Thursday, 19 April 2012

Rogue version of Instagram app sends SMS to premium rate numbers

Cyber criminals have created a fake Instagram app to earn money by taking advantage of all the hype surrounding Facebook’s acquisition of Instagram.

The Instagram photo effects filter and sharing app has been all over the news since Facebook bought it for $1 billion last week. The app has been downloaded more than 5 million times less than a week after being released.

According to sophos security researcher,  the fake app looks like the legitimate one,but in the background it secretly sends SMS to a premium rate numbers.  This earns money for its creator.

Malware writer include a picture of a man inside the .APK file. Researcher believe the picture has been included multiple times for changing the fingerprint of the .APK.

"We have no idea who the man is or whether there is a reason why his picture has been chosen to include in the download."Researcher said.

"Could he be the malware author? A family friend? A celebrity? Someone who the malware author has a bone to pick with? "

AlQaedaSec takes down the New York City's website(

The computer hacker group called ALQaeda Sec launched a Distributed Denial- Of -Service (DDOS) attack on the official site of New York city (

The hackers tweeted :
#TANGODOWN you just got #911'D!
#Allah give us strength against the filthy sinners!
#AlQaedaSec #UGNazi #Cocksec #91FUN

The hacker group used botnets to keep the site down by continously sending large number of requests , As shared by s3rver.exe, one of the member of the attack.

An assumption is made by the picture that symbolize burned American flag posted by the hacker group , it seems a form of protest against the US Government but the s3ver.exe, a member of the group claimed that the attack was introduced just "for lulz".
The Hacktivits have been announced last week a lot of " Tango Downs"

The Anonymous hacker Havittaja with other members together  took down three websites of the Brazillian Federal Police then the site of Central Intelligence Agency ( and also the US department of Justice ( were down for several hours.

This hacker group ALQaeda Sec is also known as UGNazi, the hacker assembled together  was associated in the attacks that targeted the UFC, back when Dana White revealed his support for SOPA. 

Hackers take down the Government of the District of Columbia

Hackers, part of the UGNazi collective, take down The official web site of the Government of the District of Columbia.  Yesterday, they take down the New York City( site for nearly one hour.

According to Softpedia report, the and, have been down for several hours.

“The capital of US is in DC. Seems the government doesn't care about what we think about. The best place to hit them is at there heart,” Softpedia quoted the hacker as saying.

“We will also be launching more attacks on other government websites,” Cosmo added.

Remote Access Trojan steals credit card data from a hotel PoS app

Cyber Criminals are selling a remote access Trojan on underground forums that targets hotel front desk computers , capable of stealing credit card details.

According to Trusteer researchers report, the Trojan steals credit card and other customer information by capturing screenshots from the PoS application. 

"This scheme, which is focused on the hospitality industry, illustrates how criminals are planting malware on enterprise machines to collect financial information instead of targeting end users devices."Trusteer researcher said.

The Trojan is being offered for $280, the purchase price includes instructions on how to set-up the Trojan. The seller even offer advice on how to use vishing(phishing attack via VoIP) technique to trick front desk managers into installing the Trojan.

To prove the effectiveness of the fraud package, the seller uses a screenshot taken by the remote access Trojan from the PoS system at one of the world’s largest hotel chains.

Security Concern : Internet Enabled TV can be hacked !

Security Concern : Internet Enabled TV can be hacked !

Is your Internet TV vulnerable to hackers? Internet TVs could be the newest avenue for cybercriminals to infiltrate your home or business. Last year, Researchers at Mocana, a security technology company in San Francisco, recently discovered they could hack into a best-selling Internet-ready HDTV model with unsettling ease.

According to a new report from researcher NPD In-Stat predicts that 100 million homes in North America and Western Europe will own television sets that blend traditional programs with Internet content by 2016.

What exactly these Internet Enabled TV have ?  Its IP addresses, always-on network interfaces, CPUs, storage, memory, and operating systems the details that have offered hackers a bounty of attack choices for the last three decades.

Our goal was to see if we could hack into the set-top box, steal customer personal information, pirate services, and incur denial-of-service conditions." Roger Grimes wroteon Pcworld. He added "we not only owned the box, but ended up taking root of the entire cable system."

He added an example, if we could steal porn or force porn onto another television that was watching Disney content, with the idea that offended customers would drop their service.

If you own an Internet-connected TV, your best bet may be to avoid using it to complete any online transactions, at least until you’re sure that sufficient security measures are in place to protect your personal data.

Google Sent Hacked Notification Messages to Millions of Webmasters

Google Sent Hacked Notification Messages to Millions of Webmasters

Google’s head of the webspam team, Matt Cutts, announced on Twitter that they have sent out new message notifications to 20,000 web sites that are hacked. Specifically, Google sent these messages to sites doing “weird redirects.”

Weird redirects means the hack is where the hacker gains access to your HTACCESS and only redirects users who click from Google to your web site. Otherwise, if they type in the domain name directly, there will be no redirect.

A year ago, Google began labeling hacked sites and sites with malware as sites that may compromised in the search results snippets.

If a site has been hacked, it typically means that a third party has taken control of the site without the owner's permission, Hackers may change the content of a page, add new links on a page, or add new pages to the site. The intent can include Phishing to tricking users into sharing personal and credit card information or spamming. 

Well for Webmasters, we also shared a script few months back "Irongeek's Shared hosting MD5 Change Detection Script". Another great option for web admins that will monitor the files on a website, and report any changed via email.

Have you ever had your site hacked into ? What precautions had you taken to get your site back up and running as quickly as possible ? Let us know in the comments below.

Nikjju Mass injection campaign target more than 2 Millions Urls

Nikjju Mass injection campaign target more than 2 Millions Urls

Daniel Cid an open source developer and information security professional reported on Sucuri blog that their team tracked a new mass SQL injection campaign that started early this month and till now more than 180,000 URLs have been compromised. Nikjju is a mass SQL injection campaign targeting ASP/ sites.

At the time of writing Google has identified 361,000 pages infected with that javascript call, but the number is growing really fast.

In this case it adds the following javascript to the compromised sites.
One more interesting fact that researchers have noticed that domain was registered on April 1st 2012 and in 18 days more than 180,000 urls get infected.

This mass Sql Injection also compromise some Government sites also , as listed below :

Few hours we have also reported that, Google Sent Hacked Notification Messages to Millions of Webmasters of sites doing “weird redirects.