Tag Archive: Abbotsford Computer Repair


Bitcoins, other digital currencies stolen in massive ‘Pony’ botnet attack

Cybercriminals have infected the computers of digital currency holders, using a virus known as “Pony” to make off with account credentials, bitcoins and other digital currencies in one of the largest attacks on the technology, security services firm Trustwave said.

The attack was carried out using the “Pony” botnet, a group of infected computers that take orders from a central command-and-control server to steal private data. A small group of cybercriminals were likely behind the attack, Trustwave said.

Over 700,000 credentials, including website, email and FTP account log-ins, were stolen in the breach. The computers belonging to between 100,000 and 200,000 people were infected with the malware, Trustwave said.

The Pony botnet has been identified as the source of some other recent attacks, including the theft of some 2 million log-ins for sites like Facebook, Google and Twitter. But the latest exploit is unique due to its size and because it also targeted virtual wallets storing bitcoins and other digital currencies like Litecoins and Primecoins.

Eighty-five wallets storing the equivalent of $220,000, as of Monday, were broken into, Trustwave said. That figure is low because of the small number of people using Bitcoin now, the company said, though instances of Pony attacks against Bitcoin are likely to increase as adoption of the technology grows. The attackers behind the Pony botnet were active between last September and mid-January.

“As more people use digital currencies over time, and use digital wallets to store them, it’s likely we’ll see more attacks to capture the wallets,” said Ziv Mador, director of security research at Chicago-based Trustwave.

Most of the wallets that were broken into were unencrypted, he said.

“The motivation for stealing wallets is obviously high—they contain money,” Trustwave said in a blog post describing the attack. Stealing bitcoins might be appealing to criminals because exchanging them for another currency is easier than stealing money from a bank, Trustwave said.

There have been numerous cyberattacks directed at Bitcoin over the last year or so as its popularity grew. Last year, a piece of malware circulating over Skype was identified as running a Bitcoin mining application. Bitcoin mining is a process by which computers monitor the Bitcoin network to validate transactions.

“Like with many new technologies, malware can be an issue,” said a spokesman for the Bitcoin Foundation, a trade group that promotes the use of Bitcoin, via email. Wallet security should improve, the spokesman said, as more security features are introduced, like multisignature transactions, he said.

Digital currency users can go to this Trustwave site to see if their wallets and credentials have been stolen.

Source: PC World

Sophisticated botnet steals more than $47M by infecting PCs and phones

A new version of the Zeus trojan—a longtime favorite of criminals conducting online financial fraud—has been used in attacks on over 30,000 electronic banking customers in Europe, infecting both their personal computers and smartphones. The sophisticated attack is designed to circumvent banks’ use of two-factor authentication for transactions by intercepting messages sent by the bank to victims’ mobile phones.

The malware and botnet system, dubbed “Eurograbber” by security researchers from Check Point Software and Versafe, was first detected in Italy earlier this year. It has since spread throughout Europe. Eurograbber is responsible for more than $47 million in fraudulent transfers from victims’ bank accounts, stealing amounts from individual victims that range from 500 Euros (about $650) to 25,000 Euros (about $32,000), according to a report published Wednesday.

The malware attack begins when a victim clicks on a malicious link, possibly sent as part of a phishing attack. Clicking on the link directs them to a site that attempts to download one or more trojans: customized versions of Zeus and its SpyEye and CarBerp variants that allow attackers to record Web visits and then inject HTML and JavaScript into the victim’s browser. The next time the victim visits their bank website, the trojans capture their credentials and launch a JavaScript that spoofs a request for a “security upgrade” from the site, offering to protect their mobile device from attack. The JavaScript captures their phone number and their mobile operating system information—which are used in the second level of Eurograbber’s attack.

With the phone number and platform information, the attacker sends a text message to the victim’s phone with a link to a site that downloads what it says is “encryption software” for the device. But it is, in fact, “Zeus in the mobile” (ZITMO) malware—a Trojan crafted for the Android and BlackBerry mobile operating systems that injects itself between the user and the mobile browser and SMS messaging software. With both devices now compromised, the malware waits for the victim to access a bank account, and then immediately transfers a percentage of the victim’s balance to an account set up by the criminals running the botnet.

The malware then intercepts the confirmation text message sent by the bank, forwarding it to the trojan’s command and control server via a relay phone number. The server uses the message to confirm the transaction and withdraw the money. The same process happens every time the victim logs into their bank account, gradually withdrawing money without alerting the user.

Both Checkpoint and Versafe have added signature and behavior detection to their malware protection products that can block Eurograbber. Updating software that is a frequent target for Web “driveby download” exploits—such as Adobe Flash, Java, and Web browsers—can help prevent infection by the malware, as can a healthy amount of paranoia about clicking links in e-mails.

Source: Arstechnica

Half a million Mac computers ‘infected with malware

More than half a million Apple computers have been infected with the Flashback Trojan, according to a Russian anti-virus firm.

Its report claims that about 600,000 Macs have installed the malware – potentially allowing them to be hijacked and used as a “botnet”.

The firm, Dr Web, says that more than half that number are based in the US.

Apple has released a security update, but users who have not installed the patch remain exposed.

Flashback was first detected last September when anti-virus researchers flagged up software masquerading itself as a Flash Player update. Once downloaded it deactivated some of the computer’s security software.

Later versions of the malware exploited weaknesses in the Java programming language to allow the code to be installed from bogus sites without the user’s permission.

Dr Web said that once the Trojan was installed it sent a message to the intruder’s control server with a unique ID to identify the infected machine.

“By introducing the code criminals are potentially able to control the machine,” the firm’s chief executive Boris Sharov told the BBC.

“We stress the word potential as we have never seen any malicious activity since we hijacked the botnet to take it out of criminals’ hands. However, we know people create viruses to get money.

“The largest amounts of bots – based on the IP addresses we identified – are in the US, Canada, UK and Australia, so it appears to have targeted English-speaking people.”

Dr Web also notes that 274 of the infected computers it detected appeared to be located in Cupertino, California – home to Apple’s headquarters.

Java’s developer, Oracle, issued a fix to the vulnerability on 14 February, but this did not work on Macintoshes as Apple manages Java updates to its computers.

Apple released its own “security update” on Wednesday – more than eight weeks later. It can be triggered by clicking on the software update icon in the computer’s system preferences panel.

The security firm F-Secure has also posted detailed instructions about how to confirm if a machine is infected and how to remove the Trojan.

Although Apple’s system software limits the actions its computers can take without requesting their users’ permission, some security analysts suggest this latest incident highlights the fact that the machines are not invulnerable.

“People used to say that Apple computers, unlike Windows PCs, can’t ever be infected – but it’s a myth,” said Timur Tsoriev, an analyst at Kaspersky Lab.

Apple could not provide a statement at this time.

Ryan: Download Apple’s security update for the Flashback Trojan here.

Source: BBC News

Microsoft removes ‘Start’ button from latest Windows 8 build

Do you like the Windows ‘Start’ button? Well, if you do, you’d better get used to it being gone in Windows 8 because it seems that Microsoft has removed it from the latest builds of the operating system.

Here’s a leaked screenshot from the near-final Windows 8 “Consumer Preview” version (build 8220) which comes to us via PCBeta.com:

Notice the absence of the traditional Start button? I’ve reached out to a few contacts who confirm to me that the button has indeed been removed and replaced with a hotspot in the corner that will duplicate the functionality offered by the old button.

The Start button was first introduced in Windows 95, and has been present in every version of Windows since.

Now here’s the real question … does Microsoft intend to permanently remove the Start button, or is this a trial balloon and Microsoft is looking to see what the feedback from users will be?

Source:  PCBeta