The Cyber war between Egypt and Israel have taken very dangerous turn by setting normal internet users as target for botnet attacks. Since week ago some Egyptian hackers attacked so many Israeli's gov communities and organizations on the internet. Israeli prime minister Netanyahus for example. But yet it wasn't very scary attacks level , as it was far from the normal computer users.
In Sudden escalation for the attack level , an Egyptian group launched computer worm which infected about 50000 personal computer in Israel and united states. Despite of my virtual machine security level , it was also infected by the same worm. I (Reuben Rayner) didn't notice that am infected till the attackers launched an exe file which viewed message in the full screen mode.
Quits of the attackers message they started with the word "Anti-Zionism"
"If u can see this message this mean that u either from israel orfrom USA > both sucks
your stupid zionist soliders passed through the Egyptian borders and killed 3 soldiers and that's not good for u.
now our army became 79999997 instead of 80000000 , they all ready to kick ur fat asses :)"
it seem that it also about the border problem between Egypt and Israel
"our strike is just the beginning , u can say it's a simple bullet , but the nuclear strike is comming soon :)
this is not your only fate , so don't be sad , this fate is waiting thousands of zionist users
watch this pic : http://adf.ly/2R8A1"
Threatening that they are more attacks against Zionists and attaching a picture of their own bot network.
"Striked By : sTrIk3r, i-Hmx , H311 C0D3 & K4rar
shouts to all elite hackers at sec4ever.com , alm3refh.com and 1337s.cc
now let Our Worm talk to u about herself for seconds . . ."
Names and Arabic sites and yet they seem to be funny enough to let them worm talk to the user > me
you can read the full message via the picture above, but what make this attack unique?? Ok , have you viewed Israel gov sites yesterday? Try pinging mossad.gov.il for example
The pinging result
C:\>ping mossad.gov.il -ttl
Pinging mossad.gov.il [147.237.72.71] with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Request timed out.
What's the point??
If the attackers used the same massive bots to attack sensitive gov sites , this will probably cause a disaster.
If they did it and dumped the banking accounts of thousands and thousands of users they got , this will also cause disaster.
Little analysis for the worm
I (Reuben Rayner) am trying to get a copy of this worm now to give detailed analysis but it's using a unique technique to attack spread over computers
- usb spread.
- inject itself within executable files
- injecting malicious html codes through out user's pc
- it's always trying to use the fake msn account in my virtual machine to send malicious links
- sending the antivirus update requests to fake server addresses so you will always think that ur AV is updated , but actually it isn't.
- disabling firewall software > comodo in my vpc
other techniques still unknown to me
While surfing through internet I (Reuben Rayner) found some topics asking for help about that worm. All asking the same question , what should I (Reuben Rayner) do? You have to format your C drive and re-install windows. Once installation is finished don't open any exe file , juts copy firewall software from the internet. Install it and block any request from exe files to modify registry or connecting to internet. Download Avira , install it and update it now it's able to detect this malware. Scan your computer and remove any infected file , now you
are safe :)
Source--> THN
0 comments:
Post a Comment