Blogs

http://www.computerworld.com/

Russian gang kept 'extraordinary' malware on the prowl for nearly three years.

by Gregg Keizer

October 31, 2008 (Computerworld) A sophisticated cybercrime group that has maintained an especially devious Trojan horse for nearly three years has stolen the log-ons to more than 300,000 online bank accounts and almost as many credit cards during that time, a security company said today.

Researchers at RSA Security Inc.'s FraudAction Research Labs tracked the Sinowal Trojan horse, also known as Mebroot and Torpig, to a drop server that contained the stolen credentials, said Sean Brady, the product marketing manager at RSA's ID and access assurance group.

"The sheer enormity of this makes this unique," said Brady. "And the scale is very unusual." All told, the gang behind Sinowal managed to obtain access to nearly half a million bank accounts and credit cards, a volume RSA dubbed "ruthless" and "extraordinary."

"And the fact that the Trojan was managed by one group through its history and maintained for nearly three years is also very unusual," Brady said. RSA uncovered records that showed the Trojan horse had been in active operation since at least February 2006. "In malware life cycles, that's ancient, and to keep it up required a high degree of resources and effort."

The company's researchers first got onto Sinowal's trail after they captured a sample of the Trojan horse. An analysis of its code laid out a map back to the drop server. That server was another unusual characteristic of the malware. "Infection points and drop points go up and down all the time," Brady said. "They typically have very short lifespans. But this drop site not only stayed up, it showed a sustained collection of log-ons."

Brady also credited Sinowal's longevity to its authors' skills and secrecy.

The Trojan horse has been revised more or less constantly, although there were periods when its creators ramped up the number of variants. After a lull last February, for example, the number of different versions again spiked in June, then hit slightly lower peaks in August and this month.

The group is also more secretive than most, a trait that served it well. "They don't outsource, and [they] have all the necessary expertise in-house," said Brady. "They don't open their tool kits to other hackers, either. We suspect that the closed-loop nature of the group contributed to their ability to remain undetected."

These crooks, like many at the top rungs of the cyberunderworld, work their craft first and foremost as a business. "We see some evidence that they have employed some practices that you may normally find in businesses that maintain high availability [of IT]," Brady continued. "They're using some redundancy, some backup effort for the data. They've clearly invested in this."

Sinowal has infected hundreds of thousands of PCs worldwide during its run, and it continues to attack machines. Once on a system, the malware waits for the user to enter the address to an online bank, credit card company site or another financial URL, then substitutes a fake in place of the real thing. It's triggered by more than 2,700 specific Web addresses, a massive number compared with other Trojan horses.

The fake sites collect log-on usernames and passwords to banks and other financial institutions and dupe users into disclosing information those organizations never collect online, such as Social Security numbers. The Trojan then transmits the stolen credentials and data to the drop server.

"This is one of the more sophisticated pieces of malware out there," said Brady.

One reason Sinowal has been so successful is that it's rarely detected by antivirus software. "They struggle to find this one," Brady said. That's not surprising. The Trojan horse includes rootkit elements that infect the PC's master boot record (MBR), the first sector of a hard drive. Because the hardware looks to that sector before loading anything else, Windows included, the Sinowal is nearly invisible to security software. Security vendors have complained for months about how tough the malware is to spot.

RSA Security suspects that the group responsible for Sinowal is based in Russia. "The distribution was truly global, but the one statistical anomaly that we noticed was [that] Russia was the one region that had no infections." Cybercrooks will often forgo infecting machines in their own country in the hope that local law enforcement authorities will not come calling or that if they do find out about the attacks, they'll put any action low on their priority list.

"This is the biggest find we've made to date," confirmed Brady. "But one reason why we're talking is so we can connect to [the affected] financial institutions." RSA has notified authorities and the banks and credit card companies with which it has existing relationships, but it needs help in contacting others, he said.

Armstrong fears Tour crowd attack - America's seven-time Tour de France winner Lance Armstrong fears he may be attacked by spectators when he returns to the race in 2009. [bbc cycling]

LEVEL 1: The Story So Far...

Are girl gamers better than guy gamers?

You can argue online until you're red in the fingertips and nothing will come of it. Nothing, we tell you! Unless, of course, someone can organise a real-life deathmatch.

PLuGG is that someone. PLuGG is bringing a top international girl gamer clan to South Africa for an exclusive live game-off. To make matters even more intense they will be competing against South Africa’s top male gamers. PLuGG will be hosting five of the top international girl gamers organised and headed by PMS Clan, who have partnered with SK Gaming Ladies and EG Ladies, to participate in this first-of-its-kind game-off on the 29th November 2008.

The PMS Clan is the world’s largest multi-platform online female gaming group, led by Amber Dalton, known to her fans and foes as Athena Twin PMS. “The girls and I are really looking forward to our trip to South Africa. To be able to show off our gaming skills on this particular platform is going to be fantastic. We’d like to thank PLuGG for having the initiative and the guts to create this challenge and follow through with it. It’s going to be very interesting. Of course, the girls will win!”

Who will emerge victorious?

LEVEL 2: The Flamewar

For the past couple of months the intertubes have been writhing with a flamewar of epic proportions. Girl and guy gamers have been posting up a firestorm of attacks and counterattacks. Thrust and parry! Who is better at gaming: girls or guys? PLuGG steps in as referee to settle this dispute. Check out some of the debates on SA's leading gaming forums:

PROPHECY FORUMS
SYSTEM SHOCK FORUMS
MYADSL FORUMS

LEVEL 3: A New Challenger Appears

PLuGG is made of win, so we've managed to get some of the most feared and respected girl gaming clans to come out to South Africa to settle this score. PMS Clan, along with partners in crime SK Gaming Ladies and EG Ladies, will be flying in to the country for a once-off live deathmatch against the top local Counterstrike 1.6 guys' team. If you think your team has the cojones to beat the PMS Clan then register below (or jump straight to http://www.langames.co.za). 

Who are these battle-maidens?

CLICK HERE FOR PICS AND BIOS 

LEVEL 4: Register Your Team

Go to http://www.langames.co.za and find “PLuGG Girls vs Guys Game-Off”. Then click on the magnifying glass icon in the left-hand ZOOM column. Here you will find details of the "PLuGG Girls vs Guys Game-Off”.

All team members who enter will get a complimentary ticket to the final game off event and 3 months PLuGG broadband worth 3GB which starts on sign up.

Entry is open to national teams. If your team wins, PLuGG will make a plan to get team members to JHB for the final Game-Off.

Register your team and prepare for pwnage!

LEVEL 5: Witness The Battle

The PLuGG Girls vs Guys Game Off is a first-of-its-kind gaming tournament in South Africa. Watch the girls from the international PMS Clan open a can of whup ass on the top South African guys’ Counterstrike 1.6 team.

Get your tickets right here to witness this epic battle of the sexes – the PLuGG Girls vs Guys Game Off! Tickets also available at the door on the night .

After the game-off we're proud to announce that EVOLVER will be playing, followed by bass bin shaking SIBOT! We're gonna raise the roof!

CHEAT: Once you buy your ticket you willl receive a voucher number and PIN that can also be used to get a discount when signing up for your PLuGG account.

THE FINAL SHOWDOWN

WHEN: 29 November, 7pm.

THE MATCH STARTS AT 8pm. (The party will start rocking after the game-off)

WHERE: Turbine Hall, 65 Ntemi Piliso Street, Newtown. (Click HERE for a map)

DAMAGE: R85 TICKETS ARE AVAILABLE HERE OR AT THE DOOR.

Regrettably, over-18s only.

Ping us if you have any questions: pluggdude@plugg.co.za

HALF LIFE
1240X1754

MARIO BROS
1240X1754

STREET FIGHTER
1240X1754

http://news.sky.com/

Sarah Palin did not know Africa was a continent rather than a country, according to information leaking out from the failed Republican campaign.

Aides to John McCain were shocked by the gaps in the Alaska Governor's knowledge at briefings after she was announced as his running mate, according to Fox News chief political correspondent Carl Cameron.

"She didn't understand, McCain aides told me, that Africa was a continent and not a country and actually asked them if South Africa wasn't just part of the country as opposed to a country in the continent," he said on The O'Reilly Factor programme.

Mrs Palin was also unable to name the countries involved in the North American Free Trade Agreement, which was "a major campaign issue", Cameron said.

Infighting over her performance intensified after her interview with Katie Couric of CBS, for which she refused preparation, was widely criticised.

"It didn't go well," Cameron said.

"She blamed Nicole Wallace, a senior adviser who had worked for CBS with Couric and had organised some of that interview, and then the rift began to really unfold.

"That refusal of debate preparation caused some problems."

He went on: "Afterwards, Mrs Palin began to attack staff and suggest she was mishandled and communicated that to some people within the McCain campaign and outside."

Mrs Palin became a nightmare to deal with and started to throw tantrums over negative press, Cameron's sources told him.

"The way I understand it, there were times when she would be so nasty and angry to staff that they were virtually reduced to tears.

"There was throwing of paperwork and things of that nature."

McCain staff also suggested to the Fox correspondent that Mrs Palin was a "shopaholic" who bought extra clothes despite the Republican party spending a reported $150,000 on her wardrobe.

Keep it up Ivy... we're all very much enjoying watching you prove to us what a fool you really are. Ag shamepies do you just keep trying and keep getting told no? The rest of us do this very clever thing called learning a lesson when that happens, and we stop trying. Maybe it's time you disappear.

http://www.itweb.co.za/

[Cape Town | ITWeb, 6 November 2008] - The Pretoria High Court today ruled against communication minister Ivy Matsepe-Casaburri's urgent interdict against the Independent Communications Authority of SA (ICASA), to prevent it from issuing telecommunications licences to value-added network services (VANS).

The interdict was filed on behalf of the minister on 17 October, as part of a strategy to prevent Altech, and the rest of the VANS, from gaining individual-electronic communications network service (I-ECNS) licences. The licences would have given VANS the same rights to build telecommunications infrastructure as those held by incumbent operators, such as Telkom, Neotel, Vodacom, MTN and Cell C.

Lawyers say the case was heard in chambers, meaning that only the legal representatives and the judge were present.

Also granted by the court was that Altech has a right to receive its I-ECNS licence from ICASA immediately. The court ruled that the Department of Communications (DOC) has to bear the legal costs of the application for all parties.

This is now the third time in a row that the courts have struck down Matsepe-Casaburri's arguments that VANS are not allowed to self-provide, namely build their own infrastructure. The first time was when the Johannesburg High Court ruled that Altech was allowed its licence. That court then also refused the minister leave to appeal its original decision by saying it could not see any other judge ruling differently.

However, today's ruling is not the end of Matsepe-Casaburri's legal options.

“This is all turning out to be very embarrassing for the minister,” says e-lawyer Dominic Cull, who represents the Wireless Application Providers Association (WAPA).

WAPA has had a similar case against Matsepe-Casaburri, but is not directly involved in the Altech case.

“The minister has until 21 November to petition the Supreme Court of Appeal on the decision by the Johannesburg High Court. However, they had better not wait even that long as I am sure Altech is already knocking on ICASA's door for its licence,” Cull says.

A highly-placed industry source has told ITWeb that Matsepe-Casaburri is now trying to meet with justice minister Enver Surty.

“It seems as though she is really annoyed,” the source says.

No official comment has been received from Altech or the DOC; however, statements are expected later today.

http://www.chicagotribune.com/

[RAMSEY, Minn. (AP)] - When their children returned from Halloween trick-or-treating, a couple found suspected methamphetamine and $85 in cash among their 7-year-old son's Snickers bars and Skittles.

Lars and Shelly Brosdahl called police, who confirmed that the substance was methamphetamine, worth up to $200 on the street.

Someone who looked like a teenager dropped something into their son's bag as he went trick-or-treating with his 9-year-old sister on Halloween night, the Brosdahls say.

"He said some bigger kid ran by him and asked if he wanted some candy," Lars Brosdahl said. "He said 'Sure,' and the kid dropped it into his bag."

The clear crystals looked like rock candy, the parents said.

"The (kids) could have OD'd on it. That's what makes me so shaky and upset," Shelly Brosdahl said.

Police think the young man was a suspect fleeing police after a report of an assault in the area that night.

Police in Ramsey, northwest of Minneapolis, did not immediately return a call seeking comment Tuesday.

http://news.sky.com/

Fifty-two cows have been killed by a single lightning strike in a freak accident at a ranch in Uruguay.

Newspaper El Pais reported that the cows had pressed themselves against a wire fence during a storm when the lightning bolt struck in the northern Uruguayan state of San Jose.

A photograph released by the San Jose Police Department shows the black and brown cows lying dead in a row.

The newspaper said that vets at the scene confirmed the cause of the deaths, which happened on Wednesday.

The experts also said that cows often crowd around fences to seek protection during bad weather.

Meteorologist Fernando Torena said he was not surprised that a single lightning bolt killed so many cows.

But he called it "very bad luck".

http://www.capeargus.co.za/

By Natasha Prince

ID leader Patricia de Lille has called on government to crackdown and regulate blog websites and also the popular MXit text message service.

De Lille has also indicated the ID will ask the National Intelligence Agency to try to track down the author of defamatory statements made about the ID's Simon Grindrod on the blog.

"Another worrying development in cyberspace is the abuse of blogging, which allows anonymous individuals to post defamatory comments about anyone they choose, without the legal consequences they would face in other more reputable print and electronic media," said De Lille.

De Lille said people used these forums to defame "with impunity".

"We recently came across a blog with slanderous comments about a famous rugby player, a respected reverend in the church and a prominent entertainer.

"This blog also included one of our senior politicians, Councillor Simon Grindrod. He reported this matter to the Caledon Square police and they are currently investigating it.

"The only way to put a stop to this is to use every legal option to hold not only the website, but also the perpetrator, responsible. This kind of thing must not go unchallenged."

She said she was also concerned about "a surge in activity among young children on MXit, which makes them vulnerable to sexual predators and paedophiles".

Last year, concerns were raised among some school principals and parents battling to cope with children who are seemingly addicted to the messaging service.

Some schools had reportedly banned cellphones from school premises, and some parents were monitoring their children's use of MXit, which charges only two cents to send a message.

Children are also able to send photographs via MXit.

Attempts to get hold of MXit owners by the time of going to press were unsuccessful.

http://www.dailymail.co.uk/

Goldman Sachs is on course to pay its top City bankers multimillion-pound bonuses - despite asking the U.S. government for an emergency bail-out.

The struggling Wall Street bank has set aside £7billion for salaries and 2008 year-end bonuses, it emerged yesterday.

Each of the firm's 443 partners is on course to pocket an average Christmas bonus of more than £3million.

The size of the pay pool comfortably dwarfs the £6.1billion lifeline which the U.S. government is throwing to Goldman as part of its £430billion bail-out.

As Washington pours money into the bank, the cash will immediately be channelled to Goldman's already well-heeled employees.

News of the firm's largesse will revive the anger over the 'rewards for failure' culture endemic in the world of high finance.

The same bankers who have brought the global economy to its knees seem to pocketing the same kind of rewards they got during the boom years.

Gordon Brown has vowed to crack down on the culture of greed in the City as part of his £500billion bail-out of the UK banking industry.

But that won't affect the estimated 100 London partners working at Goldman Sachs's London headquarters.

The firm - known as Golden Sacks for the bumper bonuses it pay its top bankers - is expected to cut the payouts by a third this year. However, profits are

falling much faster. Earnings have plunged 47 per cent so far this year amid the worst financial crisis since the Great Depression.

This has wiped more than 50 per cent off the company's market value.

http://www.slyck.com/

In the battle for the hearts and minds of the Internet public, Comcast recently suffered a stunning defeat in the name of net neutrality. The FCC, in a 3-2 ruling, found that Comcast had violated the principles of net neutrality by inhibiting BitTorrent traffic. While Comcast suffered a black eye, the public generally has a short memory, especially when most Comcast customers have probably never heard of BitTorrent to begin with.

Comcast has a significant advantage over BitTorrent advocates in this respect. Since file-sharers represent a small numerical percentage of overall internet traffic, the majority who never use the protocol won't lose much sleep if the former are throttled, marginalized, or swept under the rug. They especially won't mind considering the magnitude of today's news from Comcast, as the ISP unveiled their new tiered broadband packages and service enhancements. In most markets, Comcast will double the bandwidth capacity of their 6 and 8 MBS packages to 12 and 16 MBS at no extra cost.

Now, the big news of course is the introduction of two new residential tiers - "Extreme 50" and "Ultra". Extreme 50 will offer 50 Mbps (or 6.25 megabytes/sec) downstream, and 10 Mbps upstream for $139.95/month. If that's a bit pricey for you, "Ultra" offers 22Mbps downstream for $62.95/month. Although BitTorrent users have often times felt at odds with Comcast, the cable provider's press release offers an enticing lure.

"With Extreme 50, Comcast customers, for example, will be able to download a high-def movie (6 GB) in about 16 minutes, a standard-def movie (2 GB) in about 5 minutes and a standard-def TV show (300 MB) in a matter of seconds. Customers with Extreme 50 also will be able to download digital photos, songs and games faster than ever."

Today’s lesson for the BitTorrent community, or at least the BitTorrent community using Comcast, is: if you want to download at full throttle, you’re going to have to pay for it. Downloading a 6 gigabyte HD movie at blazing speeds is enticing, and it’s not a stretch of the imagination to believe that some hard core file-sharers will decide that $139.95 per month is worth it.

These users will still face the same 250 gigabyte bandwidth cap as before. A Comcast representative informed us, however, that this cap only affects less then 1% of costumers. Most users only consume 2-4 gigabytes per month. With the 250 gigabyte limit, the end user can still download between 10-20 HD movies a month. While undoubtedly cheered by average customers, heavy downloaders feel the faster speed will only help reach the bandwidth cap in less time.

Comcast’s announcement will help the ISP repair its public image, especially in the markets that see their speeds double. It will also finally initiate an increase of broadband speeds in the United States, which remain woefully slow compared to the rest of the world. According to Comcast, 50 MBS is just an introduction, as 160 MBS should be on the way soon.