Wednesday, January 27. 2010

PS3 just got hacked: courtesy geohot Posted by Sanjay Katkar at 11:36

PS3 just got hacked: courtesy geohot

Last weekend I had come across the news of Sony Playstation 3 just got hack. I was not sure until I found this piece of message and later the official news release on BBC's website.

http://news.bbc.co.uk/2/hi/technology/8478764.stm

Now users can load and play anything on to their Sony PS3 claims the hacker George Hotz aka geohot. This includes installing a different OS or installing and playing pirated games on your favorite PS3.

I was expecting something of this kind as I was wondering how Sony's Play Station 3 is so secure that even though being so popular and present in market for more than couple of years, its still secure and this new year bring in the bad news for Sony.

Will be curiously looking forward for the detail discloser by geohot as to how has he made it possible. Here is geohot's blog post announcing the same.

http://geohotps3.blogspot.com/2010/01/hello-hypervisor-im-geohot.html

Sunday, January 24. 2010

Google AdWords being targeted by ... Posted by Ranjeet Menon at 08:59

Google AdWords being targeted by Phishers

A new stream of phishing emails aimed at user using Google Adwords have been noticed. The ongoing practice of phishing for personal information, especially financial details like credit card numbers makes this kind of crime low risk with high gain for the criminals.
Phish mail


Google's online advertising brings a high level of attention from criminal spammers. User using Google Adword are cautioned not get lured by such email and provide financial details.

Phish site

Quick Heal browser protection will automatically block the users from visiting this fraudulent website automatically.

Saturday, January 23. 2010

Indian Income Tax Department ... Posted by Sanjay Katkar at 01:47

Indian Income Tax Department Phishing Site

Today I received an unusual email which was supposedly sent by "Indian Income Tax Department" indicating that I am eligible to receive a tax refund of Rs. 820.50. Below is the image giving idea about how the email looked like.



This reminded me of fake Income Tax Refund website that had made the rounds in October 2009. After properly examining the contents and the link of the website it was clear that its a phishing attempt. The link is in the email is pointing to the website that is hosted on some US sever. The website has similar look and feel of that of Indian Income Tax Department website. Here is the screenshot that gives idea about how the phishing website is looking.



The fake website has most of the other links to original Indian government website. Only the link of ‘Tax Refund Online Form’ is pointing to the fake phishing web page that has URL http://yoymrete .com/ iti/profile.php
On this page the attacker is asking for users personal details along with the credit card details and bank details including ATM pin and CVV no. Here is the screenshot of the page that asks for bank and credit card details.



We recommend all readers to be careful and do not visit this fraudulent Income Tax Department website. To check for income tax refunds if any or any thing related to income tax please visit the Indian government website using the below link.
http://www.incometaxindia.gov.in/

Quick Heal browser protection will automatically block the users from visiting this fraudulent website automatically.

Friday, January 22. 2010

Microsoft releases out-of-band ... Posted by Sanjay Katkar at 01:41

Microsoft releases out-of-band update for IE vulnerabilities

The security update fixes six memory corruption vulnerabilities and issues in handling of URL validations. It is also believed that MS has also included patch in same update for a flaw used by attackers targeting Google and other major corporations recently.

In past few weeks there has been increase in attacks using the vulnerability by posting of malicious web pages that exploit the vulnerabilities. We had been monitoring the live situation and updating our browsing protection to make sure our users are blocked from visiting such pages. It was observed that the web pages exploiting the latest vulnerability in IE are more concentrated towards Chinese users.

We recommend all our users to upgrade to the latest version of Internet Explorer.

Wednesday, January 20. 2010

Security Patch released for BIND 9.6.1 Posted by Ranjeet Menon at 20:05

Security Patch released for BIND 9.6.1

Internet Systems Consortium announced the release of the BIND 9.6.1-P3 security patch to address two cache poisoning vulnerabilities, "both of which could allow a validating recursive nameserver to cache data which had not been authenticated or was invalid."

More details follow below links
CVE-2010-0097
CVE-2009-4022v6

Tuesday, January 19. 2010

Cyber Attacks adding up to the ... Posted by Sanjay Katkar at 09:56

Cyber Attacks adding up to the already disturbing relations of India & China

Recently Indian government official admitted that there was an attempt to attack and steal the information from offices of National Security Adviser through hacker attack. More details on this news announcement can be found at:
http://timesofindia.indiatimes.com/india/China-tried-to-hack-Indias-computers-Narayanan/articleshow/5473640.cms

The announcement was made only after looking at similar attack news in US of cyber attack on US defense contractors systems.

Lots of information is making rounds with nothing concrete to conclude but the discussions and information is pointing towards the zero day vulnerability in Adobe Reader which Adobe fixed on Tuesday last week.

In both the case a malicious PDF was sent to the email address of high profile accounts. The PDF file consisted of relative message which appears to be sent by some one in the department. The PDF carries the exploit code to exploit the vulnerability CVE-2009-4324.

The PDF is specially crafted, when it is opened, a shell code executes which extract 2 files in temp folder. One is pdf file and the other is PE executable.

The PE executable which is then executed connects to the server somewhere in China. The PE file then drops files in below mentioned folder
%system%
%system%\dllcache
%windows%\Installer

The hacker sitting in China can have full control of the system once it is connected to the server. All Quick Heal products are updated to detect these exploit injected PDFs.

Monday, January 18. 2010

Buffer overflow in QuickTime Posted by Ranjeet Menon at 10:28

Buffer overflow in QuickTime

A remotely exploitable vulnerability in QuickTime has been discovered. Information on vulnerable version of QuickTime available on Bugtraq 32540

The vulnerability can be exploited by malformed .mov files. The latest version of QuickTime is not affected by this vulnerability.

Saturday, January 16. 2010

Cybercriminals have started ... Posted by Sanjay Katkar at 23:29

Cybercriminals have started targeting Haiti Donations

As expected cybercriminals are taking advantage of those want to donate money for Haiti earthquake relief. We had already warned the readers to not to respond any unsolicited emails asking for quake relief fund in the message.

It has been observed that Rouge application generators are doing SEO poisoning on popular search engine results. People searching for information related to Haiti Earthquake are being redirected to infected websites that downloads and installs a fake anti-virus in the system. This Rouge application once installed gives fake warnings of infections in your system and threatens the users.

It is also observed that cybercriminals are also creating fake groups and Haiti donation groups on social networking website and appealing users to give donations on popular social networking websites. We recommend not to fill any online donation forms or click on donation requests received on social networking message or in your email.

We have released updates to detect these new rougewares and also are monitoring the situation for updates. We advise our users to keep their protection updated.

Wednesday, January 13. 2010

Cybercriminals may make use of the ... Posted by Sanjay Katkar at 08:51

Cybercriminals may make use of the latest earthquake event that rocked Haiti

Small island of Haiti was devastated after it experience a major earthquake recently. Thousands of people have been killed and many left homeless. Our prayers are with the people of Haiti for faster recovery out of it.

I would like to bring here the point that cybercriminals always make use of the latest happening news to take advantage of the attention it is getting.

The same cyber crime gangs who are behind the online frauds like email lotteries, corrupt bank employees, '419' scam may take advantage of this latest event of earthquake and start sending millions of spam emails appealing for donation for the earthquake victims.

We are closely monitoring the recent spam activities for such kind of fraud. I also here by appeal people not to donate online using the link received in email making appeal for donation. To do online donations for the Haiti Earthquake victims you can visit Red Cross website directly by clicking below link to official Red Cross website.

http://www.redcross.org

Quick Heal Teams thoughts and support are with people of Haiti.

Tuesday, January 12. 2010

Possible Android based fake applications Posted by Sanjay Katkar at 23:39

Possible Android based fake applications

New Google Android based mobiles phone are being released one by one and the trend of fraudulent android applications has started to surface.

Among the several applications that were available on Android Market, it was observed that few moblie banking applications were providing the facility of just connecting the user to mobile banking website of the bank.

Unsuspecting users downloaded the applications on to their new Android phone and started to use the applications. It is now observed that the banking applications were not released by the bank and are posted by some third person on Android Market. These applications were immediately removed from the Android Market.

Our advise to users is to avoid using third party applications for any banking or financial related use which are not released or authorized by the bank itself. It is not difficult for these fake applications generators to steal the users login password and PIN while you are entering them in the application to connect to the banking website.

So play around the new OS and applications but not by providing critical access credentials.. :-)

Tuesday, January 12. 2010

One more phishing attack on Indian bank Posted by Sanjay Katkar at 09:15

One more phishing attack on Indian bank

After the holiday season is over and people resumed their office with new year work load ahead, it all started with phishing scam on one of the India's popular nationalized bank. Since 8th January I had been observing that I had been receiving phishing emails targeting Punjab National Bank of India. The email looked as follows:

=======================
Subject: Important Notification From Punjab National Bank

Dear Valued Customer,

This is an official notification from Punjab National Bank . Your account access has been limited due to a login attempt failure.

To restore your account we have attached a form to this email.Please download the form and follow the instructions on your screen.

NOTE: The form needs to be opened in a modern, javascript enabled, browser (ex: Internet Explorer 8, Firefox 3, Safari 3,Opera 9).

We are continually improving our Web site to better serve you. Be sure to check back with us often as we add exciting new services to meet your financial needs.

If you have questions or need assistance, our customer service team is here to help.

Thank you for using Punjab National Bank !
===========================================

There were lot of signs that indicated it was a spam email for targeted phishing attack. One can see that this specific message was sent to "undisclosed-recipients" and starts with "Dear Valued Customer,". I knew it was a spam as they have not addressed the email to me even though they have my complete details.
The message is short and OK, and the link it refers the receiver to isn't going to a bank domain at all, it points to:

hxtxtxpx:x/x/x7xsearch.com/scripts/search/click.aspx?t=p&qu=204.249.69.25/in d.htm&a=0 &s=sb&r=1&du=http%3a%2f%2f2x04.249.69.25/ind.htm&cu=http%3 a%2f%2f204.249. 69.25/ind .htm

which further takes the browser automatically to:
htt p: // 2x0x4.249.69.25 / ind.htm (this is US based server)

and further redirection happens automatically to:
http://x6x1.181.83.65 /ind /pnbindia / index.php (this is China based server)

On this server the fake PNB phishing website is hosted. The phishing site looks identical to the original website, only the link is different. Here is a sample screenshot:



Quick Heal Anti-Phishing plug-in is protecting users from visiting this fraudulent website. We are keeping watch on the new modifications to this on going threat. On 9th Jan we received around 6 such emails with various message in email. On 10th we did not received any message as I guess the hacker/attacker took weekly off on Sunday. On 11th Jan we again received 12 mails of PNB phishing attack. Today its 12th Jan and we have received 5 more emails of this phishing fraud. During all these days the attacker has been changing the redirection server that redirects users to his phishing website as the older pages are being deleted on the web server by the ISP.

More details as it appears..
« previous page   (Page 1 of 1, totaling 11 entries)   next page »
Frontpage

Quick Links

Twitter Sanjay Katkar
Quick Heal Website
Quick Heal Esupport

Archives

September 2010
August 2010
July 2010
Recent...
Older...

Calendar

Back January '10 Forward
Mon Tue Wed Thu Fri Sat Sun
        1 2 3
4 5 6 7 8 9 10
11 12 13 14 15 16 17
18 19 20 21 22 23 24
25 26 27 28 29 30 31

Syndicate This Blog