Archive for August 2013 | Monthly archive page

Royal Baby Nursery

Royal Baby Malware Attacks

Scammers wasted little time after Prince William and his wife, the former Kate Middleton, announced the birth of their son, who’s now third in line to the British royal throne.

Royal Baby

“Because it is such big news, it didn’t take long for malicious elements to misuse it,” said Kaspersky Lab security researcher Michael Molsner in a Wednesday blog post, noting that the company’s spam traps had already intercepted an email promising regular “Royal Baby” updates.

The message also included a “watch the hospital-cam” link, which appeared to resolve to a legitimate site that had been compromised.

Although the site appears to have since been cleaned, it was serving malicious JavaScript files designed to infect browsers with the Blackhole infection kit.

Irish Web Design –  Royal Baby Malware Attacks

This story appeared on the Information Week Website

kimberley cookies

Irish Cookie Regulations

Irish Cookie Regulations – Update

This article was writted by Philip Nolan, Head of Commercial Law Department and Partner MH & C and Oisin Tobin, trainee, MH & C. Philip Nolan is a Partner in the Commercial Contracts and Outsourcing Department at Mason Hayes & Curran.

kimberley biscuits cookies

The Irish Regulations transposing the new European rules on cookies have come into force. While website operators will need to exercise care to ensure that they are complying with the new regime, these new rules are less onerous and disruptive than originally anticipated.

Cookies, or small items of code placed on a user’s computer by a website, are vital to the functioning of the modern web. Cookies allow website operators to determine how users browse their sites and are a technical prerequisite for the operation of more advanced websites, such as those which require their users to log-in. Cookies can also be used, more controversially, to monitor user behavior for the purpose of targeting advertisements.

The rules governing cookies are being overhauled across Europe at present due to an EU Directive adopted in 2009. While all Member States are obliged to implement the Directive, they are given a certain degree of freedom as to the exact manner in which they chose to do so. The Irish measures which implement the Directive, and which have just come into force, seem to minimize the potential negative impact of the Directive for websites and web businesses based in Ireland.  As a result, it would seem that the new Irish regime may prove to be an additional attraction to international web based businesses considering Ireland as their EU base.

Under the new regime, all websites must have user consent before they place a cookie onto the user’s computer.  The Irish rules do not require that this consent be explicit and therefore, it would seem that consent may be implied.  In addition, they must provide the user with clear, comprehensive, prominently displayed and easily accessible information about the cookie, particularly as to its purpose. While this regime is somewhat tougher than the previous rules, which required that websites give a user the ability to “opt-out” of the cookie being used, these new rules contain a number of provisions which should ensure that websites can become compliant without having to radically overhaul their design.  The regulations note that the methods of providing information and giving consent should be as user friendly as possible. In certain circumstances users may be able to give consent via their browser settings and many consider that the use of browser settings for consent may become a popular means of managing consents. Cookies which are technically required to operate the site are exempt from these new rules.

Notably, a provision in an earlier draft of the Irish regulations, prohibiting the current practice of providing the relevant disclosures about cookie use in a privacy policy, has not made it into the final regulations.   This means that privacy policies may continue to be used, once user friendly and prominently displayed, to provide information about cookies in compliance with the new rules.

In summary, it would seem the Minister for Communications has struck quite an effective balance between the privacy concerns of web users in relation to the use of cookies and the concerns of industry in relation to over-regulation of the internet.

Attribute to Philip Nolan, Head of Commercial Law Department and Partner MH & C and Oisin Tobin, trainee, MH & C. Philip Nolan is a Partner in the Commercial Contracts and Outsourcing Department at Mason Hayes & Curran. For more information, please contact Philip at pnolan@mhc.ie or + 353 1 614 5000. The content of this article is provided for information purposes only and does not constitute legal or other advice. Mason Hayes & Curran (www.mhc.ie) is a leading business law firm with offices in Dublin, London and New York. © Copyright Mason Hayes & Curran 2011. All rights reserved.

Irish Web Design – Irish Cookie Regulations

gangsters

Malware creators go professional

The professionalisation of malware

Fagin the crook

Summary of this article: The high-end of malware is reaching a new level quality that comes from it being written by professional organisations with real budgets and high standards. Be afraid.

For many years, anti-malware companies have been capturing immense numbers of new, malicious code samples every day. The actual number is controversial, but it’s in the hundreds of thousands. Not a typo.

These samples are generated programmatically by malware authors trying, by brute force, to create something that will slip through defenses. Most of them are garbage. Anti-malware programs don’t write signatures specific to them, but recognize them by more general characteristics as part of a malware family.

Roger Thompson of ICSA Labs, a security research group owned by Verizon, calls these ‘AFTs’ for ‘Another Freaking Trojan’. The term is meant to contrast with APT for ‘Advanced Persistent Threat’; there’s no standard definition of APT, but basically it’s a more sophisticated malware program which can hide in a target network and perhaps even defend itself.

I spoke with Thompson, who I have known for a long time from his pioneering work for several companies in the anti-malware industry. In a recent blog entry he notes a clear rise in the quality of malware at the very high end of the APT segment; he calls this Enterprise Malware because it is being written by enterprise-class organizations.

Security companies know from their own forensic examination of attacks that this Enterprise Malware can be traced back often to defense contractors and various branches of various governments. We know, at least since Stuxnet (although any fool knew it was going on before), that western governments were developing attack code. We know of similar activities from the PLA (People’s Liberation Army) in China, and now the FBI (with the possible assistance of the NSA) is using malware to infiltrate criminal activities. For years European governments have been open about their policy to allow police to hack into the computers of suspects without a warrant.

Not to dismiss the talents of the last generation of malware writers, but governments and defense contractors have enough budget to hire professionals; I suspect the pool of such people who are willing to work for government is much larger than the pool willing to work for criminal organizations. And with enough patience and talent, we may start seeing malware techniques which heretofore haven’t been worth the trouble. Thompson is concerned about the development of cross-platform malware. We saw an example of this in Stuxnet, which used Windows computers to find and attack Siemens industrial controllers.

As Thompson, who knows a thing or two about anti-malware technology, says, anti-malware software can find the AFTs a very, very high percentage of the time, but you can’t expect it to find these attacks, at least not when it matters. It’s for threats like these that defense-in-depth and rigorous attention to best practices is necessary. For high-value targets, there are also products and services, Solera Networks’ DeepSee series for example, which specifically attempt to find threats which are laying low in a network.

After digesting this information, I was tempted to think that this is good news for those of you under the radar; if you’re not the sort of operation that is going to merit a high-quality targeted attack, then following best practices — e.g. always updating all software and anti-malware, practicing least privilege, forcing strong passwords — then you should be OK. But that’s nothing new. It was always true. The real news is just how essential it is for those who might be the target of a high-quality, enterprise malware attack to follow those practices. And it’s discouraging to see how many organizations fall short.

This is an edited version of an article by Larry Seltzer

Read the full version of this article here:

Malware creators go professional Irish Web Design – Website Security

Gremlins poster

The dreaded Blackhole Exploit Kit is back

The dreaded Blackhole Exploit Kit is back!

Gremlins attack websites

The last week has seen a resurgence of this malicious software appearing on websites around the globe.

Visitors to the sites who have AVG Anti Virus software installed on their systems receive a warning about the infection.

Website owners who do not act quickly to deal with the infection and clean up their websites may find Google blocking access to their websites.

The Blackhole Exploit Kit and it’s many variations was developed by some of the most skilled computer criminals in the world.

It is thought that these gangs originate in Russia or Eastern Europe.

The Blackhole exploit kit is now the most prevalent web threat globally.

The criminals make the software available as a kit on an outright sale or licence basis and each version is tweaked to suit the ‘end user’ criminal’s particular purposes.

In general, the kit uses hidden code to analyse the software on the computer it attacks to find any vulnerabilities.

When it finds some software which can be exploited, it will then run another piece of software, which often in the form of a pop up window.

This appears to be a warning about a malware or virus infection when in point of fact, it is a malware!

The  computer is now under ‘remote control’ by the hackers, who can return and take over running the machine at any time.

What is particularly worrying about this infection is that there is at present no ‘magic bullet’ or simple cure.

Irish Web Design – the dreaded Blackhole Exploit Kit is back AKA Black hole exploit kit.

microsoft logo as medallions

FBI and Microsoft move in on Internet Criminals

FBI and Microsoft move in on Internet Criminals

american fbi logo

American FBI and Microsoft shut down the €375m theft botnet known as Citadel

The American FBI and Microsoft have cooperated in order to break up a massive network of hijacked home computers that have been responsible for stealing more than €375m from bank accounts around the globe.

The Citadel network was set up by a group of criminal gangs who remotely installed a keylogging program on upwards of five million machines in order to steal data.

About 1,000 of the 1,400 or so networks that made up the Citadel botnet are believed to have been shut down.

Co-ordinated action in 80 countries by police forces, tech firms and banking bodies helped to disrupt the network.

“The bad guys will feel the punch in the gut,” Richard Boscovich, a spokesman for Microsoft’s digital crimes unit said.

Control code

The cybercriminals behind Citadel cashed in by using login and password details for online bank accounts stolen from compromised computers.

This method was used to steal cash from a huge number of banks including American Express, Bank of America, PayPal, HSBC, Royal Bank of Canada and Wells Fargo.

Citadel emerged after core computer code for a widely used cybercrime kit, called Zeus, was released online.

Underground coders banded together to turn that code into a separate cybercrime toolkit that quickly proved popular with many malicious hackers.

In a blogpost detailing its action, Microsoft said Citadel had also grown because malicious code that could take over a PC had been bundled in with pirated versions of Windows.

The millions of PCs in the criminal network were spread around the globe, but were most heavily concentrated in North America, Western Europe, Hong Kong, India and Australia.

Despite the widespread action, which involved seizures of servers that co-ordinated the running of Citadel, the identity of the botnet’s main controller is unknown.

However, Microsoft has started a “John Doe” lawsuit against the anonymous controller, believing him to use the nickname Aquabox and be based in Eastern Europe.

In addition, the FBI is working with Europol and police forces in many other countries to track down and identify the 81 “lieutenants” that helped Aquabox keep Citadel running.

Microsoft has also started action to help people clean up an infected computer.

Typically, it said, machines compromised by Citadel were blocked from getting security updates to ensure those computers stayed part of the botnet.

With the network disrupted, machines should be free to get updates and purge the Citadel malware from their system.

FBI and Microsoft move in on Internet Criminals – Irish Web Design From an article on BBC News

Visit Us On TwitterVisit Us On FacebookCheck Our Feed