Last year, there was discussion of Google Code, a site which allows developers to host their projects, being used to spread malware. zScaler research found yet another case where Google Code is being used to spread malware. According to Google Code site,

“Project Hosting on Google Code provides a free collaborative development environment for open source projects. Each project comes with its own member controls, Subversion/Mercurial repository, issue tracker, wiki pages, and downloads section. Our project hosting service is simple, fast, reliable, and scalable, so that you can focus on your own open source development”.

The malicious project in question has about 50+ executable stored in the download section of the project.

Most of the files are executable files along with zipped “.rar” files. The time stamps show that the files have been uploaded over the course of the last month. This suggests that an attacker is actively using this free service to spread malware. Virustotal results for the first file, show that only 8 antivirus vendors out of 43 flagged the file as malicious. The detection ratio for second file is slightly better than that of the first file.

Analysis of all files shows that they are all malicious threats including Trojans horses, backdoors, password stealing Keyloggers for online games such as “World of Warcraft” etc. Analysis of the file resources from ThreatExpert report indicates the possible country of origin is China. Interestingly, Google Code FAQ page says they will take down the whole project if they find malware being hosted on the project.

UPDATE: 2 September 2010
Google has immediately taken down the project and URL to that project is no longer accessible.
Source: zScaler Research

Convicted TJX hacker Albert Gonzalez earned $75,000 a year working undercover for the U.S. Secret Service, informing on bank card thieves before he was arrested in 2008 for running his own multimillion-dollar card-hacking operation.

The information comes from one of Gonzalez’s best friends and convicted accomplices, Stephen Watt. Watt pleaded guilty last year to creating a sniffer program that Gonzalez used to siphon millions of credit and debit card numbers from the TJX corporate network while he was working undercover for the government.

Watt told Threat Level that Gonzalez was paid in cash, which is generally done to protect someone’s status as a confidential informant. The Secret Service said it would not comment on payments made to informants. Gonzalez’s attorney did not respond to a call for comment.

“It’s a significant amount of money to pay an informant but it’s not an outrageous amount to pay if the guy was working full time and delivering good results,” says former federal prosecutor Mark Rasch. “It’s probably the only thing he was doing — other than hacking into TJX and making millions of dollars.”

Source: Wired

Russian security firm Intevydis has made a Windows exploit for a previously unknown security hole in Firefox 3.6 available to its customers. The exploit allows attackers to remotely gain control of a PC. Intevydis develops the commercial VulnDisco add-on for the also commercial Canvas exploit toolkit by vendor Immunity. On the Immunity forum, developer Evgeny Legerov praises his exploit for Windows XP (SP3) and Vista as being quite reliable. The developer says It was an interesting challenge to find the flaw – a buffer overflow – and to exploit it.

While the post dates back to the beginning of February, the hole is likely to remain open since no updates have been released for Firefox 3.6 so far. Secunia rates the problem as critical, but hasn’t provided any further information in its advisories and the Mozilla Foundation has become aware of the problem, but has yet to release an official statement. Whether the exploit has already been widely circulated or used on a large scale remains unknown.

However, according to the analysis on the Extraexploit blog, a significant increase in the number of Firefox 3.6 crashes was noted on the 12th and 13th of February. It is unclear whether the crashes were connected to the exploit being tested. The pages causing the highest number of crashes are listed in Mozilla’s crash reports.

In passing, Legerov also mentions zero day exploits for Lotus Notes 8.5/8.5fp1 and for RealPlayer 11. The exploit for RealPlayer is the modernised version of an exploit that appeared two years ago for a hole that RealPlayer closed only recently.

If you’ve ever wondered about the flow of your mouse around your computer screen, a free downloadable application, called “mouse pointer track,” can help you follow these esoteric movements and turn them into a fascinating blur between art and information.

The simple application was developed by Anatoly Zenkov, a Russian graphic designer and programmer, and has been downloaded tens of thousands of times since he first released it in late January this year.

The software runs on any Macintosh or Windows computer and tracks every movement and click of your mouse.

Mr. Zenkov explained in an interview that the project began as a simple attempt to create something visually interesting with computer code. “It was just for fun,” Mr. Zenkov said. “It was meant to be an experiment for me, and then I saw the interest from so many other people, so I decided to share it for free on the Internet.”

As you can see from the images on Mr. Zenkov’s Flickr page, he has been tracking different mouse movements in different application settings.

The images at the top and bottom of this post were made by tracking my mouse movements for 30 minutes, during which time I was writing this blog post and surfing the Web.

Source: The NewYork Times

Geohot finally released his exploit so the world could see for itself exactly what the hack does and doesn’t accomplish.

According to the instructions, it involves compiling and running the kernel module and then pulsing a memory bus on the PS3′s motherboard.

“Try this multiple times,” his instructions state. “I rigged an FPGA button to send the pulse. Sometimes it kernel panics, sometimes it lv1 panics, but sometimes you get the exploit!! If the module exits, you are now exploited.”

While the idea is sound, this hack is clearly not for the faint of heart.

From there, PS3 users get full memory access, including ring 0 access from OtherOS, geohot, whose real name is George Hotz, said here. He’s now turning follow-on work to the PS3 community, directing members to report their findings to the psDevWiki.

His instructions conclude: “The PS3 is hacked, its your job to figure out something useful to do with it.”

Source: The Register