Nordstrom tracking customer movement via smartphones’ WiFi sniffing

“You’ve spent quite some time in the lingerie department, but you haven’t even peeked at our display of Bose® ‘OE2′ Audio Headphones, which were $149.95 but are now ONLY $134.96! Can we talk?”

OK, so that’s not exactly what Nordstrom says it’s planning to do with the information it gleans from tracking customers’ movements throughout their stores.

But it certainly could market that aggressively, now that the department store – purveyor of apparel, shoes, jewelry, and the like – has implemented technology to track how much time you spend in specific departments within 17 stores in the US.

Tara Darrow, a company spokeswoman, told CBS DFW that sensors in the stores are collecting information from customers’ smartphones as those phones automatically scan for WiFi service.

Darrow said that the sensors monitor which departments you visit and for how long, but the sensors don’t actually follow your phone from department to department, and they don’t identify personal information tied to a phone’s owner.

Source:
http://nakedsecurity.sophos.com/2013/05/09/nordstrom-tracking-customer-smartphones-wifi-sniffing/

Posted in Internet, Privacy | No Comments

AutoIT makes malware “outrageously easy”

Security firm Trend Micro has seen an uptick in AutoIT-based malware thanks to the fact that it’s an easy-to-learn language that allows for quick development. It enables everything from simple scripts that change text files to scripts that perform mass downloads with complex GUIs. One commonly seen nefarious AutoIT tool code being uploaded to Pastebin is a keylogger.

“Grabbing this code, anyone with bad intentions can quickly compile and run it in a matter of seconds,” said threat researcher Kyle Wilhoit. “Upon compiling and executing the script, it creates two files – one that displays the correlated keystrokes in a local HTML page, and a second file that is a zip file of the first file – likely for exfiltration.”

In addition to keyloggers, Remote Access Trojan (RAT)-builders and server administrators based on AutoIT are becoming more prevalent.

“One RAT-builder identified was particularly interesting, as it showed a relatively professional level of development,” Wilhoit said. “Upon connecting to this RAT builder/administrator, the nefarious actor can get a remote shell and perform a litany of other system tasks on the victim. Further analysis of this RAT builder traces the developer back to several underground forums.”

Trend Micro also found a tremendous increase recently in the amount of malware utilizing AutoIT as a scripting language. One piece of malware that was found in the wild is a variant of the popular DarkComet RAT, using AutoIT. This variant runs a backdoor on the victim machine and communicates outbound to a malicious host. It also modifies the local software firewall policies to disable them, in addition to installing itself at startup for persistency.

Source:
http://www.infosecurity-magazine.com/view/32264/autoit-makes-malware-outrageously-easy/

Posted in Coding, Internet, Security, Software, Windows | No Comments

Hackers gain access to all .edu domains

The hacker collective “Hack the Planet” (HTP) has claimed responsibility for an attack on MIT (Massachusetts Institute of Technology) computer systems in late January, in which it claims to have briefly taken control of the university’s domain, redirected email traffic, and obtained administrator access to all .edu domains. HTP also claims to have compromised web servers for other sites, including security tool Nmap, network security service Sucuri, IT security company Trend Micro, and network analysis tool Wireshark.

Some of the hacks made use of a zero-day exploit, which the group has now taken the opportunity to disclose, against a vulnerability in the MoinMoin wiki system. Hack the Planet has also released information about an exploit against web servers running ColdFusion 9 or 10. The group claims to have used a variant of this exploit for their April attack on hosting company Linode.

HTP are a pretty hardcore bunch, though they are keen to stress their adherence to hacking’s code of honour on their trawls through the web. In contrast to the carefree approach practised by more chaos-loving hackers of the LulzSec ilk, which involves simply pasting everything they uncover online, they appear to be more concerned with bragging rights. They document their deeds in old-school zines, consisting of scorn-laden ASCII documents with detailed descriptions of their adventures.

According to the latest zine, HTP has obtained access to a number of servers, including servers hosting the Nagios, Mono, Pastie, and SQLite projects. The hackers even claim to have compromised ICANN and the SourceForge backbone. They have published around 7500 .edu domain records together with unsalted MD5 password hashes. Nearly half (around 3400) of the records also include the password as plain text. In view of the speed with which it is possible to try out MD5 hashes, it is likely to be only a matter of time before the remainder are cracked. The registrar has declined to comment on whether or not it has a firm grip on the threat this poses.

Source:
http://www.h-online.com/security/news/item/Hackers-gain-access-to-all-edu-domains-1858471.html

Posted in Internet, Privacy, Security | No Comments

Malwarebytes backup service prevents malware uploads

Your hard drive crashes. You hit “Save” without thinking and an important version is overwritten and lost forever. Someone accidentally deletes all the wedding pics. You restore an infected file to your new computer and end up having to start all over again.

Stuff happens.

Having a backup is a good idea. Having a backup that you can be confident is completely free of malware is a better idea.

Malwarebytes Secure Backup automatically backs up your important documents, music, photos, and videos to our state-of-the-art online data center. And these files are transmitted using military-grade encryption for complete safety.

But before Malwarebytes Secure Backup uploads a file, it scans the file for malware using Malwarebytes Anti-Malware. So now you can confidently save files that you know are clean. And you can share these clean files with friends by simply sending URL links to the files stored at our data centers.

Unlike other backup services, Malwarebytes Secure Backup won’t allow you to back up, restore, or share infected files or malware. It’s just a good idea…made better.

Source:
http://www.malwarebytes.org/products/securebackup/

Posted in Internet, Security | No Comments

Stats confirm that trojans spreading, malware being built at record rates

Trojans continue to dominate the threat landscape, according to Panda Security’s latest quarterly report, released Monday.

The anti-virus maker’s research arm, PandaLabs, found that between January and March of this year, more than 6.5 million new malware strains were built, with trojans comprising 75 percent of those. In total, trojans were responsible for 80 percent of global computer infections – a record – far outpacing worms, viruses and adware.

Across the globe, researchers discovered that more than 31 percent of PCs have been seeded with malware, with machines in China experiencing the highest infection rates (around 50 percent). In the United States, PandaLabs said 28 percent of computers are infected nationwide, numbers that roughly correspond to previous versions of the report.

PandaLabs said trojans are particularly effective because of their ability to take advantage of vulnerabilities in commonly deployed third-party software, such as Java or Adobe, and be served through compromised websites. Plus, they often can evade detection.

“This attack method allows hackers to infect thousands of computers in just a few minutes with the same trojan or different ones, as attackers have the ability to change the trojan they use based on multiple parameters, such as the victim’s location, the operating system used, etc.,” according to PandaLabs.

Source:
http://www.scmagazine.com/stats-confirm-that-trojans-spreading-malware-being-built-at-record-rates/article/292188/

Posted in Internet, Security, Software | No Comments