Kernel hook bypassing engine (KHOBE) attack technique exploits a vulnerability within a component of the backbone of Windows XP, giving attackers the ability to shut down security software to boost the ability of the malware to remain undetectable. This new hacking technique could potentially bypass dozens of security protections.

The technique involves exploiting kernel driver hooks in Microsoft Windows XP. The attack intercepts and alters communication between components and the underlying antivirus applications, making them utterly useless.

The technique enables this code swap using a kernel hook to directly manipulate kernel data used for execution of software. A kernel hook is a way to get control over the execution of code on a Windows operating system. A kernel hook bypass inserts itself into the code-execution process to change the control over the code execution.

For detailed information click here.

Ref: http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1513306,00.html

Ref: http://searchsecurity.techtarget.com/tip/0,289483,sid14_gci1516600,00.html

A new Trojan attempting to extort money from BitTorrent users under the guise of a fictitious copyright ingement lawsuit has been found

It appears to be spreading via fake files offered up for download through BitTorrent.

Infected users received warnings every time they reboot their system. Malicious pop-up messages generated by the malware try to bully victims into agreeing to pay out for a "pre-trial settlement" of $400 in order to avoid possible prosecution over supposed copyright piracy violations.

Courtesy:http://www.f-secure.com/weblog/archives/00001931.html

Ref: http://www.theregister.co.uk/2010/04/12/copyright_violation_trojan_scam

Ref: http://www.f-secure.com/weblog/archives/00001931.html

Cyber Crime sleuths of the CID have cracked a ‘Nigerian fraud’ case and arrested a travel agent from Delhi who duped a priest to the tune of Rs 43.26 lakh.

The priest had received an email from one Ben Jean James (email ID: This e-mail address is being protected from spambots. You need JavaScript enabled to view it ), who claimed herself to be a Catholic widow suffering from cancer. In the mail, Ben Jean James said that her husband left $ 2.8 million which she intends to donate for the service of orphans and the less privileged.

The priest, who took interest in running the orphanage, was asked to send money to claim the entire amount. Once he deposited the amount in a bank account mentioned by the accused, they asked for some more amount. The process continued and the priest ended up depositing Rs 43,26,700 in bank accounts of ICICI, Axis, HDFC, City, Standard Chartered and State Bank of India in Delhi, Mumbai and Pune.

After a few months after realised that he was cheated the priest approached the local police. During the investigation, police found that the money was deposited in the accounts belonging to Mukesh Munjal and others.

A team from Cyber Crime cell went to Delhi and nabbed the prime accused Mukesh, who confessed that he had received about Rs 31 lakh through his two ICICI accounts and after collecting a certain percentage gave the amount to his Nigerian bosses, Morris Mohale alias David, Phillips, Kone Armed and Bean Jean James, among others.

Ref:http://timesofindia.indiatimes.com/city/hyderabad/Nigerian-fraud-case-cracked-1-held/articleshow/5425956.cms

Researchers found that configuration information like data on the type of browser, operating system, plugins, and even fonts installed can be compiled by web sites to create a unique portrait of most visitors. Even without cookies, popular browsers such as Internet Explorer and Firefox give Web sites enough information to get a unique picture of their visitors about 94 percent of the time.

This means that most of us are actually a lot less anonymous than we believe we are. The data doesn't actually identify the Web user, but it creates a unique browser "fingerprint," that can be used to identify the user when he visits other Web sites.

Using JavaScript, Web sites are able to probe PCs and learn a lot. No single piece of data is enough to identify the visitor on its own, but when information like browser version, language, operating system, time zone details,what combination of plugins and fonts are installed are strung together a clearer picture emerges.

Using the private mode offered by some browsers can do nothing to stop this analysis. Private browsing may give you a certain level of protection from those who have access to your computer but it hasn't got to the point where it can provided protection against the companies that are profiling Web user.

Ref: http://www.computerworld.com/s/article/9176904/EFF_Forget_cookies_your_browser_has_fingerprints?source=CTWNLE_nlt_dailyam_2010-05-18

In an email IBM advised visitors to its AusCERT booth that its complimentary USB key was infected with a virus.

The malware is known by a number of names and is contained in the setup.exe and autorun.ini files. It spreads when the infected USB device is inserted into a Microsoft Windows workstation or server whereby the setup.exe and autorun.ini files run automatically.

IBM said in a statement that a "small number of IBM-branded USB sticks distributed to delegates at the recent AusCERT2010 conference were found to contain malware".

To fix any damage that may be caused by using the USB key, IBM recommended:

1. Turn off System Restore [Start - Programs - Accessories - System tools - System Restore] Turning off System Restore will enable your anti-virus software to clean the virus from your current system and any restore points that may have become infected.
2. Update your anti-virus tool with the latest anti-virus definitions. [available from your anti-virus vendor of choice].
3. Perform a full system scan with your anti-virustool to confirm the existence of the infection.  If malware is detected allow your anti-virus software to complete a clean.
4. On completion of this process, complete a second scan using a different anti virus product. Free anti-virus products are available from companies such as AVG, Avira, Panda Software or Trend Micro.
5. Once a second scan has been performed and it is determined that your workstation is free of any known malware. As a precautionary measure IBM recommended that you perform a backup of all vital files on your workstation and perform a full reinstallation of the operating system. This removes the risk of other unknown or undetected malware that may be present on your machine.

Ref: http://www.securecomputing.net.au/News/175451,ibm-unleashes-virus-on-auscert-delegates.aspx