Recently the same attack has been easily ported to one of the most popular mobile platforms: Android. Anonymous social network accounts promote the new attack in Latin America as “LOIC para Android by Alfred”:

By “easily” ported I mean that it is not necessary to have any programming skills to create the Android application because it was generated with a free online service that creates Android apps with just a URL, HTML code, or a document (DOC or PDF). In this case, the attack was created with only the URL of a specific pastehtml website that has a JavasScript version of LOIC to perform a DoS attack against the Argentinian government. The attack is part of the operation #opargentina, run by an Anonymous cell in South America. Once the tool is downloaded and installed, the following icon appears in the applications menu:

When it is executed, a WebView component shows the contents of the URL, which is basically an HTML web page with a JavaScript that sends 1,000 HTTP requests with the message “We are LEGION!” as one of the parameters. (The web page does not fit in the Android screen, probably because the tool that creates the application does not adjust the size of the web page inside WebView.)

Creating Android applications that perform DoS attacks is now easy: It requires only the URL of an active web LOIC–and zero programming skills–thanks to automated online tools. Because the application’s purpose is simply to display any website on an Android system, we classify this hack tool a potentially unwanted program (PUP). If you have enabled PUP detection (our default setting), then McAfee Mobile Security for Android will detect this tool as Android/DIYDoS.

First up this week in the news – kids and “screen time”.
A study by the American Academy of Pediatrics says kids under two should not be watching television or even be in the room when you are watching. That means no Netflix or Hulu on the iPad or PC either! I remember when my oldest was an infant, he would start to cry if I was upset watching my soaps. I stopped watching because I knew he was reacting to the subtlest of mood changes. What are your thoughts?

A child-pornography image sharing ring was taken down by Anonymous this week. The group began the operation in mid October when they found a darknet that was hosting approximately 40 sites that contained over 100 GB of images. Don’t miss the video Anonymous posted explaining the operation. Not only did they take out the site, they scooped up as much information about the users as they could and published it online. I may not support vigilantism, but I have to say way to go Anonymous!  I fully support protecting children and slowing pedophiles down.

I saw this post from McAfee Labs about an Android virus that is being spread via QR code. QR Codes are those images that are popping up in magazines and in stores. You scan the image with the camera built into your smartphone and it opens up a webpage with content about that item or store. 
 

I have been using QR codes that I find in magazines and I had no idea that QR codes could link to malware. This particular virus sends text messages from your phone to a premium number that charges users. The solution to this is to use a QR scanner that previews the code before it brings you to the site. See this post by Jimmy Shah with McAfee Labs to get suggestions for QR scanner apps for both Android and iPhone and some tips to keep your phone and phone bill safe.

Netflix lost 800,000 customers since they made all of their changes to the service.  I have not left Netflix and I still stream movies online and get disks in the mail, but I am disappointed in the selections since new movies have a delay in being available.  If you are/were a customer, what did you do with the changes? Is there a service you like better? 

My kids stream movies often and I realized that my cyber son #2 has hit that age where he is old enough to figure out how to stream what he wants to, but I still want to filter some of the selections. He was telling me about a movie he wanted to watch on Netflix which just sounded inappropriate, gross and well, I just don’t want him to watch it! I can block it using McAfee Family Protection on my PC and devices. We can also block it on our gaming console using the parental controls.

But what if he goes to a friend’s house? I had to explain to him why I didn’t think he should watch it and give good reasons – the content was not something that I would want to watch, it was violent, it was demeaning to women and once you see that type of content it is hard to get it out of your head. After my discussion with him, I have to let go and trust him.

I hope you all have a great week!

Stay safe out there!

Tracy

@McafeeCyberMom on Twitter

Not long before midnight on July 26, a tweet announced the Elysée Palace website displayed a cartoon image of Nicolas Sarkozy. Our president was pictured on a motorbike heading toward the gates of the palace. This was nothing serious: Using an old cross-site-scripting vulnerability, a joker had created a web page based on elysee.fr with an iframe pointing at a satirical website. No doubt the author was impatient for us to vote for a new president.

On July 29, a French member of the Anonymous group nicknamed Albert Spaggialulz (a pseudonym referring to the French criminal Albert Spaggiari) leaked personal details of regional leaders from Front National, a far-right and nationalist political party in France.

This hack demonstrates that many webmasters are not attentive to the security of their sites, especially SQL-injection flaws. Worse, the vulnerability at the Front National website was still present last time I looked.

On August 9, the French gray-hat coder Xylitol reverse-engineered and leaked a SpyEye loader module (for Versions 1.3.x) secured using VMProtect. Xylitol is a member of the Reverse Engineer’s Dream Team.

Even if this tutorial does not allow a criminal’s apprentice to use this powerful crimeware, this disclosure is not good news for the rest of us.

On August 17, a 16-year-old French girl known under the pseudonym Lamaline_5mg explained she executed her first hack by targeting the police union website of the San Francisco Bay area’s rapid transit system, BART. After claiming to be part of Anonymous, she retracted that statement and said she did it for the fun.

Still in Anonymous circles, French hacktivists and/or hackers meet in the Marais district of Paris. They squat in a building and support the Telecomix movement, known for having provided dial-up services to Egyptian protesters during the recent revolution.

I hope you had a great holiday and that you remembered to lock your e-doors while you were away.