An undercover operation by Dutch and Russian authorities resulted in the arrest of Georg Avanesov earlier this week. Avanesov had allegedly been running a network of hacked computers around the world, typically referred to as a botnet, for over a decade. According to a source close to law enforcement, the 27-year-old made millions during that time frame.
Avanesov is suspected to be one of the curators of Bredolab, a trojan horse usually distributed through email attachments or downloaded inadvertently through browser security holes. Once infected, a computer running Bredolab can be used to download and execute files from the Internet. Dutch prosecutors believe that Avanesov made up to €100,000 ($138,950) a month from renting and selling part of his botnet to other cybercriminals for limited periods of time. They in turn used it to send their own spam or mine the PCs for personal data and files.
Avanesov was able to sell parts of the botnet off "because it was very easy for him to extend the botnet again," by infecting more PCs, a Public Prosecution Service in Rotterdam spokesperson told ComputerWorld. At its peak, Bredolab could send billions of spam e-mail messages in a month and is accounted for infecting millions of computers in a relatively short span of time.
===========================================================
Firefox add-on allows easy hacking of Facebook, Twitter and Flickr
A new Firefox add-on could allow even the most inexperienced of hackers to tap into your Facebook or email accounts via an unsecured public Wi-Fi network.
Dubbed ''Firesheep'', the add-on takes advantage of a technique known as ''HTTP session hijacking'', also known as "sidejacking". Using Firesheep is as simple as installing the add-on, connecting to an open WiFi network, opening a sidebar and clicking a button.
As soon as another user on the network visits an insecure website, their details appear in the sidebar. Just a double-click later, and the Firesheep user is logged in as someone else, and free to do as they please.
Vulnerable sites include Facebook, Flickr and Twitter.
The trick, according to Firesheep creator Eric Butler, lies in cookies, small files stored on users' computers by most websites and used to store a bevy of information ranging from usernames and passwords to shopping cart contents. On an open WiFi network, cookies are sent ''in the clear'' or without any kind of protection, allowing add-ons like Firesheep to grab them and impersonate other users.
In a statement on his website, Mr Butler said he created the add-on in the hope that website owners would take their users' security more seriously.
''Websites have a responsibility to protect the people who depend on their services. They've been ignoring this responsibility for too long, and it's time for everyone to demand a more secure web. My hope is that Firesheep will help the users win,'' he said.
He said the only way to prevent the kind of attack leveraged by Firesheep is end-to-end encryption, though one enterprising student from Iceland has created FireShepherd, a Windows-only program that floods a wireless network with packets, preventing Firesheep from working.
Facebook has indicated they hope to offer encryption to users in coming months, while Twitter and Flickr did not respond to emails requesting comment.
No comments:
Post a Comment