Date: Mon, 20 Dec 2010 20:10:46 +0530
Subject: [CCCNews] CCCNews Newsletter - dated 2010 December 20
December 20, 2010
Editor - Rakesh Goyal (firstname.lastname@example.org)
In today's Edition - (This is a news-letter and not a SPAM)
CONTROL : Trai moves to curb mobile phone theft
MITIGATION : New Google service identifies hacked sites
BEWARE : New Malware Kit Available on the Underground Market
TRUST? : Sr. Executives at Dell, AMD sold inside information
IT Term of the day
Quote of the day
* Direct Circulation in 4 Google groups (email@example.com and IT-Sec-NSE@googlegroups.com) and 2 more groups
You received this message because you are subscribed to the Google Groups "control-computer-crimes" group.
To post to this group, send email to firstname.lastname@example.org.
To unsubscribe from this group, send email to email@example.com.
For more options, visit this group at http://groups.google.com/group/control-computer-crimes?hl=en.
--Forwarded Message Attachment--
Centre for Research and Prevention of Computer Crimes, India
Courtesy - Sysman Computers Private Limited, Mumbai (www.sysman.in)
December 20, 2010
Today�s edition �
(Click on heading above to jump to related item. Click on �Top� to be back here)
Dec 20 2010
New Delhi, Dec. 19: Mobile phone thefts could soon become unprofitable for thieves if telecom regulator TRAI has its way. The regulator had proposed blocking the international mobile equipment identity (IMEI) number of stolen handsets. Telecom operators have also signalled that this is technically feasible.
Once this measure is accepted, stolen mobile phones will be automatically blocked and will be of no use. This could bring down incidence of mobile phone thefts, which run into lakhs.
The mobile operators have suggested the creation of a central data base of IMEI numbers of stolen phones, which could be shared by the service providers. IMEI is a unique 15-digit code that comes with every mobile handset and helps in identification. If this number gets blocked, stolen mobile phones will not be of any use. They have also proposed to bring a legislation to prevent cloning of IMEI numbers so that the stolen phones are not reprogrammed with duplicate IMEI numbers of existing subscribers without the knowledge of the service providers.
�The blocking of IMEI is an effective solution to discourage mobile theft. This is important considering the fact that the mobile industry is adding a monthly subscriber base of approximately 18-19 million and there has to be a mechanism to curb mobile theft thereby reducing the security risk,� said Bharti Airtel.
The company has said that blocking of the IMEI should be chargeable as there will be additional cost involved to upgrade the network to support the new requirement.
In its consultation paper Trai had said that presently, there is no mechanism in place to block a lost mobile phone. �The theft of mobile phones is a serious problem world over.
In India with the increased penetration of mobile services, (theft) is becoming an issue especially in urban areas where market place, malls, cinema halls, buses, trains and metro stations have become some of the hunting grounds for mobile phone lifters,� Trai said, and added that while there are mechanisms to prevent the misuse of the stolen mobile connection, service providers don�t take any action either for blocking the handsets or for tracking its usage.
In 2004 also Trai had issued a consultation paper in this regard. However, at that time, many service providers had no capability to track or block IMEI.
But the situation has changed since 2008 when the telecom department asked telcos to disconnect mobile phones which do not have IMEI numbers as they could be misused by terrorists or criminals. Thereafter telecom service providers put Equipment Identity Register (EIR) in their systems so that calls from mobile handsets without IMEI are rejected.
December 17, 2010
Google has launched a new service that notifies web surfers in search results if a website they may visit has been hacked.
The capability � which displays the warning: "This site may be compromised" � is distinct from Google's already existing malware detection system that inserts an alert � "This site may harm your computer" � beside a search result if a site may be serving malware.
According to Google, the new service seeks to identify those sites in which a hacker has compromised the site to change the content of pages or add new links and pages. The motive of the intruders, Google said, may be to phish visitors of their private information or embed spam links that can be used to improve the search results of a hacker-owned site, a tactic known as black hat search engine optimization (SEO).
Maxim Weinstein, executive director of StopBadware, a nonprofit anti-malware organization, which vets Google data to ensure the malware detection system is accurate, warned that even though the new feature does not necessarily call out sites that could harm a user's computer, they eventually may.
"I get the sense that [it is identifying] the same basic mechanism of how someone may insert malware into a site," Weinstein told SCMagazineUS.com on Friday. "The underlying security problem that could lead to one could very likely lead to the other."
He added that this service helps both web surfers and site owners.
"[Google is] saying, 'Look, we have the capability of figuring this out,'" Weinstein told SCMagazineUS.com on Friday. "'Instead of say just lowering the site in the search rankings a bit, we're actually going to flag it in a more aggressive, public way.'"
Google encourages users who see the alert to notify webmasters and ask them to correct the compromise.
In years past, Google has announced separate services specifically designed to help webmasters keep their sites secure.
Researchers discover new crimeware toolkit
December 19th, 2010
By Lucian Constantin
Security researchers from Symantec have spotted a new crimeware toolkit being sold on the underground market, which generates a trojan that is exclusively used to distribute malware.
Crimeware toolkits are programs that can be used to create customized versions of trojans along with their command and control (C&C) software.
ZeuS or SpyEye are some of the most well known examples of crimeware toolkits, but compared to this new one, which is called "Dream Loader," they are significantly more complex.
"The pack, version 0.3, is relatively new and seems to be originating from Russia; it was first found in November and is designed to be modular and load plugins," notes Symantec security researcher Andrea Lelli.
The pricing model is a bit different from that of other toolkits. Cyber criminals can buy a customized version of the trojan and associated Web interface for $550, but not the builder itself.
This allows the Dream Loader authors to charge an additional $30 for any subsequent modification required by customers. However, the trojan builder seems to have leaked it and can now be downloaded for free.
It can be used to configure two C&C domain, the gateway page which infected computers access and a password used to encrypt the communication.
The C&C software allows the botnet herders to see statistics about their bots, the countries where they are located and the commands sent to them.
The backdoor, which Symantec detects as Trojan.Karagany, can't do much except download and run executables or update itself, which suggests that it is being used in pay-per-install schemes.
In such operations, malware and scareware authors pay botnet runners to deploy their creations on as many computers as possible.
"The bot uses some known tricks in order to bypass security products and conceal its presence on the infected machine, although the end result is still a pretty basic executable which is easily detectable and removable," Lelli concludes.
By Robert McMillan
IDG News Service
December 16, 2010
Four executives at publicly traded technology companies have been arrested on charges they sold inside information about their employers, sometimes for hundreds of thousands of dollars.
The executives allegedly pocketed hefty consulting fees for selling data to Primary Global, a Mountain View, California, market research company. Primary Global recruits experts from a number of industries, including the technology sector, to provide information about trends that it then sells to money managers. But according to the U.S. Department of Justice, one of the firm's salesmen -- James Fleishman -- crossed the line and sold insider information to hedge funds.
"The information trafficked by the four 'consultants' went way beyond permissible market research," the U.S. Federal Bureau of Investigation said Thursday.
Primary Global declined to comment, except to confirm that the four insiders had worked for it as consultants, and to say that Fleishman, who has been with the company since June 2006, has now been placed on leave.
A former Dell global supply manager named Daniel Devore pleaded guilty to fraud charges on Dec. 10, the FBI said. He made US$145,750 from Primary Global between 2007 and 2010.
Devore is no longer employed by Dell, said Dell spokesman David Frink. "Dell is committed to the highest standards of ethics and integrity and we'll cooperate fully with law enforcement authorities," he said.
Devore also provided inside information concerning Dell suppliers including Western Digital and Seagate, according to court filings.
Fleishman was arrested Thursday on wire fraud and conspiracy charges.
Also arrested Thursday were Mark Longoria, formerly a supply chain manager with Advanced Micro Devices (AMD); Walter Shimoon, a senior director of business development with Flextronics International; and Manosha Karunatilaka, an account manager with Taiwan Semiconductor Manufacturing Company (TSMC), the DOJ said.
All three are facing wire and securities fraud charges.
AMD's Longoria made more than $200,000 during a two-year period, prosecutors say.
"It appears that AMD is the victim of an insider trading scheme," AMD said Thursday. Longoria resigned from the company on Oct. 22, 2010, and AMD has been cooperating with the investigation, the company said.
Shimoon, who worked for Apple partner Flextronics, allegedly "provided highly confidential sales forecast information and new product features for Apple's forthcoming 'iPhone' cellular telephone," the FBI said. He earned $22,000 in consulting fees.
Karunatilaka allegedly provided TSMC sales and shipping information.
Pronounced DEE-mun or DAY-mun. A process that runs in the background and performs a specified operation at predefined times or in response to certain events. The term daemon is a UNIX term, though many other operating systems provide support for daemons, though they're sometimes called other names. Windows, for example, refers to daemons as System Agents and services.
Typical daemon processes include print spoolers, e-mail handlers, and other programs that perform administrative tasks for the operating system. The term comes from Greek mythology, where daemons were guardian spirits.
Information has never been so free. Even in authoritarian countries information networks are helping people discover new facts and making governments more accountable.
US Secretary of State
January 21, 2010
(Is the statement still valid post-Wikileaks?)
- As a member of this group, you get useful information to protect yourself and your IT assets and processes from various Computer and Related Crimes.
- If you think that your other friends/colleagues/acquaintances/relatives/foes/enemies also needs this information, forward the mail to them and request them to send their e-mail addresses and names to us with subject as "Subscribe".
- If you or someone has become victim of Computer Crimes or has any query on prevention, you are welcome to write to us.
- If you are not interested in it and would like to unsubscribe - send a reply mail with subject as "Unsubscribe".
- Disclaimer - We have taken due care to research and present these news-items to you. Though we've spent a great deal of time researching these matters, some details may be wrong. If you use any of these items, you are using at your risk and cost. You are required to verify and validate before any usage. Most of these need expert help / assistance to use / implement. For any error or loss or liability due to what-so-ever reason, CRPCC and/or Sysman Computers (P) Ltd. and/or any associated person / entity will not be responsible.