Rogue, malware-spewing Tor exit node tied to cyber espionage group

November 25th, 2014 | Edited by | software


A malware program distributed recently through a rogue server on the Tor anonymity network was also used in targeted attacks against European government agencies.
The malware has been dubbed OnionDuke by security researchers from antivirus firm F-Secure, who believe it is connected to MiniDuke, a cyberespionage threat of Russian origin that was used to attack NATO and European governments before its discovery in February 2013.
In October, Josh Pitts, a researcher with Leviathan Security Group, found a Tor exit node located in Russia that was wrapping malware with all executable files downloaded by users through the node. When browsing the Web anonymously through Tor, the traffic is passed through random relays inside the Tor network and then it goes back out on the Internet through one of the many so-called exit nodes run by volunteers around the world.
The rogue Russian exit node identified by Pitts was banned from the Tor network, but researchers from F-Secure analyzed the malware it distributed and found that upon installation, it was downloading additional malicious components from several command-and-control servers.


“We have, for instance, observed components dedicated to stealing login credentials from the victim machine and components dedicated to gathering further information on the compromised system like the presence of antivirus software or a firewall,” the F-Secure researchers said in a blog post Friday.
One of the command-and-control domain names used by the malware was registered in 2011 by someone who used the alias John Kasai. At about the same time, the John Kasai name was used to register a number of other domains, including two used by MiniDuke.
“This strongly suggests that although OnionDuke and MiniDuke are two separate families of malware, the actors behind them are connected through the use of shared infrastructure,” the F-Secure researchers said.
“Based on compilation timestamps and discovery dates of samples we have observed, we believe the OnionDuke operators have been infecting downloaded executables at least since the end of October 2013,” the researchers said. Since at least February 2014, OnionDuke has also been distributed through infected executables in pirated software downloaded over BitTorrent.
The F-Secure researchers found what they describe as “strong evidence” that OnionDuke has also been used in targeted attacks against European government agencies, like MiniDuke, but they haven’t identified the exact attack vectors used in those campaigns yet.
“On one hand is the ‘shooting a fly with a cannon’ mass-infection strategy through modified binaries and, on the other, the more surgical targeting traditionally associated with APT [advanced persistent threat] operations,” they said.


8 Best Free Tools for Internet Security

November 2nd, 2013 | Edited by | software


If you’re one of those Internet users helping to make “password” the most popular online password for the umpteenth year in a row, you desperately need some help with your Internet security.
Online security threats get more sophisticated every year and now, more than ever, it’s important to keep your protection tools up-to-date. Luckily for you, web users are often frugal, and you can use and download a multitude of great security tools free of charge.
We’ve compiled the eight best free security tools available. You can use this list in conjunction with the link above, detailing the best free antivirus options to secure your computer and data from harm.


1. Hotspot Shield
Hotspot Shield is an excellent tool if you frequently use shared Wi-Fi. It secures your IP address, protecting your browsing from the eyes of any sneaky hackers at airports, hotels or coffee shops.

2. HTTPS Everywhere
Use the HTTPS Everywhere browser extension with either Chrome or Firefox to secure your data and online communication. HTTPS protects against eavesdropping attacks during downloads and account creation.

3. LastPass
If you’re following our trusty guide to creating secure passwords, you’re likely overwhelmed with various strings of letters, numbers and symbols. Even the most secure passwords still have to be remembered from time to time. That’s where LastPass comes in. It works by saving all of your passwords into an encrypted database and autofilling your login info when you first enter a site.
You can even use LastPass to generate secure passwords, eliminating the pesky temptation of using the exact same code for every website.

4. LongURL
If you’re using Twitter, you’ve seen shortened links. While useful for clearing web clutter, short links also come with the possibility of leading you to a risky, dangerous site. Use the web tool “LongURL” to revert your shortened links back to their original forms.

5. NoScript
This helpful Firefox add-on prevents plugins like JavaScript and Flash from running on sites you haven’t “whitelisted,” saving you from potential attacks.

6. Trusteer Rapport
Trusteer Rapport is an award-winning anti-malware and encryption tool that will block any third parties from stealing your information and keep you from entering your data in a fraudulent site masquerading as your bank.

7. VirusTotal
Run any mysterious files or URLs through this web tool (a Google subsidiary), which will then check them for viruses, worms, trojans and other types of malware.

8. Two-Step Verification
Multi-factor password verification is a necessary tool for web users with many accounts. The voluntary free service is offered by sites such as Google, Facebook and Twitter, and works by requiring you to “authorize” a new device from accessing your accounts by entering a code sent to your phone.