Search This Blog

Showing posts with label Kaspersky. Show all posts

Russian hacker accused the ex-employee of Kaspersky Lab of forced hacking


Hacker, who has been in the pretrial detention center for the fifth year, made a statement to the head of the Investigative Committee of Russia. He insists that his case was fabricated with the participation of a Kaspersky Lab convicted of high treason along with FSB officers.

Russian hacker Dmitry Popelysh, accused of stealing money from the accounts of Sberbank and VTB together with his twin brother Eugene, said that he sent a complaint to the head of the Russian Investigative Committee. According to the hacker, the criminal case against him and his twin brother was fabricated.

The hacker said that ex-employee of Kaspersky Lab Stoyanov blackmailed and threatened him. Later, he demanded that brothers Popelysh provide technical support to some servers.

It is reported that mentions of an unknown employee who forced the hackers to commit hacks is in the surrender of Popelysh for 2015. However, this information was not verified by the investigation.

Previously, Stoyanov was the head of the computer incident investigation Department at Kaspersky Lab. He also participated in the examination of case of Popelysh.

The representative of Kaspersky Lab told that the company is not aware of Dmitry Popelysh’s appeal to the Investigative Committee.

Recall that in 2012 the brothers Popelysh were convicted of embezzlement of 13 million rubles from customers of banks. In 2015, they were again detained and accused of creating and actively using malware. According to the case, the men stole about 12.5 million rubles ($195,000) in two years. In the summer of 2018, they were sentenced to eight years. In 2019, the sentence was canceled in connection with "violations committed during the preliminary investigation." In total, they have been detained for four years and four months.

It is interesting to note that Dmitry Popelysh is already the second Russian hacker who publicly stated that experts investigating his criminal case forced him to commit hacks. Konstantin Kozlovsky, who has been in a pretrial detention center since May 2016 on charges of organizing a hacker group Lurk, claimed that he was recruited by FSB in 2008 and done various cyber attacks for a long time. He also mentioned that his supervisor was FSB major Dmitry Dokuchaev.

There are tens of thousands of cyber criminals in the world, says kaspersky

Russian experts from Kaspersky Lab, the company, specializing in the development of protection systems against computer viruses, spam, hacker attacks and other cyber threats, revealed the details of hackers. According to them, there are currently tens of thousands of cybercriminals on the Internet, of which at least 14 hacker groups specializing in certain groups of users and organizations are Russians.

According to experts, financial cybercriminals are the largest group. They attack banking infrastructure, business and individuals. There are several schemes giving the opportunity to withdraw funds from corporate accounts and go unpunished.

There are also a number of hacker groups developing phishing and spyware programs. They are the most technically equipped.

The drops, which are responsible for contacts with the physical world, risk more than others. Next in the list are botters, or operators, who remotely control malicious computer software.

"In total, there are several tens of thousands of hackers in the world who must be constantly trained. Inexperienced hackers can simply lose their jobs without new knowledge due to the active development of technology ", — said the experts of Kaspersky Lab.

Hackers mainly communicate among themselves in half-closed or closed forums. They have the opportunity to discuss, group and involve third-party experts to cooperate. Every day several dozens of new topics appear on such forums. An entry ticket to closed forums can be an entrance fee or recommendation from a hacker with a reputation. Top spyware developers usually ignore the forums. According to experts, only several hundred people in the world are in the highest category of hackers.

Hackers used ASUS Software Updates to Install malware on thousands of computers





Researchers at cybersecurity firm Kaspersky Lab found out that recent Asus’ software update system was hacked and used to distribute malware to millions of its customers.

The malware was masked as a  “critical” software update, which was distributed from the Asus’ servers. The malicious malware file was signed with legitimate ASUS digital certificates that made it look an authentic software update from the company, Kaspersky Lab says.

 The report of the hack was first reported by Motherboard, and Kaspersky Lab plans to release more details as soon as possible at an upcoming conference.

The intentions of hackers behind doing this is not clear. However, from the early investigation, it is reported that the hackers seem to target a bunch of specific Asus customers as it contains special instructions for 600 systems, which is identified by specific MAC addresses.

Till now, Asus has not contacted any of its affected customers or taken any step to stop the malware. In an email interview with the Verge, Asus said that they would issue an official statement on the malware tomorrow afternoon.

According to the Motherboard, Asus apparently denied that the malware had come from its servers.

“This attack shows that the trust model we are using based on known vendor names and validation of digital signatures cannot guarantee that you are safe from malware,” said Vitaly Kamluk, Asia-Pacific director of Kaspersky Lab’s Global Research and Analysis Team who led the research.



Skygofree Malware: One of Most Advanced Spyware Ever Seen

Russian cybersecurity lab, Kaspersky, has found out a new advanced Android spyware having “never before seen” features that lets hackers carry out advanced surveillance on Android phones, such as location-based audio recording, WhatsApp message theft, and connecting an infected device to Wi-Fi networks controlled by cybercriminals.

The malware, dubbed as “Skygofree,” was reportedly found on malicious websites in Italy. According to Kaspersky, the malware is most likely an offensive security product sold by an Italy-based IT company that markets various surveillance wares.

More information including, Skygofree's commands, indicators of compromise, domain addresses, and device models targeted, can be found in their blog post on Securelist.

The spyware functions by tricking the “Accessibility” feature present in Android to help users with disabilities access their apps. Using this, the spyware can read the messages displayed on the screen, even those sent by the user.

Skygofree is also capable of taking pictures and video, recording audio and noise according to the location specified by the hacker, record Skype conversations, seizing call records, geolocation data, and other sensitive data.

Kaspersky believes that, just like an earlier hack in 2015 by Hacking Team, an Italy-based spyware developer, Skygofree was also developed by Italians.

Skygofree has allegedly been active since 2014 and has been targeting select individuals, who are all from Italy. The spyware has been undergoing regular development since then and as many as 48 commands were found in the latest version.

UK spymasters suspect Russia is using Kaspersky to spy on people

 

British Intelligence service is reportedly worried that Kaspersky Antivirus offered by Barclays to its customers may be being used by Russian Intelligence agency to spy, according to The Financial Times.

An unnamed official told The Financial Times that GCHQ, British intelligence agency has concerns over widespread distribution of Kaspersky in the UK.

Intelligence officials fear that this might allow Russia to gather intelligence from the computers of Government employees members of the military who are customers of the Bank and have downloaded the software.

The Financial Times added that "No evidence suggests that any data of Barclays customers have been compromised by use of Kaspersky software on their computers."

However, the bank said they were planning to end the deal with Kaspersky for commercial reasons that doesn't have any connection with the GCHQ concerns.

Kaspersky denied the allegations and said the company does not have inappropriate ties with any government.

"No credible evidence has been presented publicly by anyone or any organization. The accusations of any inappropriate ties with the Russian government are based on false allegations and inaccurate assumptions, including the claims about Russian regulations and policies impacting the company." Kaspersky said.

Earlier this year, US Spymasters and FBI chief said that they do not trust software from Russian antivirus company Kaspersky.

- Christina
 

Kaspersky solved the mystery of Duqu Framework : written in OO C

Finally, Researchers around the world helped Kaspersky researchers to solve the 'Mystery of Duqu Framework'. Kaspersky researchers announced that the mystery code was written in the 'C' programming language and compiled with MSVC 2008 .

The mystery began earlier this month, when Kaspersky researchers struggled to determine what programming language had been used to develop the Duqu Trojan. Kaspersky researchers asked the programming community for help in finding out the name of the programming language.

The most popular suggestion were Variants of LISP, Forth,Erlang, Google Go,Delphi, OO C, Old compilers for C++ and other languages

With the help of community's response, researcher cracked the code and identified the code as 'C' code compiled with Microsoft Visual Studio 2008 using the special options “/O1” and “/Ob1”.

Read the full story here.

Duqu Framework written in an unknown Programming language..?!


Kaspersky facing difficulty in identifying the programming language of Duqu Framework. Today, Researcher Igor Soumenkov shared their findings about the Duqu in Kaspersky lab post.

"At first glance, the Payload DLL looks like a regular Windows PE DLL file compiled with Microsoft Visual Studio 2008 (linker version 9.0). The entry point code is absolutely standard, and there is one function exported by ordinal number 1 that also looks like MSVC++. " Researcher wrote in the post.

"This function is called from the PNF DLL and it is actually the “main” function that implements all the logics of contacting C&C servers, receiving additional payload modules and executing them. The most interesting is how this logic was programmed and what tools were used."

After analyzing the Duqu, researcher come to come to conclusion that Duqu Framework have been written in an unknown programming language. The mysterious programming language is definitively NOT C++, Objective C, Java, Python, Ada, Lua and many other languages they have checked.

Compared to Stuxnet (entirely written in MSVC++), this is one of the defining particularities of the Duqu framework.

Kaspersky request programmers to recognize the framework , toolkit or the programming language that can generate similar code constructions.  If anyone find the answer contact them via this email stopduqu@kaspersky.com or post a comment in their official blog.

You can read the full report about the Duqu here.

Kaspersky Lab announced the partnership with TAGHeuer (Swiss luxury watchmaker)


Kaspersky Lab, announced the partnership with TAGHeuer  (Swiss luxury watchmaker).

TAG Heuer has launched its first luxury touchscreen smartphone TAG Heuer LINK, operating on Android. For this unique smartphone Kaspersky Lab has developed TAG Heuer Mobile Security (Powered by Kaspersky). This user-friendly and reliable security software provides complex malware and data protection.

Commenting on the new partnership, Eugene Kaspersky, Chairman and CEO of Kaspersky Lab, said: “We are happy to start our partnership with and to provide protection for users of TAG Heuer smartphones. Kaspersky Lab and TAG Heuer have common core values, such as best-of-breed reliability, cutting edge technology, and constant innovation. TAG Heuer Mobile Security is our first project in the luxury segment, and we are looking forward to further develop our partnership with TAG Heuer.”

The new TAG Heuer LINK phone is the ultimate communication tool. Swiss-engineered, French-built, and equipped with upgradeable Google Android software, it combines elegance, reliability and unparalleled access and connectivity. Luxuriously crafted and detailed, the TAG Heuer LINK incorporates the most prestigious materials and advanced components in the watchmaking and automotive worlds, including black PVD, diamonds and rose gold. The mirror-polished and fine-brushed stainless steel is premium grade surgical 316L, corrosion-resistant and hypoallergenic.

TAG Heuer Mobile Security (Powered by Kaspersky) provides top grade protection from network attacks, malware targeting mobile platforms, and SMS spam. On top of that it allows users to locate a lost or stolen smartphone using the GPS Find function, store all digital assets in encrypted folders, and remotely block or wipe the smartphone if it is lost or stolen. With Kaspersky Lab’s Mobile Security, the owner of a LINK smartphone is able to efficiently manage private contacts, filter out annoying calls and texts by assigning contacts to black lists and white lists, restrict children’s calls and texts, and monitor the phone’s whereabouts using GPS Find

Duqu is an upgraded version of Stars, Spyware that infected Iran


One of Best Antivirus firm ,Kaspersky enabled protection against the infamous Duqu worm.  Now it detects all version of Duqu.  Kaspersky's Developers Successfully updated the kaspersky to detect Trojan.Win32.Duqu and all other Trojans that exploit the CVE-2011-3402 vulnerability.

Recently, the Duqu Trojan became infamous that successfully exploit the Zero-Day Vulnerability. You can get more information about the malware here.

Following that, Organization start to give protection against the Duqu Trojan. NSS Labs released Anti-Duqu tool.

Also Microsoft issued a temporary fix for this vulnerability.

Duqu is Upgraded Version of "Stars" Malware in Iran:
The Research at Kaspersk's Lab unveils additional information about the Duqu worm.  As the result of their investigation, Duqu is first spotted as "Stars" Malware(a malware created to spy on Iran's nuclear system). 

April 2011(this year), Iran announced that they were under cyber attack with Malware named as "Stars" . Kaspersk researchers confirmed that some of the targets of Duqu were hit on April 21, using the same method involving CVE-2011-3402, a kernel level exploit in win32k.sys via embedded True Type Font (TTF) file.

According to analysis by IrCERT (Iran's Computer Emergency Response Team) Duqu is an upgraded version of "Stars".

Everymonth number of Botnets increased in millions~ Report from Kaspersky


“Hundreds of thousands of machines are joining botnets every month. Most of these botnets are used to propagate spam or distribute malware that can be used in cyber espionage. Some of them are used in DDoS attacks or as proxies to commit other cybercrimes.",Vitaly Kamluk, Chief Malware Expert, Global Research and Analysis Team, Kaspersky Lab

According to Kamluk, the largest botnet is Conficker, with more than 8 million infected hosts, followed by TDSS with more than 5.5 million, Zeus with more than 3.6 million, and Koobface with more than 2.9 million.

"One could think that laws should be able to help us. Indeed, there is a law that prohibits unauthorized access to remote systems, i.e., third parties cannot use the resources of the other’s machine. However, cybercriminals successfully bypass this law. They utilize and exploit systems in any way they want – to commit crime, earn money, etc. At the same time we researchers come up against the same law – but in our case it prevents us from fighting botnets

As an example of what could be done but cannot even be contemplated, there are over 53 000 command and control (C&C) centers on the Internet (source: www.umbradata.com). In many cases we know where the C&C centers of these botnets are, so in theory we could contact the owner’s Internet Service Provider and ask it to take it down or to pass control of the center to us. This would be the right decision if we didn’t want to leave all those thousands of infected machines online - continuing to attack other machines. We could issue a command for a bot to self-destroy itself from within the botnet infrastructure (starting from the command center) and then take it down. But unfortunately this represents unauthorized access, and we are not allowed to issue such a command",Kamluk.

He recommended that law enforcement consider taking the following steps to help investigators in fighting botnets:

  • Carrying out mass remediation via a botnet;
  • Using the expertise and research of private companies and providing them with warrants for immunity against cybercrime laws in particular investigations, so they can collect more evidence, or bring down a malicious system when it cannot be accessed physically;
  • Using the resources of any compromised system during an investigation - so that we can place traps on compromised machines to get the source IP addresses of the attackers, and to bypass the mechanisms they use to hide their identities;
  • Obtaining a warrant for remote system exploitation - only in the cases when no other alternative is available. Of course this could result in cyber espionage. But if it is done properly – if the warrant is given for particular system, in a particular case, for particular timespan – this could bring positive results. Indeed, it could significantly change the cyber-threat landscape.”