Translate

12/07/2013

Estonia Documentary: Life in a Organized, Networked Civilisation

The power of connectivity can make a difference in public safety, emergency management, health care, business and social services.



How can people be provided with equitable access to public services and opportunities irrespective of age or location?



Technologies enable people to interact, innovate and share information in totally new ways. People are empowered, business is liberated and the society is more transparent. But how to take advantage of all this?

Online Safety Tips for Parents



Special Agent John Houlberg of the Virginia State Police and the FBI's Child Exploitation Task answers questions about keeping children safe online.


In recognition of Cyber Security Awareness Month in October, the Virginia Information Technologies Agency invited Virginia State Police Special Agent and Task Force Officer John Houlberg (TFO) from the Richmond Division’s FBI Child Exploitation Task Force to speak to parents about Internet safety for children—but this message is applicable year-round.


TFO Houlberg, using a National Center for Missing & Exploited Children presentation, focused on three main points of interest: online predators, sexting, and cyber-bullying. The video below is a highlight of key points TFO Houlberg stressed to parents as being vital.

Funny Namesake: Murderer Swain gets arrested by FBI Agent Schwein

A weird turn of destiny: Yesterday December 6th 2013, killer Carl Evan Swain has been arrested by Richard D. Schwein Jr., the Special Agent in Charge of the Birmingham (Alabama) division of the FBI. Their surnames sounding in that matter almost the same, written too. Schwein is the german word for Pig.



"A Jasper man has been charged with murder in connection with a killing at Fort Stewart Army Base in Georgia, according to the FBI. 
Carl Evan Swain, 41, was arrested Friday morning near 25th Street West and Second Avenue in Jasper, according to a news release from FBI Birmingham spokesman Paul Daymond. 
Swain was not armed when he was arrested and was taken into custody without incident by the North Alabama Safe Streets Task Force. 
Murder on a government reservation, in this case Fort Stewart near Savannah, Ga., is a federal crime. 
Richard D. Schwein Jr., the Special Agent in Charge of the Birmingham division of the FBI, thanked Hoover, Homewood and Jasper police, the Tuscaloosa and Walker County sheriff's offices and the FBI in Atlanta for their assistance. 
Daymond did not have additional details on the case, saying the affidavit and complaint in the case are sealed and that it is being handled by the FBI Atlanta. A request for comment from the FBI Atlanta was not immediately returned."
Source: www.al.com

VIDEO - After 3 Days: Man found alive in sunken ship


On May 28th 2013, a South African scuba diving team were conducting a dead-body recovery effort. They were recovering bodies from a Nigerian ship that had sunk 3 days prior. What they found is astonishing. A sailer had actually survived by finding an air pocket for himself as the ship sunk to the bottom of the ocean. For 3 days Harrison Okene was living in the ship. He had no food, no water, and was in pitch black. Video footage of his rescue has recently been released. Check this 7 and a half minute long Video:



Pony Botnet Controller - Facebook, Google, Twitter, Yahoo:
Almost 2 Million Usernames & Passwords Stolen in a Mass Hack

Almost 2 million accounts on Facebook, Google, Twitter, Yahoo and other social media and Internet sites have been breached, according to a Chicago-based cybersecurity firm.


The hackers stole 1.58 million website login credentials and 320.000 e-mail account credentials, among other items, the firm Trustwave reported in a blogpost. Included in the hacks were thefts of 318.121 passwords from Facebook, 59.549 from Yahoo, 54.437 from Google, 21.708 from Twitter and
8.490 from LinkedIn. The list also includes 7.978 from ADP, the payroll service provider.

According to Trustwave, "Payroll services accounts could actually have direct financial repercussions."

Stolen Passwords by Day
Most of those stolen passwords were from the Netherlands, followed by Thailand, Germany, Singapore, Indonesia and the United States, which accounted for 859 reports from machines and 1.943 passwords, according to Trustwave. All inn all, just over 100 countries were affected, and Trustwave said this shows the attack is "fairly global."



The hacking began October 21st 2013 and might still be taking place, according to a CNN article, on this case.

The massive data crack was a result of keylogging software maliciously installed on an untold number of CPUs around the world, according to researchers at Trustwave. The Malware was capturing log-in credentials for key websites over the past month and sending those usernames and passwords to a server controlled by the hackers. On November 24th 2013, Trustwave Analysts tracked that server, located in the Netherlands. Google itself declined to comment on this subject.

John Miller, a security research manager at Trustwave, told CNN, "We don't have evidence they logged into these accounts, but they probably did." (So what now....?)

Miller said the team doesn't yet know how the virus got onto so many personal computers. The hackers set up the keylogging software to rout information through a proxy server, so it's impossible to track down which computers are infected.

Among the compromised data are about 41.000 credentials used to connect to File Transfer Protocol (FTP, the standard network used when transferring big files) and 6.000 remote log-ins.

 There are several other servers Trustwave has not yet tracked down, Miller said. ADP, Facebook, LinkedIn and Twitter told CNN they have notified users and reset passwords for compromised accounts. Google declined to comment and Yahoo did not respond immediately.

In compiling the data, Trustwave also discovered that many users are doing just what computer specialists advise against, using simplistic passwords that can easily be guessed. For instance, the top five passwords Trustwave found in researching the breaches were: 123456, 123456789, 1234, password and 12345.

Read the whole Blogpost from Trustwave @:
Look What I Found: Moar Pony!

SOURCE: Money CNN

HIGHLIGHTED: Malicious Spam Domain - www.agrandspinlightlux.com - GAMBLING

This Domain was formerly used for Gambling Spam (Possibly for Phishing and malicious Downloads as well). The Site is still active.

Hallo,
ich kann wirklich nicht glauben, dass du mir nichts von dem 200% Bonusangebot von G-Spin erzählt hast. 
Wir sollten zusammen hingehen und unsere Einzahlungen verdreifachen. 
Wann hast du Zeit? 
G-Spin Support Team
SCREENSHOT
Analysis:
  • agrandspinlightlux.comVirus Total
https://www.virustotal.com/de/url/8ace1820ff1e109e2b324bfd814e37af876c3ad2fc0fdb347f46e25024cc479e/analysis/1386414190/
  • See also IP Adress info @ VT
https://www.virustotal.com/de/ip-address/69.43.161.159/information/

Redirects to:
  • ww41.agrandspinlightlux.com @ Virus Total
https://www.virustotal.com/de/url/74d8339b93139b226fe3a0088ebc6b79df8cc44ea6ede34262d66aa648e84fc0/analysis/1386414620/

Redirects to:
  • www.searchremagnified.com @ Virus Total
https://www.virustotal.com/de/url/dca8f1a70b3733cefea688a4483bb4fdbbf6474cb8872e082f94f8145b533ef0/analysis/1386414740/

Redirects to:
  • searchresultsguide.com @ Virus Total
https://www.virustotal.com/de/url/63246c094a9e3d60a8e3671aab9247dd801860bca23e3a07b23e4f066821fc13/analysis/

Originating IP address:
39.36.190.11 (ISLAMABAD, PAKISTAN)
https://www.virustotal.com/de/url/00f4fc42761c9a0214e85aac8756970ac66b0e04749aba5b868b30913f4fd090/analysis/1386415205/

The IP Adress is listed at Spamhaus Policy Blocklist:

Header Analysis Quick Report
Originating IP: 39.36.190.11
Originating ISP: Ptcl
City: Islamabad
Country of Origin: Pakistan
* For a complete report on this email header goto ipTRACKERonline

12/06/2013

Hey & Hoo USELESS WEBSITE: Heeeeeeeey & Hooooooooo

Broken Link


Click to Sing:

Hey & Hoo

Please tell me when it finished.

Scams from GHANA (VIDEO)

Cybercriminals in Ghana show us how they use internet scams to STEAL thousands of dollars from unsuspecting victims all over the globe.


While Nigeria's 401 (419) Scammers looks like thaey have written the book on West African internet fraud, their "Nigerias Show" looks like Compuserve compared to what's going on in Ghana.

Unsatisfied with the meager winnings from emailing thousands of random (wealthy) Westerners in hopes of convincing one poor sap they're the treasurer of the Ivory Coast, Ghana's scammers decided to stack the odds in their favor the old-fashioned way, with witchcraft (VooDoo).

Taking a page from cyberpunk, traditional West African Ubuntu priests adapted their services to the needs of the information age and started leading down-on-their-luck internet scammers through strange and costly rituals, designed to increase their powers of persuasion and make their emails irresistible to greedy Americans. And so "Sakawa" was born (a practice in Ghana which combines modern internet-based fraud practice with traditional Akan religious rituals).

Now not only is Sakawa Ghana's most popular youth activity and one of its biggest underground economies, it's a full-blown national phenomenon. Sakawa has its own tunes, clothing brands, Sakawasploitation flicks, and even a metastatic backlash from Christian preachers and the press. When we were in Accra over the summer it was impossible to walk more than 10 feet without seeing the word Sakawa in blood-red Misfits letters on a poster or tabloid, often accompanied by bone-chilling horrors of the photoshopped variety.

The government is freaked out because Sakawa is threatening Ghana's business reputation, the Christians are freaked out because they're losing money to the Juju priests, the press is freaked out because being freaked out is what sells papers, and the public is freaked out because their government, preacher, and media are all telling them they should be. All the while the Sakawa boys are living the high life and racking up debts to the spirit world, just waiting for the axe to fall.


How long will it take to resolve this Enigma: Who is Siphoning Data Through a Huge Internet Security Hole ?

Every now and then, something seems so huge, that you don't realize it for a long period of time. It's like waking up out of a cosy dream recognizing that real life is something different. But in this one, there is a vast security Vaccum in the WorldWideWeb. At least it seems like. Then you suddenly realize you're in a massive hole. Or, in this case, a gaping Security Hole in the Internet, because someone seems to be sucking enormous amounts of Input out of it.


Wired.com has been reporting, that someone, something, somewhere, has been using a big Security Loophole
(a feared existing one), to steal Internet Traffic heading back to government agencies, Multinational Corporations and other important beneficiaries in the United States. Early in its beginning, it (THAT Traffic) was redirected to Belarus and/or Iceland, then, recently sent on to its predetermined recipients. It took several months, until someone observed this changing pattern. And this may not have been the first time that this took place, simply the first time someone noticed.

Researchers @ Renesys (The Internet Intelligence Authority - as they claim themselves), a Internet Monitoring Company, said, that over several months earlier this year (2013) someone (Extraterrestrials maybe?) diverted the traffic, using the same vulnerability in the so-called Border Gateway Protocol (also short termed BGP, designed to exchange routing and reachability information between Autonomous Systems (AS)), that the two security researchers demonstrated in 2008 (therefor you need to read this article, that gives you full insight to this developing story). This Attack (can be compared to the well known exploiting Man-in-the-Middle-Attack) allows Cybercriminals to jerk other routers by redirecting their data to a system, that the hijackers control themselves. Finally, then when they resend the data to the intended recipient, noone of the origin communicators is aware, that their information has been funneled.

The danger out of this scheme, is potentially enormous. Once critical data is intercepted, copied and secured, the Hijacker can burrow through the archives of any unencrypted information, spying through emails and spreadsheets, extracting credit card numbers, and seizing all available amounts of sensitive data.

In this case, the backers initiated the hijacks at least 38 times, grabbing traffic from about 1.500 individual IP blocks. Sometimes for minutes, sometimes for hours, sometimes for days. It is known, that they did it in such a way, that it is the consistant SAY: Make no mistake about it ! There was no mistake to commit, Analysts say.

(I thought Renesys (a Internet Monitoring Firm), are specialized on this matter. So, how can it be that this happened so often before someone noticed ? But maybe it has nothing else to do with about the first phrase i wrote up in this Post.)


Doug Madory
Renesys Senior Analyst Doug Madory says initially he thought the motive was financial, since traffic destined for a large bankcompany (...?) got sucked up in the deviation. But then the Cybercriminals started diverting traffic, that once was intended for some foreign ministries of several countries (that Doug Madory declined to name...?) as well as a large VoIP (Voice over IP)-Provider in the United States, and Internet Service Providers that process the internet communications of thousands of customers.

Although the intercepts originated from a number of different systems in Belarus and Iceland, Renesys believes the attacks are all related, and that the hijackers may have altered the locations to obfuscate their malicious activity. “What makes a man-in-the-middle attack different from a simple routing hijack? Simply put, the traffic keeps flowing and everything looks fine to the recipient,…” Renesys wrote in a blog post about the hijacks. “It’s possible to drag specific internet traffic halfway around the world, inspect it, modify it if desired, and send it back on its way. Who needs fiberoptic taps?” (...?)

Tony Kapela
Tony Kapela, Vice-President of data center and network technology at 5Nines in Wisconsin (and one of the researchers who exposed the BGP vulnerability in 2008) is shocked that no other signs of intentional hijacking have occurred since their talk five years ago and questions whether this is really the first case, or just the first one seen...(without alerting)? He also thinks that all of this what happened, actually could be a "Newcomer" who simply seizes control of one of the systems, and sends out the phony message without knowledge of the System Owner. He imagines a scenario:

"...where an attacker gains physical access to a router belonging to one of the companies and installs a monitoring device to record data, then gains control of the router console to send out a bogus BGP announcement, to redirect traffic through the router. If anyone discovers the redirect, so that the "Bad Guy" would appear, to be the company itself, that owned the router...."

How long will it take to resolve this Enigma, when you think about the fact that it took 38 blinks of an eye, to realize: There is a Mystery going on...?

Caran Johnson Unknowingly Live-Tweets Husband's Death While Following Car Crash News


In an heartbreaking sad unfolding of events, a Vancouver woman unwillingly live-tweeted the fatal crash that killed her husband Wednesday afternoon on Interstate 205.

Caran Johnson
After the collision was reported at 13:41, The Columbian started reporting on the accident in the southbound lanes on Twitter based on emergency scanner traffic.

Caran Johnson, using the Twitter handle @scancouver, responded to the tweets and started reporting on the crash as well:

“i hate that section of I205 S. too many on ramps, speeders and too few lanes.”


“@troyglidden @Col_cops this accident sounds horrible.”

The mother of two regularly listens in on emergency scanner traffic through an application downloaded on her PC. Wednesday afternoon was no exception. She expressed sympathy after the
Washington State Patrol confirmed that one person died in the two-car collision near Milepost 33.

“@Col_cops @wspd5pio omg that is so horrible!!!”

“nice, two vehicles went around officer blocking onramp to I205S. lame-o’s!”

Craig Johnson
Then, she worried about her husband, 47-year-old Craig R. Johnson.

“I’m trying not to panic, but my husband left work early and he drives 205 to get home. he’s not answering his phone.”

“and he’s late.”

“@KF7PSC well he uses his bluetooth, so he would answer his phone. he also wasn’t feeling good so his work was concerned when he left”

“i’m a basketcase.”

“I just called his work and he was feeling faint when he left work. #panic”

She asked the state patrol’s spokesman, Trooper Will Finn, and The Columbian’s photographer who went to the accident site, Zachary Kaufman, for a description of the involved vehicles. At that point in the investigation, they didn’t have a description for her.

  1. Trooper Will Finn
She asked how bad the traffic was on the interstate. The right lane of the southbound interstate was closed, along with the onramp from westbound Padden Parkway. The Washington State Department of Transportation then said the southbound interstate was backed up to 134th Street in Salmon Creek.

“how long do i wait for him to come home before I call the police?”

“i just called 911 and they transferred me after I gave them his license number and told me that they will call me back. wtf?”

“and now my kids are home from school …”

“He’s the one I go to for things like this …”

And then, she found out from a pair of state patrol sergeants.

“it’s him. he died.”



Craig Johnson’s northbound Hyundai crossed the grassy median just north of Padden Parkway and collided head-on with a southbound Toyota pickup truck. He was declared dead at the scene. A Life Flight helicopter was temporarily put on standby for the Tacoma woman driving the Toyota, Carol S. Shelley, 54. She was transported by ambulance to PeaceHealth Southwest Medical Center’s intensive care unit. She was listed in satisfactory condition late Wednesday..

After collision technicians investigated the crash site for about two hours, the interstate and onramp were reopened. The cause of the collision is under investigation.

“We’re not quite sure what’s happened yet,” the patrol’s Finn said.

Fellow tweeters extended their prayers and sympathies to Caran Johnson, virtually grieving alongside her. An online fundraiser was organized Wednesday evening for Caran and her family.



In a 2012 interview with The Columbian, she said that she has been listening to scanners since college.

She acknowledged that listening to scanner traffic can be morose. As a naturally upbeat person, she tries to focus on the banter among police officers and offbeat news.

“It gets kind of depressing, especially when there are children involved,” she said in the interview. “I try and maintain a positive attitude.”

SOURCE: The Columbian

Malicious Site: cialis2au.com - Rogue Medications
SCAM, SPAM, PHISHING


KEEP OFF OF SITES LIKE THIS (VIAGRA, CIALIS, VALIUM ETC.)

It is not only that you will harm yourself with those rogue medications, they more likely will harm you, in stealing your personal information (like credit Card Number &&&). You will likely become a Phishing Victim and more.

Analysis:

Domain @:

This Site will then redirect you to the Following Malicious Domains:

Malicious DOMAIN 1 @:

Malicious DOMAIN 2 @:

Malicious IPs Involved:

12/05/2013

VIDEO - NCR: Not Criminally Responsible - MDD: Mental Disorder Defence

Instead of being sent to jail, offenders who are mentally ill
(found 'Not Criminally Responsible'. SEE ALSO: Mental Disorder Defence) are sent into psychiatric care.

Now, parliament is considering a bill (BILL C-54) to toughen the NCR rules.

And that has people sharply divided. Watch this 17 Minute Video about NCR:


Read more about that Bill: 

Not Criminally Responsible Reform Act

Online Child Predator: Bruce Austin Watkins, 43, Pleads Guilty to Child Pornography Offense

Bruce Austin Watkins, 43, of Westwood, California, pleaded guilty on Tuesday November 3rd 2013, to receipt of child pornography, United States Attorney Benjamin B. Wagner announced.


According to court documents, law enforcement executed a search at Watkins’s residence on
May 6th, 2013. Two laptops and an external hard drive seized from Watkins contained 500 videos and 220 images of child pornography that had been collected by Watkins between January 21st, 2007 and April 29th, 2013. Among the files collected by Watkins were images showing the violent sexual molestation of children as young as toddlers !

At the time of the search, Watkins told law enforcement that he had been looking at child pornography online for 15 to 20 years.

Watkins is currently incarcerated at the Sacramento County Jail.

Judge Lawrence K. Karlton
Watkins is scheduled to be sentenced by United States District Judge Lawrence K. Karlton on February 25th, 2014. Watkins faces a maximum statutory penalty of not less than five years and up to 20 years in prison, a lifetime period of supervised release, and a $250,000 fine.

SOURCE: United States Attorneys Office for the Eastern District Of California

12/04/2013

REVIEW 2013: Members of the LulzSec Hacker Club Sentenced to Prison Terms

LulzSec Logo
British members of the LulzSec Blackhat Hacker Club were sentenced for a series of global cyber-attacks in 2011. Two of the "Hacktivists" have received prison terms, one will be sent to a young offenders’ institution and another received a suspended sentence.

Ryan Ackroyd, Jake Davis, Mustafa Bassam and Ryan Cleary had all pleaded guilty to hacking offenses prior to sentencing at the Southwark Crown Court on Thursday.

Cleary, 21, who also pleaded guilty to possession of images showing child abuse, was sentenced to 32 months, of which he will serve half. He also pleaded guilty to hacking and multiple counts of launching cyber-attacks against organizations, including the CIA and the UK’s Serious Organized Crime Agency (SOCA), as well as hacking into US Air Force computers at the Pentagon.

From left to right: Cleary, Ackroyd, Bassam, Davis

Ackroyd, 26, who used the online persona of a 16-year-old girl named Kayla, was sentenced to a 30 month sentence of which he is expected to serve 15 months. The former soldier pleaded guilty to one charge of conducting an unauthorized act to hinder the operation of a computer, contrary to the Criminal Law Act 1977.

Davis, 20, was sentenced to two years in a young offenders’ institute for hacking and cyber-attack related offenses. He was also reportedly in charge of media relations for LulzSec.

Jake Davis
Bassam, 18, was still in school when the attacks were carried out and was handed down a 20 month sentence which was suspended for two years, as well as 300 hours of community service. The judge presiding over the case  is said to have taken Bassam's age into account when deciding to give him a suspended sentence.

Lulzsec, whose name is a combination of the acronym Lol - laugh out loud - and security, emerged as a splinter group from the hacking collective Anonymous two years ago. However, unlike Anonymous, the group appeared to be less motivated by politics.

In many of the attacks, the gang of "modern day pirates" stole a high amount of personal information, including Passwords, Emails and credit card details, which they later posted on the LulzSec website and file-sharing sites. They also carried out distributed denial of service (DDoS) attacks on many victims' Websites, causing them to crash. The FBI, News International, Nintendo and Sony were among many of the other high-profile targets the group targeted in their spree.

Sandip Patel
"It's clear from the evidence that they intended to achieve extensive national and international notoriety and publicity," the UK Independent cites Prosecutor Sandip Patel. "They saw themselves as latter-day pirates."

He added: "This is not about young immature men messing about. They are at the cutting edge of a contemporary and emerging species of criminal offender known as a cyber-criminal."


Hector Monsegur
LulzSec was only in operation for several months in 2011 before the main members were arrested between June and September of 2011, the court heard. In that brief period of time, they managed to attract a huge international audience, attracting 355.000 Twitter followers by July of that year.

Their arrests came after the group's apparent leader, Hector Monsegur – known online as "Sabu" – turned informant after being caught by the FBI.

Source: rt.com

SEE ALSO: The Sealed Indictment

Category MALICIOUS IP: 185.5.99.21 - Dictionaryattacker - Unknown0556 Spambot - Poland

The IP Address 185.5.99.21 (IP LOCATION: Poland) is listed in the CBL (Composite Blocking List). It appears to be infected with a spam sending trojan, proxy and/or some other form of botnet. It was last detected on the 4th of November 2013. It has been relisted following a previous removal on 12th November. This IP is infected (or NATting for a computer that is infected) with a spambot that has not yet been identified. For the time being it is refered as the Unknown0556 Spambot.


IP 185.5.99.21 is participating in a botnet. CBL states: If you simply remove the listing without ensuring that the infection is removed (or the NAT secured), it will probably relist again.

Dictionary Attacks: 5.741 Emails sent from this IP.
Email Reputation: Poor
Spam Level: Very High

Reputation of IP 185.5.99.21 @:



OTHER INFORMATION:
AS198414
Biznes-Host.pl sp. z o.o.
Google Safebrowsing Report on ASN

New Additional Info on this IP

The latest CBL report states:

It was last detected at 2013-12-08 03:00 GMT (+/- 30 minutes), approximately 3 hours, 30 minutes ago. 
The listing of this IP is because it HELLOs as (IP) 17.158.8.111. Not only is this a violation of RFC2821/5321 section 4.1.1.1, it's even more frequently a sign of infection. (RFC 2821, section 4.1.1.1 Extended HELLO (EHLO) or HELLO (HELO)
These listings are often a sign of a compromised SSH account. If you are running a SSH service (especially on Linux), please check your ssh server logs (often /var/log/auth.log) for logins from this IP. If you find any, secure the associated account. This usually means changing the password or disabling the account. 
If it's a mail server, see naming problems for details on how to diagnose and fix the problem. 
If IP address 17.158.8.111 is or is NATing for a Symantec Protection Center instance, this appears to be a known issue. See this Knowlege Base item. We are attempting to work through this issue with them. Their KB item was updated October 18, 2010 to indicate that they now understand the issue. 
The KB item indicates that the problem will be resolved in a "future build", but no ETA is provided. If you have SPC's email notification feature turned on, we recommend turning it off before delisting your IP address as a temporary workaround. 
This IP is infected (or NATting for a computer that is infected) with a spam-sending infection. In other words, it's participating in a botnet. If you simply remove the listing without ensuring that the infection is removed (or the NAT secured), it will probably relist again.

12/03/2013

Video: The Grizzly Man (Docudrama 2005)





This Video is Docudrama that centers on the amateur grizzly bear expert Timothy Treadwell.

He periodically journeyed to Alaska to study and live with the bears.

He was killed, along with his girlfriend, Amie Huguenard, and partially eaten, by a rogue bear in October 2003. The films explores their compassionate lives as they found solace among these endangered animals.


SCAMMED UP: Nigerian Lottery SCAM from Mr Peter Chec in Connection with Compromised Website in Slovakia

As i tend to analyse my SPAM-Mails after a certain period of time, i started with a Nigerian SCAMMER, Mister Peter Chec (of course not his real name).



At beginning i thought the Sender as well as the sending Domain were randomly generated:
<izabeth@spsnmnv.sk>
It is clear that izabeth is cut out of the female prename ELizabeth.

Also the first look at the Domainname:
<spsnmnv.sk>
gives you an impression reading spam, like:
<spamnv.sk> or even maybe like sms (Short Message Service)   
<smsnpnv.sk>
And do not forget: .sk stands for Slovakia.

This may also be the reason why Mr. Chec calls himself Chec. For Czechoslovakia (Maybe to lazy to call himself like THAT). And all this coming in german Language from NIGERIA (IP Analysis, see at the bottom of this post). Isn't he a smart guy ? He surley thinks he is, i bet !

I prefer to call him Check Mister Chec.



However, my curiosity took me into digging deeper. So i launched that Domain in and with several Analysing Engines & Tools. No Alert. Even JSUNPACK gave up with a Connection Timeout. Except for one: quttera.com. This website for Anti-Malware is still young, but many times the service surprised me with finding serious threats where all wellknown Multiscanners and/or AVVs did not succeed. I took some Screenshots of that detection, as its possible that the next scan wont bring any results, due to the Cybercriminals wiping their malplaced act & code away, as soon as they get detected.



So, the Malware Source lays in this link:

spsnmnv.sk/mmk/cd/mmk-cd.iso
At this point of time you might think its a small ISO-file. But wrong. Its a TFF-file (extention-file). Now before Quttera's Analyse, i threw it through urlquery:

Here & Here. Nothing ! It is very unusual that, that urlquery does not spit any result out, especially in case of an Exploit. I decided then to change the User Agent as well as the referer. The Outcome is a (17 times-try) MALWARE Download:

Here is what he (Check Mister Chec) wrote (In German ! Smartguy !)
"Lieber Gewinner, 
Wir freuen uns, Ihnen mitzuteilen, dass Ihre E-Mail-Adressen mit Ihrem
Online-Winning Ticket-Nummer (11 14 18 20 37 41 46) mit BONUS (8) Sie haben in
der 2. Kategorie des Spiels gewonnen. Ihr Preis wurde am 10th. November 2013
veröffentlicht. 
Der Lotto Max Lotterie ist vollständig auf einem elektronischen Auswahl der
Gewinner mit ihrer E-Mail-Adressen oder Kauf von Rubbellos. 
Sie sind daher für eine Gesamtsumme von £ 4,000.000.00 britische Pfund
gutgeschrieben Ticketnummer 1EC-16529CE3-8887. Für die sofortige
Freilassung der Ihre Gewinne genehmigt wurde, füllen Sie bitte das Formular
aus und senden Sie es an uns über diese E-Mail:

freelotto3333@gmail.com

 (1) Ihr vollständiger Name: ....
 (2) Kontakt-Adresse: ...
 (3) TELEFON: ....
 (4) Beruf (e) ....
 (5) SEX: ...
 Geburt
 Mr Peter Chec."
Remarkable is here the e-mail adress. If you Google it up, it comes to 4 findings (at this moment of Post). It tells you that this SCAM-Email (Scheme) is still pretty fresh & young. And if you see (at VT) that the Domain spsnmnv.sk is classified as an Educational Institution, the doubts start growing when you check (CHEC) this Screenshot. But its not impossible being one...although.



The IP address (Poor Reputation) to that e-mail: 41.203.69.6
For further info on the IP:
Header Analysis Quick Report
Originating IP: 41.203.69.6
Originating ISP: Globacom Ltd
City: n/a
Country of Origin: Nigeria
* For a complete report on this email header goto ipTRACKERonline 41.203.69.6

Hurray, Hurray...it's Cyber Monday

Today is Cyber Monday and:


Cyber Monday clicks in with record sales


Cyber Monday rocked while mobile sales rolled.

The day widely regarded as the Super Bowl of online sales ca-chinged its way to a record day for retailers, including Walmart, and marked a shift in shopping preferences as smartphones and tablets drove nearly a third of traffic — and for some retailers, more than half.

The numbers are mind-boggling. As of 6 p.m. Eastern time, overall sales were up 17.5% on Cyber Monday compared with last year, says IBM Digital Analytics Benchmark. Another e-commerce research company, Custora Pulse, found online sales up almost 19%. The numbers may shift even higher as people continue to shop through the evening.

This year, "Cyber Monday is well on its way to being the biggest online shopping day in history," says Custora CEO Corey Pierson.

Walmart.com expects to register its biggest Cyber Monday yet, coming off a record Black Friday weekend online. Heading into the afternoon Monday, the website had already sold out of PlayStation 4 and Xbox One consoles, which weren't even discounted. Significant savings on TVs and tablets also encouraged shopping, says Joel Anderson, CEO of Walmart.com.

"There's no way ... that it won't finish as our biggest Cyber Monday ever," he says.

Anderson expects that more than half of Monday's online traffic will have come from mobile devices. On Black Friday, mobile accounted for 55% of traffic to Walmart.com.

"I think 2013 will be remembered as the year online went mobile," Anderson says.

Overall, 29.4% of online traffic was mobile, according to data from IBM Digital Analytics Benchmark

That's up 61% from last year. Shoppers used smartphones to browse but were more likely to make purchases on a tablet, the data show.

And 2013 is the year the term "Cyber Monday" got a face-lift. Retailers from Target to Sears are fast evolving Cyber Monday into something more akin to Cyber Week, as online deals stretch well beyond Monday.

"You'll see retailers get incrementally more aggressive with promotions as the week goes on," says Brian Sozzi, CEO at Belus Capital Advisors.

As of 6 p.m. ET, sales on Amazon were up 44.3% over last year, while sales at eBay were up 32.1%, according to ChannelAdvisor, which tracks third-party sellers on eBay and Amazon. The online marketplaces are doing well in part because shoppers are heading to those sites to find popular products that are selling out at regular retailers, says Scot Wingo, CEO of ChannelAdvisor.

Flash-sale site Rue La La started Cyber Monday deals on Sunday with a "Cyberthon" that drew more than 350,000 people to the site. The sale promoted as much as 80% off on more than 150 brands. On Monday, sales of Cole Haan and Pandora Jewelry merchandise were strongest, CEO Steve Davis says.

SOURCE: USA TODAY

12/02/2013

Manchester SCAM from: Charles Morgan - charlesmorgan1963@yahoo.co.uk



Mr. Charles Morgan wrote on November 11th 2013:

"Hello,

Thank you so much for your response to my proposal. Good fortune has blessed you with a name that has planted you into the centre of relevance in my life. I want you to know that this transaction will be 100% legal and legitimate. Such opportunities only come ones' way
once in a lifetime. I cannot let this chance pass me by, for once I find myself in total control of my destiny. These chances won’t pass me by. You should not have anything to worry about, I will do everything legally required to ensure that the project goes smoothly, it shall pass through all Laws of International Banking, and you have my word. The attorney will prepare the necessary Affidavits which shall put you in place as next of kin; he will obtain the necessary clearances from the UK authorities which will cover all the aspects involved in this transaction.

The attorney shall be handling all matters of probate on your behalf, he will have
all the documents perfected, and with these documents he shall come forward to my bank to apply for the immediate release and transfer of the funds to the account you shall open. I have been a banker for many years and I know perfectly how the system works. I can assure you that you will not in any way regret your involvement with me. We can do this if we join our hands together and work in good faith. Firstly I want to assure you that this transaction is 100% risk and hitch free and also you will need to assure me that I will have unlimited access to my 50% of the funds (US$9M) once the funds has been transferred into your account because the funds is going to be transferred into your account and not mine so you are the one to assure me that you will give my own part to me. In light of the above,

I will need you to provide me with the following details.
Your name and address in full.
Your home telephone and office telephone numbers.
Your fax numbers.
A detailed profile of yourself and
company if any.
A valid identification

As soon as I get the information I will have my lawyer go ahead to procure the relevant documents which will confirm you with the rights of the next of kin to deceased and as such I requested your information above as this documents will be documented at the probate office here in London so as to give this venture legal backing and authenticity. Upon receipt of this information the lawyer would go ahead and procure this documents and as soon as we have
secured the documents, I will help you make official application to my bank on the strength of the documents that the funds should be released to you as the bona-fide next of kin to the  deceased Immediately the document is ready and approved by my bank, it will be forwarded to the bank that is presently with the funds to release the funds to you as the bonafide next of  kin, You need not to worry as I would use my position to facilitate the approval and the subsequent release of the funds to you. I am now in contact with a foreign online bank; I now intend that you open an account in your name in this foreign bank. The money would be transferred to your account which you will open in the bank for both of us, this is the best way, I have found, it will protect us from my bank. I want us to enjoy this money in peace when we conclude, so you should listen to my instructions and follow them religiously. Also You have to know that I cannot
transfer this money in my name as my bank will be aware that it is from me, this is where I need you.

As result of this, you will have to open an account in the corresponding bank. I will obtain a certificate of deposit from this my bank, it will be issued in your name, this will make you the bonafide owner of the funds. After this, the money will be banked online for both of us. We can then instruct the bank to transfer our various shares into our respective home bank accounts. I will also perfect the documentations with the assistance of my attorney to give the transaction the legal right.

I wish to inform you that should you contact me via official channels; I will deny knowing you and about this project. I repeat, I do not want you contacting me through my official phone lines nor do I want you contacting me through my official email account. Contact me only through the numbers I will provide for you and also through this email address. I do not want any direct link between you and me. My official lines are not secure lines as they are periodically monitored to assess our level of customer care in line with our Total Quality Management Policy. Please observe this instruction religiously."

Looking forward to a good business
relationship with you and hoping to hear from you soonest my good friend.


Kind Regards,
Charles



Header Analysis Quick Report
Originating IP: 89.240.69.191
Originating ISP: Talktalk
City: Manchester
Country of Origin: United Kingdom
* For a complete report on this email header goto ipTRACKERonline 
IP:



Man in the Middle Attack made a 1.65 Million US Dollar Profit for Victimizing Three Businesses 2013

Three Seattle-Area Businesses Targeted in 2013

The FBI Seattle Field Office is aware of a fraud victimizing Washington state-based businesses, nicknamed “Man-in-the-e-mail”-Scheme for being an e-mail variation of a known “man-in-the-middle” attack. The FBI wants the public to learn about this scam in order to avoid being victimized.

In 2013, at least three area companies (in Bellevue, Tukwila, and Seattle) were led to believe they were sending money to an established supply partner in China. Fact is, fraudsters intercepted legitimate e-mails between the purchasing and supply companies and then spoofed subsequent e-mails impersonating each company to the other. The fraudulent e-mails directed the purchasing companies to send payments to a new bank account because of a purported audit. The bank accounts belonged to the fraudsters, not the supply companies.



Total loss experienced by the three area companies is roughly 1.65 million USD. In some cases, the metadata on the spoofed e-mails indicated that they actually originated in Nigeria and/or South Africa.

Under this scam, both companies in a legitimate business relationship can be victimized. The supplier may first ship out the legitimately ordered products and then never receive payment (because the purchasing company was scammed into paying the scammer-controlled bank account). Or, the purchasing company may first make a payment and then never receive the ordered goods (because the supply company never receives that payment).

United Kingdom: Governmental Website with Malicious Hidden Blackhat SEO SPAM revealed - www.kidwelly.gov.uk

Blackhat SEO SPAM (also defined as Spamdexing. Rogue Medications like Viagra, Cialis etc.) have been placed on a U.K. (.gov)-Domain has been identified, Phishing Risk included.

From Kidwelly Town Council to Ordering Viagra...
Analysis:

DOMAIN: www.kidwelly.gov.uk

https://www.virustotal.com/de/url/260c4e69c8b67d926d2dd35855943e73fc4686018563119216333e30f86fa065/analysis/1386001577/
Detection of a TDS URL pattern
www.kidwelly.gov.uk @ Urlquery 1
www.kidwelly.gov.uk @ Urlquery 2
---> Pattern 1
https://www.virustotal.com/de/url/108ea225a2cbc221f9a087fbcc49495921fa191d9fb0358385673df27b0a805d/analysis/1386002253/
https://www.virustotal.com/de/url/e66426cf99e99ffef07c60a6733e9bd3e28ea9531e0a8888651ed0a0ab6368a0/analysis/1386002281/
Detection of a TDS URL pattern
Reference 1
---> Pattern 2
https://www.virustotal.com/de/url/796f23f603e37c30c96323a5a17e9240452213df055795e53fc2d94b4965c37c/analysis/1386002386/

Check This Link, there are several Links to find at Google (for now at least):

https://www.google.com/search?q=%22Viagra%22+site%3Awww.kidwelly.gov.uk&cad=h

Captcha Backdoor Vulnerability in Pastebin discovered

A Security Researcher has discovered a captcha bypass vulnerability in Pastebin and has decided for full disclosure as the online pasting tool has failed to resolve the issue even after multiple reminders.


Scott Arciszewski discovered the vulnerability on October 5th 2013 and contacted Pastebin immediately.

The team replied back to him in two days and assured the vulnerability will be reviewed. However, till the response team failed to respond back or patch the vulnerability following which Arciszewski decided to go for a full disclosure.

Scott Arciszewski noted in a mail to full disclosure mailing list:
"Hello all,
After reading an article in Go Null Yourself about abusing PhpBB's
Tell-a-Friend feature a while back, I've kept an eye out for ways to spam
people or bypass a website's flood protection. (Apologies to forum
moderators everywhere!)

On October 5, I discovered a captcha bypass technique and promptly reported
it to the Pastebin staff. They responded on October 7 and said they would
look into it. It's November 27 and they still haven't fixed this (despite
me giving them the solution).

The technique (which is pretty lame and obvious):

   1. Authenticate with a Twitter/Facebook account
   2. Create a new paste
   3. Write something benign that will not trigger their spam filter
   4. Submit
   5. Immediately edit the paste
   6. Replace your benign message with whatever spammy filth you want!

I'm not going to write a script to automate this, but it should be trivial.
If nothing else, you can spare yourself the trouble of solving a captcha
next time you decide to dump IRC logs or your rivals' mail spools and
something happens to contain a hyperlink."

Happy thanksgiving,
Scott Arciszewski


According to Scott the technique to bypass the captcha is pretty lame and obvious and could easily be automated to abuse the Captcha (Security) System.

Source: Techienews

Now, by all means; the vulnerability subjects related to CAPTCHA is nothing new, as you can read in the following articles. I also think that this SPAM-Security-"App" will counter some more in upcoming Future:

Security Issues: Critical Update on D-Link Routers

The Taiwanese D-Link Corporation has released several Critical Security Updates for some of its earlier Internet Routers. These Patches are closing some backdoors in the devices that could let attackers catch remote access over unpatched ones.



As D-Link informs on their Security-Support-Page:

"Various media reports have recently been published relating to vulnerabilities in network routers, including D-Link devices. 
These firmware updates address the security vulnerabilities in affected D-Link routers. D-Link will update this continually and we strongly recommend all users to install the relevant updates. 
As there are different hardware revisions on our products, please check this on your device before downloading the correct corresponding firmware update."

These Updates include the following Prototypes as of 28/11/13:



  • DI-524 

Revision E1/E3
The new firmware 5.13b01 that fixes the security vulnerabilities
Download Link
Please note: Unzip the file and use the file DI524Ex_FW513B01.bin to update firmware


  • DI-524UP 

Revision A1/A2
The new firmware 1.08b02 that fixes the security vulnerabilities
Download Link
Please note: Unzip the file and use the file DI524UPAx_FW108B02.bix to update firmware


  • DIR-100 

Revision A1
The new firmware 1.14b02 that fixes the security vulnerabilities
Download Link
Please note: Unzip the file and use the file DIR100A1_FW114WWB02.bix to update firmware


  • DIR-120 

Revision A1
The new firmware 1.05b02 that fixes the security vulnerabilities
Download Link
Please note: Unzip the file and use the file DIR120A1_FW105WWB02.bix to update firmware
As well for:


  • DI-604S
  • DI-604UP
  • DI-604+
  • TM-G5240
  •  
    BESIDES OTHER (CVE) For D-Link:


    Source: Techgeek

    For more detailed Information on that subject and about the Researcher(s) who detected the Vulnerability, please visit: Krebs on Security (Thx to Brian for posting this)