17 comments

[ 2.9 ms ] story [ 44.1 ms ] thread
To everyone wondering why a 6yo trojan is still so used it is because Zeus source code was fully released/leaked and it's been used ever since to build new and improved variants like Ice IX, Gameover, Citadel, etc
Yeah, the article's assertion that whitehats are losing because criminals still use malware is kind of odd. The age of the malware doesn't matter if this version is only a couple months, weeks, or days old.
Where can I learn more about virus architecture/blackhat in general? Are there any defacto communities out there for this sort of thing? Just curious.
I would suspect communities concerned with illegal activities and state-of-the-art (0-day) code not to be easily accessible. There must be some on TOR.
Hacking has existed since before the internet was invented. In general you want to do a lot of reading on TCP/IP, operating systems and programming languages. There are literally tons of whitepapers about security.

Blackhat communities are either very private or full of script kiddies.

You can follow subs like this to learn more http://www.reddit.com/r/netsec/

Why haven't banks created two way verification system yet???

Let me approve or disapprove a charge or money transfer of a certain amount via a text message!!!

I’ve been with a few different banks (ING, Rabobank, Bizner, HSBC) and they all use two step verification. Some send texts, others use a card reader or such.
Ing in the US was bought by Capital One, and neither use key fobs (if that's what you meant). Are you in the EU?
There's a trojan app for that.
Indeed there is. There exists Android malware that infects your PC with a Zeus variant and then the two work in concert to intercept your SMS-based two-factor authentication.
I think a lot of banks just send a confirmation email.

That's actually fine, because due to the non instantaneous nature of today's banks, they can cancel the transactions for the next day or so.

To become a whitehat. You have to know the trade in blackhat. Know your enemy. And that goes both ways in network security.
They didn't really specify how this is being spread. If I have flashblock and a modern browser, I'm assuming it's pretty hard for a site to randomly install junk on my machine. Are people on Facebook downloading exe files or something?
People on Facebook are visiting links, posted on Facebook, to external sites.

Those external sites are the sites with the malware.

Very few people block anything; people don't bother blocking flash or javascript or even ads. (Adblock Plus, the most popular ad blocker, only has 15.5million users on Firefox.)