By

Paul McCartney's Web Site Hacked – "Back in the USSR"

Yes it’s true. The rock n roll icon Paul McCartney had his website hacked. (This attack isn’t necessarily originating in Russia, but I couldn’t refuse the obvious opportunity.)

It’s amazing how certain hackings follow the news. It was just a couple days ago when I was watching the news on TV (yes that old, outdated media) and learned that Paul McCartney and Ringo Starr were going to get back together for a “reunion” tour.

The website hacking could have been purely coincidental, as the toolkit planted on his website – Luckysploit, has been used in many, many recent website malware distributions. It could be that the cybercriminals behind this exploit  just happened to find this site vulnerable to their recent attack. I believe it’s irrelevant how or why, their timing was impeccable.

This is another example of social engineering used successfully to infect more computers.

Think of the millions of Beatle’s fans (my father-in-law is one of them – a fan not a virus victim) hearing about this reunion and flocking to Mr. McCartney’s website to find out where their concerts will be performed only to find out at the next anti-virus scan that they’ve been compromised by a bank login and password stealing virus.

The nerve of these hackers. Using something so “in the news” to lure millions of people to  infectious websites that have been planted with malicious code, appearing to be legitimate websites, for the sole purpose of delivering a virus that is currently evading detection by many anti-virus programs.

Is there no shame?

This attack is being carried out by the Zeus botnet. Yes while everyone was watching out for Conficker, many forgot about the other botnets out there.

It’s easy to spot the infectious malware code in the “source” of the web page. All you have to do is look for something that’s impossible to read because it is encrypted and obfuscated to avoid easy detection. Luckily for us, we don’t look for specific infections while scanning websites. Our systems are based on any changes to a website. We pay close attention to changes that include specific keywords, but our alert system is based on any changes made to a website.

Once again the cybercriminals use a popular event to spread their malware. This particular infection will steal banking credentials which are then sold on the open black market. This is one of the cybercriminals profit centers. They have many.

Be careful when using the Internet, you never know if you’re getting more than you bargained for.

Other Beatle’s songs that come to mind with my sub-titles:

“Do You Want to Know a Secret” (about my malware)

“Don’t Ever Change” (my website)

“Don’t Let Me Down” (please click on this infectious link)

“Eight Days a Week” (and I’ll infect you every one of them)

“Everybody’s Got Something to Hide Except Me and My Monkey” (okay maybe my monkey has some malware to hide too)

“Fixing a Hole” (in your website)

“Free as a Bird” (free as in free malware)

“From Me to You” (more malware from me to you)

“Get Back” (to where you can get infected)

“Got To Get You Into My Life” (so I can hack you some more)

“Help!” (I need the services of WeWatchYourWebsite)

“I Am the Walrus” (I live Belarus) (okay you find something that goes with Walrus)

I could go on, but the Beatles wrote a lot of songs and I need to save server space.

Let’s be careful out there…

By

Are you really safe online?

According to a recent report by McAfee, here are some extremely interesting statistics:

  • 92% of users surveyed believed their anti-virus software was up to date, but only 51% had updated their anti-virus software within the past week
  • 73% of users surveyed believed they had a firewall installed and enabled, yet only 64% actually did
  • About 70 % of PC users believed they had anti-spyware software, but only 55% actually had it installed
  • 25% of users surveyed believed they had anti-phishing software, but only 12% actually had the software
  • 42% of businesses surveyed dedicate just one hour a week to proactive IT security management, despite the fact that 21% acknowledged an attack could put them out of business
  • 44% of businesses surveyed think cybercrime is only an issue for larger organizations and does not affect them
  • 52% of businesses surveyed believe that because they are not well-known, cybercriminals will not target them
  • 45% of businesses surveyed do not think they are a “valuable target” for cybercriminals
  • 46% of businesses surveyed do not think they can be a source of profit for cybercriminals

Interesting aren’t they?

If you’re a member of the 51% who had updated their anti-virus software within the past week, then you should read Secunia’s information after they tested 12 security suites. In their report it states that after testing 12 major security suites with 300 different exploits one suite blocked more than
10 times more than the next closest competitor – and it only blocked 64 out of the 300!

Here’s their report: http://secunia.com/gfx/Secunia_Exploit-vs-AV_test-Oct-2008.pdf

Do a Google search using “evading anti-virus”. In the SERPs you’ll see tutorials on how to make a virus, trojan or worm undetectable by current anti-virus software. There are specific steps.

Here’s an article about how one strain of worm was undetectable: http://arstechnica.com/news.ars/post/20080408-new-kraken-worm-evading-harpoons-of-antivirus-programs.html

In the darker forums where we lurk as part of our security research, we’ve seen numerous “how to’s” on evading detection. Many of them are so simple that anyone with just a little computer knowledge could create their own undetectable virus.

Many of the cybercriminal “mobs” offer to recreate their malware if you buy it and then find that it’s detectable by anti-virus software.

If you’re one of the 64% that actually had a firewall installed, how was it configured? If you’re like most people, you have the default firewall settings and you never, ever read the logs to see how people are trying to get in. Most of the people we’ve talked with reply by saying, “My firewall has logs?”

Has you firewall ever been tested? I guarantee it has been by a hacker, but have you ever had it tested? Have you had a security scan performed on your firewall? In the security world, we believe that an untested firewall is no security at all.

If you’re one of the 21% that acknowledged an attack could put you out of business and you only spend 1 hour a week in proactive security management, I’d like to say you’ll get what you deserve but that would be rude and a little – “in your face”.

The fact is, you could be “hacked” right now and you wouldn’t even know it. Maybe an attack wouldn’t put you out of business, but I’m sure it will cost you a lot more than preventative security management
would have cost you.

In risk management, isn’t it true that if prevention costs you less than the potential problem, it becomes a no-brainer to move forward with the prevention?

If you’re one of the 44% of businesses that think cybercrime is only an issue for larger organizations, I have to ask you this, “Where do you think most of the attacks on larger organizations is launched from?” The answer: hacked systems in smaller organizations.

If you’re one of the 52% of businesses that believe since you’re not well-known cybercriminals will not target you, I will tell you to Google the term, “security through obscurity”, or “security by obscurity”. Read everything you can about your adopted security strategy.

Cybercriminals find “hackable” computers by scanning IP addresses. Yes, sometimes, they will target a specific site, but generally, they just look for computers that have openings.

If you’re one of the 45% or 46% who think you’re not valuable to a cybercriminal, answer me this, “Do you turn your back on smaller sources of income?”

Hackers hack for money. Gone are the days when they would hack strictly to create havoc. They now make money from their craft. In some cybergangs, it’s believed that the money they make from one income stream is $150,000,000 (that’s right million).

Just as you might find every email address on your list valuable, they too find every computer that they control valuable. To you, the money is in the list. To cybercriminals, the money is in their botnet (their network of remotely controlled computers). Every controlled computer, whether a server or a PC,
is important to them.

I still find that one of the easiest ways for hackers to deface or hack a website is by logging in as you. They infect as many computers as possible. Then when you login to your website, they record your credentials and then just login as you. It’s that simple. How do they find your computer to infect it in the first place?

They don’t know who you are or where you live. They just hack as many computers as they can and the odds are, with so many people starting web based businesses, that some of the computers they infect will belong to people who own one or more websites.

It really is that simple.

If you still think you’re safe online, then keep doing what you’ve always done and you’ll keep getting what you’ve always gotten – whether you know it or not.

That’s a fact.

If you disagree, please tell me your comments.