MRG has been conducting flash tests for nearly two years now. The purpose of the tests was to give a basic indication of a products performance against zero day threats over a period of time.

Whilst the tests used only a single sample each time, we attempted to ensure their validity by using samples which were found on active URLs and by using IE as an infection vector. Each sample used is a single snapshot of a pool of some hundreds of variants of that specific malware type.

The flash tests have become quite popular among users and some vendors, so in an effort to increase their relevance, we increased the number of samples used from one to four. As of the 29^th of August, we will be introducing significant changes to the tests to further increase their validity.

The new flash tests will be run as two separate tests. We will continue with the dynamic tests, using samples from live URLs with IE as the infection vector, however, these will now be run once each week with eight samples per test.

To help give greater statistical relevance, we will include a static component to the flash tests. Twice each month, we will test using 100,000 malicious samples which are less than 72 hours old. Whilst static testing does not always assess efficacy as accurately as dynamic, it remains a convenient way to get a loose indication of performance against a large number of samples.

We will continue to run the dynamic tests using the existing cohort of security applications, however, vendors who are not existing clients will need to contact us to ask for their product to be included in the bi-monthly static tests.

We welcome input / feedback from users and vendors concerning the new flash tests. Please feel free to contact us with your comments.

Two men who posted messages on Facebook inciting other people to riot in their home towns during the recent English outbreaks of violence have each been sentenced to four years in prison by a judge at Chester Crown Court.

Jordan Blackshaw, 20, set up an “event” called Smash Down in Northwich Town for the night of August 8 on the social networking site but no one apart from the police, who were monitoring the page, turned up at the prearranged meeting point outside a McDonald’s restaurant. Blackshaw was promptly arrested.

Perry Sutcliffe-Keenan, 22, of Latchford, Warrington, used his Facebook account in the early hours of August 9 to design a web page entitled The Warrington Riots.

The court was told it caused a wave of panic in the town. When he woke up the following morning with a hangover, he removed the page and apologised, saying it had been a joke. His message was distributed to 400 Facebook contacts, but no rioting broke out as a result.

Sentencing Blackshaw to four years in a young offenders’ institution, Judge Elgan Edwards, QC, said he had committed an “evil act”. Continue reading →

More than 100 security professionals next month will compete in a two-day cybersecurity competition that simulates real-world attackers and attacks.

The SANS NetWars contest — part of the U.S. Cyber Challenge program — will be held as part of the SANS Network Security 2011 conference at Caesars Palace in Las Vegas. The contest is for both new and seasoned hackers.

Capture-the-flag (CTF) type hacking contests are nothing new in cybersecurity. What makes NetWars different than say, DefCon’s CTF, is that it’s aimed at all levels of hacking skills and all competitors have to begin at level one of the contest, says Ed Skoudis, director of NetWars for SANS. The more advanced players can then quickly advance to higher levels — up to level four, then five, where the participant gets access to a system at the root level, he says. “Level five is for people who really know their stuff. There’s castle-on-castle combat,” Skoudis says.

“DefCon is a big-team CTF focused on binary analysis and exploit development. That’s cool and a fantastic skill,” Skoudis says. “That’s not what NetWars is focused on. Ours includes this, too, but it’s multilevel and multidisciplinary.” Continue reading →

While some device vendors are stockpiling patents, others are hunting down talent, as competition in the mobile handset space heats up. It was revealed this week that Samsung Mobile has hired one of the homebrew market’s most notorious and successful Android hackers, Steve ‘Cyanogen’ Kondik.

Kondik is best known as the creator of the CyanogenMod for Android, an after market customised firmware bringing new features and functionality to the Android platform.

There’s no information yet on whether Samsung is interested in CyanogenMod, or more in Kondik himself, but the programmer and hacker has said the move will allow him to use his talents in “the real world,” while development of CyanogenMod continues as usual.

The Cyanogen firmware caters to more than 40 different Android devices and brings such functionality as native theming, Free Lossless Audio Codec (FLAC), an OpenVPN client, USB tethering, and claims increased performance and reliability over official firmware releases. Kondik has on occasion received input from Google on the development of the platform and as of mid-July it had been downloaded and installed on more than half a million devices. Continue reading →

Hackers who attacked the website of a prominent Canadian newspaper early on Tuesday posted a false news item saying the Premier of the province of Quebec had died.

According to a report by the Reuters news agency, the newspaper whose website was attacked was the Quebec-based Le Devoir newspaper.

The fake item regarding the supposed death of Premier Jean Charest of a heart attack remained on the newspaper’s site for more than an hour and was repeated by Twitter users before engineers were able to delete it.

“We offer our most sincere apologies to the premier. Measures are being taken to find the person responsible for this crime,” the newspaper said on its website.

The newspaper has filed a complaint with police, which launched an investigation conducted by the information technology crime unit of the Montreal police.

Charest himself later joked about his fake death when addressing media in Quebec City. Continue reading →

The FBI today is warning online vehicle shoppers to be extremely cautious because of a swarm of fraudulent vehicle sales and false claims of vehicle protection programs (VPP).

In fraudulent vehicle sales, criminals attempt to sell vehicles they do not own. They create an attractive deal by advertising vehicles for sale at prices below book value. Often the sellers purport they need to sell the vehicle because they are moving for work or military deployments.

Because of the supposed pending move, the criminals refuse to meet the victim in person or allow a vehicle inspection, and they often attempt to rush the sale.

To make the deal appear legitimate, the criminal instructs the victim to send full or partial payment to a third-party agent via a wire transfer payment service and to fax the payment receipt to the seller as proof of payment.

The criminal then pockets the payment but does not deliver the vehicle.

Criminals also attempt to make their scams appear valid by misusing the names of reputable companies and programs. In fact, these criminals have no association with these companies, and their schemes give buyers instructions that do not adhere to the rules and restrictions of any legitimate program.

For example, eBay Motors’ VPP is a legitimate program whose name is commonly misused by these criminals.

The VPP is not applicable to transactions that originate outside of eBay Motors, and it prohibits wire-transfer payments. Nevertheless, criminals often promise eBay Motors VPP coverage for non-eBay Motors purchases and instruct victims to pay via Western Union or MoneyGram. Continue reading →

Hacktivist group Anonymous, which has been responsible for cyber-attacks on the Pentagon, News Corp, and others, has vowed to destroy Facebook on November 5th.

Citing privacy concerns and the difficulty involved in deleting a Facebook account, Anonymous hopes to “kill Facebook,” the “medium of communication [we] all so dearly adore.”

This isn’t the first time Anonymous has spoken out against social networks.

After Google removed Anonymous’ Gmail and Google+ accounts, Anonymous pledged to create its own social network, called AnonPlus.

The full text of the announcement, made on YouTube and reported by Village Voice, is below:

Operation Facebook

DATE: November 5, 2011.

TARGET: https://facebook.com

Press:
Twitter : https://twitter.com/OP_Facebook
http://piratepad.net/YCPcpwrl09
Irc.Anonops.Li #OpFaceBook
Message:

Attention citizens of the world,

We wish to get your attention, hoping you heed the warnings as follows:
Your medium of communication you all so dearly adore will be destroyed. If you are a willing hacktivist or a guy who just wants to protect the freedom of information then join the cause and kill facebook for the sake of your own privacy. Continue reading →

Built by Mike Tassey and Richard Perkins, the Wireless Aerial Surveillance Platform (otherwise known as the WASP) is a flying drone that has a 6-foot wingspan, a 6-foot length and weighs in at 14 pounds. The small form factor of the unmanned aerial vehicle allows it to drop under radar and is often mistaken for a large bird. It was built from an Army target drone and converted to run on electric batteries rather than gasoline. It can also be loaded with GPS information and fly a predetermined course without need for an operator. Taking off and landing have to be done manually with the help of a mounted HD camera. However, the most interesting aspect of the drone is that it can crack Wi-Fi networks and GSM networks as well as collect the data from them.

It can accomplish this feat with a Linux computer on-board that’s no bigger than a deck of cards. The computer accesses 32GB of storage to house all that stolen data. It uses a variety of networking hacking tools including the BackTrack toolset as well as a 340 million word dictionary to guess passwords. In order to access cell phone data, the WASP impersonates AT&T and T-Mobile cell phone towers and fools phones into connecting to one of the eleven antenna on-board. The drone can then record conversations to the storage card and avoids dropping the call due to the 4G T-mobile card routing communications through VOIP. Continue reading →

Paypal collected 1000 IP addresses of those carrying out Anonymous’ DDoS attacks against PayPal last December. To be fair the names on the list will probably be the bottom feeding script kiddies rather than the hackers at the top of Anomymous’s greasy pole. The clever hackers know to mask their IP addresses first.
An FBI affidavit suggests the Untouchables may have lots more people to arrest. FBI agent Chris Thompson says PayPal security officials were in close contact with the bureau beginning 6 December, two days after PayPal froze WikiLeaks’ donation account and the first day it began receiving serious denial-of-service traffic.
FBI agents began monitoring Anonymous press releases while PayPal collected traffic logs on a Radware intrusion prevention system installed on its network.
Continue reading →

President Obama Monday declared a national emergency to battle what he characterizes as the extraordinary threat transnational criminal organizations pose to the nation’s security, foreign policy and economy.

As part of the national emergency declaration, the White House issued a strategy to combat transnational organized crime in which cyber plays a crucial component in fostering and combating transnational cybercrime.

“During the past 15 years, technological innovation and globalization have proven to be an overwhelming force for good,” Obama said in the introduction to the strategy. “However, transnational criminal organizations have taken advantage of our increasingly interconnected world to expand their illicit enterprises.”

The strategy’s 56 priorities include enhancing intelligence and information sharing and protecting the nation’s financial system and strategic market against transnational organized crime. Continue reading →