Tag Archive for: Running

DreamBus botnet targets enterprise apps running on Linux servers

/in


dreambus.png

Image: Zscaler

Chances are that if you deploy a Linux server online these days and you leave even the tiniest weakness exposed, a cybercrime group will ensnare it as part of its botnet.

The latest of these threats is named DreamBus.

Analyzed in a report published last week by security firm Zscaler, the company said this new threat is a variant of an older botnet named SystemdMiner, first seen in early 2019.

But current DreamBus versions have received several improvements compared to initial SystemdMiner sightings [1, 23].

Currently, the botnet targets enterprise-level apps that run on Linux systems. Targets include a wide collection of apps, such as PostgreSQL, Redis, Hadoop YARN, Apache Spark, HashiCorp Consul, SaltStack, and the SSH service.

Some of these apps are targeted with brute-force attacks against their default administrator usernames, others with malicious commands sent to exposed API endpoints, or via exploits for older vulnerabilities.

The idea is to give the DreamBus gang a foothold on a Linux server where they could later download and install an open-source app that mines the Monero (XMR) cryptocurrency to generate profits for the attackers.

Furthermore, each of the infected servers is also used as a bot in the DreamBus operation to launch further brute-force attacks against other possible targets.

Zscaler also said that DreamBus employed quite a few measures to prevent easy detection. One of them was that all systems infected with the malware communicated with the botnet’s command and control (C&C) server via the new DNS-over-HTTPS (DoH) protocol. DoH-capable malware is very rare, as it’s complex to set up.

Source…

Chrome gets patched again, but 83% of users aren’t running the latest version | 2020-11-20

/in


Chrome gets patched again, but 83% of users aren’t running the latest version | 2020-11-20 | Security Magazine




Source…

Two Romanians arrested for running three malware services

/in


cuberseal-ad.png

A part of the CyberSeal ads posted on a hacking forum


Image: ZDNet

Romanian police forces have arrested on Thursday two individuals suspected of running three online services meant to aid malware development and distribution.

The arrests are part of a joint operation that included the FBI, Europol, Australian, and Norwegian police.

Investigators said the two Romanian suspects are believed to be the creators of three services named CyberSeal, DataProtector, and CyberScan.

The first two are so-called “crypter” services. These types of tools allow malware developers to scramble their malware’s code to bypass and evade antivirus software.

The third service, called CyberScan, worked as a clone of Google’s VirusTotal service. It allowed malware authors to upload and scan their new malware releases and see if it would be detected by antivirus software.

The difference between CyberScan and VirusTotal was that CyberScan didn’t share scan results with antivirus vendors, allowing malware authors to test the detectability of their payloads without having to fear that a “detection alert” would be sent back to the antivirus company and trigger an investigation.

The two suspects had been active on the malware scene since at least 2014 when they first began advertising CyberSeal. The two other services were launched in 2015 (DataProtector) and 2019 (CyberScan).

All three were advertised on multiple hacking forums for prices ranging from $40 to $150.

dataprotector-ad.png

An ad for the DataProtector crypter service on a well-known hacking forum


Image: ZDNet

cyberscan-ad.png

An ad promoting the CyberScan service


Image:ZDNet

Europol said the three tools have often been used to crypt and test different types of malware, such as RATs (Remote Access Trojans), information stealers, and ransomware.

More than 1,560 malware authors used the two crypting services to scramble the code of more than…

Source…

Take-Two Opposes Trademark For An Entertainment Company Running An Axe-Throwing Facility

/in

When it comes to my writing about trademark and intellectual property issues, there is perhaps no more flummoxing company than Take-Two Interactive. Why? Well, because the company is simultaneously the victim of a ton of stupid disputes, and also a purveyor of stupid disputes. On the one hand, we’ve defended Take-Two when it has been the victim of spurious claims brought against it by The Pinkerton Agency, Lindsay Lohan, and a handful of tattoo artists over athlete depictions in video games. On the other hand, we’ve slapped back at Take-Two when it has taken down modding tools for its games that have been around for years and years, or when the company decides to file lawsuits over fan-projects. The point is that when it comes to the pain brought by overly protectionist IP activities, Take-Two is a company that should know better, but acts as though it doesn’t.

This can often times go to ridiculous lengths, such as when Take-Two opposes the trademark for Rockstar Axe Throwing, LLC, because “Rockstar.”

Applicant Rockstar Axe Throwing filed its application in Class 41 for “Entertainment in the nature of axe throwing competitions; Instruction in the nature of hatchet and axe throwing lessons; Providing sports facilities for hatchet and axe throwing. Take-Two Interactive is “a leading worldwide developer, marketer, and publisher of interactive entertainment, including software, video games, computer games, mobile games,” and other goods and services. Rockstar Games is a subsidiary of Take-Two.

That paragraph is really all you need to know. These companies aren’t in the same industries, aren’t competing for customers, and the existence of the defendant is wholly unlikely to result in any customer confusion. Axe throwing: need we say more?

But, just to cover all of the bases, Take-Two also complains in its opposition about the Rockstar Axe Throwing, LLC logo.

Take-Two has marks that comprise or contain “the term ROCKSTAR and/ or prominently featuring the letter ‘R’ combined with a star design, used alone or with other words or designs…

The logos for the two companies aren’t similar. Like, at all.


Argue those logos are similar if you want, but you’re wrong, you know you’re wrong, and you’re probably in need of psychiatric care. On top of their being dissimilar, there is that whole “Axe Throwing” text right in the logo. If that isn’t enough to ward off anyone who might wander into an axe-throwing facility thinking it was associated with Grand Theft Auto, I can’t imagine what would be.

This, again, is where it gets really frustrating. There is zero reason for Take-Two to have undertaken this opposition. Zero. And yet it did, despite being on the receiving end itself of other ridiculous attempts at IP maximilism. Why?

Techdirt.