Facebook Takes Down Bitcoin Stealing Botnet that Infected 250,000 Computers

Once again Facebook is on The Hacker News! This time not for any scam or surveillance, but for a different reason. 

The social networking giant has managed to take down a Greek botnet that used Facebook to spread malware and infected 250,000 computers to mine crypto-currencies, steal bitcoins, email passwords and banking details.

Facebook is always one of the favourite weapon of cyber criminals, cyber thieves and scammers due to its popularity among other social media platforms. This social networking platform, with more than one billion active users, provides special opportunities for people to connect and share information, as well as also serves a great platform for malware developers and scammers.

The botnet, dubbed as Lecpetex, was around from December 2013 to last month and compromised around 50,000 Facebook accounts at its peak, under which users would receive spam Facebook messages that would typically like "lol" with a zip archive attachment.

Once the attachment is opened, it would execute an embedded Java archive file that would download Lecpetex main module and install a program to begin Litecoin mining secretly on the infected computer, and at the same time, other malware sent out from the botnet would steal bitcoins, email passwords and internet banking details.

Moreover, the module would download and run the Facebook spamming module that would hijack user’s account by stealing cookies from their browser in an effort to gain access to the victim's Facebook friend list so that it could further send out more spam messages to each friend with a zip file containing malware.

The Lecpetex botnet infect computers with family of different malware, including the DarkComet remote access trojan, through simple social engineering techniques, and the operators behind it were constantly modifying it in order to evade detection, both by Facebook's attachment scanning software as well as anti-virus software.

Security researchers at Menlo Park said the 31 and 27 year-old botnet creators delivered over 20 distinct spam campaigns, affecting users in Greece, Poland, Norway, India, Portugal, and the US. Not even themalware targeted Facebook alone, the malware was also delivered through torrent files containing pirated content like movies, games and MP3s to trick unwitting downloaders, but this was not observed by Facebook bods.

"On April 30, 2014, we escalated the Lecpetex case to the Cybercrime Subdivision of the Greek Police, and the agency immediately showed strong interest in the case," Facebook engineers wrote in anunauthored post.

After five months of examination, irritated botnet creators began leaving messages for Facebook engineers from their command and control servers saying that:

"Hello people.. :) but am not the f***ing zeus bot/skynet bot or whatever piece of sh*t.. no fraud here.. only a bit of mining. Stop breaking my ballz.."

They also changed their crypto keys to the phrase 'IdontLikeLecpetexName'.

But Facebook didn’t stop its investigation and continued to target botnet with new countermeasures and automated tools in order to extract more information from the botnet to trace its creators, and finally theGreek Police arrested two hackers last week, a 31-year-old and a 27-year-old who were both informatics students.

"According to the Greek Police, the authors were in the process of establishing a Bitcoin 'mixing' service to help launder stolen Bitcoins at the time of their arrest," said Facebook. “Ultimately, remediating a threat like Lecpetex requires a combination of technical analysis capabilities, industry collaboration, agility in deploying new countermeasures, and law enforcement cooperation."

The Greek Reporter says that the Lecpetex operation is the biggest case ever handled by Greece's Cyber Crime Unit.

Read More

Facebook Founder Wants to Make Internet Availability as Universal as 911 Emergency Service

Facebook founder Mark Zuckerberg has a dream to make Internet access available to everyone across the world - Zuckerberg argues Internet should be a service as essential as of 911 in the case of an emergency.

In a blog post published Monday in The Wall Street Journal, founder of the social networking giant highlighted the future of universal Internet access, along with the steps he thinks to achieve it.

Today 2.7 billion people, just over one-third of the world's population, have access to the Internet, Zuck said, and the adoption has been growing at a very lower rate, by less than 9% each year. The rest of the world’s 5 billion people who do not have access to Internet are lacking access due to issues such as high costs or improper infrastructure.

One may think that Zuckerberg’s vision sounds like a self-interested push to gain more users for its social networking service, Facebook. But its true that the world is currently facing a growing technological divide, where more than 2 billion people live in the Digital Age and can access a vast universe of information, communicate with their friends and family, gain opportunity to participate in the global economy. But at the same time, the other 5 billion people are still stuck in the Paper Age.

Zuckerberg thinks that the problem of about 90 percent of the world’s population isn’t a lack of a network but lack of affordable data plans.

“For example, an iPhone with a two-year data plan in the U.S. costs about $2,000, where $500 to $600 is for the phone and about $1,500 is for the data,” Zuckerberg said in the WSJ article.

The solution lies in offering basic Internet services for free, just like any other basic service over the phone, say, “Anyone can call 911 to get medical attention or report a crime even if you haven’t paid for a phone plan,” Zuckerberg said. “In the future, everyone should have access to basic Internet services as well, even if they haven’t paid for a data plan.”

According to a 2011 McKinsey & Co. report, the Internet has already accounted for a larger share of economic activity in many developed countries in comparison to agriculture and energy, and accounted 21 percent of Gross Domestic Product (GDP) growth in mature economies over the last five years.

If the Internet were treated as its own sector, it would be a greater contributor to GDP than agriculture or utilities, as access to online tools lets people use information to do their jobs even in a better way, and as a result, will create more jobs, business and opportunities.

Internet.org—a global partnership launched by Zuckerberg last year, along with other major information-technology leaders as well as nonprofit organizations and local communities—plans to bring those who are without Internet access into the Digital Age and is already under way to provide free basic Internet services world-wide.

“The Internet will help drive human progress,” Zuckerberg said.

On the whole, it is reasonable to expect that giving poor people access to Internet and possibility of connecting with people anywhere around the world will be socially transforming the life in a very positive way.

Read More

Android Vulnerability Allows Applications to Make Unauthorized Calls without Permissions

A major vulnerability believed to be present in most versions of Android can allow a malicious Android applications on the Android app store to make phone calls on a user’s device, even when they lack the necessary permissions.

The critical vulnerability was identified and reported to Google Inc. late last year by researchers from German security firm Curesec. The researchers believe the virus was first noticed in Android version 4.1, also known as “Jelly Bean.”

APPS CAN MAKE CALLS FROM YOUR PHONE

“This bug can be abused by a malicious application. Take a simple game which is coming with this code. The game won’t ask you for extra permissions to do a phone call to a toll number – but it is able to do it,” Curesec’s CEO Marco Lux and researcher Pedro Umbelino said Friday in a blog post. “This is normally not possible without giving the app this special permission.”

By leveraging these vulnerabilities, malicious applications could initiate unauthorized phone calls, disrupt ongoing calls, dialing out to expensive toll services, potentially framing up big charges on unsuspecting users' phone bills.

Android bug allows unauthorized users to terminate outgoing calls and Send USSD

The vulnerability can also be exploited to disconnect the outgoing calls, to send and execute :

• Unstructured Supplementary Service Data (USSD)
• Supplementary Service (SS)
• Manufacturer-defined MMI (Man-Machine Interface) codes.

These special codes can be used to access various device functions or operator services, which makes the problem a nasty one for those who value the data they store on their mobile phone.

“The list of USSD/SS/MMI codes is long and there are several quite powerful ones like changing the flow of phone calls (forwarding), blocking your SIM card, enabling or disabling caller anonymisation and so on,” reads the blog post.

Even the Android security programs, where apps without the CALL_PHONE permission should not be able to initiate phone calls, can be easily bypassed and offer no protection from these flaws, because the exploits have capability to deceive the Android permissions system altogether.

"As the app does not have the permission but is abusing a bug, such apps cannot easily protect you from this without the knowledge that this bug exists in another class on the system," wrote the researchers.

A large number of versions of Android are affected by the vulnerabilities. Researchers have found two different flaws that can be exploited to achieve the same ends – one that's present in newer Android releases and another that's found in older versions.

FIRST BUG - AFFECTS NEWER VERSION OF ANDROID

The first security bug, identified as CVE-2013-6272, appears to be introduced in Android version 4.1.1 Jelly Bean, and outlasted all the way through 4.4.2 KitKat before the security team at Google was able to fixed it in Android 4.4.4.

But, luckily only about 14% of users are currently updated to the latest version of the mobile Operating System. So, just think about it, How many users are currently in the grip of the flaws? Not less than a generous users open to vulnerabilities and attack paths.

SECOND BUG - AFFECTS OLDER VERSION OF ANDROID

The second security hole is wider in its reach, affecting both Android 2.3.3 and 2.3.6, the popular versions of Gingerbread variant which are used by lower-end smartphones, budget-style smartphones which continue to surge in popularity amongst emerging markets like those found in Brazil, China, and Russia.

The bug was fixed in Android 3.0 Honeycomb, but that was a tablet-only release that no longer even charts on Google's Android statistics. That means the bugs leave nearly 90 percent of Android users running vulnerable versions of the Operating System to dialer-manipulating vulnerability.

Researchers at Curesec have provided source code and a proof-of-concept demonstration app for both the bugs, so that customers can help themselves to test if their Android devices are vulnerable or not.

It is strongly advised to Android users those are running KitKat on their devices to get upgraded to the latest version 4.4.4 as soon as possible. It is expected that the device makers and carriers will soon roll out the updates in the coming weeks.

Read More