Test Your Anti-Malware Solution

The wicar.org website was designed to test the correct operation your anti-virus / anti-malware software. The following table contains static HTML pages with known malicious content, based on the Metasploit Framework. The exploits contain a non-malicious payload which under Windows will execute ‘calc.exe’, the in-built calculator (if your browser is vulnerable). Your anti-malware software should prevent you accessing these pages… if not, there is something wrong with your anti-malware solution or the vulnerability trigger for a specific exploit is not specific enough for anti-malware to detect.

We have tested all the modules in our lab and confirmed them as working (executing calc.exe). Your mileage may vary however, depending on software version, configuration changes, service pack, operating system release and processor architecture.

Source:
http://malware.wicar.org/

Posted in Internet, Security, Windows | No Comments

Malware Based Credit Card Breach at Kmart

Sears Holding Co. late Friday said it recently discovered that point-of-sale registers at its Kmart stores were compromised by malicious software that stole customer credit and debit card information. The company says it has removed the malware from store registers and contained the breach, but that the investigation is ongoing.

“Yesterday our IT teams detected that our Kmart payment data systems had been breached,” said Chris Brathwaite, spokesman for Sears. “They immediately launched a full investigation working with a leading IT security firm. Our investigation so far indicates that the breach started in early September.”

According to those investigators, Brathwaite said, “our systems were infected with a form of malware that was currently undetectable by anti-malware systems. Our IT teams quickly removed that malware, however we do believe that debit and credit card numbers have been compromised.”

Brathwaite stressed that the data stolen included only “track 2″ data from customer credit and debit cards, and did not include customer names, email address, physical address, Social Security numbers, PINs or any other sensitive information.

However, he acknowledged that the information stolen would allow thieves to create counterfeit copies of the stolen cards. So far, he said, Sears has no indication that the cards are yet being fraudulently used.

Source:
http://krebsonsecurity.com/2014/10/malware-based-credit-card-breach-at-kmart/

Posted in Internet, Security, Windows | No Comments

Dairy Queen stores hit by ‘Backoff’ malware, payment card data stolen

Dairy Queen said Thursday the “Backoff” point-of-sale malware infected systems at 395 of its stores, stealing payment card data.

The company, which has 4,500 independently owned franchises in the U.S., said in a statement it believes the “malware has been contained.” Most of the stores, including one Orange Julius location, were affected for between three weeks to a month starting in early August, according to a list.

“We deeply regret any inconvenience this incident may cause,” wrote CEO and President John Gainor.

The company is the latest one to disclose a data breach due to malicious software. Home Depot and Target disclosed large data breaches that compromised card data. Other companies affected were Neiman Marcus, Michaels, P.F. Chang’s China Bistro and Sally Beauty.

Dairy Queen said its investigation showed that a third-party vendor’s account credentials were used to access the systems at the affected locations. The same style of attack method yielded access to Target’s systems. The vendor was not identified.

The stolen information comprised customer names, payment card numbers and card expiration dates. No customer information, such as Social Security numbers, PINs or email addresses were stolen, it said.

Source:
http://news.techworld.com/security/3580036/dairy-queen-stores-hit-by-backoff-malware-payment-card-data-stolen/

Posted in Internet, Security | No Comments

Cyber crime: First online murder will happen by end of year, warns US firm

Governments are ill-prepared to combat the looming threat of “online murder” as cyber criminals exploit internet technology to target victims, the European policing agency warned. In its most alarming assessment of the physical danger posed by online crime, Europol said it expected a rise in “injury and possible deaths” caused by computer attacks on critical safety equipment.

Police forensic techniques need to “adapt and grow” to address the dangers posed by the so-called “Internet of Everything” – a new era of technological interconnectedness in which everything from garage doors to hospital health systems will be linked and controlled through computer networks.

The concept is behind the likely development of smart homes, cars and even cities, but police warned that the failure to protect devices properly could see them open to being hacked by outsiders to make money or to attack opponents.

The Europol threat assessment published last week cited a report by US security firm IID that predicted the first murder via “hacked internet-connected device” by the end of 2014. There have been no proven cases of murder by tampering with devices but hackers have highlighted numerous flaws in computer security systems.

In a series of high-profile stunts, Barnaby Jack hacked into cash machines to make them spew money, and exploited a flaw in an insulin pump. He died last year just before he was about to demonstrate how pacemakers could be hacked.

Source:
http://www.independent.co.uk/life-style/gadgets-and-tech/news/first-online-murder-will-happen-by-end-of-year-warns-us-firm-9774955.html

Posted in Hardware, Internet, Security | No Comments

Windows 10 Preview Has A Keylogger to Watch Your Every Move

This week Microsoft announced the next version of its Operating system, dubbed Windows 10, providing Windows 10 Technical Preview release under its “Insider Program” in order to collect feedback from users and help shape the final version of the operating system, but something really went WRONG!

“Inside Microsoft’s Insider Program you’ll get all the latest Windows preview builds as soon as they’re available. In return, we want to know what you think. You’ll get an easy-to-use app to give us your feedback, which will help guide us along the way.” Microsoft website reads.

Well, how many of you actually read the “Terms of Service” and “Privacy Policy” documents before downloading the Preview release of Windows 10? I guess none of you, because most computer users have habit of ignoring that lengthy paragraphs and simply click “I Agree” and then “next“, which is not at all a good practise.

Do you really know what permissions you have granted to Microsoft by installing Free Windows 10 Technical Preview edition? Of Course, YOU DON’T. Well, guess what, you’ve all but signed away your soul !!

PERMISSION TO KEYLOG

If you are unaware of Microsoft’s privacy policy, so now you should pay attention to what the policy says. Microsoft is watching your every move on the latest Windows 10 Technical Preview, Thanks to portions of Microsoft’s privacy policy, which indicates that the technology giant is using keylogger to collect and use users’ data in a variety of astounding ways without the user being aware.

Source:
http://thehackernews.com/2014/10/download-Windows-10-keylogger.html

Posted in Internet, Privacy, Windows | No Comments