Tools Manipulating RAM to Mislead Cyber crime Investigators

ADD, attention deficit disorder, a tool changes the structure of the Windows physical memory and thereby, disturbs the memory functioning of the system and changing the pattern of the memory consolidation within the system. What it does is, make fake files, fake network connections, bad server dumps and ultimately, making a false background of the memory track. With this increasing amount of false server lists along with a great number of fake network connections are allowing cyber manipulators to work without much threat and do their job at a swift pace.

What cyber crime analysts and investigators do? 

There is always a memory dump in any computer system that has been running. Whatever occurs in the process, while the computer is running, every memory goes into the memory dump and that can be identified and objected at any point of time. This memory dump allows you to understand the pattern of surfing along with the network and server connections that have been subjected by the user. Every list of used objects gets located in the memory dump and the analysts using their analytics tools capture this dump and go through it to find any range of crime or misconduct and thereby, work in a way to prevent cyber crimes in a particular location or network. Cybercrime analysts have had a huge amount of job in the present time with an increasing amount of cyber frauds. An analyst looks for:-

• Proof of private sessions
• Passwords history
• Browsing networks
• Malwares and encrypted codes that form a part of the memory but not the disk.

The new tool creating hazard for the cyber crime investigators:- 

With the advent of internet, there is an increase in the amount of frauds and large network scams in the area of cyber use for thefts, frauds, cheating and other miscellaneous activities. ADD has come up with a facility that allows the user to dislocate itself from the normal network browsing history and relocated at a different location and finally disrupting the RAM. With a change in the memory location, it becomes utterly difficult for the cyber analysts to find the exact IP address and browsing history.

 A bigger problem exists with the fact that the attacker may insert such attacking and fake files into the network that allows another cyber crime group to attack at another networking sites and creating a greater number of malwares that will affect the RAM and disrupt the whole memory dumping process.

The cyber crime network is getting stronger with every passing minute and is using such artifacts that are very tough to validate and analyse. Even if the hacked system gets into the hands of the analyst, the ADD tool that has created the hazard will send the analyst on a journey that is far from the actual event and therefore, will add more to the confusion and hacking the malwares would not be possible.

The anti- cyber crime and cyber theft intercom are also trying to increase their resources and technologies that will allow them to build a stronger cyber rule and disallow the cyber attacker to attack the RAM and disturb the memory use.

Nexus X – The First Android L Smartphone

The Nexus X (instead of Nexus 6) is highly anticipated smartphone for 2014, which is rumored to be launched by Google sometime this year – most probably being Halloween. As with last year’s pitch, Google might launch is without a separate announcement and sell it through its play store unlocked across the world. This would be the first smartphone to launch with Android L – the next major version of android with a facelift in form of a more modern design and pastel color palette.

The Expected Specifications

Internally, the Smartphone goes by the codename “Shamu” and its latest appearance was on AnTuTu benchmarks whose screenshots were leaked by TKtechnews and it referred to the phone as “Nexus X” – thus a departure from the usual numbering system. The leaked images confirm a 2.7 GHz quad core Qualcomm Snapdragon 805 processor, 3 GB of RAM, Adreno 420 GPU – the fastest mobile GPU in market, a 13 MP camera with OIS and flash, and a 2.1 MP front facing camera. The images also confirm a 1440×2560 4K resolution with either 5.2’’ or 5.9’’ LCD IPS screen along with 32 GB and 64 GB non-expandable memory.

Android L in Tow

Nexus X will launch with Android L out-of-box – maintaining the tradition of Nexus line. Google has brought some major changes to the Android OS with a complete facelift. Google dubs it as the “Material Design” philosophy, which emphasizes light backgrounds, accented edges and shadows to give a feeling of depth without fancy 3D animations. The subtle animations present are intuitive and help to improve UX. The button overlays similarly are floating in nature with distinct colors and shadows. Further, notifications are improved with the most important ones grabbing your attention only with an improved lock screen.

Pricing and Availability

The Smartphone is being made by Motorola this time – which was recently acquired by Lenovo from Google. The most expected date of release would be October this year during Halloween. A recent screenshot from French retailer “Fnac” shows the Nexus X 64 GB Black version being available at €449 unlocked though the credibility of the leaks is in question. Fnac’s databases are not the safest and the leak could have been manufactured by hackers so take it with a pinch of salt. Earlier it was said the Nexus X would be priced at $ 499.99 by Best Buy for a 2-year contract on Sprint in the US. Though the impending launch of Apple’s next iPhone might make Google launch it on all carriers at once. It will be available internationally unlocked via Google’s Play Store.

Verdict

With iPhone 6 coming in Q3, Google is gearing up to launch its own Nexus X with the latest Android L in tow (which might go by the name “Lemon Meringue” once launched) and the top of the line hardware at competitive prices. Availability, performance and pricing will determine how the device performs. Further people are eager to get their hands on Android L, first demoed in Google I/O, which should definitely help the Smartphone.

25000 Co-opted Linux Servers Drop Malware, Spread Spam and Steal Credentials

Recently a new report has been released by the security company ESET, Operation Windigo – The vivisection of a large Linux server-side credential stealing malware campaign. This research report was a joint effort by ESET, CERT-Bund, SNIC and CERN.

Over past some years, ESET has recorded around 25,000 malware-infectedservers, which have been significant in various functions like:

• Spam Operations (averaging 35 million spam messages each and every day )
• Infecting site visitor’s computer via drive-by exploits.
• Redirecting the visitors to malicious websites.

The report says about two well-known organisations becoming the victims of Windigo. This ongoing operation was started in 2011, and has affected some high profile servers and companies like cPanel and Linux Foundation’s Kernel.org.

Easier with Single Factor Logins: 

There was a common thread that the Linux servers consisted of, and all were infected with Linux/Ebury. The Linux/Ebury is a malware that provides a root backdoor shell along with an ability to steal SSH credentials. The report also mentioned that there are no vulnerabilities on the Linux servers, which could be exploited, but only stolen credentials were leveraged. Thus in a sense helps explain the compromise made, as Linux servers are, for the most part, bulletproof.

Getting access to the credentials etc: 

The question arose in the minds of the Linux users was that, how the attackers got access the credentials, login and ultimately installing the malware.

A helping hand is offered by Pierre Marc Bureau,a security intelligence bureau named after the program manager of ESET Pierre Marc. They provided the Linux users with the answers that says that it takes to compromise one server in a network, whichmakes it easier there forth. Once the root is obtained by the attackers, they install Linux/Ebury on the compromised server and start to harvest the SSH-login credentials. Along with the additional login credentials, the attackers explore to see what the other servers can be compromised in that particular network.

Additional Malware: 

As mentioned above in this article, the infected servers are part of spam campaigns, they redirect the visitors to the malicious websites, or in case of vulnerable computers, it downloads malwares to the victim’s computer. In order to successfully accomplish this, the attackers install some additional malwares on the servers consisting of:

• Linux/Cdorked: it provides a backdoor shell and are able to distribute Windows malware to end users via drive-by downloads.
• Linux/Onimiki: it resolves the domain names with a particular pattern to any IP address, without any need to change further any server-side configuration.
• Perl/Calfbot: it is a lightweight spam bot written in Perl.

Victims: 

The Windigo Report further adds that there are two types of victims, the Linux/Unix server operators and End-users who receive spam and or visit a website on a compromised server. In that respect, ESET has confirmed that the compromised servers try to download the following Windows Malware:

• Win32/Boaxxe.G: A click fraud malware.
• Win32/Glubtela.M: A general proxy that targets Windows computers.

Facebook Rolls Out Bandwidth Targeting

Facebook has launched "bandwidth targeting” as an advertising campaign. Most of the Facebook users use their mobile devices to access Facebook. This ad tech has been created to advertise the products and reach people in accordance with the type of connection and data plan they have. Facebook has more than 1.32 billion users all around the globe.

Facebook offers advertising campaigns to promote some organizations. But a couple of days back they updated their system and launched the new ad tech strategy. This new ad tech helps the organizations to provide the people the advertisements they would like to know about. This ad tech simplifies matters and sends the advertisements based on the type of mobile device and the operating system they employ.

How does this launch work? 

This ad tech provides the opportunity to the advertisers to publicize the advertisements according to the user's connection of network, data plan and speed. The advertisements are based on whether the user, uses a 2G, 3G, 4G or a more powerful connection. In this way, the mundane advertisements can be avoided. Only those advertising campaigns will be sent which are compatible with the mobile device's data plan and speed.

For instance, there is no utility of sending a video to those employing 2G connection, for there is no utility if they are unable to load the video or even if they buffer for several minutes. So for those with 2G connection, it would be best to send them an image with the link. While videos can be used for campaigning and be sent to those using 3G or higher connections. People look forward to and expect a fast service from their mobile data.

This method of targeting mobile network is very beneficial as they aid the advertisers to provide the right kind of experience, even within restricted and limited device data expenses and bandwidth. The Ad Create tool, the API and the Power Editor are some parts of Facebook, which are helping to promote this new ad tech.

The Utility of the Facebook Advertising Campaign

Statistics revealed, that in June, 2014, around 30 million small and medium scale businesses employed the use of Facebook to promote their organization. In order to connect with their customers they have their pages on Facebook to stretch their customer circle wider and reach out to more people. This ad tech will definitely be able to provide with more localized campaigns.

Impact of this launch on India

There are approximately around nine lakh small and medium businesses (SMB), who uses Facebook as a promotional platform. India is the second largest user base on the basis of marketing. India is one of the emerging countries, where most of the Facebook users are under restricted and limited data connection and feature mobile devices.

Thus, advertising can be done accordingly. This can reach the people according to the device the person uses, whether it is a Smartphone or feature phones or tablets. Some companies have already started to test the result of this new strategy like Vodafone in India and they are pleased with the result.

Google to add manual controls and steering wheel in driverless car

So looks like even the software giant have to bend to certain rules. They are being forced to add manual controls which includes steering and pedals, the before starting the test run on the road. This rule has been slapped to avoid any road mishap in case their software failure in the vehicle. However good this car may be but it lacks manual human controls. California's Department of Motor Vehicles doesn’t look to be too impressed with the idea of a car which has only start and stop button operable by humans. The road testing has been banned for this car of Google unless these rules get implemented.

What was the concept behind this car? 

The main idea behind developing this car was to put an person at ease as they don’t have to do anything apart from pressing the start button. But the California DMV states that the driver also should be able to drive the car.

The lead software engineer, Dmitri Dolgov stated that the technology was not 100% and it was deviating by crossing the permitted speed limit. He also stated that the car was able to go nearly 10mph more than the permissible limit for road safety. The rationale given to support this deviation was that it will ensure that car is able to keep up with the traffic and avoid in road obstruction.

Even after the justification, DMV rule has been made mandatory and Google will be to perform the necessary modifications before the car hits highways and public roads. This rule for Google will come into picture from September 16th, 2014. Any car after this date not having the modification will be deemed illegal. Google initially came up with a design which could be added to an existing car to achieve autonomous driving, however during the early part of 2014, they came up with this innovative idea and technology of driverless car.

What to expect now? 

Google is currently working on 100 prototypes of this autonomous car and developing a speed limit of 25mph. Temporary controls also expected to be added to these prototypes. This car is supposed to be tested in private roads with member of common public and later on it will tested on public roads (probably in next 2 years).

Even though Google has been literally forced to add manual steering wheel and pedal, but the giant doesn’t seem to be intimidated by the passed rule. One of the representatives of the company stated that even though manual controls will be added to the car, the users will be able to enjoy the self driving feature and even control it.

Google is still hoping that in the next two years, before the launch of the car, the authorities might show leniency in the rule. Once of concerns area could be the speed driving tickets and who is liable to pay the ticket and insurance issues that will need clearance. We have to wait and see the car in mainstream.