Spammy botnet got sneaky Security researchers believe they have identified the botnet responsible for a recent spike in traffic on the anonymizing Tor network, but the exact purpose of the malware remains unclear.…
Visit link:
Malware culprit fingered in mysterious Tor traffic spike
Obad boy enlists an ally for Google spam splurge Kaspersky Lab has reported the first sighting of mobile malware (Android, of course) that piggybacks on the back of a separate mobile botnet and uses the resources of other malware once it’s installed.…
View article:
Android malware spotting hitching a ride on mobile botnet
Bitcoin gambling site SatoshiDice has recovered after being felled for several days by a DDoS attack. The site went down several days ago, and was inaccessible from the Internet. Erik Voorhees, who created the site and sold it for $11.5 million in July, no longer runs the site, but naturally still has insights into how it operates. DDoS attacks happen a lot to bitcoin gambling sites, he said. “They largely wasted their money,” he said of the attackers, pointing out that the website isn’t needed for the placing of bets. It simply provides information about bet statistics, and bitcoin addresses to send to. These addresses are constant, available outside of the main site, and can easily be retained by regular gamblers even when the site goes down, meaning that bets can still be processed. “They’d have to launch an attack against the whole bitcoin network,” Voorhees said. There is a back-end computer processing the bets, but this isn’t the same computer that hosts the website. Attackers could potentially disrupt betting if they were able to find that machine, but Voorhees points out that it could easily be moved. The attack didn’t seem to affect the site’s popularity in the long term. SatoshiDice vanity addresses made up eight of the most popular bitcoin addresses used on the network overnight. Source: http://www.coindesk.com/satoshidice-hit-by-ddos-attack-but-bets-continue/
Visit site:
SatoshiDice hit by DDoS attack, but bets continue
‘No humans are behind these clients’ The recent spike in traffic on the Tor anonymizing relay network is probably due to botnet activity rather than any recent political developments, research by Tor Project members has concluded.…
Read More:
Tor traffic torrent: It ain’t the Syrians, it’s the BOTS
Middle Kingdom pledges immediate action The China Internet Network Information Center (CINIC) has reported that on Sunday it suffered the largest ever DDoS attack it has ever experienced against the .cn domain, an assault that took ten hours to knock down.…
Read More:
Chinese authorities say massive DDoS attack took down .cn domain
China’s Internet was hit with a major distributed denial of service (DDoS) attack Sunday morning that briefly disrupted and slowed access to sites in the .cn domain. The DDoS attack was the largest in history against the domain servers for China’s .cn ccTLD (country code top level domain), according to the China Internet Network Information Center (CNNIC), which administers the domain. The first attack started Sunday around midnight Beijing time, and was then succeeded by a larger attack at 4 a.m, the CNNIC said in an Internet posting. A number of sites were affected, but Internet service to the sites had been gradually restored by 10 a.m. Sunday It’s unclear where the attack originated from or if it was still continuing. A CNNIC spokeswoman said on Monday it would update the public once more information was gathered. Chinese regulators have already launched unspecified measures to protect the domain system, while CNNIC has apologized for the disruption. China has often been accused of launching DDoS attacks. In this year’s first quarter, it was the top source country for DDoS attacks, according to security vendor Prolexic. The U.S. was ranked second. DDoS attacks can commonly work by deploying armies of hacked computers to send traffic to a website, saturating it with data so that it becomes inaccessible to normal users.A China, however, has said its facing a surge of Trojan and botnet attacks against the country. Many of those attacks are coming from the U.S., South Korea and Germany. China has also denied the country sponsors hacking, despite claims brought by U.S. officials and security vendor Mandiant that its government actively conducts cyber-espionage. Source: http://www.computerworld.com/s/article/9241899/Major_DDoS_attacks_.cn_domain_disrupts_Internet_in_China
Read more here:
Major DDoS attacks .cn domain; disrupts Internet in China
Distributed denial of service attacks have been used to divert security personnel attention while millions of dollars were stolen from banks, according to a security researcher. At least three US banks in recent months have been plundered by fraudulent wire transfers while hackers deployed “low powered” DDoS attacks to mask their theft, Avivah Litan, an analyst at research firm Gartner, told SCMagazine.com. She declined to name the institutions affected but said the attacks appeared unrelated to the wave of DDoS attacks last winter and spring that took down Web sites belonging to JP Morgan , Wells Fargo, Bank of America, Chase, Citigroup, HSBC, and others. “It wasn’t the politically motivated groups,” she said. “It was a stealth, low-powered DDoS attack, meaning it wasn’t something that knocked their website down for hours.” Litan described the attack method in a blog post last week that warned banks’ losses could have been much greater. “Once the DDoS is underway, this attack involves takeover of the payment switch (eg, wire application) itself via a privileged user account that has access to it,” she wrote. “Now, instead of having to get into one customer account at a time, the criminals can simply control the master payment switch and move as much money from as many accounts as they can get away with until their actions are noticed.” Litan, an expert in financial fraud and banking security, did not describe how attackers gained access to the wire payment switch at banks, but she offered banks advice on how they might better protect themselves. “One rule that banks should institute is to slow down the money transfer system while under a DDoS attack,” she wrote. “More generally, a layered fraud prevention and security approach is warranted.” Security researchers have previously highlighted the growing trend of using DDoS attacks to hide fraudulent activity at banks. The Dell SecureWorks Counter Threat Unit issued a report (PDF) in April to warn that a popular DDoS toolkit called Dirt Jumper was being used to divert bank employees’ attention from attempted fraudulent wire transfers of up to $2.1 million. In a joint statement (PDF) issued last September with the Financial Services Information Sharing and Analysis Center and the Internet Crime Complaint Center, the FBI warned that the $200 Dirt Jumper toolkit was being used as a smokescreen to cover fraudulent wire transfers conducted with pilfered employee credentials. “In some of the incidents, before and after unauthorized transactions occurred, the bank or credit union suffered a distributed denial of service (DDoS) attack against their public Website(s) and/or Internet Banking URL,” the report said. “The DDoS attacks were likely used as a distraction for bank personnel to prevent them from immediately identifying a fraudulent transaction, which in most cases is necessary to stop the wire transfer.” Source: http://news.cnet.com/8301-1009_3-57599646-83/cybercrooks-use-ddos-attacks-to-mask-theft-of-banks-millions/
Read the article:
Cybercrooks use DDoS attacks to mask theft of banks’ millions
Hackers use DDoSes to distract staffers… while nicking MILLIONS Cybercrooks are running distributed denial of service attacks as a smokescreen to distract bank security staff while they plunder online banking systems, according to a researcher.…
Read the original:
Bank man: System’s down, let’s have coffee. Oh SNAP, where’s all the CASH?
Izz ad-Din al-Qassam Cyber Fighters’ so-called Phase 4 of distributed-denial-of-service attacks against major U.S. banks hasn’t stalled, it’s just been ineffective at disrupting online availability, security experts say The latest attacks have been sporadic and seemingly less targeted. U.S. banking institutions, which have been under attack since September 2012, have adapted their defenses, making their online-banking sites hard to take down, experts say. But Brobot , the botnet used by al-Qassam Cyber Fighters, is still active; it targeted banking institutions as recently as last week, says John LaCour, CEO of cybersecurity and intelligence firm PhishLabs. “PhishLabs can confirm that we detected QCF [Qassam Cyber Fighters] related DDoS attacks on Wednesday [Aug. 14] and Thursday [Aug. 15],” LaCour says. “Three large banks were attacked that we have seen targeted previously.” LaCour would not name the banks that were hit. He did say, however, attacks last week were linked to Brobot, and that Brobot still appears to be controlled by al-Qassam. Experts say they don’t feel Brobot has been leased out for hire, and that al-Qassam is still the group using the botnet against banks. Disruptions at 2 Banks JPMorgan Chase and Citigroup suffered intermittent online disruptions last week, according to Fox Business . Neither one of those banking institutions responded to Information Security Media Group’s request for comment. But according to tweets posted last week, Chase and Citi both acknowledged suffering site issues Aug. 15. “We’re experiencing issues with our website and Chase mobile,” Chase tweeted. “We apologize for the inconvenience. Please stay tuned for updates.” In its tweet, Citi said: “We are aware of system issues at this time. We are working to get the issue resolved.” Keynote, an online and mobile cloud testing and traffic monitoring provider, confirms both banks’ online banking sites did experience intermittent issues Aug. 15. But the cause of those online interruptions is not known, says Keynote’s Aaron Rudger. “The Chase banking website appears to have been unavailable from 8:55 a.m. ET until 10:21 a.m. ET,” he says. “Our monitoring agents reported DNS [Domain Naming System] lookup errors throughout that period, across the U.S.” DNS is the system that translates a website’s name, such as www.chase.com, into an Internet protocol address that’s assigned to a Web server for that site, Rudger explains. “Our monitoring agents did observe only a very small number of errors trying to download the Citibank homepage, starting at 12:52 p.m. ET,” he adds. “But that only lasted until 1:09 p.m. ET.” But other experts who asked to remain anonymous say the outage at Citi was not linked to Brobot; it was an internal technical issue. What’s Next for Brobot? Because attacks against banks are increasingly ineffective, some question what’s next for Brobot. Rodney Joffe, senior technologist at DDoS-mitigation provider Neustar, believes the attacks against banks are nearing an end. What’s next is anyone’s guess, he adds. But Joffe and others have suggested Brobot will likely soon be used to target other industries, especially those impacting critical infrastructure. The attackers will take aim at other targets to avoid admitting their campaign has been a failure, some suggest. “We’ll start to see disruptions that cause a little more fear in the U.S. public,” Joffe says. “We have heard about the compromise of water systems in small towns. I wouldn’t be surprised if we really start to see attacks like that.” Source: http://www.bankinfosecurity.com/ddos-attacks-strike-three-banks-a-6006
Continued here:
DDoS Attacks Strike Three Banks
VANCOUVER, BRITISH COLUMBIA–(Marketwired – Aug. 14, 2013) – DOSarrest Internet Security announced today that it will begin offering a website Vulnerability Testing and Optimization ( VTO ) service. The services is a comprehensive test that will intelligently crawl a website and find any vulnerabilities in the site’s coding, as well as analyze the structure of the website to see what can be optimized for better performance, all for a safer and better web experience for your visitors. The Vulnerability portion of the scan is able to analyze web code while it is being executed, even for a very large site with dynamic pages, and test with the most advanced SQL Injection and Cross Site Scripting (XSS) analyzers. A report is provided at the end that details all identified security breaches and the line of code that is the culprit as well as how to fix it. A secondary Optimization scan is executed again on all pages within a website, applying best practice rule sets which identify what elements and design structure can be optimized, and how to do it. A DOSarrest security specialist will walk the customer through the report and retest if necessary. “Our customers have come to greatly appreciate our efforts, to not only protect them from DDoS attacks, but to also assist their IT operations in securing their web servers in house “, says Jag Bains, CTO of DOSarrest. Bains, goes on to state “We’re able to leverage our experience and expertise to provide our customers a framework for securing their operations. With web application hacking on the rise, the VTO service is taking our customer partnerships to another level.” More information on this service can be found at: http://www.dosarrest.com/en/vulnerability-testing.html . About DOSarrest Internet Security: DOSarrest founded in 2007 in Vancouver, BC, Canada is one of only a couple of companies worldwide to specialize in only cloud based DDoS protection services. Their global client base includes mission critical ecommerce websites in a wide range of business segments including financial, health, media, education and government. Their innovative systems, software and exceptional service has been leading edge for over 6 years now.
More here:
DOSarrest begins Offering Vulnerability Testing and Optimization