Author: admini

Cyber attacks on U.S. banks likely to continue, experts say. Even before the threat of malware from the Blackhole exploit kit could die down, a new exploit kit has emerged, a security vendor warned over the weekend.

Trend Micro said the new kit, which it dubbed Whitehole Exploit Kit, uses similar code as Blackhole —but does not bother to hide itself. “However, the people behind this kit are already peddling the kit and even command a fee ranging from $200 to $1,800,” it said.

Trend Micro said an analysis of sample exploit malware, detected as JAVA_EXPLOYT.NTW, exploits vulnerabilities to download malicious files on a victim’s computer. It then downloads BKDR_ZACCESS.NTW and TROJ_RANSOM.NTW, noting ZACCESS/SIRIEF variants are known bootkit malware that download other malware and push fake applications. “This specific ZACCESS variant connects to certain websites to send and receive information as well as terminates certain processes. It also downloads additional malicious files onto already infected systems,” Trend Micro said.

On the other hand, ransomware typically locks systems until users pay money via specific payment modes. “Given Whitehole’s current state, we may be seeing more noteworthy changes to the exploit kit these coming months.”

Link: http://www.gmanetwork.com/news/story/294043/scitech/technology/new-whitehole-malware-exploit-kit-revealed

While potentially damaging to the bank execs, the data was less critical than other information held by the central bank, such as sensitive financial data or confidential policy communications.

“While it may not seem so to the bankers whose information was compromised, when you put it into perspective — we are talking about the Federal Reserve — this data is really the low-hanging fruit,” said Al Pascual, security analyst for Javelin Strategy & Research.

Unconfirmed, media speculation had the flaw as a known vulnerability in Adobe ColdFusion software, which is used by some Federal Reserve websites. The data that was stolen from the Fed and posted on the Web could likely become a headache for the bank execs. Hackers could use the information to craft email that would be more likely to trick recipients into clicking on an attachment or a link to a malicious website.

Link: http://www.networkworld.com/news/2013/020713-fed-hack-highlights-software-patching-266497.html

The leak is part of Operation Last Resort, the group’s campaign to reform computer crime law in the wake of Aaron Swartz’s death, according to the faction’s Twitter account.

The leaks came after computer attacks last weekend in which the hacktivist group turned the United States Sentencing Commission website into a game of Asteroids.

Last Monday, a House panel issued a letter to Attorney General Eric Holder demanding answers regarding the prosecution of Aaron Swartz. The group believes that an overzealous prosecution and outdated computer crime laws may have contributed to Swartz’s suicide.

Swartz, a Harvard researcher who was known for his contributions to the development of RSS and the popular website Reddit, was charged for a slew of crimes including computer and wire fraud after breaking into MIT campus and systematically downloading academic journals from a service called JSTOR.

Link: http://www.foxnews.com/tech/2013/02/04/anonymous-leaks-personal-information-4000-bank-execs/