'Mystique-like' malware killed off

Like the Beebone malware, X-Men's Mystique - played by Jennifer Lawrence - morphs to take on other identities

Shapeshifting malware that changes its identity up to 19 times a day to avoid detection has been deactivated by Europe's Cybercrime Centre and the FBI.

At its height in September 2014 the malware, called Beebone, was controlling 100,000 computers a day.

Criminals used it to help steal passwords and download other programs to the infected computers.

Around 12,000 victims are being asked to use new online clean-up tools to remove it.

'Mystique-like' morphing

Beebone downloaded other malware which could steal passwords and banking details

Once on a victim's computer, Beebone operates like a downloader application that can be controlled by the suspected criminal gangs behind the program.

It was used to force victims' PCs to fetch other malware from the internet including password stealers, ransomware, rootkits, and programs designed to take down legitimate websites.

Computer security firm Intel Security, which helped law enforcement agencies to stop the malware, said it had seen Beebone change its identity up to 19 times per day to avoid more traditional "signature detection" anti-virus methods.

Intel Security's chief technology officer Raj Samani told the BBC: "Beebone is highly sophisticated. It regularly changes its unique identifier, downloading a new version of itself, and can detect when it is being isolated, studied, or attacked.

"It can successfully block attempts to kill it."

Operation Beebone

Operation Beebone was carried out by the Joint Cybercrime Action Taskforce set up by the European Union to tackle cross-border internet crime. The team finally managed to tackle the malware by stopping it from connecting to servers on the net used to control and send it instructions.

Nearly 100 .com, .net, and .org domains have been "sinkholed" - the process by which traffic meant for specific IP addresses is redirected from suspected criminal-controlled sites to the investigating authorities. This allows detectives to "see" how the application behaves and to intercept requests for further instructions by the malicious software.

The FBI assisted in redirecting traffic from most of the sites being used by the gangs because they were operated from the United States and are under US jurisdiction.

The operation also involved private security firms Intel Security, Kaspersky Labs and Shadowserver. The taskforce now believes it has isolated the morphing malware so criminals can no longer make use of it.

Sustained threat

Head of operations at the European Cybercrime Centre, Paul Gillen told the BBC the agency would now look at whether those behind the attacks could be identified and brought to justice. He admitted the solution the taskforce had found was not a permanent one: "We can't sinkhole these domains forever. We need those infected to clean up their computers as soon as possible."

Several security vendors have created a free tool to remove the Beebone malware including F-Secure, TrendMicro, Symantec and Intel Security.

Symantec is one of several private security firms signed up to help EC3

But victims need to first realise they have the malware on their systems before they can download the removal tool.

Raj Samani said those who have the malware "will be notified by their internet service provider".

ISPs in each affected country will be handed a list of suspected victims to contact by the taskforce.

Dangerous threat

The Beebone malware was described by the Europol taskforce as "very sophisticated". Some security experts believe the consequences of the attack could have been much worse.

Portcullis Security in the UK advises various British government departments on cybersecurity issues. Its director, Paul Docherty, told the BBC:

"The fact that it [the malware] is complicated suggests that it could be used for more targeted attacks. If those responsible were able to harness similar difficult-to-detect code they could potentially move the point of attack from home users to corporate users or other entities which typically hold large amounts of sensitive, valuable data."

Mr Docherty said computer users should have anti-virus software installed and that it was essential that they kept it up-to-date. He warned against members of the public underestimating how valuable their computer might be to criminal hackers.

"There is still a general consensus that, It won't happen to me, I have nothing anyone could want. However, when you discuss with people what they actually use their technology for this changes very quickly."

Future challenge

The total number of computers infected by Beebone is relatively modest compared with some recent malware take-downs like GameOver Zeus. Security experts believe this is because the malware was not spread by mass emailing potential victims with poisoned internet links, an approach known as spearphishing. Intel Security said Beebone was more commonly spread through hardware like USB drives, or data discs.

Now remaining victims are being asked to clean up their computers as soon as possible.

Mr Samani said it is likely those who have Beebone on their computers "were likely to have a lot of other malware too because of the nature of Beebone as a malware downloader itself".

But there is another good reason why victims will want to move on quickly, says Mr Docherty: "Clean-up after infection could be complicated, as this [criminal] campaign has used a constantly changing (polymorphic) dropper to implant malware, it is possible that it has also installed code of a similar nature to re-enable access to the systems following clean-up."

23.22 | 0 komentar | Read More

France TV5Monde passwords seen on TV

David Delos was filmed with passwords and other sensitive information, blurred out by the BBC, behind him

Staff at France's TV5Monde have been filmed with passwords visible a day after the TV network suffered a huge cyber-attack.

Login details for social media accounts could be seen behind a journalist interviewed on France 2.

It comes after hackers claiming to represent jihadist group Islamic State (IS) took TV5Monde off air.

The Paris-based channel told the BBC the visible data was a one-off mistake and was not linked to the attack.

Its TV station, website and social media accounts were all hit on Wednesday night.

Prime Minister Manuel Valls condemned what he called an "unacceptable attack on freedom of information".

Several of the organisations social media accounts were hit

Journalist David Delos was speaking on camera of the "frustration" felt in the newsroom on Thursday when passwords for accounts on Twitter and Instagram could be seen on a dividing screen in the background.

Most were too blurry to be distinguished with the naked eye, but social media users claimed to have been able to decipher YouTube login details.

Footage broadcast on BFMTV also appeared to show a password written on yellow post-it notes and stuck on computer monitors.

A spokeswoman for TV5Monde said passwords were not normally left around in such a way, and the error made in the interview was an isolated case.

Prosecutors have opened an investigation into the cyber-attack, which French Interior Minister Bernard Cazeneuve said was likely to have been a "terrorist act".

A message posted by the hackers on TV5Monde's Facebook site read: "The CyberCaliphate continues its cyberjihad against the enemies of Islamic State."

They replaced TV5Monde's social media profile pictures with a masked Islamist fighter.

Mr Cazeneuve promised the government would do "everything to catch those who tried to attack the heart of the French Republic".

The head of TV5, Yves Bigot, said on Thursday it was not clear whether the hackers had targeted the channel specifically, or used it as a messenger.

"Obviously what they were doing is threatening the French government, the French military and the French policy in the Middle East."

France is part of the US-led coalition carrying out air strikes against IS in Iraq and Syria.

The channel has not commented on the latest apparent security breach.

TV5Monde regained control over most of its sites about two hours after the attack began on Wednesday and full services were restored by Thursday evening.

23.22 | 0 komentar | Read More

Real money trade starts in Warcraft

The game tokens can be paid for with real cash or bought with in-game gold

The introduction of a way to use real money to buy virtual cash for World of Warcraft has prompted a big change in the value of the game's gold.

The exchange rate for dollars fell by almost a third on the first day that Blizzard let people swap real cash for game gold.

At launch, players could spend $20 (£13) to get 30,000 gold coins to spend on gear in the fantasy game world.

But 24 hours later the same amount of cash netted players about 20,000.

Before now the only way that World of Warcraft players could artificially boost the fortunes of their characters was by visiting a grey-market site and surreptitiously buying gold from unlicensed vendors.

Fell sharply

The practice was fraught with peril because it was technically a violation of the WoW terms and conditions. Anyone caught buying gold this way could have their account closed down.

Late last year Blizzard announced plans to introduce a $20 "game time token" that could be converted into WoW's internal currency. Currently only North American players of WoW can buy the token.

The tokens can be traded on the game's internal auction house for gold - effectively giving people a way to turn real money into virtual cash. Those with lots of WoW gold can buy the token and use it to pay for their subscription to the online game.

The token trading system went live on 8 April and initially the exchange rate for each one climbed past the 30,000 starting point. But within hours the dollar exchange rates fell sharply and are now hovering around 22,000 for $20.

Some speculated that the dollar exchange rate would fall further to reach those seen on grey-market sources of WoW gold, which currently offer 10,000 to 15,000 coins for $20.

'Lot of fluctuation'

Before the launch Blizzard said the exchange rate for tokens would be set by internal game metrics.

Alec Meer, of the game news site Rock, Paper, Shotgun, told the BBC that there had been some initial "overreaction" to the drop in value of each token.

"It doesn't spell doom," he said. "Blizzard is trialling something new. They went in high to see what would happen, and there's going to be a whole lot of fluctuation as a game with a population of several million adapts to it.

"I'm sure the long-term plan is simply to bring more transactions within Blizzard's purview, and in doing so potentially reduce the influence of gold farmers and keep people playing for longer," he added.

23.22 | 0 komentar | Read More

Austria court ponders Facebook case

Max Schrems accused Facebook of mass surveillance of its users

A court in Austria will rule in the next few weeks whether it has the jurisdiction to hear a class action lawsuit brought against Facebook.

Some 25,000 users - led by Austrian law graduate Max Schrems - accuse Facebook of violating European privacy laws in the way it collects and forwards data.

The case has been brought against Facebook's European HQ in Dublin, which handles accounts outside US and Canada.

Facebook's lawyers have argued for the case to be dismissed.

They presented a list of procedural objections at a court hearing in Vienna on Thursday.

Mr Schrems - a campaigner for data protection - said he brought the claim to stop what he calls mass surveillance by the social networking site.

The legal action claims privacy laws are breached in the way Facebook monitors users when they activate the site's "like" buttons.

It also alleges Facebook co-operated with Prism, a surveillance system launched in 2007 by the US National Security Agency.

The case - which involves more than 900 UK-based users of Facebook - includes a compensation claim of about €500 ($539; £362) per person.

The court will issue a written decision in the next few weeks on whether it can handle the case, the BBC's Bethany Bell reports from Vienna.

23.22 | 0 komentar | Read More

LinkedIn buys learning firm for $1.5bn

LinkedIn has about 300 million members who use the site's business networking tools

LinkedIn has bought US online learning business Lynda for $1.5bn (£1.1bn), making it the professional networking site's biggest acquisition to date.

LinkedIn is trying to boost the business content it offers to its 300 million users.

Lynda, based in California, has made hundreds of videos that teach subscribers everything from coding to business skills.

Subscribers pay $375 per year to access the tutorials.

Although the company was founded nearly 20 years ago, it has expanded rapidly in the past two years, adding several languages to its video offerings and increasing outside investment.

"The mission of LinkedIn and the mission of lynda.com are highly aligned," said LinkedIn chief executive Jeff Weiner in a statement.

"Both companies seek to help professionals be better at what they do."

Shares in LinkedIn rose more than 1.5% on the New York Stock Exchange after news of the acquisition was released.

23.22 | 0 komentar | Read More

Jawbone to start UP3 deliveries

Jawbone's UP3 tracker had been delayed after the firm struggled to make the band waterproof

Jawbone has said that it will begin deliveries of its top-end UP3 fitness tracker from 20 April, four months later than originally promised.

The US firm added that the device would not be fully waterproof as first advertised, just "splash-proof".

Many people who had pre-ordered the wristband had complained on social media about the firm's failure to explain the delay fully until now.

The delay has lost the firm sales to rivals such as Fitbit and Misfit.

"When we announced UP3 late last year we were confident we would start mass production of the device and begin shipping within a few weeks of the announcement," the company said on its blog.

"However, as we began to scale our manufacturing process it became clear that, while most units passed our high quality bar, a proportion did not.

"Specifically, we were not achieving the level of water resistance we had passed in the design and initial production stages.

"We would like to apologise to customers who may have pre-ordered UP3 on the basis that it would be suitable for swimming. Customers who wish to cancel their pre-order will, of course, be able to do so with no charge."

'Perilous'

Until now, the only explanation the firm had given for the delay was in an interview chief executive Hosain Rahman gave Fortune magazine in January, in which he blamed a "sealing" problem.

The same article had noted that Jawbone's manufacturing partner Flextronics had recently sued it for breach of contract, describing the fitness firm's financial position as "perilous".

The case was ultimately settled out of court.

A subsequent report in February by the Financial Times suggested Jawbone's finances were "deteriorating" as it sought out new investors, causing some to question if the UP3 would ever be released.

But the firm has said the device is now in "mass production" and that it would start deliveries to customers who had pre-ordered on 20 April.

Customers should receive the bands no later than mid-May, Jawbone added.

The UP3 is now "splash-proof" rather than fully waterproof

Posts to the firm's own community forum and Facebook page, however, suggest that a significant number of users had already cancelled their bookings.

"I have lost all faith in Jawbone and their communications," wrote one.

This is not the first time that Jawbone has run into manufacturing difficulties.

In 2011, it pulled the original UP wristband from sale after the initial batch of bands stopped holding their charge.

Posts to its forums also suggest that many owners of its more recent UP24 bands have complained that the devices stop working after several months of use - something the firm has handled by offering replacements.

Bioimpedance

The UP3 attracted much interest when it was first announced in November because of its use of a technique called "bioimpedance" to track its owner's pulse.

This involves passing an imperceptible electrical current through the body to measure its resistance to the signal.

The process is already used by several specialist medical devices to measure heart rate, body fat, fluid levels and other body composition readings.

But Jawbone was the first to use it in a mass-market wristband.

Its biggest rival Fitbit tracks users' heart rates by shining LED lights into their arms to detect changes in blood volume beneath the skin.

This kind of technology can sometimes have problems obtaining accurate readings from users with darker pigmented skin, however.

Jawbone previously suggested that another advantage of bioimpedance was that it was less battery intensive.

23.22 | 0 komentar | Read More

Samsung S6 Edge supply shortage

The Samsung S6 Edge curved screen is more difficult to mass produce than flat screens

Samsung's new flagship mobile phones go on sale today but the company says it may struggle to meet demand for its S6 Edge model.

Although Samsung predicts greater interest in its more conventionally designed S6 model, it is worried about the time it takes to manufacturer components for the distinctive wrap-around touch screen on the S6 Edge.

Experts say it could lead to consumers having to order and then wait for the model, and delay any fall in its price.

Samsung faces strong competition from Apple at the high-end of the market while much cheaper smart phones made in China challenge its position at lower price points.

Mobile analyst, Thomas Husson at Forrester told the BBC: "They [Samsung] will have a serious issue if the shortage is due to the difficulty of producing the curved screen.

"Samsung must succeed in the launch of these new flagship phones to regain leadership in the high-end segment. They have a window of opportunity until the new iPhone comes out. The product and design is great - but [it] lacks service differentiation."

A Samsung UK spokesperson told the BBC the company was "working hard" to fulfil pre-orders and sales "as soon as possible".

23.22 | 0 komentar | Read More