The old "new" Japanese scams

16/03/2011 Written by Boris Mutina (minor.float)

Dear friends, in these days we all turned our minds to Japan, to the Japan­ese peo­ple, some of them are our friends, or some of our friends live in Japan.
We would like to express the con­do­lences to the fam­i­lies which lost their fam­ily mem­bers. We are deeply con­cerned about the injuries and losses caused by the earth­quake set, tsunami flood­ing and the nuclear cat­a­stro­phe.

Nev­er­the­less, we have to express also our anger. We already recorded first set of the scam emails ask­ing the unaware users to donate for the char­ity, but as usual the money will never come to the vic­tims. The scam sce­nario is very sim­i­lar to other scams using donat­ing over Pay­Pal, WU, Mon­ey­gram etc…

Another form of the scam is the Face­book clickjacking/​likejacking scam with the sick title “Japans Tsunami Sends whale Smash­ing Into A Build­ing” or sim­i­lar. While the peo­ple are hot for the news from Japan, this and sim­i­lar scams serve to the viral spread­ing of the link, some of them also deliver an unso­licited ads. Already many secu­rity com­pa­nies informed about this issue (for exam­ple Sophos reported it here).
Such scam web­sites are also try­ing to trick the users into enter­ing their data into the fake surveys…

Read more

Defacements Statistics 2010: Almost 1,5 million websites defaced, what's happening?

06/01/2011 Written by Marcelo Almeida (Vympel), Boris Mutina (Minor)

Last year the Zone-​H archived a sad record num­ber, we archived 1.419.203 web­sites deface­ments.
Why and how this is hap­pen­ing?
If you are look­ing at on the stats, the things remain the same: file inclu­sion, sql injec­tion, web­dav attacks and shares mis­con­fig­u­ra­tion are still at the top ranks of the attack meth­ods used by the defac­ers to gain first access into the server. As an impor­tant fac­tor influ­enc­ing the stats we con­sider the fact that last year brought a very high num­ber of the local linux ker­nel exploits.

Since many years ago, Linux became the most used OS for web­servers and of course the pre­ferred tar­get for the defac­ers. Last year we archived 1.126.987 attacks against web­sites run­ning on the Linux sys­tems. The most used exploit by the defac­ers is the CVE-​20103301,
that was fixed in 2007 and was mys­te­ri­ously rein­tro­duced in 2008, in a large pile of ker­nel ver­sions x86_​64.

But should be the out-​of-​date Linux server the only rea­son of this huge amount of deface­ments?
Yes and no.

Read more

Notes on the Wikileaks case

10/12/2010 Written by Minor

First of all, we would like to empha­size that Zone-​H is not related to any party in the Wik­ileaks case. We are do not agree nor dis­agree with any action hap­pened, we just want to share our opin­ion on the forth­com­ming events. Already many news media released infor­ma­tion about the cables, sources, how it hap­pened etc.

But now, it is clear that the Wik­ileaks will not stop to pub­lish the cables. There are plenty of the mir­rors all around the globe and infor­ma­tion are shared over the Face­book and Twit­ter. Also the arrest of Julian Assange can’t stop the day-​by-​day pub­lish­ing of the cables. Whole case raises more ques­tions, some can­not be answered. Like first one: how is it pos­si­ble that Bradley Man­ning was able to get 250k of cables? As from the Guardian arti­cle, he had “unprece­dented access to clas­si­fied net­works 14 hours a day 7days a week for 8+ months”.

Read more

Defacements Statistics 2008 - 2009 - 2010*

27/05/2010 Written by Marcelo Almeida (Vympel)

When Zone-​H started back in 2002, we were receiv­ing an aver­age of 2500 deface­ments monthly, this num­ber keeps on increas­ing year after year. For exam­ple, the last month we reg­is­tered over 95.000 deface­ments, while we only had 60.000 in 2009 for the same period.

What we can also say from these num­bers is that the meth­ods used are still the same: most of the vul­ner­a­bil­i­ties exploited are on web appli­ca­tions. We also know from what we mon­i­tored that reg­is­trar attacks greatly increased the past years even if this num­ber is quite low com­pared to the total of attacks. But not only web appli­ca­tions are guilty, as poor local sys­tem secu­rity on var­i­ous web host­ings usu­ally allow crack­ers to get full access to the servers.

Read more

Twitter and Baidu hijacked by "Iranian Cyber Army"

13/01/2010 Written by Kevin Fernandez (Siegfried)

You prob­a­bly read that story some­where last month, on Decem­ber 17 2009 Twitter’s home­page has been replaced by this mes­sage:

“Iran­ian Cyber Army

THIS SITE HAS BEEN HACKED BY IRAN­IAN CYBER ARMY

iRANiAN.​CYBER.​ARMY@​GMAIL.​COM

U.S.A. Think They Con­trol­ling And Man­ag­ing Inter­net By Their Access, But THey Don’t, We Con­trol And Man­age Inter­net By Our Power, So Do Not Try To Stim­u­la­tion Iran­ian Peo­ples To….

NOW WHICH COUN­TRY IN EMBARGO LIST? IRAN? USA?
WE PUSH THEM IN EMBARGO LIST ;)
Take Care.

They “sim­ply” hacked their reg­is­trar (dyn­dns) and mod­i­fied their DNS entries.

Yes­ter­day the Baidu home­page, China’s n°1 search engine, got defaced by the same attacker and with the same method, but this time reg​is​ter​.com was the vul­ner­a­ble registrar.

Read more

1 2 3 4 5 6 7 8 9 10
ZONE-H In Numbers
  • News: 4.735
  • Admins: 7
  • Registered Users: 83.484
  • Early Warning subscriptions: 9390
  • Digital Attacks: 8.380.957
  • Attacks On Hold: 39.660
  • Online Users: 344
Login




 Lost password ?

Events
  • M
  • T
  • W
  • T
  • F
  • S
  • S
  •  
  •  
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  •  
  •