Thursday, 19 April 2012

Rogue version of Instagram app sends SMS to premium rate numbers

Cyber criminals have created a fake Instagram app to earn money by taking advantage of all the hype surrounding Facebook’s acquisition of Instagram.

The Instagram photo effects filter and sharing app has been all over the news since Facebook bought it for $1 billion last week. The app has been downloaded more than 5 million times less than a week after being released.

According to sophos security researcher,  the fake app looks like the legitimate one,but in the background it secretly sends SMS to a premium rate numbers.  This earns money for its creator.

Malware writer include a picture of a man inside the .APK file. Researcher believe the picture has been included multiple times for changing the fingerprint of the .APK.

"We have no idea who the man is or whether there is a reason why his picture has been chosen to include in the download."Researcher said.

"Could he be the malware author? A family friend? A celebrity? Someone who the malware author has a bone to pick with? "

AlQaedaSec takes down the New York City's website(

The computer hacker group called ALQaeda Sec launched a Distributed Denial- Of -Service (DDOS) attack on the official site of New York city (

The hackers tweeted :
#TANGODOWN you just got #911'D!
#Allah give us strength against the filthy sinners!
#AlQaedaSec #UGNazi #Cocksec #91FUN

The hacker group used botnets to keep the site down by continously sending large number of requests , As shared by s3rver.exe, one of the member of the attack.

An assumption is made by the picture that symbolize burned American flag posted by the hacker group , it seems a form of protest against the US Government but the s3ver.exe, a member of the group claimed that the attack was introduced just "for lulz".
The Hacktivits have been announced last week a lot of " Tango Downs"

The Anonymous hacker Havittaja with other members together  took down three websites of the Brazillian Federal Police then the site of Central Intelligence Agency ( and also the US department of Justice ( were down for several hours.

This hacker group ALQaeda Sec is also known as UGNazi, the hacker assembled together  was associated in the attacks that targeted the UFC, back when Dana White revealed his support for SOPA. 

Hackers take down the Government of the District of Columbia

Hackers, part of the UGNazi collective, take down The official web site of the Government of the District of Columbia.  Yesterday, they take down the New York City( site for nearly one hour.

According to Softpedia report, the and, have been down for several hours.

“The capital of US is in DC. Seems the government doesn't care about what we think about. The best place to hit them is at there heart,” Softpedia quoted the hacker as saying.

“We will also be launching more attacks on other government websites,” Cosmo added.

Remote Access Trojan steals credit card data from a hotel PoS app

Cyber Criminals are selling a remote access Trojan on underground forums that targets hotel front desk computers , capable of stealing credit card details.

According to Trusteer researchers report, the Trojan steals credit card and other customer information by capturing screenshots from the PoS application. 

"This scheme, which is focused on the hospitality industry, illustrates how criminals are planting malware on enterprise machines to collect financial information instead of targeting end users devices."Trusteer researcher said.

The Trojan is being offered for $280, the purchase price includes instructions on how to set-up the Trojan. The seller even offer advice on how to use vishing(phishing attack via VoIP) technique to trick front desk managers into installing the Trojan.

To prove the effectiveness of the fraud package, the seller uses a screenshot taken by the remote access Trojan from the PoS system at one of the world’s largest hotel chains.

Security Concern : Internet Enabled TV can be hacked !

Security Concern : Internet Enabled TV can be hacked !

Is your Internet TV vulnerable to hackers? Internet TVs could be the newest avenue for cybercriminals to infiltrate your home or business. Last year, Researchers at Mocana, a security technology company in San Francisco, recently discovered they could hack into a best-selling Internet-ready HDTV model with unsettling ease.

According to a new report from researcher NPD In-Stat predicts that 100 million homes in North America and Western Europe will own television sets that blend traditional programs with Internet content by 2016.

What exactly these Internet Enabled TV have ?  Its IP addresses, always-on network interfaces, CPUs, storage, memory, and operating systems the details that have offered hackers a bounty of attack choices for the last three decades.

Our goal was to see if we could hack into the set-top box, steal customer personal information, pirate services, and incur denial-of-service conditions." Roger Grimes wroteon Pcworld. He added "we not only owned the box, but ended up taking root of the entire cable system."

He added an example, if we could steal porn or force porn onto another television that was watching Disney content, with the idea that offended customers would drop their service.

If you own an Internet-connected TV, your best bet may be to avoid using it to complete any online transactions, at least until you’re sure that sufficient security measures are in place to protect your personal data.

Google Sent Hacked Notification Messages to Millions of Webmasters

Google Sent Hacked Notification Messages to Millions of Webmasters

Google’s head of the webspam team, Matt Cutts, announced on Twitter that they have sent out new message notifications to 20,000 web sites that are hacked. Specifically, Google sent these messages to sites doing “weird redirects.”

Weird redirects means the hack is where the hacker gains access to your HTACCESS and only redirects users who click from Google to your web site. Otherwise, if they type in the domain name directly, there will be no redirect.

A year ago, Google began labeling hacked sites and sites with malware as sites that may compromised in the search results snippets.

If a site has been hacked, it typically means that a third party has taken control of the site without the owner's permission, Hackers may change the content of a page, add new links on a page, or add new pages to the site. The intent can include Phishing to tricking users into sharing personal and credit card information or spamming. 

Well for Webmasters, we also shared a script few months back "Irongeek's Shared hosting MD5 Change Detection Script". Another great option for web admins that will monitor the files on a website, and report any changed via email.

Have you ever had your site hacked into ? What precautions had you taken to get your site back up and running as quickly as possible ? Let us know in the comments below.

Nikjju Mass injection campaign target more than 2 Millions Urls

Nikjju Mass injection campaign target more than 2 Millions Urls

Daniel Cid an open source developer and information security professional reported on Sucuri blog that their team tracked a new mass SQL injection campaign that started early this month and till now more than 180,000 URLs have been compromised. Nikjju is a mass SQL injection campaign targeting ASP/ sites.

At the time of writing Google has identified 361,000 pages infected with that javascript call, but the number is growing really fast.

In this case it adds the following javascript to the compromised sites.
One more interesting fact that researchers have noticed that domain was registered on April 1st 2012 and in 18 days more than 180,000 urls get infected.

This mass Sql Injection also compromise some Government sites also , as listed below :

Few hours we have also reported that, Google Sent Hacked Notification Messages to Millions of Webmasters of sites doing “weird redirects.

winAUTOPWN v3.0 Released - System vulnerability exploitation Framework

winAUTOPWN v3.0 Released - System vulnerability exploitation Framework

The improved GUI extension - WINAUTOPWN ACTIVE SYSTEMS TRANSGRESSOR GUI [ C4 - WAST ]is a Systems and Network Exploitation Framework built on the famous winAUTOPWN as a backend.  C4 - WAST gives users the freedom to select individual exploits and use them.
BSDAUTOPWN has been compiled, like always for various flavours and has been upgraded to version 1.8 alongwith all applicable exploits which have been added in this release. Included this time is the, which will set chmod on all applicable BSD compiled binaries.

WINAUTOPWN requires PERL,PHP,PYTHON,RUBY and its dependencies alongwith a few others' too for smooth working of exploits included in it.

winAUTOPWN and bsdAUTOPWN are available at

Rootdabitch version 0.1 - Multithreaded Linux root password Bruteforcer

Rootdabitch version 0.1 - Multithreaded Linux root password Bruteforcer

r00tw0rm hacker "th3breacher!release Rootdabitch v0.1 ,which is a Multithreaded Linux/UNIX tool to brute-force cracking local root through su using sucrack.

sucrack is a multithreaded Linux/UNIX tool for brute-force cracking local user accounts via su. The main feature of the Rootdabitch is that It's local brute forcer, using 10 passwords in 3 seconds. and works in background so you can leave it , when root is cracked it will email the user using /bin/mail .

All for this, you need to have a php shell/reverse shell/ssh access to the target to run thistool and run it as a normal user, Upload this script into it and give it the execution permission and execute the script like:

 ~ ./rootdabitch

If the password is cracked you will have a mail with the root password and the password will be stored into password.txt . Try it !

Tuesday, 17 April 2012

Banking System Vulnerability - 3 million bank accounts hacked in Iran

Banking System Vulnerability - 3 million bank accounts hacked in Iran

Iran's Central Bank has announced that the electronic information of 3 million customers of 10 Iranian banks have been compromised. These banks now require their customers to change their ATM pin numbers before they can access their account. This has caused a rush to the ATM machines by the worried customers.

The hacker was identified as Khosro Zare', a former bank-system specialist in Iran who recently left the country.Zare' claimed in a blog that he hacked the PIN codes to highlight the vulnerability of Iran's banking system.
According to the report, the hacker had provided the managing directors of the targeted banks with information about the bank accounts of 1000 customers in the previous Iranian calendar year (ended on March 19) to warn them about the susceptibility of their computer systems and networks to cyber threats.

But Central bank officials had earlier downplayed the reports, saying that "the threat to Iran's banking system is not serious."
Finally to proof the Vulnerability he dumped the account details of around 3 million individuals, including card numbers and PINs, on his

At least three Iranian banks (Saderat, Eghtesad Novin, and Saman) have already sent text messages to their clients, warning them to change their debit card PINs. The warning was repeated on state TV channels.

Lebanese Government sites hacked by ‘Raise Your Voice’

Lebanese Government sites hacked by ‘Raise Your Voice

A group calling itself ‘Raise Your Voice’ hacked on Tuesday around 15 Lebanese government websites to ask for an improvement in living standards, the day the parliament launches a three-day session to assess the cabinet’s performance.

To our dear “beloved” Lebanese Government,We are RYV, short for Raise Your Voice, and we are simply a group of people who could not bare sitting in silence, watching all the crimes and injustice going on in Lebanon. We will not be silenced and brainwashed by your media. We will not stop until the Lebanese people mobilize, demand their rights, and earn them. We will not stop until the standards of living are raised to where they should be in Lebanon. We will not stop until this government’s self-made problems are solved, like the power shortage, water shortage, rise in gas prices and rise in food product prices. We are RYV, expect us to break the silence, whether in the streets or on the Internet. Silence is a crime.

Hacked Sites List:

Among the sites that were hacked are the National News Agency, the Presidency and the Energy, Water, Justice and Foreign Ministries.The hacking comes as the opposition is gearing up to grill the government for what it calls a bad performance and procrastination in the implementation of major decisions.

Only the Energy and Water Ministry websites had messages written on them that “Electricity is Cut” and “Water is Cut.” The group previously hacked several government sites in early March.

MI6, CIA and Department of Justice Tango Down !


Hacker group Anonymous claimed it took down the CIA website for the second time in two months following a new DDoS attack on the U.S. secret service which lasted 45 minutes. 

Anonymous is reportedly on a DDoS rampage today, downing the CIA, Department of Justice, and two Mi6 websites. Members of the group claimed responsibility throughout Facebook and Twitter.

Brazilian hacktivist Havittaja reportedly launched the initial offensive on the DoJ and CIA for “lulz” while other members jumped on board a short time later.

The technique also known as a DDoS (distributed denial-of-service) attack, is a concentrated effort by multiple individuals to make a network busy to its intended users. The end result is server overload. Anonymous makes a freeware tool available to its members to carry out these attacks, which it calls the Low Orbit Ion Cannon.
The collective targeted the department of justice in January as part of Operation Megaupload, in a retaliatory attack against the US government's decision to close the popular file-sharing site.