Blog

GNUCitizen said they have found a serious security bug in the BT Home Hub that could let hackers steal identities and commit other types of fraud by controlling calls routed over the internet.

With BT’s Home Hub a widely used router, the ability reach many homes is a serious threat to many customers as the bug can still be sent out even if the default password for the hub has been changed. For the bug to activate, a user of VoIP would have to visit a website that has some kind of malicious code.

Adrian Pastor, one of the hackers GNUCitizen, said that “we believe this is gonna be very hot in the VoIP fraud arena”, in an email.

To resolve the issue, BT has disabled the Remote Assistance features that allow support professionals to gain control over the device, according to Mr Pastor.

As a result however, Mr Pastor said: “Now we have been able to come up with a new technique to steal VoIP calls”.

Trojan malware has been found to be controlling Google ad space by sending users to different websites when they try to click on the search engine’s advertisements.

Romanian-based online security firm BitDefender found the hidden software, Trojan.Qhost.WU, and said that the threat could have a negative impact on both users and businesses.

Attila-Mihaly Balazs, a BitDefender virus analyst, said that users are prone to clicking on links or ads that “may contain malicious code”, while he said webmasters are affected because their valuable ad space is stolen by a third-party vendor and are used to promote someone else’s website.

An anonymous hacker who told siliconrepublic.com about how the malware could be operating said “most anti-virus” programs should pick up on the problem if “if an attempt was made to modify the host file anyway”.

Security software company Sophos has revealed that the US relays more spam than any other country in the world.

Websites in the US are responsible for 28.4 per cent of all spam, followed by South Korea with 5.2 per cent and China, including Hong Kong, with 4.9 per cent.

Russia, Brazil and France are the fourth, fifth and sixth worst respectively for relaying spam, the Sophos report revealed.

Carole Theriault, senior security consultant at Sophos, said: ‘It seems as though a major American spammer is arrested every other week at the moment, but despite these high-profile lawbreakers being put away, the US continues to relay far more spam than any other nation on the planet.’

The spamming is not just the work of a few cyber criminals, but represents thousands of people controlling thousands of zombie computers, added Ms Theriault.

Recently, a security report from the Georgia Tech Information Security Centre warned that online videos are the new favoured way for cyber criminals to hide malicious code.

Widgets and gadgets that users add on to their PCs could pose a security threat, according to Finnish security company Finjan.

Finjan’s Malicious Code Research Centre has found that add-ons that add functions to websites contain code which make the PC they are on more vulnerable to hackers.

The security model that gadgets and widgets have must now be completely revised to take these findings into account, Finjan stated.

Finjan chief technology officer Yuval Ben-Itzhak said: ‘As widgets become common in most modern computing environments, from operating system to web portals, their significance from a security standpoint rises.’

He added: ‘Vulnerabilities in widgets and gadgets enable attackers to gain control of user machines, and thus should be developed with security in mind.’

Corporations may need to deal with a ‘vast array’ of new security considerations, added Mr Ben-Itzhak.

Meanwhile, a new report from Symantec has warned that internet crime has gone from simply causing trouble to a multi-million pound industry.