Fake POS Devices

Nowadays, hardware have become so cheap that cybercriminals can easily reproduce fake point-of-sale (POS) devices that can be used to skim data from credit and debit cards.

In an underground forum, a certain “Nikkon” has posted a fake POS device with flash memory for sale. The device is notably identical to a normal-looking POS terminal. Once used, however, it prints out a default receipt informing the counterfeiter’s victim that an error has occurred while reading his/her card, thus, the transaction could not be completed. Of course, at the same time that this receipt is being printed, the data held in the magnetic strip—along with the victim’s personal identification number (PIN) code—have already been uploaded and saved to the onboard flash memory.

How would this work in the real world? Imagine you are in a restaurant, shop, or café. You would like to pay using your credit or debit card. You are handed a POS device and asked to swipe your card then to enter your PIN code. Moments later, you see that the card is being rejected. You are handed back a receipt as proof. You might dismiss this as a normal failed transaction. What you do not know is that your credit card information has already been stolen until you get your next billing statement.

The initial price of a fake POS device is set at 1,000 EUR. An additional 200 EUR is charged for its setup and delivery. In addition, 40 percent of the stolen credit/debit card information is taken as usage fee by the seller.

Read more:
http://blog.trendmicro.com/for-sale-fake-pos-devices/

h@v3 $@f3 $h0pp!n9 !!!

nj0y !

Fake prize call from +92**********

Today early morning (12:07 AM), I got missed call from a number starts from +92. I know about this number very well so didn't picked up.

These calls belongs to a phone scam. +92 starting phone/mobile numbers belongs to Pakistan. These people generally give missed call to any random number (Specially in India) and innocent victim curiously call back on the number to know who has given missed call to them, which is their first biggest mistake. At start of conversation they will pretend like they are speaking from your mobile service provider and inform you like "Our telephone service provider has selected you as a winner of prize Rs.25,00,000." or some other amount. These guyz will never call, they just give missed calls. Generally no one bother about the number, actually this is an ISD number (+92). Generally in postpaid mobile numbers ISD facility is not available by default but in prepaid mobiles, ISD facility is available (depend upon minimum balance criteria).

Strategy: In order to claim this prize, they try to exploit unawareness of public towards mobile phones. They will tell you to follow some steps. I have one example, they will tell you to type *#06# on your phone, a 15-17 digit number will flashed on your mobile screen, which they call a lucky number. This 15-17 digit numbers are nothing but International Mobile Equipment Identity (IMEI) number of your mobile phone. Unfortunately many are not aware of this and easily caught by their tricks. The ones who doesn't know about IMEI numbers, will easily get convinced by their assertive conversation. These guys are very week in english and you could easily recognize them by their voice that they are not calling from your mobile service providers call center.

Subsequently, in second step: they will tell you to announce this on news channel, and for this they will give you a phone number which might be a wrong number or number may not exist. For making announcement they will tell you to buy a huge amount recharge coupons (upto Rs.2000) of any telecommunication service provider, DTH recharge coupons etc. They will assure you to give a call back. Again they will give a missed call and victim phone user, in covetousness of Rs 25,00,000, call them back.
This time strategy: they will ask you the scratch the recharge coupons and read out the registration/recharge number and tell you to destroy the recharge coupon immediately. They will sell this recharge number back in India in profitable price (less than its cost price), so that any shop keeper will easily buy it without asking any question, because he is also in profit. Once the recharge coupon is destroyed, it is very difficult to trace back who is going to use it. Once this is done, these scammers will elope and go out of your reach (anyway they are not sitting in your country or city).

These scammers are very cautious about their numbers, after phishing 1-2 victims, they will destroy their numbers, due to this it will become difficult to trace them. Now if you will call back on this number, their number will be out of reach. If you call to the number given by scamers for prize announcement, you will find either a wrong number or the number doesn't exist.

You have lost:
money cost recharge coupon which you purchased and
ISD call charged which you have made for prize.

If you have lost anything in this kind of scam, go and lodge a complaint in your nearest police station.

Precautions:
Do not pick or call back on the numbers start with +92 until your relatives or known personals are living in that country.
If you ever receive these call, take help from local police to trace them.
Make aware your near and dear ones about this scam.

I am surprised when i got missed call from this number, more than a year ago I came to know about this scam and surprised still these guys are operational. I believe people are more aware about these kind of scams compare to last year.

Beware of "The Ass in the Lion Skin".

To read more, follow:
http://www.consumercomplaints.in/complaints/fake-call-from-pakistan-92-airtel-c355670.html
http://www.consumercomplaints.in/complaints/198827/page/2
http://www.complaintbox.in/missed-call-international-code-92-caliing-my-mobile-regarding-some-prize-money

nj0y !!!

Bhoops
. ‡*Dejavu*‡ .

Botnet (for hire )at just $8.94/hour*

Recently it has been disclosed by VeriSign cyber security intelligence arm that botnet services are available at very cheap rate $8.94 per hour*. This online investigation is carried out on 25 botnet operators. it has been founs that the botnet operators has advertised for renting their services on three different forums. * Terms and conditions applied.

In the reported advertisement, botnet assured number of illegal services or say attack vectors like ICMP, SYN, UDP, HTTP, HTTPS and Data.

While those masterminding criminal operations involving botnets have in the past often been technical experts, the trend is towards the hiring of botnet services by less-skilled individuals, according to VeriSign. This was disclosed when these was arrest of three men operating Mariposa botnet.

The Mariposa botnet, believed to have been composed of 12.7 million PCs that stole credit card and bank log-in data and infected computers in half of the Fortune 1000 companies and more than 40 banks. According to ZDNet.

The world's largest botnet, Zeus botnet, had its traffic disrupted by repeated disconnections of a Kazakhstani ISP in March, but a series of reconnections revived its activity, security researchers have said. The botnet mainly pushes out the Zeus banking Trojan, an information-stealing keylogger that relays sensitive data back to its controllers.

To read more, follow:
http://news.cnet.com/8301-1009_3-20005844-83.html?tag=mncol;title
http://www.zdnet.co.uk/news/security-threats/2010/05/25/botnet-price-for-hourly-hire-on-par-with-cost-of-two-pints-40089028/
http://www.zdnet.co.uk/news/security-threats/2010/03/12/zeus-botnet-shaken-by-isp-cutoffs-40088290/
http://pandalabs.pandasecurity.com/mariposa-botnet/

H@v3 @ $@f3 br0ws!n9 !!!

nj0y !!!

"Distracting Beach Babes" yet another FB Worm

Hey you guys . . . beware of the Facebook spam or say Facebook worm spreading in a wild. This is kind of same FB spam worm about which I posted early this month name "Candid Camera Prank! [HQ]".

This time the worm posting message like "Distracting Beach Babes" onto your wall. And if you caught by this trick, this will also do the same like its previous version, it will post the same link onto the walls of all of your friends.

Like its previous version, if it lures you to click and if you clicked, you will land on its application page where it will ask you accept for the following:

• Access my public data
• Post on my wall
• Access my data any time

If you accept, that means you have allow this application, to do whatever it wants to do with your profile and your data. It will take you to a luring page which looks like this. Along with this it will give you a fake warning message that your FLV player is out of date, download update for it. This time i didn't wasted my time on downloading this malware because this may be the same kind of adware or may be different malware.

And the last lets see how this application home page looks like. This time there is a profile of an administrator of this application. I am not aware whether it is a real profile or fake. Generally these kind of profile are fake and used for luring users.

Follow the instructions to remove this application from your profile if you already caught before that it will do something more dangerous with your profile and profile data.
The Instructions are:
Goto your "Account"-> "Application Setting", find "Video Wave" in the list and click on 'X' to Remove application from you profile.

To read more about all this and previous please follow:
http://bh00ps.blogspot.com/2010/05/candid-camera-prank-hq-fb-virus.html
http://community.websense.com/blogs/securitylabs/archive/2010/05/22/warning-for-quot-distracting-beach-babes-quot-on-facebook.aspx
http://community.websense.com/blogs/securitylabs/archive/2010/05/15/sexiest-video-ever-on-facebook.aspx

H@v3 @ $@f3 br0w$!n9 !!!

nj0y !!!

Warning !!! Facebook worm "FBHOLE"

A new Facebook worm was spreading in the wild. The worm is doing nothing but posting on people's wall without user's intervention, I mean users doen't know that after clicking on this link the message will be posted on their friends wall, which is so weird. The message getting posted can be seen here...

The message posted by this worm is:

"try not to laugh xD http://www.fbhole.com/omg/allow.php?s=a&r=[RandomNumber]"

If you click on this type of posting on your wall, you will land on a page which merely looks like the page shown. This page says "If i don't, someone else do it." and also shows a fake script error. If you click any where on this page you will trigger a script which will post the same massage, shown above to your wall. The script is running in such a way that it follows your mouse button with a hidden iFrame in it. This iFrame is actually a "publish" button.

This worm is doing nothing except posting to your wall. But posting anything on user's wall without user's concern is wrong.

As of now the domain is blocked and it malicious activity is stopped. To read more about this follow:
http://www.f-secure.com/weblog/archives/00001955.html

H@v3 @ $@f3 br0w$!n9 !!!

nj0y !!!

Zero Day - Microsoft Windows Aero, Remote Code Execution Vulnerabiltiy

Few hours ago, Microsoft released and advisory about a kernel memory error vulnerability, which could allow remote code execution on affected machine installed with Windows Aero. this vulnerability exists in recently released Microsoft's products, Windows 7 x64 and Windows Server 2008 R2 x64 and Itanium.

A remote attacker may exploit this by sending specially crafted image file via email attachment or could host on a web server as a part of website and luring users to open it. Once open, and parsed by windows kernel may cause parsing error in the Canonical Display Driver (cdd.dll) and execute arbitrary code on the user's system.

This is a" Zero Day Vulnerability", no patch is available with MS.

The only safeguard suggested by MS is:

• Disable Windows Aero. (not in use generally)
  

And from my side:

• Do not open image files received from untrusted sources, or received unexpectedly from trusted sources, or file received through instant messaging.
• Do not follow untrusted links and URLs received by any mean.
  

To read more, follow:
http://www.microsoft.com/technet/security/advisory/2028859.mspx
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3678
http://pcandmactech.blogspot.com/2009/12/irfanview-and-bsod.html
http://en.irfanview-forum.de/vb/showthread.php?5647-V4-25-bluescreen-with-Windows-7-cdd-dll-win32k-sys
http://tools.cisco.com/security/center/viewAlert.x?alertId=20527
http://securitytracker.com/alerts/2010/May/1023991.html

h@v3 @ $@f3 br0w$!n9 . . .

nj0y !!!

TwitterNET Builder, Botnet toolkit

TwitterNET Builder, Now any script kiddie can create their own botnet with help of this toolkit. David Jacoby, Kaspersky Lab Expert posted information about this. With the help of this toolkit, it has became very easy to create a malicious program in few clicks. Upon execution, victim's system will become node of botnet. This toolkit will create a profile on twitter which will be contacted by infected computer for receiving instructions and commands. To read more follow:
http://www.securelist.com/en/blog/2163/New_tool_allows_script_kiddies_to_build_botnets_via_Twitter

The detail description of this toolkit can be found at:
http://sunbeltblog.blogspot.com/2010/05/diy-twitter-botnet-creator.html

How to get protected from this?
Do not open unsolicited email attachments or attachments received unexpectedly from trusted sources.
Do not receive or execute files received from untrusted users through instant messaging.
Keep your anti-virus program up-to-date.

H@v3 @ $@f3 br0w$!n9 . . .

nj0y !!!