Good Passwords, Safer Accounts

When picking Usernames and Passwords, try to be as creative as possible . Don’t use short Passwords and don’t put any personal details in them. Passwords should be changed from time to time to make them even harder to crack.

Here is an example of a good and hard to crack password: C&hv_w+iX%!i=A&+B[@TPgv!R

How Secure Are Government Institutions?

Do you remember what happened when Conficker worm attacked multiple government institutions all over the world not so long ago?  The reports we were getting at the time were devastating, we were shocked to find out that many of these extremely important institutions were wide open to all sorts of attacks. Nowadays things are not looking any better, Malware Research Group recently did some consulting for a government institution in Europe and we had to change the overall structure of their defense system to prevent disaster.

It is very important that every company (no matter how big), government institution… has a qualified person in this field as installing Antivirus applications on the server is simply not enough. Rules of the game change on daily bases and people who need to counter these threats need to be on top of their game too.

Iranian hackers attack over 1,000 US, British, French Government Websites

An Iranian cyber group announced that it has hacked more than 1,000 important governmental websites of the US, Britain and France in protest at their support and financial aids to anti-Iran terrorist groups.
“To commemorate the Day of Campaign against Terrorism and the martyrdom anniversary of (former Iranian President Mohammad Ali) Rajayee and (his Prime Minister Mohammad Javad) Bahonar (by the terrorist Mojahedin-e Khalq Organization), the group rose to protest at the inhumane measures of the supporters of terrorism, with the US and Britain standing on top of them, through a new method and hacked and changed the pages of more than 1,000 of their websites,” Behrouz Kamalian, Head of the Iranian Ashiyaneh (nest) cyber group, told FNA on Monday.
If you open the hacked sites now, you can see a logo of Iran and some pictures of martyrs Rajaee and Bahonar and a bi-lingual text in Persian and English expressing our group’s protest at the US, Britain and France’s attitude towards terrorism, Kamalian added.

A Conference For Malware Writers

There is a security conference being held in Mumbai later this year called MalCon, and the organizers say it’s the first ever conference dedicated to the ‘malware coder community.’  Brian Krebs interviewed one of them and got this gem: ‘Just like the concept of “ethical hacking” has helped organizations to see that hackers are not all that bad, it is time to accept that “ethical malware coding” is required to research, identify and mitigate newer malwares in a “proactive” way.’ Bruce Schneier is speaking at a sister MalCon event in Pune, India two days later, and he said he doesn’t agree with the organizer’s premise that more malware is needed to build better security tools.

What good can come out of malware writers convention?

Major Cybercrime Ring Busted in Taiwan and China

Yesterday Taiwanese Criminal Investigation Bureau Commissioner Lin Teh-hua announced the largest cybercrime operation in the history of his organization. 548 Taiwanese police officers and 2,720 Chinese police officers took part in the operation which resulted in 450 fraudsters being arrested throughout Taiwan and in the Chinese provinces of Fujian, Huanan, Hubei, Anhui, Guangdong and Guangxi. After a joint operations agreement was signed between Chinese and Taiwanese authorities, more than 16 joint raids have been conducted leading to more than 1,000 arrests.

In this case, the activity particularly focused on telephone fraud and internet auction fraud. The arrests come close on the heels of the break up of a similar fraud ring in Ho Chi Minh City where 99 fraudsters from Taiwan and China were arrested.In the Vietnamese fraud, where 76 Taiwanese and 23 Chinese citizens were arrested, fraudsters would take over entire hotels, booking as many as 30 to 40 hotel rooms for their fraud.

Security Software Vulnerabilities Rise In 2010

IBM reported on Wednesday that the number of cracks hackers could exploit in computer software jumped during the first half of 2010.

The number of documented “vulnerabilities” reported by an X-Force Research and Development team at IBM increased 36 percent to 4,396 from the same period last year, and over half lacked patches to correct the flaws.

“This year’s X-Force report reveals that although threats are on the rise, the industry as a whole is getting much more vigilant about reporting vulnerabilities,” IBM Security Solutions general manager Steve Robinson said in a statement.

“Threat dynamics continue to multiply and evolve at a furious pace, making it more crucial than ever to look at unfolding trends so we can better prepare our clients for the future.”

India becomes the No.1 Malware Producer

India has overtaken the US as the single biggest producer of viruses, according to analysis of internet threats by Network Box.

India is now responsible for 13.74 per cent of the world’s viruses, up from 9.5 per cent in July. Russia is the next in line, producing just over 11 per cent of viruses – a jump from last month’s 4.01 per cent.

The US accounts for just over eight per cent, a significant decrease from 14.65 per cent last month.

Virus levels from the UK have dropped to 2.5 per cent; down from five per cent last month. The UK is now the seventh-largest threat producing country in the world (down from fourth last month).

DDoS Botnet Hits Over 200 Websites

A new botnet built for knocking websites offline has attacked mostly Chinese and some U.S. sites, according to researchers.

About 90 percent of the command and control servers running YoyoDdos, the nickname given the botnet by researchers at Arbor Networks who have been studying and tracking it, have IP addresses in China, and two-thirds of its victim websites are out of China. The botnet has attacked around 180 websites so far, including 32 in the U.S.

“It is a pretty active botnet,” says Jeff Edwards, a research analyst with Arbor who has been analyzing the botnet, which first appeared in Arbor’s honeypot servers back in March. “We’ve detected a lot of attacks coming out of it … [around] ten unique victims a day.”

The malware itself isn’t particularly sophisticated, however. “It’s pretty typical of a lot of malware we see,” he says. “It’s a fairly non-sophisticated piece of malware, but effective.”

Facebook Security Test

As we all know Facebook is extremely popular and currently has over 500 million users. History has thought us that the more popular something becomes, the more threats emerge from and around it. We already heard about multiple mass account hijackings, malware distribution….

Malware Research Group has decided to test if the security application are able to protect users from threats designed specifically for identity theft. For this purpose Malware Research Group has developed a specific malware simulator (V 1.1). This tool will enable us to recreate the real world scenario and bring this test as close to reality as possible.

We have 15 applications scheduled for testing at this moment, our capabilities for this test are 25 applications, If any of the vendors want for their application to be included in this test, fell free to contact us.