Thursday, November 06, 2014

Automating Victim Notifications - 1800 unique victims notified today

Wapack Labs has been running sinkholes since early April of this year. Up until recently we have been performing manual victim notifications however recent activity forced us to automate. Two recently sink-holed domains started generating a large quantity of traffic. One was from an old worm that has been around since 2010 but is apparently still
propagating.

http://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Worm:Win32/Esfury

The second is from a malware variant detected as Troj/Neurevt-K

http://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Troj~Neurevt-K/detailed-analysis.aspx

In less than a week of monitoring, a total of 19561 victims checked into our sinkhole. Amongthe total victims, there were approximately 1800 unique networks and/or ISPs. As part of the notifications, we are providing the victim data, destination domains and timestamps of activity. If you received one of these notifications and need more clarification, shoot us a note at notifications[at]wapacklabs.com.

Jeff

The sh*t heading toward the fan? North Korea and nuke weps?

It should come as no surprise that North Korea is building nuclear weapons, and, it should come as no surprise that they'd probably like to use them on American targets and local neighbors (although the fallout would probably head north with the wind... I'm not sure they're ready for mass radiation poisoning.).. so I'll assume they're being made for American targets.

Im curious... were the PLCs made by Siemens?



Wirelurker?

For all of you Mac users (like me) and IOS users (not like me, but there are a ton of you), Wirelurker is new interesting in the threat category.  Palo Alto published a great tech piece on the new malware, but didn't do a great job of telling what it does and why it's bad, so here you go...

It's bad. It's another class of malware that opens your system up for access by outsiders. For the non-geeks reading this, know this... you need to check for it, and if you've got it, get rid of it.

The Palo Alto report can be found here.

They've also published a script that can be used to check your system. It's easy to use. Copy and paste the commands into Terminal and hit enter. I've copied the Palo Alto's instructions from their GitHub below.

Usage
  1. Open the Terminal application in your OS X system;
  2. Execute this command to download the script:
  3. Run the script in the Terminal:
    python WireLurkerDetectorOSX.py
  4. Read the output messages and detection result.
For any issue on the code and its result, please create a issue here:https://github.com/PaloAltoNetworks-BD/WireLurkerDetector/issues

Wednesday, November 05, 2014

This is AWESOME!! AirHopper - Hacking via FM Radio signals!

THIS IS AWESOME! Do you have any idea how many times I've fired up my shortwave radio and
listened to some far away place (from a really secure place --if course it was an approved device --I'm just sayin!) just for some entertaining white noise while I focused on something else?  And no, I don't trust internet radio to not place something on my machine --intentionally or unintentionally!

I'm a huge fan, and a long time amateur radio operator.  This really takes me back.  I remember (ahem, hypothetically of course) clipping the band pass filters on my 2 and 6 meter rigs to listen in on other frequency ranges (I won't say which ranges); screwing with a Sun Sparq 20 generating packet radio in early experiments between routers and repeaters (some even worked!), but the idea of hacking a computer via frequency modulation (FM radio signals) is AWESOME! In my minds eye I can see some ways this would be logical, but never thought I'd see the day.  Pay attention folks! The game changes yet again, and neither air gapping or disabling internet connections is going to help! Ah yes, radio frequency. Gotta love it!

Where do they come up with this stuff??

You've got to check out the video! (of course, at your own risk!)


Monday, November 03, 2014

SCHWEEEEETTT

You've heard me say it before. I'm a believer that if someone breaks into my home in the middle of the night and threatens me or my family, I should have the right to defend myself, my family, and my
property. And I'm a believer that my second amendment rights should extend to cyber space as well.  If someone breaks into my computer in the middle of the night, not only should I have the ability to defend myself, but also fight back. There will be consequences for sure, and when hitting someone bigger, faster, or smarter, I may just get my clock cleaned. And if I shoot and hit the wrong guy, well, again, consequences...

So why the heck are we sitting back taking it? Well, at least one country believes enough is enough. The Netherlands says that they will start hacking back in 2015. Good, bad, right, wrong, or indifferent as you might think, my feeling is this opens up a whole new can of worms. I think it's a game changer.