Security Week 35: Carders donate to Hutchins, 500 thousand pacemakers withdrawn, 711 million emails were found in the spam bot

The tragic but instructive story of a young British information security specialist Markus Hutchins, who was arrested in the US a month ago, began to slip into a frank farce. I must say, the States treated Markus relatively gently: the guy was released on bail of $ 30 thousand, so he with the bracelet on his foot waits for the court in the wild. Not even limited access to the computer.

Meanwhile, in defense of Hutchins made many colleagues. Indeed, Marcus proved himself worthy in the history of WannaCry, and he could also pretend to be a Trojan writer for research purposes. As a result, well-wishers organized a collection of money for him. After all, with money, the defense always goes somehow bashy. The gathering taxied New York lawyer Thor Ekeland, specializing in such cases. A couple of weeks, friends and sympathizers pulled up as much as $ 150 thousand.

However, Marcus's friends turned out to be somewhat suspicious. The processing company processing the transactions determined that only $ 4,900 of the donations made were legitimate, the rest of the money came from the stolen bank cards. Thor was upset by such news and announced that all honest donors would get a refund.

In the meantime, the evidence of the charges in the main case of Marcus became known. In addition to the samples of the Kronos banker, which he allegedly bungled, the investigation has 150 pages of Jabber chat Hutchins with some unknowns, 350 pages of the forum and records of interrogations. About the real witnesses in the case so far nothing is heard. And if the story ends with a tsugunder, it will be another reminder that you should not talk too much on the Internet. After all, the network talker is a godsend for the investigator.
')
FDA recalls half a million pacemakers due to vulnerabilities

News There is an influential government agency in the United States - the FDA, it’s also the Food and Drug Administration. Awesome power when it comes to protecting citizens from harmful drugs and dangerous food. So these guys for about a year investigated vulnerabilities in St. Petersburg medical equipment. Jude Medical decided to withdraw the pacemakers of particularly distinguished models. A total of 465 thousand pieces.

But back in 2016, when this story was just beginning. Med Sec has published descriptions of the vulnerabilities of medical equipment St. Jude Medical. The researchers explained their decision to “make public the holes” in the following way: they say, you will not be able to get rid of vulnerabilities from these seals, so we have to remove litter from the hut. St. Jude responded with a lawsuit , accusing Med Sec of self-serving lies. According to the plaintiff, this story was invented to short the shares of St. Jude and capitalize on their downfalls while publishing news about vulnerabilities.

The Medsecs replied that they did, yes, stitched, but only to recoup the costs of finding these vulnerabilities. The company is young, there are no customers, there is no money, go around as you like. However, the exchange is an exchange, and the vulnerabilities turned out to be the most real - something had to be done. At first, the FDA tried to sensitize device developers to “somehow fix” them. But in the end, she made a radical decision to withdraw pacemakers. Straight from the chest cells.

In fact, to withdraw the device, of course, is not needed. Patients will have to visit a cardiologist, under the supervision of whom they will update the firmware in the pacemaker. The procedure is unsafe - as in the case of updating the firmware of any other device, there is always the risk of it being “wry”, which, of course, is fraught with lethal outcomes. And yet it is necessary to do this, given the danger of vulnerabilities:

- CVE-2017-12712 allows you to control the pacemaker over the radio channel without authentication;
- CVE-2017-12714 with “correct” use can quickly “wake up” the device's battery;
- CVE-2017-12716 is suitable for draining monitoring data.

It is not yet known for certain whether hackers were interested in these holes over the past year, but not so long ago Reuters reported that two people in Europe had died due to the premature discharge of the St. Petersburg stimulant batteries. Jude.

40 GB of foreign credentials were extracted from the botnet

News Many Trojans are created solely to steal various valuable data from people - for example, logins and passwords. And if it did not work out, then even e-mail will go; it can be sold to spammers. It seems not very scary. But the scale of such data mining is really terrifying.

The Onliner botnet, about which researchers learned in 2016, specializes in spamming, including malware — for example, the Ursnif Trojan. Onliner needs e-mail credentials to send spam on behalf of legitimate users. So he is much more cheerful crawls through spam filters.

Comrade Benkov from Benkowlab broke into the Onliner management and control server and found there a powerful layer of data, a real big date - 40 GB of files with email addresses, usernames and passwords from mail, configuration of SMTP servers, etc., after which he contacted Troy Hunt, leading a famous project Have I Been Pwned, who delved into what was found.
According to the results in the database I Have Been Pwned added 711 million records. This is a roofing figure - as if the entire population of Europe, including children, had been hacked. In fact, there are fewer victims, of course, and not all emails have credentials, but the finding is still unpleasant, to say the least. You can punch yourself in this database on HIBP .

Antiquities

"Keydrop"

A non-dangerous virus, standardly affects the boot sectors of floppy disks when accessing them and the MBR of the hard drive when booting from an infected floppy disk. It is manifested by the effect of “falling letters” (the codes of this algorithm are completely copied from the “Cascade” virus). Intercepts int 13h. Contains the text "© Copyright 1990 Keydrop inc.".

Quote from the book "Computer viruses in MS-DOS" Eugene Kaspersky. 1992 Page 102.

Disclaimer: This column reflects only the personal opinion of its author. It may coincide with the position of Kaspersky Lab, or it may not coincide. Then how lucky.