Do you recall the virtual theft made possible via the visual malware PlaceRaider? It can steal your privacy by remotely exploiting an Android smartphone camera and secretly snapping a photo every two seconds. Crafty malware creators have developed a new type of privacy theft aimed at images stored on your computer this time. If a picture is worth a thousand words, then if hacker infects your computer with malware that steals pictures, what does your photo stash say about you? PixSteal has been spotted in the wild; the Trojan ignores text and instead copies image files from all drives before uploading the photos to a remote FTP server.
Trend Micro detected this specialized Trojan called "PixSteal" that “opens a hidden command line and copies all .JPG, .JPEG, and .DMP files.” That means image files and memory dump files that contain data about why a system unexpectedly stopped. TSPY_PIXSTEAL.A copies files from drives C, D, and E onto the C:\ drive before “it connects to an FTP server where it sends the first 20,000 files to the server.”
The PixSteal infection channel is the Internet. “This spyware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.” Trend Micro warned, “Users typically rely on photos for storing information, both personal and work-related, so the risk of information leakage is very high. Collected photos can be used for identity theft, blackmail, or can even be used in future targeted attacks.”
Meanwhile, the Guardian reported on “parasite porn websites stealing images and videos posted by young people.” A new study by the Internet Watch Foundation (IWF) revealed that “88% of self-made sexual or suggestive images and videos posted by young people, often on social networking sites, are taken from their original online location and uploaded on to other websites.”
Sarah Smith, technical researcher at IWF, warned that if the IWF “cannot provide watertight proof that the young person in a sexually explicit image is under 18,” then it has “no power to remove it from the internet.” Smith added, "Young people have to realize that once they take a digital image, once it is uploaded, it essentially becomes public property and is virtually impossible to remove. The clear message is that if you post
this content you are going to lose control of it."
Lastly on hacks dealing with images, allegedly chanting “Remember, remember, the fifth of November,” Anonymous launched a “hacking spree” on Guy Fawkes Day. “ImageShack has been completely owned, from the ground up,” according to a pastebin. “We have had root and physical control of every server and router they own. For years.”
Other sites hit in the V for Vendetta Guy Fawkes Day attacks allegedly include:
- Hacking PayPal and leaking about 28,000 PayPal Accounts; PayPal denied it due to being “unable to validate” any evidence of the breach. PayPal's Senior Director of Communications told ZDNet, "It appears that the exploit was not directed at PayPal after all,” but the zero-day exploit “was directed at a company called ZPanel.”
- Hackers allegedly warmed up their November Fifth Guy Fawkes Day hacking skills by defacing NBC’s homepage, video homepage, Saturday Night Live, the “Jimmy Fallon and Jay Leno portals,” and Lady Gaga’s fansite.
- Hacker News added that numerous Australian sites and the Organization for Security and Cooperation in Europe were hacked. Also VMware ESX Server Kernel source code was leaked online.
- Telecom Italia, Italy’s largest telecommunication company, had over “3,000 vulnerabilities and errors” which allowed hacktivists “access to over 30,000 credential sets, including social security numbers, social insurance numbers and user passwords.”
- Anonymous November 5th global operations included planned protests over government surveillance systems like TrapWire and INDECT.
- Symantec was also allegedly hacked, but ZDNet said that @Doxbin gets the credit and “HTP is not affiliated with Anonymous.”