Skip navigation
Help

Symantec

warning: Creating default object from empty value in /var/www/vhosts/sayforward.com/subdomains/recorder/httpdocs/modules/taxonomy/taxonomy.pages.inc on line 33.

A man who has won about $1.5 million in poker tournaments has been arrested and charged with running an operation that combined spam, Android malware, and a fake dating website to scam victims out of $3.9 million, according to Symantec.

Symantec worked with investigators from the Chiba Prefectural Police in Japan, who earlier this week "arrested nine individuals for distributing spam that included e-mails with links to download Android.Enesoluty—a malware used to collect contact details stored on the owner’s device," Symantec wrote in its blog.

Android.Enesoluty is a Trojan distributed as an Android application file. It steals information and sends it to computers run by hackers. It was discovered by security researchers in September 2012.

The suspect flagged as the "main player running the operation" is 50-year-old Masaaki Kagawa of Tokyo, president of an IT firm named Koei Planning and a poker player with success in high-stakes tournaments around the world.

Masaaki Kagawa wins a big pot in the Aussie Millions Cash Game Invitational a few years ago.

Kagawa has reportedly won about $1.5 million in tournaments dating back to 2008 (minus entry fees). His most recent score was a third place finish in the 2013 Aussie Millions Poker Championship in February, which netted him $320,000.

Kagawa was already under investigation while playing in that tournament. Symantec explains:

From our observations, the operation began around September 2012 and ended in April 2013 when authorities raided the company office. We confirmed around 150 domains were registered to host the malicious apps during this time span. According to media reports, the group was able to collect approximately 37 million e-mail addresses from around 810,000 Android devices. The company earned over 390 million yen (approximately 3.9 million US dollars) by running a fake online dating service called Sakura in the last five months of the spam operation. Spam used to lure victims to the dating site was sent to the addresses collected by the malware.

The malware allegedly used in this operation appears to share source code with Android.Uracto, a Trojan that steals contacts and sends spam text messages to those contacts. Scammers maintaining Android.Uracto have not yet been identified.

0
Your rating: None
Original author: 
Adrianne Jeffries

Atm_robbers_large

Defendants Elvis Rafael Rodriguez and Emir Yasser Yeje posing with approximately $40,000 with cash. Source: US Attorney, Eastern District of New York

If you’d been waiting for the ATM inside the deli at East 59th and Third in Manhattan on Tuesday, February 19th around 9:24PM, you would have been annoyed. A young man in a black beanie and puffy black jacket made seven withdrawals in a row, stuffing around $5,620 into his blue backpack. The man wasted no time. He exited the deli and headed up five blocks to repeat the process at four more ATMs, finishing his route at a Chase bank at 69th and Third at 9:55PM, where he made four withdrawals totaling $4,000.

While the man in the black beanie was beelining along the Upper East Side, seven...

Continue reading…

0
Your rating: None

Aurich Lawson

Researchers have uncovered a never-before-seen version of Stuxnet. The discovery sheds new light on the evolution of the powerful cyberweapon that made history when it successfully sabotaged an Iranian uranium-enrichment facility in 2009.

Stuxnet 0.5 is the oldest known version of the computer worm and was in development no later than November of 2005, almost two years earlier than previously known, according to researchers from security firm Symantec. The earlier iteration, which was in the wild no later than November 2007, wielded an alternate attack strategy that disrupted Iran's nuclear program by surreptitiously closing valves in that country's Natanz uranium enrichment facility. Later versions scrapped that attack in favor of one that caused centrifuges to spin erratically. The timing and additional attack method are a testament to the technical sophistication and dedication of its developers, who reportedly developed Stuxnet under a covert operation sponsored by the US and Israeli governments. It was reportedly personally authorized by Presidents Bush and Obama.

Also significant, version 0.5 shows that its creators were some of the same developers who built Flame, the highly advanced espionage malware also known as Flamer that targeted sensitive Iranian computers. Although researchers from competing antivirus provider Kaspersky Lab previously discovered a small chunk of the Flame code in a later version of Stuxnet, the release unearthed by Symantec shows that the code sharing was once so broad that the two covert projects were inextricably linked.

Read 24 remaining paragraphs | Comments

0
Your rating: None

Aurich Lawson

Some say we're living in a "post-PC" world, but malware on PCs is still a major problem for home computer users and businesses.

The examples are everywhere: In November, we reported that malware was used to steal information about one of Japan's newest rockets and upload it to computers controlled by hackers. Critical systems at two US power plants were recently found infected with malware spread by USB drives. Malware known as "Dexter" stole credit card data from point-of-sale terminals at businesses. And espionage-motivated computer threats are getting more sophisticated and versatile all the time.

In this second installment in the Ars Guide to Online Security, we'll cover the basics for those who may not be familiar with the different types of malware that can affect computers. Malware comes in a variety of types, including viruses, worms, and Trojans.

Read 35 remaining paragraphs | Comments

0
Your rating: None

L3sPau1 writes "For five years, it hid in the weeds of networks used by Eastern European diplomats, government employees and scientific research organizations, stealing data and infecting more machines in an espionage campaign rivaling Flame and others of its ilk. The campaign, called Rocra or Red October by researchers at Kaspersky Lab, focused not only on workstations, but mobile devices and networking gear to gain a foothold inside strategic organizations. Once inside, attackers pivoted internally and stole everything from files on desktops, smartphones and FTP servers, to email databases using exploits developed in Chinese and Russian malware, Kaspersky researchers said."

Share on Google+

Read more of this story at Slashdot.

0
Your rating: None

BYTE spoke to IT manager Brent Shinn at Double Fine Productions to see how he operates the lean IT department, what he thinks about Windows, and his feelings on BYOD in the workplace. While producing a video game traditionally costs millions of dollars and takes years to make, companies such as Double Fine are using consumer tools like Kickstarter to raise money and to speed up production.

Add to Twitter
Add to Facebook

0
Your rating: None

Crashed Terminal

The hackers behind "Operation Aurora" — a highly coordinated cyber attack against 34 companies, including Google, in 2009 — may be the same group that has recently been infiltrating organizations with a series of zero-day exploits. Wired reports that researchers for Symantec have identified the group by similarities in code and tactics utilized in the attacks, dubbing the group the "Elderwood Gang" after the specific exploit the hackers used. In the last three years, the group managed to launch an unprecedented eight zero-day attacks, including three within a single month — Symantec notes that only eight zero-day exploits were discovered in all of last year. Check out the source for a detailed look at the sophistication of the...

Continue reading…

0
Your rating: None

An overview of a chosen-prefix collision

Marc Stevens

Flame

The Flame espionage malware that infected computers in Iran achieved mathematic breakthroughs that could only have been accomplished by world-class cryptographers, two of the world's foremost cryptography experts said.

"We have confirmed that Flame uses a yet unknown MD5 chosen-prefix collision attack," Marc Stevens and B.M.M. de Weger wrote in an e-mail posted to a cryptography discussion group earlier this week. "The collision attack itself is very interesting from a scientific viewpoint, and there are already some practical implications."

"Collision" attacks, in which two different sources of plaintext generate identical cryptographic hashes, have long been theorized. But it wasn't until late 2008 that a team of researchers made one truly practical. By using a bank of 200 PlayStation 3 consoles to find collisions in the MD5 algorithm—and exploiting weaknesses in the way secure sockets layer certificates were issued—they constructed a rogue certificate authority that was trusted by all major browsers and operating systems. Stevens, from the Centrum Wiskunde & Informatica in Amsterdam, and de Weger, of the Technische Universiteit Eindhoven were two of the driving forces behind the research that made it possible.

Read more | Comments

0
Your rating: None