SMS Trojans Spreading to the Rest of the World

SMS Trojans that ride along on supposedly benign mobile apps and then send out messages to high-priced numbers have been a problem in some Asian and Eastern European countries for several years now, most notably in Russia and China. But now the attackers have realized that there's a whole big world of users out there to target and have begun going after people in other countries with new strains of SMS malware.
A new SMS Trojan that has been seen in some limited infections so far, is targeting users in a number of European and western countries right now, including Belgium, Canada, France, Germany, Luxembourg, Spain, Switzerland and the UK. The Trojan has a couple of main functions, each of which is designed to deceive the user and surreptitiously run up charges on her mobile bill.
The Trojan has been seen thus far hiding inside an app that supposedly monitors the victim's SMS and data usage on the device.

The Android app has shown up on file-sharing sites under the name SuiConFo.apk, according to research by Kaspersky Lab researcher Denis Maslennikov, and once it's installed on a victim's device, it will initially display an error message saying that the user's device isn't compatible with the app. That's just the beginning, however.
"Right after displaying this message the Trojan will call the public method getSimCountryIso in the TelephonyManagerclass in order to retrieve the ISO country code of the SIM card," Maslennikov wrote. "After defining the country and, therefore, the number and message text, the Trojan will send 4 SMS messages with the help of thesendTextMessage method. SMSReceiver.class is responsible for hiding incoming SMS messages from particular numbers. If there is an incoming SMS message from one of the following numbers: 81001, 35064, 63000, 9903, 60999, 543, 64747, then the Trojan will try to hide it using the abortBroadcast method. The number itself is retrieved from the SMS message with the help of getDisplayOriginatingAddress."
So the Trojan will remain in the background, checking for incoming messages from specific SMS numbers, and will then hide those messages from the user so she isn't aware of the infection and the fact that outgoing messages are being sent to premium-rate numbers. The charges for those messages can accumulate quickly, and if the user isn't aware that they're being sent, it can be an expensive infection.
Researchers have found similar SMS Trojans going after users in the United States, the UK and the Netherlands in recent months, but infections have been limited so far. That may well change as the popularity of Android devices--which have been the main target for SMS Trojans--continues to increase.

New Facebook Worm installing Zeus Bot in your Computer

Today another new attack on Facebook users with Zeus Bot comes in action. The researchers of Danish security firm CSIS, has spotted a worm spreading within the Facebook platform. A new worm has popped up on Facebook, using apparently stolen user credentials to log in to victims' accounts and then send out malicious links to their friends. The worm also downloads and installs a variety of malware on users' machines, including a variant of the Zeus bot.

If followed, the link takes the potential victim to a page where he or she are offered what appears to be a screensaver for download. Unfortunately, it is not a JPG file, but an executable (b.exe). Once run, it drops a cocktail of malicious files onto the system, including ZeuS, a popular Trojan spyware capable of stealing user information from infected systems. The worm is also found to have anti-VM capabilities, making it useless to execute and test in a virtual environment, such as Oracle VM VirtualBox and VMWare.

Zeus is a common tool in the arsenal of many attackers these days, and is used in a wide variety of attacks and campaigns now. It used to be somewhat less common, but the appearance of cracked versions of the Zeus code has made it somewhat easier for lower-level attackers to get their hands on the malware. Zeus has a range of capabilities, and specializes in stealing sensitive user data such as banking credendtials, from infected machines.

"The worm carries a cocktail of malware onto your machine, including a Zbot/ZeuS variant which is a serious threat and stealing sensitive information from the infected machine," warn the researchers.The worm is hosted on a variety of domains, so the link in the malicious message may vary. Other servers are used to collect the data sent by the aforementioned malware and to serve additional malicious software.

This type of thing is very rare to just send to your email without you requesting it so I would advise anyone who thinks that you may have seen an email like this to delete it and mark it as spam right away.

Ministry of Foreign Affairs Dhaka (Bangladesh) Hacked By KhantastiC haXor & Shadow008

Ministry of Foreign Affairs Dhaka (Bangladesh) has been Hacked by the Pakistani Hacker called KhantastiC HaXor & Shadow008. However, the hacker did not full deface the site and has just added a friendly message to there administrators to keep there sites security higher.

This is Message which was added on the site:

Hello from Pakistan :D 
how re you Bangladesh GOV !! :P ...
No News is Good News Please Please Secure it :P //... 
thanks contact @

Site Hacked:


1,200 + Indian Sites Hacked By Shadow008 (PakCyberArmy)

More then 1,200 + Indian Sites has been hacked by Shadow008 from the team called Pakistan Cyber Army. It was a payber after Indian hackers where trying to spread some kind of virus on Pakistan's Government websites .  However, Pakistani Hackers proved that Pakistani's hackers can also spread virus on Indian websites.

Sites Hacked:


23,000 + Sites Hacked By H4x0rL1f3

A Pakistani hacker called H4x0rL1f3 has hacked more then 23,000 sites today. However, it took the hacker 5 hour to submit all his defacement's on zone-h to make mirror's. This might be the 1st Pakistani hacker which has hacked this large amount of sites in 1 day or maybe the 1st Pakistani hacker which has the highest sites hacked. The submitting of his defacement's had made zone-h server extremely slow due to the high amount of sites getting submitted by H4x0rL1f3 which made it hard for other hackers to submit there defacement's.

Total notifications: 23,406 of which 2 single ip and 23,404 mass defacements

Sites Hacked By him which has been mirrored are here:

141 Indian Websites Hacked By R0b0t PiraTes

A Pakistani hacker called R0b0t PiraTes has hacked 141 Indian websites. The hacker had hacked them after Indian Cyber Army hacked 130+ Pakistani website as a payback.

Sites Hacked:

2,000 + Websites | 26 Educational Websites | 13 Security & Hackers Websites Of India Hacked By Shadow008 (PakCyberArmy)

The Pakistani hacker called Shadow008 from the Team Pakistan Cyber Army has hacked 2,000 Indian websites. The hacker had also attacked 26 Educational websites and 13 Security and Hackers Websites of India. The hacker had added a warning message to Indian hackers not to hack any Pakistani website.
The hacker had also said that this is a payback from Indian hackers which hacked 130+ Pakistan'i websites.

Hackers And Security Websites Hacked:

Educational Websites Hacked:

    2,000 + Indian websites Hacked:

    And all others are listed at:

    5 Indian Government Websites Hacked By KhantastiC HaXor & Shadow008

    The 2 Famouse Pakistani hackers called KhantastiC HaXor & Shadow008 has hacked 5 Indian Goverment websites after Indian hackers hacked 130+ Pakistani Website's.

    Sites Hacked:


    45+ Indian Sites Hacked By Pakistani Hackers (Including Govt, Universities & Many More)

    It seems like the Indishell attack is costing a lot for Indian Cyber Fence. Just after the Seeker and HEX786 attack now Invectus a Pakistani hacker has hacked and defaced the official site of Mahila Industrial Training Institute (Govt. of India).

    Hacked Site:-
    Mirror Link:-


    Another Pakistani hacker named MrCreepy from Team Guardians has hacked and defaced more than 45 Indian University's Websites

    List of Hacked Sites:-

    110+ Indian Sites Hacked By Seeker & HEX786 (Pakistani Hacker)

    Again the Cyber War is on between Indian and Pakistani hackers. Few hours ago Indian Cyber Army known as Indisheel hacked more than 130 Pakistani websites, now in counter attack Pakistani hacker Seeker & HEX786 has rooted an Indian web-server. Thus they hacked more than 110 Indian websites. According to the hackers this is just a payback or revenge of the Indishell's attack on the Pak Cyber fence. 

    List of Hacked Sites :-

    Indishell Unleashed Pakistan Cyber Fence, 130+ Pak Sites Hacked

    More than 130 Pakistani websites hacked and defaced by Team Indian Cyber Army (ICA) also known as Indishell. According to ICA authority this cyber attack has been done to show a tribute to those heroes who dedicated their lives on the 26/11 Mumbai Attack.  

    List Of Hacked Sites:-

    Message of Indishell :-

    "This Mass Deface Cyber Attack is done by Team ICA of 
    We are the only real & first ever INDIAN CYBER ARMY [ICA] made and existing !!
    Rest In Peace the Heroes of 26/11 Mumbai Attacks !
    We will Never Forgot your sacrifice and We never will let porkis and this world forget it too !


    National program for Cyber army to be launched in India

    National program for Cyber army to be launched in India

    Increasing attacks on cyberspace in India has brought several professionals and experts from the Industry, in support with the Government of India to jointly form a national level program to identify credible and valuable information security experts. The program "National Security Database" is all set to launch this Saturday in Mumbai at a major Information security conference, MalCon. The database will include ethical hackers and programmers who can protect country’s cyberspace. They will all be registered with the National Security Database, a brainchild of Information Sharing and Analysis Centre (ISAC), a non profit foundation which works closely with the Government on the issue of cyber security.

    The need of such database originated after 2008 attacks in Mumbai when the cyber security professionals realised that a lot needed to be done in the area. "It is observed that some or other form of electronic notification is usually sent before a major terrorist attack, followed by defacement of government web sites. Professional cyber security professionals can make a lot of difference in investigations and help in the entire episode," said Rajshekhar Murthy, director of ISAC. Issue of forming a credible repository of such cyber security professionals who can be trusted with sensitive information can be of use in case of an emergency, and was also raised in a conference held last year.

    "After a lot of brainstorming and analysis the database is in place and will be flagged off on November 26 in Mumbai," said Murthy. As per estimates there are over a lakh cyber security experts and hackers in India who as of now function individually. Each one of them has a certain area of specialisation. "They will be brought in to the NSD after a rigourous test which would test their skills. Also they would be made to undergo psychometric tests over and above the tasks that they would have to perform to test their personal skills. Once they clear all levels they would be empaneled in NSD program in applied areas of specialisation," added Murthy. Fraud investigation, web security, mobile security are some of the areas of specialisation in NSD.

    The Database, which was secretly being worked on from last two years on invitation only basis has already a sizeable number of experts who have developed malwares and softwares to hack into devices like iPhone and XBox Kinect, which are slated for release at the malware conference MalCon. The database will come in handy each time country is under threat on cyberspace front. "The next generation of attacks will not be only on ground but also on country’s cyberspace," said Murthy citing the example of recent attack on some government computers after which the hackers released sensitive information pertaining to the miltary and communication between India and Moscow.

    Companies like QuickHeal and Security Compass among others have already given support to the database and will be hiring security professionals with a direct final interview. "Since NSD professionals will have to go through a tough eight hour lab exam, major companies have written in expressing their interest in hiring NSD empaneled professionals. While NSD does not award certification, we are glad about the support from the Industry" stated Murthy.

    The biggest challenge for NSD now is to reach both hackers and professionals and identify them with skills in existing areas of specialization.. "We have already identified several accross the country. Their motivations is that once they are registered with NSD they not only get to upgrade their skills and knowledge but will also be of service to the country. We are collaborating with government agencies looking after cyber security, all of whom are looking forward to the NSD," said Murthy.

    The program will be flagged off in the International Malware Conference, MALCON, scheduled to be held at JW Marriott on November 26. Sachin Pilot, Minister of State for Communication and Information Technology is also going to join the conference via video conference from Delhi. His office confirmed that Pilot would share his views on cyber security and extend their endorsement to the National Security Database. Officials from National Technical Research Organisation, a government body which looks at cyber security, too have shown keen interest in the NSD. "It is great initiative which will be of use to the nation and will provide a databse of cyber security professionals," said an NTRO official refusing to be named.

    Intercepter-NG New Sniffing Tool

    Intercepter-NG New Sniffing Tool

    [Intercepter-NG] offers the following features:
    + Sniffing passwords\hashes of the types:
    + Sniffing chat messages of ICQ\AIM\JABBER\YAHOO\MSN\IRC\MRA
    + Promiscuous-mode\ARP\DHCP\Gateway\Smart Scanning
    + Raw mode (with pcap filter)
    + eXtreme mode
    + Capturing packets and post-capture (offline) analyzing
    + Remote traffic capturing via RPCAP daemon
    + NAT
    + ARP MiTM
    + DNS over ICMP MiTM
    + DHCP MiTM
    + SSL MiTM + SSL Strip

    Works on Windows NT(2K\XP\2k3\Vista\7).

    Download Intercepter-NG 0.9

    Largest DDOS attack hit Chinese company

    Largest DDOS attack hit Chinese company

    A week-long DDoS attack that launched a flood of traffic at an Asian e-commerce company in early November was the biggest such incident so far this year, according to Prolexic, a company that defends websites against such attacks. The distributed denial-of-service attack consisted of four consecutive waves launched from multiple botnets between Nov. 5 and Nov. 12, 2011.

    The attack on the unnamed organisation and its DNS provider happened between 5 and 12 November and reached 45Gbit/s at peak, equivalent to 69 million packets or 15,000 connections per second, way above the level that can be easily stemmed using standalone appliances, the company claimed. This attack was three times larger in packets per second volume than the biggest attack Prolexic has mitigated previously, which also occurred in 2011.

    Prolexic technicians identified a randomised attack consisting of the largest volume of GET, SYN, ICMP, UDP and DNS floods launched in a single attack campaign this year. They identified that the attack was coming from botnets in multiple worldwide locations.In addition, unlike typical DDoS attacks that are coordinated from one geographic source, this attack was coordinated globally.

    Sudan Airways mailbox database leaked

    Sudan Airways mailbox database leaked

    Sudan Airways mailbox database Hacked By Sudan Cyber Army - SD. Alsa7r and Leaked on Pastebin. The Targeted domains are  & . This Include more than 100's of Usernames, Emails, Passwords. Sudan Cyber Army in past hack lots of Sudan Government Sites.

    Facebook & HTC Developing Facebook Phone Codenamed "Buffy"

    Facebook is working with HTC to develop a phone that has a much deeper integration with the social network than any previous "Facebook phone." That's according to a report from All Things, which says the phone is probably 12 to 18 months away from hitting store shelves.
    Codenamed "Buffy" after the vampire slayer of the same name, the phone will run a modified version of Google's Android, but Facebook is reported to be tweaking the system "heavily."
    HTC is known for modifying Android on its phones with its HTC Sense interface, and both Amazon and Barnes & Noble have created tablets with highly customized versions of the Android, so it's possible that Facebook is adopting a similar strategy.
    Part of the package would be serving up Facebook apps via HTML5 support. This would allow users to play games like Farmville and Poker directly from the Facebook app. While most developers offer their apps as separate downloads from Facebook, that prevents them from tapping into active Facebook users, while cutting Facebook off from potential revenues. Buffy would presumably bridge the gap.
    Both HTC and Facebook told media that they don't comment on rumor and speculation, though the Facebook spokesperson added, "Our mobile strategy is simple: we think every mobile device is better if it is deeply social. We're working across the entire mobile industry; with operators, hardware manufacturers, OS providers, and application developers to bring powerful social experiences to more people around the world."
    The collaborative picture Facebook paints is a far cry from the ultra-competitive war among mobile platforms with Google, Apple, Facebook, and others vying for consumers' hearts and minds. Perhaps the most telling aspect of the rumored phone is the codename. With a name like Buffy, the Facebook phone's mission is clear: slay all comers.

    Progate Group Corporation (PGP) Hacked By Hitcher

    Official website of ASIC Design Service and Platform SOC Solution SOC/IP/MPW/COT/ART Turn Key Design service provider Company Progate Group Corporation (PGP) get hacked and defaced by Hitcher, a well-known Pakistani hacker from Pakcyber Force (PCF). The hacker has created thedeface mirror on the Zone-h. 

    Hacked Site :-
    Mirror Link :-

    Brief About The Company :-
    PGC Inc First Taiwanese company to focus on SoC, SiP IC design services, professional company, won the 2000 Ninth National Award, and was ISO9001 and 14001 quality certification.
    There integrated services are with well-known leader in the world, including TSMC, ASE, ARM, Artisan and other cooperative network relationships, provide customer Gate Array, Standard Cell, Intellectual Property and Multi-Projects Wafer needs chip design, manufacturing, packaging and testing services.
    Last year more industry-leading, the introduction of technology for deep submicron design tools tailored to the advanced (IC Compiler), for the company to enter the 90-nm and 65 nm era, the establishment of a more solid overall competition in niche industrial technology .Company in view of the United States, Japan and Europe market has more than 70% of total revenue, to enhance customer service

    Related Posts Plugin for WordPress, Blogger...