20-year-old Trojan King Revealed, Maker of over 100 Banking Trojans

A 20-year-old Brazilian kid has been revealed as the maker of more than 100 banking trojans by the security firm Trend Micro. He is known online by the name of ‘Lordfenix’, ‘Filho de Hacker’ and ‘Hacker’s Son.’

The security firm writes that a 20-year-old college student from Tocantins, Brazil known by the name Lordfenix has become Brazil’s top malware maker. He has developed this reputation by giving birth to more than 100 online banking trojans. Most of these banking trojans were sold by him for about $300 each.

He is a computer science student who earned this money between April 2013 and targeted banks like Bank of Brazil, HSBC Brazil and Caixa. He began his career by asking for hacking advice in forums and today he is found offering free version of highly-efficient banking Trojan source code to the forum members in the underground world.
One of the Trojans detected called TSPY_BANKER.NJH identifies and wakes up when a user enters its target banks’ URL. Then it closes the active browser window and displays an error message to open a new fake browser windows. This is so smooth and unnoticeable that user doesn’t have a clue.
Now the user enters the login username and password in the fake window and the trojan sends back the information to the attacker. For more protection, the trojan terminates the process GbpSV.exe associated with the popular security software G-Buster Browser Defense, a security program used by many Brazilian banks.


Lordfenix claims that these free versions can steal credentials of bank customers of four different banks. On the other hand, the paid $300 versions target more banks using the tricks to disable the popular security software popular in Brazil. The security company has posted a picture of programmer’s Facebook page that shows a big pile of local currency on his bed.



Apart from his expertise in this area, the other factors that helped Lordfenix were the facts that more than half-population of Brazil uses internet for transaction and dealing with digital crime isn’t a top priority in the country.

Did you like this story about the 20-year-old Trojan King? Tell us in comments.

Image: David Goehring/Flickr

Anonymous Hijacks Thousands of Insecure Routers to Power Its DDoS Tools

Lack of some elementary security measures can risk your router’s security and this has stemmed to grow into a large-scale denial-of-service (DDoS) attacks using these hacker-controlled routers. A web security firm Incapsula has discovered a new router based botnet Mr Black while investigating some DDoS attacks against its customers since this December.
 
Hackers exploited routers’ negligent security measures to launch these attacks all over the world. According to this report published by the security firm, the routers made by Ubiquiti Networks had DDoS malware installed on them.

The routers were not hacked due to some vulnerability in the hardware. Instead, it happened because of the deployment of the router in an insecure manner that exposed their management interfaces using the default credentials over SSH and HTTP.

The routers that were inspected were found to have 4 versions of Mr Black, a DDoS program and altogether thirty-seven variations of Mr Black were detected. Other DDoS programs included DoFloo, Mayday and Skynet (a remote sensing tool).

In some earlier versions of the report, Incapsula said that it believed that the hacktivist group Anonymous was one of the few groups those used the compromised routers. It is yet not clear that why Anonymous was highlighted in the report, but it is certain that few people who call themselves “Anonymous” were using the routers. The original article on the Daily Dot was edited to remove the fact that botnet directs to irc (dot) anonops (dot) com.

Total 40,269 different IP addresses were detected from 1,600 ISPs spread across 109 countries. The main affected countries were Thailand (64%), Brazil (21%), United States (4%) and India (3%). To control these routers, 60 servers were hacked and majority of these were in China and the U.S.

This image and the text have been removed from the original story, without explanation pic.twitter.com/TWxhg3k1dK

— Anon.Dos (@AnonDos_AnonHQ) May 13, 2015

To save themselves from the DDoS attacks, users must make sure that their routers’ management interfaces aren’t exposed over HTTP or SSH to the internet. They can also use some tools available to scan their router’s IP for open ports and change their default login credentials.

Know How Easy It Is To Lose Your Important Data From SSD

According to a new research in the data storage field, new solid-state drives are prone to data leakage over time. These hard drives are faster and have more storage size but all of them have a major flaw associated with its basic property, that it will eventually lose its data if it is not powered regularly or for few days.
A solid state drive (SSD) (also known as a solid-state disk though it contains no actual disk nor a drive motor to spin a disk) is a data storage device that uses integrated circuit assemblies as memory to store data persistently. We all know SSD’s qualities over regular hard drives and we normally think that it will last forever even if we smash it with hammer or pour acid on it.

The basic reason behind this flaw is the non-regulated and unmaintained temperature. The real problem is the time after which it will lose data. For different scenarios the time taken is also different – it can take months, or sometimes few days and then it’s gone.
Nobody needs the details on how important your stored data can be sometimes. Think as it is a legal evidence and it will go after two years in court as in India (blame the slow India judicial system) and suddenly you noticed that all data is gone or think of an instance suddenly all of your Facebook images are gone simply because Facebook stored it in SSD and forgot about it. But, it will not happen as Facebook have their separate cold storage facilities to outrun this problem.



A recent presentation is given by Alvin cox, Seagate’s engineer at Joint Electron Device Engineering Council seminar. He warned that the period of time data is retained on some solid-state drives is halved for every 9°F (or 5°C) rise in temperature where it’s stored. It means that if the solid state drive is at normal room temperature which is 25°C then it’s okay but if the temperature goes somewhat 5°C high, then half of your data will be gone.

Now all the guys living in desert areas might be thinking that why they still have their data safe. You don’t lose your data that easily if you are regularly giving power to it or maintaining the temperature by using it. Or, you are using some high-end SSD, which we all are using in our MacBooks or gaming laptops then it will have around two-year life span. So, for two years, your data will be safe even if you change the temperature or not.
But enterprise solid state drives are the most affected ones. These drives are having the data loss problem pretty severely. So for the companies who value their data or work on their stored data, it’s a big problem. The one and only reasonable solution to this is to make its copy on mechanical disk. Or else you might lose your data without knowing about it.

This “Killer USB” Flash Drive Will Explode Your Computer

Forget USB 3.1 and USB Type-C, the USB I’m going to describe ahead, will burn down your computer if you insert it in the USB port.

The Killer USB

This story about making a USB flash drive into a bomb was described by a Russian researcher who took an interest in this concept and developed a USB killer pen drive which can burn your computer to ashes.
He says:

"The basic idea of the USB drive is quite simple. When we connect it up to the USB port, an inverting DC/DC converter runs and charges capacitors to -110V. When the voltage is reached, the DC/DC is switched off. At the same time, the filed transistor opens. It is used to apply the -110V to signal lines of the USB interface. When the voltage on capacitors increases to -7V, the transistor closes and the DC/DC starts. The loop runs till everything possible is broken down. Those familiar with the electronics have already guessed why we use negative voltage here. I‘ll explain to others that negative voltage is easier to commutate, as we need the N-channel field resistor, which, unlike the P-channel one, can have larger current for the same dimensions."

This researcher, nicknamed Dark Purple, works with an electronic company and he ordered some China manufactured circuit boards and created a USB killer device for himself.

After finishing, it looks like a regular USB

Talking about the danger involved, he says:

"Within a week, I have developed quite specific circuit implementation, ordered components. After a few months of waiting for them, I made a full-fledged prototype. I tested the idea and “burnt down” everything I could. I’m not going to talk to you about the application area, but a former colleague says that it’s like an atomic bomb: cool to have, but can not be applied."

The Hacker News writes that instances of hacking into the systems and increasing the temperature of a computer to make it burn has happened in the past.
Back in 2014, a security firm demonstrated the same in Apple’s Mac.

If such instances are possible, cyber criminals can surely turn a USB into a bomb and kill people.

So next time if you find a USB flash drive somewhere, what will you do? Throw it away or plug it in some USB port to check the contents?

Windows 10 at the core of future Internet of Things?

While Microsoft pointed out many uses of Windows 10 at its Jan 21 2015 event, it missed out on Internet of Things. Or, at least, did not bring up the topic. It talked about desktop version of Windows 10, mobile version of Windows 10 and Windows 10 for Surface Hub and more but did not drop a hint that it is bringing Windows 10 into the realm of Internet of Things. The article tries to decode how the future of Internet of Things can change with Windows 10 at its core.

Windows 10 for Internet of Things

In the recent developments, the most important are availability of Windows 10 for a range of devices and the upgraded version of Raspberry Pi. There have been more developments but they are out of scope of this article. We focus on Windows 10 for Internet of Things in this post.

Though they did not mention it specially, the way Microsoft presented Windows 10 at the Jan 21 2015 event, they did drop many hints about having an edition of Microsoft Windows 10 for Internet of Things. One such hint was Surface Hub, which is nothing but a screen in effect but runs on Windows 10. The Holographic glasses will also run on Windows 10. Microsoft has come up with a micro version of .Net framework. All these are ample to suggest that there will be a version of Windows 10 for Internet of Things. And the doubts are cleared with new version of Raspberry supporting Windows 10.

More Coding Options As Windows Does All Essential Work
If Microsoft is offering a custom version of Windows 10, that I believe is named “Windows 10 Athens“, for micro systems and for Single computer boards such as Raspberry PI 2, there is a great scope of people using Windows 10 to build all the small things that will be connected to the Internet. Right now, people are using Linux for IoT (Internet of Things) and most of them code in Python and C++. Both these languages, once into executable form, will not be a problem for running on Windows 10. Every programmer knows that coding in C++ and Python is better and provides total control over hardware. So far, they had to come up with codes that would make the most of the hardware and deal with the compatibility of the operating system running these custom programs. They had to code for proper usage of hardware so that no part of the hardware was clogged and left unavailable for programs.

Notwithstanding the fact that programmers have better control over the hardware required for Internet of Things, the Windows 10 operating system will let them program more easily using more languages. Thus, more people will enter into creating and maintaining Internet of Things. Windows 10 is not about graphics user interface. Even Linux provides one but is bulky compared to Win10. The better part is that it is trimmed down just to suit the single computer boards such as Raspberry Pi 2 and does not waste resources unlike other operating systems. Programmers can now code without having to worry about handling memory properly, for instance. Windows 10 itself handles RAM in way that no part of memory is blocked and is easily available to programs on the IoT things. Likewise, the operating system runs easily on ARM-based processors and handles micro x86 chips easily.

Security of Internet of Things: Micro .NET and Win10 Internal Security
With Microsoft developing a micro version of .NET, security will increase with Windows 10 for Internet of Things. As of now, people do not even care to change their default passwords on things connected to the Internet. The ovens, lighting systems etc come with default passwords such as “passwords”, “1234” or “0000” and end users do not even know that they have to change the password to make themselves safer. All these while, any hacker can take control of these connected devices and use them to initiate a DDoS attack on any website. Since the things of Internet of Things are distributed throughout the globe, it is hard to charge anyone with hacking.

With Windows 10 coming into the picture, along with, the enhanced Micro .NET (that’s what I will call it until it has a formal name announced) things will change as the operating system has focused on security that will be much better than other operating systems in the market as of now. It will be harder for hackers to break into things of Internet of Things.

While Microsoft has been building its own Internet of Things and they stress on security, the other programmers creating their own Internet of Things can now use a lightweight graphical interface to prompt and let the users change the passwords easily.

Windows 10 For IoT: Summary
The future of IoT looks more promising and focuses on the security of connected devices. Windows 10 promises better Internet of Things with one of its edition focusing solely on the functioning and security of the devices used in all households.

To sum up in one line, Windows 10 is all set up to build up a major portion of Internet of Things with its new Windows 10 Operating System and the micro .NET framework as people will prefer the combination for simple UI and enhanced security features.

Windows 10 will make you fall in love with your Lumia

Windows 10 announcement has showcased a new generation of t Windows. Our future is moving towards more personal computing, covering the largest range of devices with innovative techniques and technologies. Now the screen size of the devices simply holds no importance because Universal Windows apps with cross-device compatibility are on its way.

 Picture 1: Windows Lumia logo

With Windows 10, phones and other small tablet can interact with the PC more smoothly and efficiently that before. So if you are a Lumia phone user and looking for what Windows 10 is bringing for you? Then trust me Windows 10 will make you fall in love with your Lumia.
With the new suite of in-box apps, the experience with the Lumia device will be more customizable and intuitive than before.

The announcement of new Office Universal apps in Windows 10 will allow the users to easily go through e-mails just like as you are using them through your PCs.
Working with PowerPoint, Word in Windows 10 will definitely please you because the increased functionality and UI changes of these applications is unique in itself. The next generation of Windows is definitely appealing for every device that is capable of running Windows 10.

There are quite a few times when we need to go somewhere and the route is not clear in our mind. At this time ‘Maps’ is the required app which can hold our hand to guide us the driving direction.
 Not only this, in a meantime you can go through different restaurants with their reviews and can confirm your seat directly as well. All these are possible now with Lumia Maps app in Windows 10.

As Microsoft has promised, a free update to all its Windows Phone users, one thing that has to be cleared here is that not all phones will be getting the Windows 10 update.

 

Picture 2: Windows Lumia phones

Microsoft through their Lumia Conversations Blog announced,

“Like any upgrade to a new platform, not every phone will upgrade or support all possible Windows 10 features, and certain features and experiences will require more advanced future hardware “

Chris Weber, Corporate Vice President of Sales for the Microsoft Mobile Devices group, in his conversation on ‘Lumia Conversations Blog’ mentioned,

“Our goal is for the majority of the Lumia phones running Windows Phone 8 and 8.1 to join the Windows ecosystem along with an expected hundreds of millions of PCs, tablets and other devices running the next generation of Windows. “

Now it doesn’t matter whether you are using PC, tablet or phone for your work.
Windows 10 will allow you to work from any device and from anywhere.
Just wait, as in the future more announcement are expected to be made.