISIS in Syria-Iraq is being used to lure victims to online surveys, maladvertising sites and malware downloads.
The Islamic State of Iraq and Levant (ISIS) had recently released a video of the beheading of American journalist James Foley. James Foley was a freelance journalist and photojournalist and working on the Syrian Civil War when he was abducted on November 22, 2012 in northwestern Syria.  After being held for nearly 2 years, Foley became the first American citizen to be killed by the Islamic State of Iraq and the Levant (ISIL / ISIS / Islamic State). The video was released on jihadi forum but quickly caught on and was posted on YouTube.  YouTube removed the video immediately on grounds of policy violation but not before some 12 videos had already been uploaded on different YouTube pages.  As of now the video has been removed from across the net and that is what the cyber criminals are taking advantage of.

Coming back to this scam, as with earlier Facebook scams, the post which may arrive as a message from your closest friend, contains no video footage.  Instead you are taken to a site which has online surveys and mal-advertising.  Clicking on the post may also install a malware on your PC and steal your Facebook credentials and friends list.

As always the FB post is spreading through the age old scheme of you (the victim) clicking on it and thereby making all your friends vulnerable to the same.  The site insists you share the video before you can watch it so it could spread further through the world wide web.

Kindly disregard any message purportedly containing headings like Real Footage of James Foley's Execution by Beheading.

Nude Celebrity snaps of more than 100 celebrities including Lawrence, Kate Upton, Kim Kardashian, Cara Delevingne, Vanessa Hudgens, Kirsten Dunst and Ariana Grande leaked

"iCloud hack" this particular word is giving nightmare to certain A listers of Hollywood.  Why? because bare photos of more than 100 celebrities like Oscar-winning actress Jennifer Lawrence are being shared, forwarded and downloaded on the net due to this "iCloud hack"  As always 4Chan is most favoured platform for sharing and downloading the leaks, though other platforms are being used as well.
Nude Celebrity snaps of more than 100 celebrities including Lawrence, Kate Upton, Kim Kardashian, Cara Delevingne, Vanessa Hudgens, Kirsten Dunst and Ariana Grande leaked

No one yet knows how the personal photographs of Hollywood celebrities in their private moments surfaced but the surfacing of more than 100 celebrities, including “Hunger Games” star Lawrence, Kate Upton, Kim Kardashian, Cara Delevingne, Vanessa Hudgens, Kirsten Dunst and Ariana Grande at the same time seems to point to something criminal though that is not substantiated.  Many of the celebrities who are affected by the leaks have taken help of authorities to curb this menace.

Jennifer Lawrence’s management team issued a statement, saying that they would pursue whoever was responsible for the leak, and warning others not to distribute them with a curt message :
“This is a flagrant violation of privacy. The authorities have been contacted and will prosecute anyone who posts the stolen photos of Jennifer Lawrence.”

Looking at the whole picture it seems that some has been accessing the images of the stars illegally and amassing them for months together. It is also to note that some of the Hollywood celebrities are quite okay with their nude images while many are not.  But who ever was collecting the bare naked images and videos chose yesterday to leak all of them together.  So, the net effect is that hundreds of photos, and some videos, have leaked onto the net of a wide range of actresses/models/whatever. Links to the images have been widely shared on sites like 4Chan and Reddit.
Nude Celebrity snaps of more than 100 celebrities including Lawrence, Kate Upton, Kim Kardashian, Cara Delevingne, Vanessa Hudgens, Kirsten Dunst and Ariana Grande leaked
A tweet from one of those affected celeb, Mary Winstead, tweeted that the her bare image that is doing rounds was taken many years ago and since been deleted by her.  It may be so but Mary may have kept a backup of that image somewhere and this is where the iCloud kicks in.  A lot of experts are of the opinion that these images may have been accessed through illegal methods such as hacking of iCloud hence the name 'iCloud hack' for these leaks.

All this is just mere conjecture at this moment but 'iCloud hack' is certainly giving headaches to many Hollywood celebrities.

CryptoWall ransomware held over 600K computers hostage, encrypted 5 billion files

21:31 Anuran Barman 0 Comments
A file-encrypting ransomware program called CryptoWall has infected over 600,000 computer systems world over, in the past six months and encrypted 5 billion files , making it creator/s millionaire, researchers have found. 
CryptoWall ransomware held over 600K computers hostage, encrypted 5 billion files
The Counter Threat Unit (CTU) at Dell SecureWorks performed an extensive analysis of CryptoWall that involved gathering data from its command-and-control (C&C) servers, tracking its variants and distribution methods and counting payments made by victims so far.  The research done by the CTU has confirmed the worst fears of the researchers.

CryptoWall is “the largest and most destructive ransomware threat on the Internet” at the moment and will likely continue to grow, the CTU researchers said Wednesday in a blog post that details their findings.

The thread was not so dangerous some time ago, because most of the cases regarding ransomware were about another dominating ransomware called CryptoLocker which infected more than half a million systems in 2013.

CryptoLocker asked victims for ransoms between $100 and $500 to recover their encrypted files and is estimated to have earned its creators around $3 million over 9 months of operation. The threat was shut down at the end of May following a multi-national law enforcement operation that had support from security vendors.  CryptoLocker could be shut down because of the fact that it had to communicate with its C & C server before acting on any of the commands.  The security companies managed to shut down the C & C servers making the CryptoLocker files redundant even if they had infected the PCs.
CryptoWall ransomware held over 600K computers hostage, encrypted 5 billion files
CryptoWall filled the void left by CryproLocker on the ransomware landscape through aggressive distribution using a variety of tactics that included spam emails with malicious links or attachments, drive-by-download attacks from sites infected with exploit kits and through installations by other malware programs already running on compromised computers.
When CryptoWall is first executed, it unpacks itself in memory and injects malicious code into new processes that it creates. It creates an "explorer.exe" process using the legitimate system binary in a suspended state and maps and executes malicious code into the process's address space. This malicious instance of explorer.exe then executes the following process:
  • vssadmin.exe Delete Shadows /All /Quiet
This process causes the Windows Volume Shadow Copy Service (VSS) to delete all shadow copies of the file system. CryptoWall also disables Windows' System Restore feature by modifying the registry key:
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore => DisableSR
Both techniques prevent infected systems from recovering encrypted files.

The CryptoWall command-and-control servers assign a unique identifier to every infection and generate RSA public-private key pairs for each one.
The public keys are sent to infected computers and are used by the malware to encrypt files with popular extensions—movies, images, documents, etc.—that are stored on local hard drives, as well as on mapped network shares, including those from cloud storage services like Dropbox and Google Drive.
Files encrypted with an RSA public key can only be decrypted with its corresponding private key, which remains in the possession of the attackers and is only released after the ransom has been paid.
The CTU researchers were able to count the unique computer identifiers from the CryptoWall servers and also obtained information about their IP  address, approximate time of infection, and payment status.
Between mid-March and August 24, 2014, nearly 625,000 systems were infected with CryptoWall,” the CTU researchers said. “In that same timeframe, CryptoWall encrypted more than 5.25 billion files.
The largest number of infected systems were located in the United States—253,521 or 40.6 percent of the total. The next most affected countries were Vietnam with 66,590 infections, the U.K. with 40,258, Canada with 32,579 and India with 22,582.
CryptoWall ransomware held over 600K computers hostage, encrypted 5 billion files
CryptoWall typically asks victims to pay the ransom in Bitcoin cryptocurrency, but earlier variants offered more payment options, including pre-paid cards like MoneyPak, Paysafecard, cashU, and Ukash.
The ransom amount grows if a victim doesn’t pay the ransom within the initial allotted time, which is usually between four and seven days. The CTU researchers observed payments that ranged between $200 and $10,000 in value, the majority of them (64 percent) being of $500.
Of nearly 625,000 infections, 1,683 victims (0.27%) paid the ransom, for a total take of $1,101,900 over the course of six months,” the CTU researchers said.
CryptoWall ransomware held over 600K computers hostage, encrypted 5 billion files
This suggests that while CryptoWall managed to infect 100,000 more computers than CryptoLocker, it was less effective at generating income for its creators. Researchers determined in the past that 1.3 percent of CryptoLocker victims paid the ransom for a total of over 3 million dollars.
The difference in success rate might be explained through the technical barriers involved in obtaining Bitcoins, the CTU researchers said. In the case of CryptoLocker, 1.1 percent of victims paid the ransom through MoneyPak and only 0.21 percent used Bitcoin.
The CTU analysis found similarities between CryptoWall samples and those of an older ransomware family called Tobfy. If the same attackers are behind both threats, it means that they have at least several years of experience in ransomware operations.