Compare cell phone plans using Wirefly's innovative plan comparison tool ×
Security

New Linux Trojan Is A DDoS Tool, a Bitcoin Miner, and Web Ransomware (softpedia.com) 63

An anonymous reader writes: A trojan that targeted Drupal sites on Linux servers last May that was incredibly simplistic and laughable in its attempt to install (and fail) web ransomware on compromised websites, has now received a major update and has become a top threat on the malware scene. That trojan, named Rex, has evolved in only three months into an all-around threat that can: (1) compromise servers and devices running platforms like Drupal, WordPress, Magento, Jetspeed, Exarid, AirOS; (2) install cryptocurrency mining in the background; (3) send spam; (4) use a complex P2P structure to manage its botnet; and (5) install a DDoS agent which crooks use to launch DDoS attacks.

Worse is that they use their DDoS capabilities to extort companies. The crooks send emails to server owners announcing them of 15-minute DDoS tests, as a forewarning of future attacks unless they pay a ransom. To scare victims, they pose as a known hacking group named Armada Collective. Other groups have used the same tactic, posing as Armada Collective, and extorting companies, according to CloudFlare.

Piracy

Scammers Use Harvard Education Platform to Promote Pirated Movies (torrentfreak.com) 27

TorrentFreak reports: Spammers are using Harvard's educational sharing tool H2O to promote pirated movies. Thousands of links to scammy sites have appeared on the site in recent weeks. Copyright holders are not happy with this unintended use and are targeting the pages with various takedown notices. H2O is a tool that allows professors and students to share learning material in a more affordable way. It is a welcome system that's actively used by many renowned scholars. However, in recent weeks the platform was also discovered by scammers. As a result, it quickly filled up with many links to pirated content. Instead of course instructions and other educational material, the H2O playlists of these scammers advertise pirated movies. The scammers in question are operating from various user accounts and operate much like traditional spam bots, offering pages with movie links and related keywords such as putlocker, megashare, viooz, torrent and YIFY.
Censorship

Facebook Admits Blocking WikiLeaks' DNC Email Links, But Won't Say Why (thenextweb.com) 270

An anonymous reader writes: Facebook has admitted it blocked links to WikiLeaks' DNC email dump, but the company has yet to explain why. WikiLeaks has responded to the censorship via Twitter, writing: "For those facing censorship on Facebook etc when trying to post links directly to WikiLeaks #DNCLeak try using archive.is." When SwiftOnSecurity tweeted, "Facebook has an automated system for detecting spam/malicious links, that sometimes have false positives. /cc," Facebook's Chief Security Officer Alex Stamos replied with, "It's been fixed." As for why there was a problem in the first place, we don't know. Nate Swanner from The Next Web writes, "It's possible its algorithm incorrectly identified them as malicious, but it's another negative mark on the company's record nonetheless. WikiLeaks is a known entity, not some torrent dumping ground. The WikiLeaks link issue has reportedly been fixed, which is great -- but also not really the point. The fact links to the archive was blocked at all suggests there's a very tight reign on what's allowed on Facebook across the board, and that's a problem." A Facebook representative provided a statement to Gizmodo: "Like other services, our anti-spam systems briefly flagged links to these documents as unsafe. We quickly corrected this error on Saturday evening."
Communications

Tinder Scam Promises Account Verification, But Actually Sells Porn (csoonline.com) 29

itwbennett writes: Tinder users should be on the lookout for Tinder profiles asking them to get "verified" and then sending them a link to a site called "Tinder Safe Dating." The service asks for credit card information, saying this will verify the user's age. Once payment information has been captured, the user is then signed up for a free trial of porn, which will end up costing $118.76 per month unless the service is cancelled. In Tinder's safety guidelines, the company warns users to avoid messages that contain links to third-party websites or ask money for an address.
Democrats

Clinton's Private Email Was Blocked By Spam Filters, So State IT Turned Them Off (arstechnica.com) 268

An anonymous reader quotes a report from Ars Technica: Documents recently obtained by the conservative advocacy group Judicial Watch show that in December 2010, then-U.S. Secretary of State Hillary Clinton and her staff were having difficulty communicating with State Department officials by e-mail because spam filters were blocking their messages. To fix the problem, State Department IT turned the filters off -- potentially exposing State's employees to phishing attacks and other malicious e-mails. The mail problems prompted Clinton Chief of Staff Huma Abedin to suggest to Clinton (PDF), "We should talk about putting you on State e-mail or releasing your e-mail address to the department so you are not going to spam." Clinton replied, "Let's get [a] separate address or device but I don't want any risk of the personal [e-mail] being accessible." The mail filter system -- Trend Micro's ScanMail for Exchange 8 -- was apparently causing some messages from Clinton's private server (Clintonemail.com) to not be delivered (PDF). Some were "bounced;" others were accepted by the server but were quarantined and never delivered to the recipient. According to the e-mail thread published yesterday by Judicial Watch, State's IT team turned off both spam and antivirus filters on two "bridgehead" mail relay servers while waiting for a fix from Trend Micro. There was some doubt about whether Trend Micro would address the issue before State performed an upgrade to the latest version of the mail filtering software. A State Department contractor support tech confirmed that two filters needed to be shut off in order to temporarily fix the problem -- a measure that State's IT team took with some trepidation, because the filters had "blocked malicious content in the recent past." It's not clear from the thread that the issue was ever satisfactorily resolved, either with SMEX 8 or SMEX 10.
Botnet

3 Million Strong Botnet Grows Right Under Twitter's Nose (softpedia.com) 48

An anonymous reader writes: Somebody created a botnet of three million Twitter accounts in one single day, and Twitter staff didn't even flinch -- even if the huge 35.4 registrations/second should have caught the eye of any IT staffer. Another weird particularity is that the botnet was also synchronized to use Twitter usernames similar to Twitter IDs. Couple this with a gap of 168 million IDs before and after the botnet's creation, it appears that someone specifically reserved those IDs. The IDs were reserved in October 2013, but the botnet was registered in April 2014 (except 2 accounts registered in March 2014). It's like Twitter's registration process skipped 168 million IDs, and someone came back a few months later and used them. [Softpedia reports:] "The botnet can be found at @sfa_200xxxxxxx, where xxxxxxx is a number that increments from 0 000 000 to 2 999 999. All accounts have a similar structure. They have "name" instead of the Twitter profile handle, display the same registration date, and feature the text "some kinda description" in the profile bio field. Additionally, there are also two smaller botnets available as well. One can be found between @cas_2050000000 and @cas_2050099999. Sadbottrue says it was registered between March 3 and March 5, 2015. The second is between @wt_2050100000 and @wt_2050199999, and was registered between October 23 and November 22, 2014." Both have 100,000 accounts each. Theoretically, these types of botnets can be used for malware C and C servers, Twitter spam, or to sell fake Twitter followers. At 3 million bots, the botnet accounts for 1% of Twitter's monthly active users.
Crime

'Spam King' Sanford Wallace Sentenced To 2.5 Years In Prison For Facebook Phishing Scam (bbc.com) 56

Xochil writes: Sanford Wallace gets a two-year prison term and $310K fine on charges of fraud and criminal contempt for sending over 27 million spam messages to Facebook users. Sanford Wallace has made a name for himself over the course of the last several years. In 1998, the "Spam King" announced he would put an end to spamming on his part, instead resorting to a new scheme in which ISPs would be paid to receive the mail. Flash forward to 2004, the Associated Press reported that a judge issued a temporary restraining order against Wallace for alleged spyware distribution. Last August, Wallace admitted to compromising around 500,000 Facebook accounts, using them to send over 27 million spam messages through Facebook's servers, between November 2008 and March 2009. While he could have been sentenced to as many as 16 years in prison, he was only sentenced to two-and-a-half years in prison and five years of supervised release. In addition, Wallace was ordered to pay about one cent for every message sent or about 60 cents per account compromised, totaling $310,628.55 in restitution. The phishing scam consisted of Wallace automating the process of signing into a Facebook user's account, retrieving a list of their friends and sending them each a message that encouraged them to log into a website. The website would trick users into divulging their Facebook username and password before directing them to an affiliate website that would pay him for the traffic.
Security

Access To Thousands Of Compromised Government Servers Selling For $6 On Black Market 28

An anonymous reader writes: Researchers have uncovered an underground market selling information of over 70,000 compromised servers. Russia-based Kaspersky Lab revealed that the online forum, named xDedic, seems to be operated by a Russian-speaking organisation and allows hackers to pay for undetectable access to a wide range of servers, including those owned by government, corporate and academic groups in more than 170 countries. Access to a compromised server can be bought for as little as $6. This kit comes with relevant tools to instruct on launching denial-of-service attacks and spam campaigns on the targeted network, as well as allowing criminals to illegally produce bitcoin and breach online systems, such as retail payment platforms.
Security

WordPress Sites Under Attack From New Zero-Day In WP Mobile Detector Plugin (softpedia.com) 50

An anonymous reader writes: A large number of websites have been infected with SEO spam thanks to a new zero-day in the WP Mobile Detector plugin that was installed on over 10,000 websites. The zero-day was used in real-world attacks since May 26, but only surfaced to light on May 29 when researchers notified the plugin's developer. Seeing that the developer was slow to react, security researchers informed Automattic, who had the plugin delisted from WordPress.org's Plugin Directory on May 31. In the meantime, security firm Sucuri says it detected numerous attacks with this zero-day, which was caused by a lack of input filtering in an image upload field that allowed attackers to upload PHP backdoors on the victim's servers with incredible ease and without any tricky workarounds. The backdoor's password is "dinamit," the Russian word for dynamite.
Advertising

Microsoft Will Stop Spamming Android Users With Office Ads In The Notification Tray (betanews.com) 110

An anonymous reader writes from a report via BetaNews: The notification tray in Android serves a very specific purpose. There's a clue in the name -- and it's nothing to do with advertising. Android user Thom Holwerda was upset this week when Microsoft Office for Android started to spam him with ads for apps he already had installed. There are many questions here, one of which is why is Microsoft ignoring Google's guidelines and using the notification tray to display ads? Thom, from the website OSnews, found that the copy of Word he had installed on his Nexus 6P was spamming him with ads for Excel and Powerpoint -- which he was already using. Mark Wilson from BetaNews contacted Microsoft and they said, "Our team is actively investigating the occurrences of these notifications." After pressing further into the issue, a Microsoft spokesperson said, "Microsoft is deeply committed to ensuring that we maintain the best possible experience for our customers in addition to complying with all applicable policies. We have taken the action to turn off these notifications. This update will be reflected in the coming days." In other semi-related news, users can now remove the 260-character path length limit in the Windows 10 build 14352.
Businesses

Dyson Launches New 'Supersonic' Hair Dryer To Revolutionize Hair Care (nbcnews.com) 228

An anonymous reader writes: Dyson has a launched a hair dryer with a design language similar to that of its bladeless fans. The $399 hair dryer is four years in the making, involving 103 engineers, over 1,000 miles of test hair, and a $71 million investment -- the Dyson Supersonic is being touted as "the hairdryer rethought" by its inventor Sir James Dyson. "We realized that hair dryers can cause extreme heat damage to hair," said Dyson in a press release. "So I challenged Dyson engineers to really understand the science of hair and develop our version of a hair dryer, which we think solves these problems." The hair dryer can be reserved online and will be sold exclusively at Sephora for $399 this fall.
Bitcoin

Experts Crack Petya Ransomware, Enable Hard Drive Decryption For Free 49

Reader itwbennett writes: Petya appeared on researchers' radar last month when criminals distributed it to companies through spam emails that masqueraded as job applications. It stood out from other file-encrypting ransomware programs because it overwrites a hard drive's master boot record (MBR), leaving infected computers unable to boot into the operating system. Now, security experts have devised a method that, while not exactly straightforward, allows users to recover data from computers infected with the ransomware without paying money to cyber criminals. Folks over at BleepingComputer have confirmed that the aforementioned technique works.
DRM

Researchers Help Shut Down Spam Botnet That Enslaved 4,000 Linux Machines (arstechnica.com) 47

An anonymous reader shares an article on Ars Technica: A botnet that enslaved about 4,000 Linux computers and caused them to blast the Internet with spam for more than a year has finally been shut down. Sophisticated Mumblehard spamming malware flew under the radar for five years. Known as Mumblehard, the botnet was the product of highly skilled developers. It used a custom "packer" to conceal the Perl-based source code that made it run, a backdoor that gave attackers persistent access, and a mail daemon that was able to send large volumes of spam. Command servers that coordinated the compromised machines' operations could also send messages to Spamhaus requesting the delisting of any Mumblehard-based IP addresses that sneaked into the real-time composite blocking list, or CBL, maintained by the anti-spam service. "There was a script automatically monitoring the CBL for the IP addresses of all the spam-bots," researchers from security firm Eset wrote in a blog post published Thursday. "If one was found to be blacklisted, this script requested the delisting of the IP address. Such requests are protected with a CAPTCHA to avoid automation, but OCR (or an external service if OCR didn't work) was used to break the protection."
Microsoft

Microsoft Makes Xamarin Free In Visual Studio, Will Open Source Core Xamarin Tech (venturebeat.com) 143

An anonymous reader cites a report on VentureBeat: Microsoft today announced that Xamarin is now available for free for every Visual Studio user. This includes all editions of Visual Studio, including the free Visual Studio Community Edition, Visual Studio Professional, and Visual Studio Enterprise. Furthermore, Xamarin Studio for OS X is being made available for free as a community edition and Visual Studio Enterprise subscribers will get access to Xamarin's enterprise capabilities at no additional cost. The company also promised to open source Xamarin's SDK, including its runtime, libraries, and command line tools, as part of the .NET Foundation 'in the coming months.' Plenty of developers will find this announcement exciting. Xamarin being free is a big deal.
Encryption

CloudFlare Wants Tor To Change Or Risk CAPTCHA Blockades (thestack.com) 87

An anonymous reader writes: CloudFlare's co-founder Matthew Prince has publicly appealed to work with the Tor Project on implementing a solution that will stop the high incidence of Tor users being challenged by CAPTCHAs whilst browsing. Prince proposes the implementation of a Tor plugin that would communicate with CloudFlare servers to provide temporary, anonymous identification to bypass the CAPTCHAs, and has presented the code on GitHub. Other possibilities mooted include the adoption of higher-level encryption, which would be likely to adversely influence a network which already has native (and inevitable) latency issues. CloudFlare's public post on the matter comes after five turbulent weeks of comments-section debate between CloudFlare and Tor, and seems to be an appeal for public arbitration on the matter.Prince further noted that 94% of the traffic CloudFlair sees is "per se malicious." From his blog post: That doesn't mean they are visiting controversial content, but instead that they are automated requests designed to harm our customers. A large percentage of the comment spam, vulnerability scanning, ad click fraud, content scraping, and login scanning comes via the Tor network. To give you some sense, based on data from Project Honey Pot, 18% of global email spam, or approximately 6.5 trillion unwanted messages per year, begin with an automated bot harvesting email addresses via the Tor network.
Communications

Microsoft Launches Bot Framework To Let Developers Build Their Own Chatbots (venturebeat.com) 81

An anonymous reader shares a report on VentureBeat: Microsoft today is introducing the Bot Framework, a new tool in preview to help developers build their own chatbots for their applications. Using this, anyone can create a text program that they can chat with. A BotBuilder software-development kit (SDK) is available on GitHub under an open-source MIT license. These bots can be implemented into a variety of applications, including Slack or Telegram or even email. "Bots are like new applications," Microsoft chief executive Satya Nadella said. "And digital assistants are meta apps, or like the new browsers. And intelligence is infused into all of your interactions. That's the rich platform that we have." Microsoft will want to tread carefully.
Microsoft

Windows 10 Now Runs On 270 Million Monthly Active Devices 264

At its developer conference, Build 2016, Microsoft announced on Wednesday that Windows 10, the latest version of its desktop version which it released on July 29 last year, is now being used on over 270 million active computers worldwide. "Windows 10 is off to the fastest adoption of any release ever," said Terry Myerson, executive vice president for Microsoft's Windows and Devices Group. The company also announced that it will be releasing Windows 10 Anniversary Update this summer for all Windows 10 users free of charge.
Linux

Confirmed: Microsoft and Canonical Partner To Bring Ubuntu To Windows 10 (zdnet.com) 492

Steven J. Vaughan-Nichols reports for ZDNet: According to sources at Canonical, Ubuntu Linux's parent company, and Microsoft, you'll soon be able to run Ubuntu on Windows 10. This will be more than just running the Bash shell on Windows 10. After all, thanks to programs such as Cygwin or MSYS utilities, hardcore Unix users have long been able to run the popular Bash command line interface (CLI) on Windows. With this new addition, Ubuntu users will be able to run Ubuntu simultaneously with Windows. This will not be in a virtual machine, but as an integrated part of Windows 10. [...] Microsoft and Canonical will not, however, sources say, be integrating Linux per se into Windows. Instead, Ubuntu will primarily run on a foundation of native Windows libraries. Update: 03/30 16:16 GMT by M : At its developer conference Build 2016, Microsoft on Wednesday confirmed that it is bringing native support for Bash on Windows 10. Scott Hanselman writes: This isn't Bash or Ubuntu running in a VM. This is a real native Bash Linux binary running on Windows itself. It's fast and lightweight and it's the real binaries. This is a genuine Ubuntu image on top of Windows with all the Linux tools I use like awk, sed, grep, vi, etc. It's fast and it's lightweight. The binaries are downloaded by you - using apt-get - just as on Linux, because it is Linux. You can apt-get and download other tools like Ruby, Redis, emacs, and on and on. This is brilliant for developers that use a diverse set of tools like me.
Canada

Canada and USA Feds Unite To Fight Spammers and Telemarketers 68

Reader Freshly Exhumed writes: Telemarketers in Canada and the USA have essentially been bypassing each nation's do-not-call registry by basing their efforts from the other or from off-shore locations, while cross border spam remains rampant. Now the CRTC, Canada's telecom and broadcast regulator, has announced it signed a partnership agreement with the Federal Trade Commission of the United States to fight against spam and calls from pesky telemarketers. The Memorandum of Understanding (MOU) consists of all unsolicited telecommunications, unsolicited commercial email (spam), and other "illegal electronic threats" that cover anti-spam laws in the United States and Canada.
Canada

Docs With Malicious Macros Deliver Fileless Malware (csoonline.com) 39

itwbennett writes: Researchers from Palo Alto Networks warn that attackers are using Word documents with malicious macros and PowerShell to infect computers with fileless malware. The rogue PowerShell script performs a variety of checks on the computer aimed at finding systems that are used to conduct financial transactions and to avoid systems that belong to security researchers as well as medical and educational institutions. "Due to the target-specific details contained within the spam emails and the use of memory-resident malware, this particular campaign should be treated as a high threat," the Palo Alto researchers said in a blog post. A similar combination of PowerShell and fileless malware was observed last week by researchers from the SANS Institute's Internet Storm Center.

Slashdot Top Deals