Creepy-looking Guy Doing Creepy Stuff With Creepy People In New Zealand

A computer repair man in New Zealand has been imprisoned for taking copied of pictures found on customers’ computers.  This is nothing new, of course.

However, this case differs in that the collection is a massive 120,000 images, which included “pictures of sexual behaviour with children, sexual violence and bestiality, along with stories about sexual violence.”

And, “they had been secretly shared with a group of like-minded people but not distributed internationally.”

This is the kicker, though: the guy “got more out of collecting and organising the images than any salacious effect.”

Oh.  Well, then.  That should make the victims feel so much better.

Malware Desginers Set Up Shop, Customer Call Center?!

Read this story to see the galls some malware designers have.

Apparently, some hackers and other vermin were making so much money–and receiving so many chargebacks on credit card charges–selling fake antivirus that they needed to “control” these charge backs.  Otherwise, no banks would do business with them.  How’d they go about it?

They set up a call center where the “customers” of fake antivirus would call up, and then these helpful call center employees would show them how to get the fake antivirus to work….usually by turning off the real antivirus software, like McAfee and Norton.

It’s a heck of an eye-opener.

US Secret Service Pays Informant Hacker $75,000/Year

According to a Wire.com article, the hacker that was arrested for breaking into and stealing TJX customer info, and doing the same for Heartland Payment Systems, was paid $75,000 a year for his services as an informant to the Secret Service.

It’s a significant amount of money to pay an informant but it’s not an outrageous amount to pay if the guy was working full time and delivering good results,” says former federal prosecutor Mark Rasch. “It’s probably the only thing he was doing — other than hacking into TJX and making millions of dollars.”

Yeah…that last detail is a little disconcerting.  Hm.  I would have been happy with the $75,000 a year.  And, after the gig ends, set up a consultancy and rack up the fees….

Virgin Mobile Australia Fined For Spamming

Virgin Mobile in Australia has been fined for spamming.  And what spamming!

The Australian Communications and Media Authority (ACMA) investigated alleged breaches of the Spam Act by the mobile phone company when it was made aware of an email being sent to customers who had opted out of receiving promotional material.

“To make sure you’re still certain about this choice, we just wanted to quickly show you some examples of recent offers that we’ve sent to customers”, the text of the message read.

In other words, we’re spamming you to see if you really don’t want to receive our spam.  Wow, what a concept.

This is not the first time Virgin Mobile in Australia has popped up in the news for some controversy.  There was that Flickr fiasco from a couple of years back (which Virgin won, if I’m not wrong).

Malicious Spam as an email from Amazon for Sony VAIO

SophosLabs has sent out an alert, letting people know that there is a lot of spam being generated as email from Amazon.  In the email,

The emails claim that the recipient has ordered a Sony VAIO A1133651A, and that documentation for tracking the delivery can be found in the file attached to the email.

Obviously, this is a play on people’s inherent curiosity: people click on the attachment, and a trojan gets installed on the soon-to-be-a-victim’s computer.  Always make sure your antivirus software is up to date.

Fired Employee Messes With Client Cars Remotely

Well, it was only a matter of time before it happened.  According to Wired.com, an ex-employee of Texas Auto Center remotely bricked cars sold by using “a web-based vehicle-immobilization system normally used to get the attention of consumers delinquent in their auto payment.”

This is the same kind of system that GM’s OnStar system uses (there are reports that the engines of stolen cars that use OnStar are sometimes turned off remotely if contacted by authorities).

The ex-employee apparently was able to do this by using someone else’s password for accessing the system, which goes to show why keeping passwords secret is vital to data—and systems—protection:

Ramos-Lopez’s account had been closed when he was terminated from Texas Auto Center in a workforce reduction last month, but he allegedly got in through another employee’s account, Garcia says. At first, the intruder targeted vehicles by searching on the names of specific customers. Then he discovered he could pull up a database of all 1,100 Auto Center customers whose cars were equipped with the device. He started going down the list in alphabetical order, vandalizing the records, disabling the cars and setting off the horns.

Whoops.

Drudge Report, TechCrunch Serves Malware-ific Ads

Visitors to the Drudge Report and TechCrunch (separate sites, if you didn’t know) were found distributing malware via site ads.  This was on Wednesday, March 10.

How does the attack work?  Well, the bad guys serve up legitimate ads for a trial period.  After everyone’s defenses are down, they switch the legitimate ads with malware-injected ones (ads running JavaScript).  With sites that obtain plenty of traffic, even the short run is more than enough to infect a good number of computers.

Here’s a story with more details.

GCHQ Lost 35 Laptops, Has No Idea What’s On Them

The UK’s spy agency, GCHQ (Government Communications Headquarters), has lost 35 laptops due to their “cavalier” attitude when it comes to such devices.  Due to haphazard ways of logging these machines–where they are, who has them, etc–the intelligence agency has no idea what’s on these machines.

It was determined, though, three of the missing laptops contained Top Secret material.

The losses date back to before 2005, and GCHQ said it now believes the resulting risk is low and it has no evidence that secret material was compromised. Seven out of 35 have since been recovered.

The losses are nevertheless likely to be viewed as very embarrassing at the intelligence agency’s Cheltenham HQ.

No word on whether disk encryption software like TrueCrypt was used.

ZuckerMeister A Felon?

Businessinsider.com is now carrying, I think, an opinion piece saying that the founder of Facebook could be a felon because he, Mark Zuckerberg, hacked into private e-mail accounts:

As we described last week, Mark used login data of early Facebook members to break in to the private email accounts of two Harvard Crimson editors. He also broke into the systems of competitor ConnectU and changed user profiles, also according to IMs.

Read all the brouhaha here.

Apache Server Flaw Allows Attacks

A serious bug in Apaches’ HTTP servers allows remote controlling, according to a security company, Sense of Security.

Apparently, the latest version of Apache is not affected, so people should upgrade to Apache 2.2.15.