• 2014-04-16 05:07 Emsisoft Knowledgebase: The Truth About CAPTCHA Cracking
• 2014-04-16 05:13 LaCie Data Breach – Part of a Larger Malware Trend
• 2014-04-16 13:19 Voting: Select your Champion in the Emsisoft Illustration Contest 2014
• 2014-04-16 15:53 Троянцы показывают рекламу пользователям Mac OS X

Антивирусный "хостинг"

Клуб пользователей антивирусных услуг (Saas, Cloud)

KMM поделился ссылкой

Emsisoft Knowledgebase: The Truth About CAPTCHA Cracking

CAPTCHAs, or Completely Automated Public Turing tests to tell Computers and Humans Apart, are those distorted word-images you find sometimes when you fill out forms on the web.  They are utilized by high traffic websites and freemail providers like Google and Yahoo to discourage spammers from taking advantage of their comment sections or services.

CAPTCHAs work because computers can’t read their distorted text like humans can.  In this way, CAPTCHAs are actually the opposite of a Turing test because they reveal how computers are not like humans (i.e., they don’t have eyes!).

Before CAPTCHAs, spammers could write programs that could register for 1000s of freemail accounts at once by automatically filling out forms with bogus information.  They could then use these 1000s of accounts to send spam to 1000s of legitimate users.  Before CAPTCHAs, spammers could also write programs that could automatically spam the comment section of a high traffic blog or a discussion forum.

Today, CAPTCHAs have made such programs obsolete; but, that doesn’t exactly mean that CAPTCHAs can’t be cracked.  Quite the contrary, actually.

Monetized CAPTCHA Cracking

Today, there very literally exists a not-so underground CAPTCHA cracking economy.  CAPTCHAs are everywhere, and the demand to bypass them in an efficient way has created a hyper-competitive supply of service providers.

In 2010, The University of California, San Diego published an in depth economic analysis on this phenomenon, called Re: CAPTCHAs — Understanding CAPTCHA-Solving Services in an Economic Context.  This paper is a great read for anyone who wants to understand the driving forces behind any computer security arms race.

What the UCSD found was that although hackers can create highly advanced Optical Character Recognition (OCR) technologies to “read” CAPTCHAs as would the human eye, the favored approach to CAPTCHA cracking is to employ third world workers at sweatshop wages to solve CAPTCHAs en masse, by hand.  Although by no means ethical, the latter approach is much more cost effective

Why OCR Doesn’t (Quite) Work

Creating a software that can read a CAPTCHA like the human eye is a titanic endeavor.  Not only does it require a highly skilled programmer, but it also requires that that programmer is okay with investing a large portion of his or her time in creating a tool meant solely to spread spam.  People like this do exist, but they are a lot harder to come by than impoverished citizens of third world nations willing to work for a few dollars a day.

What complicates the OCR CAPTCHA crack even further is that it’s like hitting a moving target. This is a theme prevalent throughout all of computer security: As soon as a problem is solved, a new and unpredicted one emerges.  With malware, it’s usually the bad guys who have the upper hand, as new threats call for new means of protection.  (This is why Emsisoft created the Behavior Blocker :).  With CAPTCHAs, however, the roles are reversed.  As soon as an effective CAPTCHA cracking OCR is made, companies who create CAPTCHAS begin to notice its efficacy.  In response, these companies simply change the way they create their CAPTCHAs, and render the new OCR useless.

By far the largest CAPTCHA creator today is reCAPTCHA, which was actually acquired by Google in 2009.  reCAPTCHA creates CAPTCHAS by scanning printed text and distorting the resulting imagery in a number of random ways.  The end result is a one to two word phrase that can (usually) only be read by the human eye.

Throughout the years, there have been a number of OCRs which have claimed to be able to crack reCAPTCHA’s CAPTCHAs.  One of the most popular ones in use today comes on an SEO booster program called XRumer.   In October 2013, there were also rumors of an OCR developed by AI company Vicarious that could solve 90% of reCAPTCHA’s CAPTCHAs.  While the former represents a money making tool used with moderate success by black hat spammers and the latter a legitimate endeavor in AI research, neither works as well as the real thing.

The Alternative: 1000 CAPTCHAs for 1 dollar

Today, there are a number of companies that exist solely to crack CAPTCHAs for aspiring spammers, with armies of third world workers, comprised of impoverished people who willingly sit at computers and solve CAPTCHAs manually for 8 hours a day.

Here is a list of some of the biggest players in the industry:

• Antigate.com
• BypassCaptcha.com
• Captchabot.com
• Deathbycaptcha.com

There are also companies that exist solely to recruit workers for the sites listed above. One of the largest is Russian-based KolotiBablo.com.

While the ethics surrounding this development are murky at best, the economics are quite clear.  Why pay for or invest in an expensive technology when you can have better results at a fraction of the cost?  Such are the ways of the world, and many of the CAPTCHA sweatshops listed above are quick to defend themselves against critique.  The general defense is that $2-3/day is more than enough to feed most CAPTCHA crackers, and even their families.  While this may be true, it completely side steps the downright robotic, thankless, and largely negative nature of the CAPTCHA cracking task:  Making 1^st world spammers rich.

A Third Way: CAPTCHA Bots

CAPTCHAs can also be cracked using botnets, but like OCR technology CAPTCHA botnets don’t really pay off at all.  The idea behind CAPTCHA botnets is to use zombie computers to solve CAPTCHAs supplied by a C&C server.  This technique occurred briefly in Koobface, a worm that propagated through social media sites back in 2009.  Koobface spread itself by placing malicious links to websites where it could be downloaded in messages and on walls.  To do this effectively, it needed fake social accounts.  And to create fake social accounts, it needed to solve CAPTCHAs.

Rather than outsourcing to Captchabot or Antigate, the makers of Koobface decided to keep their CAPTCHA cracking in-house.  They did this by integrating CAPTCHA cracking into the botnet.  During the course of Koobface infection, zombie computers would be forced to repeatedly poll the C&C server for CAPTCHAs to solve.  In response, the server would return CAPTCHAs disguised as Windows Security requests, with a countdown to shutdown.  Users would be forced to provide solutions, and solutions would be used to create new social accounts and spread the malicious worm.

Are CAPTACHAs Even Effective?

CAPTCHAs were initially created to provide a reverse Turing test.  By this measure, they are incredibly effective – as evinced by the fact that career spammers would rather use humans than computers to solve them!

As an anti-spam security solution, CAPTCHAs are only marginally effective.  Today, CAPTCHAs are more of a financial deterrent than they are a foolproof means of prevention.  In 2010’s demand driven CAPTCHA cracking market, the UCSD reported that anyone with $1000 could have about 1 million CAPTCHAs cracked in as little as 6.75 hours.  That’s 41 CAPTCHA cracks per second!  In 2014, prices are probably even cheaper and returns rates even faster; and yet, perhaps like OCR software, manual methods may have economic limits of their own.

In any event, to the career spammer CAPTCHAs represent little more than an operational expense.  At the same time – and on the other end of the spectrum – CAPTCHAs represent a livelihood for impoverished people in today’s digital sweatshops.  Between these extremes, there then lies the rest of us: Everyday Internet users, to whom those annoying, distorted word chunks mean little more than speed bumps as we browse.

Related Posts:

• Viruses that went Viral: Conficker
• How many viruses are created by Anti-virus companies?
• Hacking Identity Theft 2: More Entry Points, More Tools, And
• What’s with all the Point of Sale Data Breaches?
• Emsisoft Explores the Worst Passwords of the year 2013

KMM поделился ссылкой

LaCie Data Breach – Part of a Larger Malware Trend

ALERT: French computer hardware manufacturer LaCie has just confirmed a data breach affecting customers who made online transactions on its website between March 27, 2013 and March 10, 2014.

If you purchased anything from LaCie.com within the last year, Emsisoft recommends keeping a close eye on the credit card you used.

LaCie has posted a detailed statement regarding the breach.

Notably, the company has for the time being shut down the eCommerce portion of its website, while hired analysts investigate the breach in depth. LaCie also mentions that, moving forward, they will be migrating all eCommerce to a third party company that specializes in secure, online transactions.

Why is this happening so much!?

Readers who have followed any tech media channel for the last few months might have noticed a disturbing trend: Data breaches are on the rise. For most, the story begins with the North American big-box retailer, Target. During the 2013 Holiday shopping season, Target fell prey to a highly advanced malware infection that allowed for a point of sale data breach that affected millions. In the months that followed, a string of similar POS data breaches emerged.

For consumers, this latest breach at LaCie may indeed appear connected. Financial data has been compromised, and steps to resolution are nearly identical: Keep an eye on your card, and cancel it if you suspect fraud. From a technical standpoint, however, things are not quite so similar. The malware involved in the string of POS data breaches that started late last year and continued into 2014 was a POS RAM scraper called BlackPOS. The malware involved in the breach at LaCie is different, and is actually part of a massive botnet that leverages a vulnerability present in outdated versions of a web application platform called Adobe Coldfusion, a platform that many website proprietors use.

Investigative journalist Brian Krebs has been following this malware since at least the beginning of March 2014. According to his research, this malware is behaviorally similar to Zeus, in that it is designed to “wake up” during sensitive transactions and “grab” data from user submitted forms. In addition to LaCie, Krebs has connected this malware to breaches affecting Smuckers Jams, SecurePay, and many other smaller companies – he lays it all out in detail here. Most surprisingly, Krebs also made mention of the possibility of a LaCie data breach on March 17^th, 2014, nearly a month before LaCie’s official acknowledgement!

How can I deal with data breaches?

End users: The LaCie data breach and others like are the product of infected web servers that have been left vulnerable due to outdated software. As an end user shopping on the Internet from home, there is thus little one can do to repair a problem that very well might affect a computer located half-way across the world. If you regularly engage in eCommerce, it is therefore good practice to keep a close eye on the credit card you use to do so – even in the absence of official breach statements from proprietors. As Krebs March 17^th blog post on LaCie clearly shows, it often takes quite some time for large corporations to fully investigate a breach and issue a warning to customers.

Website owners: Krebs’ latest post on LaCie purports that this latest compromise and the string of breaches connected to it have actually been instigated by a well-organized group of cyber criminals. The consistent revelation of breach after breach, with each breach leveraging unpatched versions of Adobe Coldfusion, means that website owners who haven’t already patched the software need to do so immediately. The same can be said for any software used on a web server: If updates are available, it’s usually best to install them. Cybercriminals tend to attack where there is the greatest probability of reward, and an unpatched web server engaging in financial transactions with multiple customers is a prime target. For this reason, many companies choose to outsource their eCommerce to a third-party service provider that specializes in secure online transactions. Businesses who run their own servers also invest in server-friendly anti-malware, such as Emsisoft Anti-Malware for Server.

 

While unfortunate, this latest breach and others like it can serve as useful reminders. All financial information involved in eCommerce transactions should be assumed to be at risk of comprise and should be regularly monitored. Furthermore, the road to a Malware-Free World is a two-way street, that requires the effort of both end users and website proprietors.

Have a nice (breach-free) day!

Related Posts:

• Emsisoft Alert: Kickstarter Data Breach
• Brick and Mortar Identity Theft Targets 40 million Accounts
• Emsisoft Security Warning: 16 Million Email Accounts hacked…
• What’s with all the Point of Sale Data Breaches?
• WordPress Sites Used for DDOS Attacks

KMM поделился ссылкой

Voting: Select your Champion in the Emsisoft Illustration Contest 2014

To honor our 10th anniversary, we launched an international Illustration Contest only a few weeks ago. Now it is time we pick our winners!

We’ve already narrowed it down to 30 submissions. Rather than duke it out with a battle ending in tears, we thought we’d give our loyal customers and fans a chance to voice their opinion. By selecting your personal champion on Facebook, you can take the chance to win a free year of Emsisoft Anti-Malware yourself.

 

PS: If your entry has been disqualified due to copyright infringment or simply did not make the cut, you have still one more chance to win by participating in the vote until April 30th! Here is a sneak peak of some nominees:

Click to view slideshow.

 

Related Posts:

• Show us Why you Party with Emsisoft – Illustration…
• Show us Why you Party with Emsisoft – Illustration…
• Best Russian User Artwork selected
• Best Russian User Artwork selected
• Best Russian User Artwork selected

KMM поделился ссылкой

Троянцы показывают рекламу пользователям Mac OS X

16 апреля 2014 года

Вредоносные программы, созданные злоумышленниками с целью обогащения за счет демонстрации пользователям Интернета назойливой рекламы, имеют чрезвычайно широкое распространение, однако до недавнего времени они досаждали, в основном, пользователям ОС Windows. Именно поэтому несколько троянцев, исследование которых недавно провели вирусные аналитики компании «Доктор Веб», выглядят весьма необычно на фоне других аналогичных приложений, поскольку заражают компьютеры, работающие под управлением Mac OS X.

Несколько пользователей Mac OS X опубликовали на официальном форуме компании Apple жалобы на навязчивую рекламу, которая демонстрируется в окне браузеров Safari и Google Chrome при просмотре различных веб-ресурсов. Источником проблем оказались вредоносные надстройки (плагины), которые устанавливаются в систему при посещении определенных сайтов. Плагины распространяются в комплекте с легитимными приложениями, способными выполнять на компьютере некоторые полезные функции.

Одна из таких программ носит наименование Downlite и распространяется с сайта популярного торрент-трекера: нажав на кнопку Download, пользователь перенаправляется на другой интернет-ресурс, с которого загружается само приложение, при этом перенаправление осуществляется таргетированно: пользователям Apple-совместимых компьютеров отдается файл StartDownload_oREeab.dmg — установщик Downlite, пользователи других операционных систем могут быть перенаправлены на иные сайты. После загрузки файла начинается установка приложения Downlite.app.

Данный установщик (Антивирус Dr.Web идентифицирует его как Trojan.Downlite.1) обладает любопытной особенностью: он устанавливает легитимное приложение DlLite.app и несколько надстроек к браузеру, при этом в процессе установки запрашивается пароль пользователя Mac OS X, и, если он является администратором системы, приложения устанавливаются в корневую папку. Для работы DlLite.app на компьютере требуется наличие Java, однако вредоносные плагины написаны на языке Objective-C и благополучно запускаются при открытии окна браузера. Также в систему устанавливается приложение dev.Jack, предназначенное для контроля над браузерами Mozilla Firefox, Google Chrome, Safari и детектируемое антивирусным ПО Dr.Web как Trojan.Downlite.2.

Кроме того, рекламные плагины распространяются вместе с другими приложениями (MacVideoTunes, MediaCenter_XBMC, Popcorn-Time, VideoPlayer_MPlayerX). Одним из таких приложений является, например, MoviePlayer (MacVideoTunes): на первом этапе его установки пользователю предлагается запустить программу-инсталлятор без цифровой подписи:

Затем — установить некий «оптимизатор», при этом пользователь лишен возможности сбросить соответствующий флажок, чтобы отказаться от инсталляции приложения:

Данный установщик, детектируемый Антивирусом Dr.Web как Trojan.Vsearch.8, с точки зрения своего функционала очень похож на Trojan.Downlite.1, однако вместо программы dev.Jack он дополнительно устанавливает на компьютер приложение takeOverSearchAssetsMac.app (Trojan.Conduit.1).

Во всех упомянутых случаях установщик осуществляет инсталляцию в систему полезной нагрузки, реализованной в виде файлов VSearchAgent.app, VSearchLoader.bundle, VSearchPlugIn.bundle, libVSearchLoader.dylib и VSInstallerHelper. Результатом всех этих манипуляций является появление в окне браузера навязчивой рекламы следующих типов:

• подчеркнутые ключевые слова, при наведении на которые курсора появляется всплывающее окошко с рекламой;
• небольшое окошко в левом нижнем углу с кнопкой Hide Ad;
• появление баннеров на страницах поисковых систем и на отдельных популярных сайтах.

Специалисты компании «Доктор Веб» рекомендуют пользователям операционной системы Mac OS X не загружать и не устанавливать приложения из сомнительных источников, а также использовать на своих компьютерах современные антивирусные программы.