Tuesday, July 02, 2013

Webroot reports on odd TOR-based rootkit offering hackers "licenses"

Danco Danchev has a Webroot Threat Blog entry on “TOR-based” and “commodolized” malicious software which (in rootkit form) can be licensed!  It seems to focus on “form grabbing” from SPDY.   The link for the story is here.  Webroot tweeted the story today.  

It’s interesting that TOR is involved with this one, since TOR is often used in countries with authoritarian governments by activists, and some people in the IS recommend using it to avoid NSA monitoring. I don’t worry about that, but I can understand that some people do.

The report mentions the idea that hackers who lose the code can lose their “licenses”, an odd concept.  It also doesn’t work (yet) in Windows 8.
I’m not sure what malware based on it would do, other than, it seems, grab information from common “e-forms” common on websites that invite people to set up new accounts.  It’s pretty obvious it could grab credit card information and try to generate bogus charges before the owner notices.

That brings up another question.  Is it a good idea to use the same credit card form most online activity?  (And that’s credit card, not debit, which is definitely asking for it).  Probably, and it’s a good idea if it comes from the bank where you do most of your checking, so you can conveniently monitor it for invalid charges every day or two.

Once a credit card is compromised and closed out by the bank when reported, many companies or public utility or transportation systems can automatically invalidate items purchased on it, such as rail or transportation passes. 

Here’s something odd I’ve notice about Webroot Secure Anywhere: the daily scan runs much faster than it does in Windows 7.  Why?

No comments: