Google Notifies ZeuS Botmasters That Microsoft Is Coming for Them


Google has started sending notifications to the individuals that Microsoft appointed as being behind the ZeuS botnet they’ve disrupted. Some applaud this decision, while others say that the company’s “one-size-fits-all” privacy policy isn’t the best way to handle things.

Microsoft’s recent takedown of the ZeuS botnet has caused a lot of controversy, mostly because of the way the company addressed the issue.

In April, security journalist Brian Krebs reported that a large part of the security industry blamed Microsoft for using sensitive information for its own agenda without explicit permission from the source, possibly even interfering with the investigations of international law enforcement organizations.

The other problem was that the Redmond company made a deal with a federal judge that would allow it to seize domain names and servers in return for trying to reveal the identities of the suspected cybercriminals.

Now, Krebs reveals that at least 15 of the individuals had email accounts on Hotmail or MSN, which were not a problem to track down, but among the other ones, 39 John Does owned Google accounts.

When Microsoft requested Google to hand over the account information, Google’s privacy policy kicked in and, as a result, all the individuals received notices.
Read more of this post

The Unknowns: What We Did Helped the Hacked Websites


The hacker collective called “The Unknowns” has released another statement to reveal their reasons behind the breaches on NASA’s Glen Research Center, ESA, the US Military, US Air Force, the Thai Royal Navy, Harvard University, Renault, the Yellow Pages in Jordan, the Ministry of Defense in Bahrain, and the French Ministry of Defense.

“We are a new hacker group, we have never been in any hacking team before. We are not Anonymous Version 2 and we are not against the US Government. We can’t call ourselves White Hat Hackers but we’re not Black Hat Hackers either,” they wrote.
Read more of this post

GFI Software Releases MailEssentials 2012 UnifiedProtection


In the era of the Internet, spam messages represent a major concern for most companies and their IT security staff. To come to the aid of small and medium businesses, GFI Software has released GFI MailEssentials 2012 UnifiedProtection, a solution that combines antivirus and anti-spam technologies.

GFI’s new product comes after recent studies have revealed that 70% of all the emails are spam. Even more worryingly, some of those shady messages carried pieces of malware which ultimately led to data breaches.

The advanced capabilities of MailEssentials 2012 are not ensured only by the GFI VIPRE engine, but also by Bitdefender solutions and, optionally, ones from Kaspersky Lab, Norman and McAfee.
Read more of this post

Panasonic, United Nations and Australian Government Hacked by TeaMp0isoN


After their leader TriCk was arrested, members of TeaMp0isoN promised that they would continue operations, and now it seems that they’re keeping that promise. Their latest targets include the official sites of Panasonic (panasonic.com), United Nations World Health Organization (who.int), and the Australian Government (australia.gov.au).

The hacktivists have leaked information from all the sites, but the most damage was caused to the main site of the Australian government, from which they leaked more than 600 agency names, usernames – represented by email addresses – and clear text passwords.

“TeaMp0isoN is here with another release! Here we present to you some nice delicious data of the Australian Government (australia.gov.au) dumped data. In this release there are email addresses, passwords for just about every important Australian Government agency/business associated with (australia.gov.au),” they explained.

“We are against releasing of vuln. links. That’s what whitehats do.”

From the site of Panasonic, TeaMp0ison has made public names, usernames, password hashes, and, in some cases, email addresses, including the ones of the site’s administrator, totaling around 25 record sets.

As far as the breach on the World Health Organization is concerned, the hackers only leaked close to a dozen of credential sets, comprised of usernames, password hashes and some email addresses. The administrator’s details are among the ones made public.
Read more of this post

$1,000 (€760) Walmart Gift Card Scam Inflates Phone Bills


Shady Walmart gift card offers are not new, but every once in a while we come across another variation that tries to dupe unsuspecting internauts into participating in a survey. As always, the participants don’t get the much promised gift cards, but the fraudsters earn important sums of money from each campaign.

Circulating on social media sites, this particular scheme informs users that they have been selected to receive a free $1,000 (€760) Walmart card if they click on a link and enter the “FREE” code, Hoax Slayer reports.

To make everything more legitimate-looking, the advertisement claims that only 116 cards are available.

Once the link from the ad is clicked, the unsuspecting victim is taken to a site where he/she must enter the code provided earlier.
Read more of this post

Hacker Finds XSS on Torrent and US National Institutes of Health Sites


A number of torrent sites, along with the ones of the US National Institutes of Health and the National Endowment for the Arts have been found to contain cross-site scripting (XSS) vulnerabilities by the hacker known as Gambit.

The list of torrent sites includes, as shown in the screenshots, torrents.net, pnop.com, usniff.com, and torrenthound.com.

“Well after finding most if not ALL of the non-persistent and persistent XSS’s on Kickass Torrents(8-10 in total) and getting $100 from them, I decided I would go on the hunt for XSS’s on other torrent sites,” the hacker wrote.

“When I ask if they offer rewards like FB, Google, and some torrent sites, I either get a response of ‘We don’t offer rewards but would be grateful if you disclose the vulnerability’ or ‘We don’t take kindly to being blackmailed’ – that response was from ISOhunt.

“They were just a bunch of [expletive]. All I did was ask about a reward and get accused of a federal crime? They can goto hell. But more often than not I do not get a response at all.”

Besides the vulnerabilities identified on the torrent sites, Gambit also discovered some vulnerabilities on the site of the National Heart Lung and Blood Institute, part of the National Institutes of Health, and on the one of the National Endowment for the Arts.
Read more of this post