Due to the lack of any independent certification of Anti-Malware or IT security testing, MRG Effitas has started the process of rationalizing and rigorously defining its testing philosophy, objectives and methodology before having these ISO 9001 certified.

We would welcome constructive input from any interested party.

There has been a huge earthquake in Turkey today which has caused an as yet unknown loss of life and large scale destruction. The earthquake of magnitude 7.2 occurred at 1:41 p.m. local time and there were at least seven large aftershocks.

We have several good friends in the country and are in the process of trying to contact them to ensure they are okay.

We send our best wishes to the people of Turkey and hope there are as few casualties as possible.

Continuing its legal assault on botnet operators and the hosting companies that the criminals use for their activities, Microsoft has announced new actions against a group of people it contends are responsible for the operation of the Kelihos botnet. The company has also helped to take down the botnet itself and says that Kelihos’s operators were using it not only to send out spam and steal personal information but also for some more nefarious purposes.

Kelihos, which is sometimes grouped in with the more well-known Waledac botnet, is a fairly small botnet, at an estimated 41,000 machines, but Microsoft officials said that the network was being used for a large variety of activities, including child pornography. Microsoft on Tuesday notified the defendants in the civil cases it has filed in relation to the Kelihos botnet and last week the company also got a temporary restraining order in federal court in Virginia against a man in the Czech Republic named Dominique Alexander Piatti and 22 unnamed people in connection with the operation of the botnet.
Continue reading →

Microsoft, Google, and Mozilla developers are addressing a flaw in SSL encryption that could allow an attacker to decrypt intercepted traffic.

Microsoft said that it would bring out a patch for the flaw in an advisory on Monday. The patch could be out-of-cycle or in-band, depending on the impact of the flaw on customers, the company said.

“Microsoft is aware of detailed information that has been published describing a new method to exploit a vulnerability in SSL 3.0 and TLS 1.0, affecting the Windows operating system,” the company said. “This vulnerability affects the protocol itself and is not specific to the Windows operating system.”

The flaw, which has been known for a number of years, was successfully exploited by security researchers Juliano Rizzo and Thai Duong. Rizzo and Duong demonstrated a proof-of-concept (PoC) tool called ‘Browser Exploit Against SSL/TLS’ (Beast) at the Ekoparty security conference on 23 September. The Beast PoC allows a man-in-the-middle attack on a browser session. SSL is used by many websites to encrypt financial transactions. Continue reading →

Since the attacks of Sept. 11, 2001, the possibility of a second devastating attack by al-Qaida or a similar group has been on the minds of many Americans. There has been much discussion as to whether terrorist groups could get access to nuclear, biological or chemical weapons — weapons of mass destruction.

Should we be concerned about another potential threat — a cyber weapon of mass destruction?

Yes, say security experts. The cyber terrorist threat is real, and plots involving such attacks may already be in the works.

According to Damon Petraglia, a director with Chartstone, a computer, network and digital forensic resource company based in Connecticut, and a member of the electronic crimes task force for the U.S. Secret Service, cyber terrorist attacks have been taking place for more than a decade Continue reading →

Amid the current diplomatic impasse between Ankara and Jerusalem, Turkish hackers hijacked some 350 Israeli websites on Sunday evening, launching a Domain Name System (DNS) attack on dozens of other websites as well.

Israeli IT analysts said Tuesday the DNS hijacking is likely to be, in fact, a “test-run” ahead of a major attack on Israeli domains.

Visitors to some of the sites were diverted to a page declaring it was “World Hackers Day.”

At least seven high-profile websites outside Israel were also hijacked, including those of The Telegraph, Acer, National Geographic, UPS and Vodafone.

Hackers calling themselves the “TurkGuvenligi group” claimed they had done the cyber-attack. TurkGuvenligi translates as “Turkish security.” Continue reading →

Microsoft said Sunday that a digital certificate stolen from a Dutch company could not be used to force-feed customers malware through its Windows Update service.

The company’s assertion came after a massive theft of more than 500 SSL (secure socket layer) certificates, including several that could be used to impersonate Microsoft’s update services, was revealed by Dutch authorities and several other affected developers.

“Attackers are not able to leverage a fraudulent Windows Update certificate to install malware via the Windows Update servers,” said Jonathan Ness, an engineer with the Microsoft Security Response Center (MSRC), in a Sunday blog post. “The Windows Update client will only install binary payloads signed by the actual Microsoft root certificate, which is issued and secured by Microsoft.”
Continue reading →

The Department of Homeland Security is beginning to take Anonymous and other non-professional cyber-attackers more seriously as it issues a warning about potential attacks. The 2 September security bulletin from the DHS National Cyber-Security and Communications Integration Centre warned financial services companies to be on the lookout for attackers operating under the Anonymous umbrella to “solicit ideologically dissatisfied, sympathetic employees” to the cause.

The unclassified DHS communique is addressed broadly to those in charge of cybersecurity and critical infrastructure protection and also warns about new tools that Anonymous has said it plans to use in launching future attacks.

One of the attack tools highlighted in the alert is dubbed #RefRef, which is said to be capable of using a server’s resources and processing power to conduct a denial of service attack against itself.
Continue reading →

An attractive brunette in a business suit is making her online pitch. “Are you tired of searching for legit CVV shops?” her animated form asks from the corner of the website. “Search no more,” she promises. This site has “handpicked cards” with “high balances”. “What are you waiting for? Register now.”

It looks like a legitimate business website, one for small business financing perhaps. But I’m being shown this site — and asked not to identify it — by FBI special agent Keith Mularski in the offices of the National Cyber-Forensics & Training Alliance, a Pittsburgh-based alliance between international law enforcement agencies, business and academia that has been charged with tackling the growing menace of cybercrime. This is a site at the cutting edge of crime.

CVV stands for card verification value. This site, and its equally professional rivals, are selling stolen credit card information to criminals who snap them up like songs on iTunes. A dollar buys enough information to use someone else’s card online, $30 buys a “dump,” all the information you need to copy a card and set off on your own real-world shopping spree with somebody else’s plastic.

There are millions of stolen accounts available, hacked from banks and online sellers, or swiped at cash machines. The FBI recently reclaimed 1.5m numbers from one seller alone. You can sort by type, MasterCard, Visa, or American Express, by geography, or just stick to business cards for their higher balances. There’s no need to fear getting ripped off. Criminals peer-review each other’s sites. It’s eBay for crooks. Continue reading →

MRG Effitas will be conducting an assessment of anti-logging and browser security products on Monday.  The test will assess the security products ability to prevent our NEW simulator from capturing the user credentials entered in to a HTTPS banking site.

We will be including the following applications

1. Zemana AntiLogger

2. TrustWare BufferZone Pro

3. SentryBay Data Protection Suite

4. SoftSphere DefenseWall

5. QFX Software KeyScrambler Personal

6. Neo’s SafeKeys

7. Prevx

8. Quaresso Protect On Q

9. Trusteer Rapport

In total, we will test twelve applications so are requesting users or vendors contact us suggesting other applications which could be included.

We will consider any dedicated anti-logging application which purports to provide protection against key logging / capture of data from within Internet Explorer.

We will include the three application which are suggested the greatest number of times.