Outernet - Free Global Wi-Fi Service from Outer Space

If you are reading this THN Article, then you are the one of those lucky guys who has access to the Internet, but everyone is not as lucky as you. On this planet, about 40% of the population is still not having an access to the Internet services.

So, there is good news for all those who are still deprived of Internet services - Free Global WiFi Internet Access called 'Project Outernet'.

A Non-profit organization 'Media Development Investment Fund (MIDF)' based in New York has taken this initiative, regardless of the geographical location, the Outernet will broadcast free, bypassing filtering or other means of censorship and universal Internet all over the globe from high in orbit.

A few hundred of  Low-cost mini satellites (cubesats) will be sent into the space to create a constellation in the low earth orbit. To widen the range of service area, these Cubesats will utilize universally accepted standard protocols like DVB, Digital Radio Mondiale and User Datagram Protocol (UDP) WiFi Multitasking.

Outernet is nothing but a modern version of shortwave radio, it will receive data from the Ground Stations and will transmit the received data in a continuous loop until it will receive new data.

“Broadcasting data allow citizens to reduce their reliance on costly internet data plans in places where monthly fees are too expensive for average citizens. And offering continuously updated web content from the space bypasses censorship of the Internet.” Outernet says on their website.

Outernet will broadcast Global news, applications, information, educational courseware, and emergency communication services. Technical assessment of the project has been started in last December and a prototype will be tested nearly in June this year.

"By leveraging datacasting technology over a low-cost satellite constellation, Outernet is able to bypass censorship, ensure privacy, and offer a universally-accessible information service at no cost to global citizens."

MDIF is planning to enhance the ability of the service by enabling the data transmission from anywhere, depending on the availability of funds required for this feature. MDIF's director of innovation said it would take only three years and $12 billion to get the project up and running.

Google has been working on a similar project called “Project Loon - Balloon-Powered Internet for Everyone” for quite some time. 

This technology seems very innovative and useful for the enhancement of the civilization of Humanity in remote areas as well, but it has its own limitation.

After such services get fully functional, all of us might face Security and Privacy Threats by relying on the technology by U.S Based Companies where the NSA wants to control and intercept everything. Till now NSA could target only 60% population with Internet access, but this may potentially allow them to target 100% audience with regular and Free Internet access.

In this era of Edward Snowden, we need to think about its other side too. What do you think about Outernet? Add your Comments.

Boeing launches Ultra-Secure 'Black' Smartphone that has Self-Destruct Feature

Looking for a Secure Smartphone? World's biggest Aerospace company - Boeing is finally close to the launch of its high-security Android Smartphone, called "Boeing Black (H8V-BLK1)", primarily designed for secure communication between Governmental agencies and their contractors.

Encrypted email, Secure Instant Messaging and Other privacy services and tools are booming in the wake of the National Security Agency’s recently revealed surveillance programs.

Encryption isn’t meant to keep hackers out, but when it’s designed and implemented correctly, it alters the way messages look. Boeing is the company which is already providing secure communications for US Government officials, including the president.

Don't mess with it, It can  Self-Destruct: Boeing Black Smartphone can Self-Destruct if it is tampered with, destroying all the data on it. The device is delivered in complete sealed form, any attempt to open the seal of the device will destruct the operating system and functionality of the device.

“Any attempt to break open the casing of the device would trigger functions that would delete the data and software contained within the device and make the device inoperable,” says the paperwork.

Well, another important fact to be noticed, Boeing Black (H8V-BLK1) won't be available to average consumers, it is designed for Governmental agencies, Defense and Homeland security only.

Ultra-Secure Mobile Operating System: Boeing's modified Android operating system has a specific software security policy configuration, so users can configure the device for maximum mission productivity and security.

"Boeing Black’s security is powered by the Boeing PureSecure architecture, which was designed from the outset for the mobile environment. Our architectural foundation is built upon layers of trust from embedded hardware, operating system policy controls, and compatibility with leading mobile device management systems. The device’s hardware roots of trust and trusted boot ensure the device starts in a trusted state, enabling the maximum security of data. Hardware media encryption and configurable inhibit controls are embedded to protect the device, its data, and the transmission of information, significantly reducing the risk of mission compromise due to data loss." according to the paperwork they filed with the Federal Communication Commission (FCC).

Boeing Black supports dual MicroSIM with GSM, WCDMA, and LTE on a wide range of bands to facilitate global use and operates on the modified version of Android Operating, that keeps all details as secure as possible.

Security and Confidentiality of the information of any person related to the National Security must be on the high priority, but problem arises when the NSA like agencies starts capturing the Data flowing on the backbone of the communication channel and Bribes Software companies to weaken the encryption, and that compels a user to think twice before opting the new inventions and products.

At the Mobile World Congress in Barcelona, Washington-based software firm Silent Circle and Madrid-based Geeksphone teamed up to launch the Blackphone, highly secure device that doesn't run on any traditional telecom carriers or operating systems.

We have reported earlier, there is another interesting Self-destructing Chips project, that has been handed over to IBM by the Defense Advance Research Projects Agency (DARPA).

360 Million Stolen Credential FOR SALE on Underground Black Market

Your Financial Credentials are on SALE on the Underground Black Market without your Knowledge… sounds like a nightmare, but it’s TRUE.

Cyber security firm, Hold Security, said it has traced over 360 million stolen account credentials that are available for Sale on Hacker's black market websites over past three weeks. The credentials include usernames, email addresses, and passwords that are in unencrypted in most cases, according to the report released on Tuesday.

It is not known till now from where these credentials exactly were stolen, but the security researchers estimated that these credentials are a result of multiple breaches. Since the banking credentials are one of the most ‘valuable bounties’ for the cyber criminals, and the ways to steal these credentials can be directly from the companies and from the services in which users entrust data as well.

According to Hold Security, in addition to the sale of 360 million credentials, the cyber criminals are selling about 1.25 billion email addresses, which would be of an interest to the spammers.

Alex Holden, chief information security officer at Hold Security, told Reuters, “E-mail addresses in the credentials are from all major services, including Gmail and Yahoo, and almost all Fortune 500 companies and nonprofit organizations,” and that his company is working to discover where the credentials came from and what they can access.

The sale of this tremendous number of users’ credentials in the underground market can risk consumers and companies, because these wide ranges of compromised users’ credentials could access anything from online bank accounts to corporate networks.

"The sheer volume is overwhelming," Holden told Reuters, adding, “He believes the 360 million records were obtained in separate attacks, including one that yielded some 105 million records, which would make it the largest single credential breaches known to date.”

Hold security is the one, which uncovered the ever big Adobe breach in October 2013, in which 153 million users' credentials, including user names and passwords were stolen from Adobe system, and a month later identified another large breach of 42 million plain-text password credentials from a niche dating service Cupid Media.

There is no way out to secure yourself from these types of attacks because cyber criminals are trying to heist your money every second of time and by using the same password for multiple accounts, you yourself give them an open invitation.

You can reduce the risk of these attacks by choosing different passwords for different accounts, as the risks are more for the users who choose the same password for multiple services they adopt, because once an attacker has your single account’s email address and password, he can use those credentials to compromise your every other sites account that uses the same username and password.

Only the best practical way to do that is with a password manager. If you aren't using a password manager, you need to start now, like LastPass, KeePass, RoboForm Desktop 7, PasswordBox, and Dashlane 2.0.

Stay Safe! Stay Secure! Stay Tuned!

Tilon/SpyEye2 Banking Trojan Usage Declining after SpyEye Author Arrest

Today, when we come across various malware, exploit kits and botnets that are in the wild, we think about an effective Antivirus solution or a Security Patch, but the most effective solution is always "The arrest of malware authors and culprits who are involved in the development of Malware."

Tilon has been an active malware family that was spotted first time in 2012, was specially designed to filch money from online bank accounts, that earlier various researchers found to be the new version ofSilon, is none other than the SpyEye2 banking Trojan, according to researchers at security firm Delft Fox-IT.

Tilon a.k.a SpyEye2 is the sophisticated version of SpyEye Trojan. Majority functional part of the malware is same as of the SpyEye banking Trojan that was developed by a 24-year-old Russian hacker 'Aleksandr Andreevich Panin' or also known as Gribodemon, who was arrested in July 2013.

‘SpyEye’, infected more than 1.4 million Computers worldwide since 2009, designed to steal people’s identities and financial information, including online banking credentials, credit card information, user names, passwords and PINs. It secretly infects the victim’s computer and gives the remote control to the cybercriminals who remotely access the infected computer through command and control servers and steal victims’ personal and financial information through a variety of techniques, including web injects, keystroke loggers, and credit card grabbers without authorization.

Researchers have confirmed that, the team who had developed the SpyEye is the same who createdTilon, and that is why it was labeled as SpyEye2.

“The team behind its creation was similar, however, reinforced with at least one better skilled programmer,” said the researchers, adding, “The management of SpyEye2 is done through a single, unified interface, which has been completely redesigned but still contains a few of the unique features of the original SpyEye.”

An interesting part of SpyEye2, which the researchers found ‘slightly funny’, is that the malware check for the removal of the older version of SpyEye installed in the infected system and replace it with the new version, i.e. SpyEye2 with better stability features.

“No other malware families are checked for removal. Early versions of the original SpyEye were likewise equipped with a feature to remove older versions of ZeuS installed on the infected system,” researchers say.

According to the researchers, “only the Loader portion of Tilon is sourced from Silon, but this is where the similarity ends. As shown above and further illustrated in the Appendices, the body (i.e., functional portion) of Tilon was actually based on SpyEye.”

Also, another reason to consider Tilon as SpyEye's variant is its success, which was in the wild from 2012 to 2014, and suddenly seems to be over as the SpyEye author arrested last year.

Fox-IT researchers say, “the arrests, like Gribodemon and other key figures in the underground economy, such as Paunch, the author of the popular Blackhole Exploit Kit, is the key to decreasing the worldwide activity around online crime.”

It doesn’t mean that the malware won’t circulate its fraudulent activity in the future, but will finally come to an end after nearly a year of declining usage.

Chip beams 3D view from inside the heart

Top: A single-chip catheter-based device that would provide real-time, three-dimensional imaging from inside the heart and blood vessels is shown on the tip of a finger; Above: Researchers (left-to-right) are Coskun Tekes, Toby Xu and F Levent Degertekin.

Researchers have created a device that can provide real-time 3D images from within the heart and blood vessels, potentially allowing surgeons to clean arteries without major surgery.

The engineers have developed the technology for a catheterbased device that would provide forward-looking, realtime, three-dimensional imaging from inside the heart, coronary arteries and peripheral blood vessels. With its volumetric imaging, the new device could better guide surgeons working in the heart, and potentially allow more of patients' clogged arteries to be cleared without major surgery. 

The device integrates ultrasound transducers with processing electronics on a single 1.4 millimeter silicon chip. On-chip processing of signals allows data from more than a hundred elements on the device to be transmitted using just 13 tiny cables, permitting it to easily travel through circuitous blood vessels. The forward-looking images produced by the device would provide significantly more information than existing cross-sectional ultrasound. 

Researchers have developed and tested a prototype able to provide image data at 60 frames per second, and plan next to conduct animal studies that could lead to commercialisation. 

"Our device will allow doctors to see the whole volume that is in front of them within a blood vessel," said F Levent Degertekin, a professor at the Georgia Institute of Technology. "This will give cardiologists the equivalent of a flashlight so they can see blockages ahead of them in occluded arteries. It has the potential for reducing the amount of surgery that must be done to clear these vessels." 

The research appears in the journal IEEE Transactions on Ultrasonics, Ferroelectrics and Frequency Control. 

"If you're a doctor, you want to see what is going on inside the arteries and inside the heart, but most of the devices being used for this today provide only cross-sectional images," Degertekin explained. "If you have an artery that is totally blocked, for example, you need a system that tells you what's in front of you. You need to see the front, back and sidewalls altogether. That kind of data is basically not available at this time." 

The single chip device combines capacitive micromachined ultrasonic transducer (CMUT) arrays with frontend CMOS electronics technology to provide three-dimensional intravascular ultrasound (IVUS) and intracardiac echography (ICE) images. The dualring array includes 56 ultrasound transmit elements and 48 receive elements. When assembled, the donut-shaped array is just 1.5 millimeters in diameter, with a 430-micron center hole to accommodate a guide wire. 

Power-saving circuitry in the array shuts down sensors when they are not needed, allowing the device to operate with just 20 milliwatts of power, reducing the amount of heat generated inside the body. The ultrasound transducers operate at a frequency of 20 MHz. 

Imaging devices operating within blood vessels can provide higher resolution images than devices used from outside the body because they can operate at higher frequencies. But operating inside blood vessels requires devices that are small and flexible enough to travel through the circulatory system. They must also be able to operate in blood. 

Doing that requires a large number of elements to transmit and receive the ultrasound information. Transmitting data from these elements to external processing equipment could require many cable connections, potentially limiting the device's ability to be threaded inside the body. Degertekin and his team addressed that challenge by miniaturising the elements and carrying out some of the processing on the probe itself, allowing them to obtain what they believe are clinically-useful images with only 13 cables. 

"You want the most compact and flexible catheter possible," Degertekin explained. "We could not do that without integrating the electronics and the imaging array on the same chip." 

Based on their prototype, the researchers expect to conduct animal trials to demonstrate the device's potential applications. For the future, Degertekin hopes to develop a version of the device that could guide interventions in the heart under MRI. Other plans include further reducing the size of the device to place it on a 400-micron diameter guide wire.

Guide: Value for money

RELATED

Are you in the market for a new phone, camera, tablet or convertible laptop? These gadgets strike the right balance between price and performance...



CONVERTIBLE Asus Transformer Book T100 

Rs. 34,990 

It took a long time coming, but the Asus Transformer Book T100 is the first tabletnotebook hybrid Windows PC to give you good performance without breaking the bank. The touchscreen is good to use from different viewing angles and registers input well. At this price, the battery life is impressive too, lasting for over 6 hours when connected to the dock and 3 hours in pure tablet mode. And we love that it uses a standard microUSB connector to charge. 

Of course, it all comes down to performance. Granted, this is not a great machine - you can't use it for professional tasks like image editing or playing video games like Crysis 3. But for regular usage, i.e. Microsoft Office, Internet browsing, some light games, it gets the job done. And it's especially good since you can detach the keyboard and read in bed or play Angry Birds. 

However, the all-plastic build feels cheap and one of the buttons gave away. Plus, the 32GB of internal memory is severely limiting, especially since Windows 8.1 eats up half of it. 

Specs: 10.1-inch IPS touchscreen (1366x768 pixels) | 1.33GHz quad-core Intel Atom BayTrail | 2GB DDR3 RAM | 32GB internal memory, microSD card up to 64GB | USB 3.0, HDMI ports | Wi-Fi b/g/n, Bluetooth 4.0 | 1.2-megapixel front camera | Windows 8.1



TABLET Asus Google Nexus 7 (2012 Edition) 

Rs. 11,500 (32GB, WI-FI) 

The 2013 edition of the Google Nexus 7 and the new iPad Mini are both fantastic tablets, but they are not worth twice the price of the original Google Nexus 7. It gets the basics right: a vibrant display with Gorilla Glass protection, a strong processor that handles most games well, and the option to upgrade to the latest version of Android. The Wi-Fi model even manages decent battery life. We suggest going in for the 32GB version since there's no expandable memory card slot in this one. And the 16GB isn't easily available either. 

The Nexus 7 does come with only a front-facing camera though, so it's only for video calls, not for photography. And be aware, Android does not have as many made-for-tablet quality apps as you get on the iPads. 

Specs: 7-inch IPS LCD (1280x800 pixels) with Gorilla Glass | 1.2GHz quad-core Nvidia Tegra 3 processor | 1GB RAM | 16/32GB memory, no microSD slot | 1.2MP front camera | Wi-Fi b/g/n, Bluetooth 3.0, microUSB, GPS | 4325mAh battery | Android 4.4 KitKat



PHONE Motorola Moto G 

Rs. 12,499 (8GB) | Rs. 13,999 (16GB) 

The Moto G has a sharp screen, protected by scratch-resistant glass, and a processor that runs most games and apps well. It's got the latest version of Android, v4.4 KitKat, and the interface is buttery smooth. Where the Moto G shines is in battery life, lasting for 18 hours of average usage - among the best we've got on a phone. 

The camera on the back is decent, although it struggles to take usable photos in low light. And while it has 720p HD video recording, the audio capture is poor. But the Moto G's biggest restriction is in the internal memory, as you can only get the 8GB or 16GB of built-in storage - there's no microSD slot. If you load it up with your own multimedia and download a few high-def games, you'll run out of space very quickly! 

Specs: 4.5-inch IPS LCD screen (1280x720 pixels) with Gorilla Glass 3 | 1.2GHz quad-core Qualcomm Snapdragon 400 processor | 1GB RAM | 8/16GB memory, no micro-SD slot | 5MP rear camera, 1.3MP front camera, 720p HD video recording | 3G, Wi-Fi b/g/n, Bluetooth 4.0, microUSB, FM Radio, GPS with A-GPS | 2070mAh battery | Android 4.4 KitKat



CAMERA Canon IXUS 255 HS 

Rs. 10,000 

The quality of the photographs taken with the Canon IXUS 255 HS is surprising when you consider its price. It easily rivals cameras in the 15K-17K range. The colours are pitch perfect, there's practically no noise, and it even performs well in low light. In its macro mode, the IXUS 255 HS can go up close to an impressive 1 cm distance. That 10x optical zoom will let you shoot anything far away. And it even packs in WiFi connectivity! 

The only issue we have with this shooter is that it doesn't offer much manual control to the user. Apart from that, it's the perfect slim point-and-shoot to carry in your pocket. 

Specs: 12-megapixel CMOS sensor, 1/2.3-inch | 10x optical zoom (4.3-43mm focal length) | F3.0-F6.9 Aperture | ISO up to 6400 | 3-inch screen, 461K dots | 1080p FullHD video recording | Rechargeable Li-ion battery with 220 shots on a single charge

Hands On With The Galaxy S5 And The New Galaxy Gear Bands

ADVERTISEMENT

We came, we saw, we checked our heart rates. As Samsung moves into wearables territory with the new Galaxy S5 and Galaxy Gear 2 bands, including the Neo and the Fit, we found that the devices were less about taking photos, media sharing, and other frippery and more about active designs aimed at users who are running, hiking, and braving suburban environments.

[0]

Say hello to Samsung’s latest, an ultra-thin, surprisingly handsome S-series phone that is obviously evocative of the S4 in almost every way but hides a few things under the hood. First, there’s a built-in optical heart rate monitor and pedometer for a bit of on-the-go medical telemetry. Then you get a 5.1-inch, 1920×1080 display, fingerprint sensor, and 4K video camera with Lytro-like adjustable focus. It tops out at 2.5GHz with a Snapdragon 800 quad-core processor but could go as high as eight cores with a planned upgrade.

What can we say about these devices? At this point not much. Benchmarks are still unavailable but all of the systems worked smoothly and the bands were surprisingly reactive and fun to use. The Gear Fit is familiar to anyone with a Fitbit or Jawbone Up but the screen is readable and easy to operate. The heart rate sensor on the S5 worked even too well – it showed I was at 102 bpm for some reason while Natasha was at 65. Clearly her vegan diet is doing something for her health. The phone is dust and water-resistant thanks to a little flap at the bottom that protects the USB port, as well as a physical casing that keeps out the elements.

What, then, does this redesign achieve? It upgrades the S4 in a meaningful way without straying too far from the original design. The sleek lines of the S4 and other competing smartphones are definitely at play here and the pinhole dots on the back add a sporty air to the proceedings. The back looks like driving gloves, albeit hard plastic ones, and I think the white looks best. Other colors include blue, black, and gold.

There was little fanfare around this launch and some would say it was because there isn’t much Samsung could have done to this device, at least at this juncture. A 64-bit version of Android is still in the works and the chip, a 2.5GHz quad-core processor, blazes through apps without issue for now. The next iteration of the S series will definitely be far more interesting from a processor standpoint, especially given the improved ARMv8 chips hitting the market.

Until the S5 arrives, there’s little to be said except that it’s a good, solid phone from the biggest manufacturer in the industry. Whether S4 users should upgrade is still in the air but even a few minutes with the device was enough to show us that Samsung’s still got it.

 

Apple's SSL Vulnerability might allow NSA to hack iOS Devices Remotely

Just two days before Apple has disclosed a critical Security flaw in the SSL implementation on the iOS software that would allow man-in-the-middle attacks to intercept the SSL data by spoofing SSL servers.

Dubbed as CVE-2014-1266, the so-called ‘goto fail;’ vulnerability in which the secure transport failed to validate the authenticity of the connection has left millions of Apple users vulnerable to Hackers and Spy Agencies, especially like the NSA.

Last Friday, Apple had also released updated version iOS 7.0.6 to patch the vulnerability, which was first discovered in Apple's iOS Devices, but later company had acknowledged its presence in Mac OSX also, that could allow hackers to intercept email and other communications that are meant to be encrypted in iPhone, iPad and Mac computer. Affected versions include iOS up to version 7.0.5 and OS X before 10.9.2.

Security Researchers confirmed, 'Nearly all encrypted traffic, including usernames, passwords, and even Apple app updates can be captured.' with man-in-the-middle attack.

Apple Vulnerability and NSA

I am sure; you still remember the NSA's DROPOUTJEEP Hacking Tool, implant for Apple iOS devices that allows the NSA to remotely control and monitor nearly all the features of an iPhone, including text messages, Geo-Location, microphone and the Camera.

DROPOUTJEEP program was developed in 2008 to conduct espionage on iPhone users, which was revealed by the documents provided by Edward Snowden a month ago. "The initial release of DROPOUTJEEP will focus on installing the implant via close access methods." document reads.

According to the vulnerability details published by a Google's Security Researcher 'Adam Langley', a basic mistake in a line of the SSL Encryption code almost screwed up the iOS SSL certificate verification process with an open invitation for the NSA's Prying Eyes.

"This sort of subtle bug deep in the code is a nightmare," Adam Langley said on his blog, "I believe that it's just a mistake, and I feel very bad for whoever might have slipped in an editor and created it."

Security researchers, Jacob Applebaum said last December, "Either the NSA has a huge collection of exploits that work against Apple products, meaning that they are hoarding information about critical systems that American companies produce and sabotaging them, or Apple sabotaged it themselves."

Although, those old techniques are no longer in circulation, but the NSA has a track record of continually evading the privacy of users by exploiting vulnerabilities in various softwares and obviously NSA's capabilities have improved significantly in the past five years. 

In the DROPOUTJEEP document, the NSA also admitted, 'A remote installation capability will be pursued for a future release.' That means, it's practically possible that the NSA had already discovered this iOS SSL flaw in an effort to hack iPhone users' remotely by sniffing data and spoofing them to install malware.

An Unanswered Question

'Was the Apple intentionally injected backdoors for NSA or the flaw was an accident???' If it was an accident, then Apple would have been able to release patches for both iOS and Mac OS X at the same time, instead of releasing the patches for both, it silently released a fix for iOS devices on Friday night, but when the cryptographers and security experts began criticizing the company for leaving OS X without the patch, they finally acknowledged Mac OS X too; But it's the 4th day after disclosure and no patch yet  has been released for Mac OS X.

Also, Apple contacted CVE (Common Vulnerabilities and Errors database) on 8th January 2014 to reserve the bug number CVE 2014-1266 for the SSL vulnerability and later they have released updated iOS 7.1, which was also vulnerable to the flaw that Apple had already discovered.

However, Apple categorically denied working with the NSA on a backdoor after it was accused last December of creating a way for the US intelligence agency NSA to access contacts and other data in iPhones. 

On Dec. 31, Apple spokesperson released a statement saying:

"Apple has never worked with the NSA to create a backdoor in any of our products, including iPhone. Additionally, we have been unaware of this alleged NSA program targeting our products. Whenever we hear about attempts to undermine Apple's industry-leading security, we thoroughly investigate and take appropriate steps to protect our customers. We will continue to use our resources to stay ahead of malicious hackers and defend our customers from security attacks, regardless of who’s behind them."

In 2013, The US Department of Defense passed Apple's iOS 6 for the Government use, that means if the NSA was aware of this flaw, they didn't seem to have informed them.

To Check, whether your web browser is vulnerable to SSL flaw, Click here and to be safe, you are recommended to use an alternate web browser, rather than Safari web browser and avoid using public and unsecured networks.

UPDATE: Apple has finally today releases Mac OS X 10.9.2, which includes a fix for a major SSL security flaw and bringing with it a number of "improvements to the stability, compatibility and security of your Mac."

Pony Botnet steals $220,000 from multiple Digital Wallets

Are you the one of the Digital Currency Holder? PONY is after You. 

A Group of cyber criminals has used hundreds of thousands of infected computers of the digital currencyholders to filch approximately $220,000 worth of Bitcoins and other virtual currencies.

The researchers at the security firm, Trustwave have uncovered the Bitcoin Heist that was accomplished by the computers infected with a new class of malware that has been dubbed as ‘Pony’, a very powerful type of Spying Keylogger Malware with very dangerous features that was last time found two months ago.

Pony, for those who have not yet heard about it, is a bot controller much like any other, with the capability to capture all kinds of confidential information and access passwords. It contains a control panel, user management, logging features, a database to manage all the data and, of course, the statistics. It can see the passwords and login credentials of infected users when they access applications and Internet sites.

The security firm has found that the botnet has infected over 700,000 accounts in four months of the period, between September 2013 and mid-January 2014, and allowed criminals to control those accounts.

“Not only did this Pony botnet steal credentials for approximately 700,000 accounts, it’s also more advanced and collected approximately $220,000 worth, at the time of writing, of virtual currencies such as BitCoin (BTC), LiteCoin (LTC), FeatherCoin (FTC) and 27 others,” reads the report.

In December, the same piece of malware infected a number of popular websites and services such asFacebook, Google, Yahoo, Twitter, LinkedIn, etc., by stealing a couple of million passwords, that provide them access to all those accounts.

Latest Pony attack

This Time the Pony botnet stole over 700,000 credentials, including 600,000 website login credentials, 100,000 email account credentials, 16,000 FTP account credentials and other Secure Shell account information.

“This instance of Pony compromised 85 wallets, a fairly low number compared to the number of compromised credentials. Despite the small number of wallets compromised, this is one of the largercaches of BitCoin wallets stolen from end-users.”

The Malware was in the wild when the virtual currency, such as Bitcoin value touched the sky, which was developed by cryptographic experts as a way to move money at a lower cost than traditional financial systems.

"Bitcoins are stored in virtual wallets, which are essentially pairs of private and public keys," the Trustwave researchers said, adding that “whoever has those keys can take the currency, and stealing Bitcoins and exchanging them for another currency, even a regulated one such as US dollars, is much easier than stealing money from a bank."

They said that cyber thieves with Bitcoins can use any number of trading websites, to get real cash while maintaining anonymity.

NOT just BITCOINS

Here, if you think that the botnet went after only the Bitcoin, then you are wrong. Currently, the Bitcoin value is swinging between $300 and $500. So, instead of sticking to only Bitcoin wallets, the Pony botnet looks for a list of virtual currencies including Anoncoin, BBQcoin, Bytecoin, Craftcoin, Devcoin, Digitalcoin, Fastcoin, Feathercoin, Florincoin, Franko, Freicoin, GoldCoin, I0coin, Infinitecoin, Ixcoin, Junkcoin, Litecoin, Luckycoin, Mincoin, Namecoin, NovaCoin, Phoenixcoin, PPCoin, Primecoin, Quarkcoin, Tagcoin, Terracoin, Worldcoin, Yacoin and Zetacoin.

If you are wondering that the attack was being shut down by some security companies, then you are guessing wrong, because the attackers themselves “closed shop” during January.

Researchers haven't explained any Malware removal mechanism, but in order to protect your virtual currency, you are advised to encrypt your wallets. Keep your virtual currency wallets safe!

In a separate news, you may also like to read, Worlds Largest Bitcoin Exchange Mt. Gox Shuts Down.

Caphaw Banking Malware Distributed via YouTube Ads

More than one billion of unique visitor spend about 6 billion hours on YouTube to watch videos, according to monthly YouTube Stats. Security researchers from Bromium Labs recently found that YouTube advertising network has been abused by rogue advertisers to distribute malware.

YouTube In-Stream Ads were redirecting users to malicious websites, hosting the 'Styx Exploit Kit' and was exploiting client side vulnerabilities by drive-by-download attack to infect users' computer withCaphaw Banking Trojan.

The Exploitation process relied upon a Java vulnerability (CVE-2013-2460) and after getting dropped into the target computer system, the malware detects the Java version installed on the operating system and based upon it requests the suitable exploit.

"We don’t yet know the exact bypass which the attackers used to evade Google’s internal advertisement security checks. Google has informed us that they’re conducting a full investigation of this abuse and will take appropriate measures." researchers said.

Further investigation has revealed that the banking malware uses Domain Generation Algorithm (DGA) for communicating with Command and Control server (C&C). The C&C panel of this Trojan seems to be hosted somewhere in Europe and the case is still under investigation. Caphaw Banking Malware has been marked as malicious by a number of anti-virus companies.

How many users had become victim of this attack is yet a question. Google has taken down the malvertisment campaign and is beefing up internal procedures to prevent such events from occurring again.

Oracle has already patched the respective Java vulnerability last year, So users are advised to keep their Java software up-to-date and install latest Security updates of the softwares and operating system.