Viruses target social networks

Last week i fell victim to a virus. More correctly i fell victim to  a piece of maleware / spyware. Being as i a work in IT it didn’t cause to much of a problem, but it did make me take another look at the whole spyware problem.

The first think that surprised me wass that my current anti virus/maleware software had not picked it up. I’m a bit of a security control freak and actually run online, gateway , server and desktop Av, none of which detected or matched the patterns in this virus. The virus managed to set up its own proxy server on my machine, bypass my own proxy server, disable my local Av software and  run a number of exe files that mimicked the windows alert modules telling me the system had detected a problem and offering to install software to help. In fact even when i ran deep scans with trend, and spybot search and destroy, 2 leading titles in anti maleware they reported that my system was running normally with to viruses found. It was obvious that i did have a problem, in that there were around 160 exe files running and a new windows explorer window appearing every couple of minutes. It didn’t take long to do a quick google search on the individual exe files and find something that could remove it.

The second thing that surprised me, how easily i almost fell for providing my credit card details on a machine i knew to be affected. After 2 days of working on my laptop, while the very time consuming deep scans ran on my workstation,  I was so pleased to have found something that promised to kill the virus for once and for all that i very almost, went ahead and payed the $30 for an online license.

The third thing worth mentioning is how i fell for getting the virus in the first place. I guess it was a cross between a social engineering attach and a straightforward maleware attack. I in short i got a message on facebook inviting me to view a movie clip from a friend, this then took me to what looked like that persons you tube account, but where you would expect to see the movie playing there was a message saying that my version of flash player was out of date and to click to continue, the usual warning popped up before installing. All of which i clicked through, as it look so similar to a genuine flash updater. Next think you know i’ve restarted and all sorts of pop ups are saying a virus has been detected and linking to software products to purchase to remove this.

When you think about it, this is genius. The latest generation of internet users are very into social networks, but are much less tech savvy when it comes to security, and protecting themselves. They are so used to clicking ‘yes’,  ‘install’, ‘accept’, ‘i agree’, without reading anything of what they are actually agreeing to that they are easy targets when it comes to installing harmful stuff, like maleware and viruses. I myself am a classic example, busy day in the office and a box pops asking me to agree to an update to software i trust from a person i know and i say yes without a second thought.

It would seem that i am nt the only one thought, cnet this week reported on the koobface virus currently hitting facebbok users, and there are no end of others popping up everyday.

Advertisements
Viruses target social networks

Virtual murder, leads to real life arrest.

Earlier this week I wrote a post about Wayne Forrester, the 34 year from here in the Uk, jailed for life for murdering his wife after she changed her facebook status to single. Well in a strange turn of events I find myself blogging once again, this time about a real arrest following a virtual murder.

Mayumi Tomari a Japanese woman of 43, was taken 620 miles from her home in Southern Miyazaki to Sapporo for questioning by police on suspicion of illegally accessing a computer and manipulating electronic data, to kill off his in game avatar.

It is believed that the old piano teacher became so enraged that her online husband (in computer game MapleStorey) had unexpectedly divorced her, that she used logon information the 33 year old office workers had given her while they were happily married (in the game) to delete his account. It is believed that the two have never met in the real world and that the man made the complaint to police after finding his avatar (character that represent’s him in the game) was dead.

While she has not yet formally been charged she could face a 5 year prison sentence or a fine of more that £3,000 if convicted. There have been several arrests in the past for virtual crimes, but unlike this case these usually involved corresponding material gains in the real world.

I think this is a case of real life being stranger than fantasy. Also in the news this week was the story of a blogger arrested in Newcastle and charge with offences under the obscene publications act for describing what he would like to do to a geordie pop star in girl band Girls Aloud. The blurring of reality and virtual reality has to make you wonder what will be next? Will we start getting actual speeding fines for racing cars on online games, or worse still tax bills for virtual purchases.

My advice to Japanese office workers considering a quicky divorce from their online spouses – change your password first!
My advice to this victim, if your behavior results in murder in the virtual world, stay single in the real world!  Finally my advice to miss Tomari’s piano students – keep practicing she’s obviously easily upset!

Sources: the telegraph, The Yomiuri Shimbun, associated news

Virtual murder, leads to real life arrest.

FBI Honeytrap Darkmarket.ws is sprung

Following a two year undercover operation in conjunction with a number of other international law enforcement agencies, this week the FBI nabbed 56 Cyber Criminals and prevented an estimated $70 million in frauds.

Reports in Computer weekly state that the Uk’s Serious Organised Crime unit worked closely with the FBI Cyber Crimes Division and that arrests were made in London, Manchester, Leicester, Humberside and South Yorkshire.

The operation revolved around online ‘carder’ forum, Darkmarket.ws, where members buy and sell stolen credit card data, login credentials, other financial information and devices used to carry out certain financial crimes.

Darkmarket.ws was shuttered on 4th October 08, Master Splyntr blamed this on the site drawing too much attention after fellow administrator known as Cha0, aggresivetly marketed a high quality card skimmer on the site.

The site was registered in June 2006 and believed to have had 2,500 members, attracting 563,299 hits last month, Most members believing the site to be ran out of Eastern Europe, but it was almost exposed in 2006 when uber-hacker Max Ray Butler cracked the site’s server and announced to the underground that he’d caught Master Splynter logging in from the NCFTA’s office

In an FBI press release Cyber Division Assistant Director Shawn Henry states that ‘in a world of rapidly expanding technology, cyber crimes can be perpetrated instantly from anywhere in the world’ and explains the importance of being flexible and creative in their approach to this sort crime that taking them to online forums more and more frequently.

While the operation would appear to be a huge success, there has been some criticism from victims of these crimes, suggesting that the FBI actually set up and ran the site as a honey trap. German public radio went as far as to suggested that Master Splyntr the man believed to be behind the site was actually an FBI agent and that a Darkmarket server was located in an FBI building in Pittssburgh.

Researching this subject did beg the questions, how do you pay when your buying a stolen identities online from a bunch of cyber criminals? And what does a cyber criminal actually look like, are we talking an Arthur daily style character in a sheep skin jacket and sovereign rings, a Gordon Gecko in a sharp business suit or a pimply teenaged geek like the kid in war games?

Sources:  FBI, wired, itworld

FBI Honeytrap Darkmarket.ws is sprung