Category Archives: Antivirus Vendors

Antivirus Vendors

Data breach in South Korea hits 27 million – half the population

A data breach of staggering proportions has hit South Korea – involving 27 million people and 220 million private records – and affecting 70% of the population between the ages of 15 and 65, according to Forbes.

Sixteen hackers were arrested for the attack, which targeted registration pages and passwords for six online gaming sites – with the aim of selling game currency. South Korea has a strong online gaming culture, and people of all ages indulge in the hobby.

South Korean authorities said that the gang had stolen 220 million items of personally identifying information, with the goal of breaking into online game accounts. A 24-year-old man, surname Kim, bought these records from a Chinese hacker he met in another online game in 2011, according to the Korea JoonGang Daily.

Data breach hit 70% of adults

According to police, Kim reportedly received 220 million personal information items from a data breach of unknown origin, including the names, resident registration numbers, account names and passwords, of the 27 million people from a Chinese hacker he met in an online game in 2011.

Kim and his associates are thought to have used a hacking tool known as an “extractor” to log in to accounts and steal virtual currency to and items to sell – earning in the process 400 million won ($390,919).

The Register reports that, “Kim bagged almost $400,000 by hacking six online games using the details and gave the Chinese cracker a $130,000 cut. The buyer used the creds to steal items from gaming accounts and sold off to other players.”

Hacking tool known as ‘extractor’

Police estimate that secondary damages from the data breach cost at least $2m.

When Kim’s gang could not break into accounts, they bought yet more personal information including identity cards from a cellphone retailer in Daegu, and then changed passwords to gain access.

Kim is also accused of having sold his hoard of personally identifying information to mortgage fraudsters and illegal gambling advertisers.

 

The post Data breach in South Korea hits 27 million – half the population appeared first on We Live Security.

Surveillance fears over systems which ‘follow’ cellphone users

Concern is growing over the export of surveillance equipment which can track the movements of anyone carrying a cellphone – from town to town and even into other countries.  Such technologies are freely on sale not only to oppressive regimes, but also to criminal gangs, according to a report by the Washington Post.

Third-party surveillance apps are, of course, widely available which allow suspicious spouses and more nefarious individuals to track the owner of a phone by surreptitiously installing and hiding such an app. Such ‘domestic spyware’ is often involved in domestic violence cases.

The technology used by repressive regimes is much higher-level surveillance: specifically, the governments, gangs and other individuals monitor telecoms networks for their location records.

Surveillance systems map people for weeks

“Surveillance systems are secretly collecting these records to map people’s travels over days, weeks or longer, according to company marketing documents and experts in surveillance technology,” the Washington Post reports.

The use of such equipment is highlighted in a report, Big Brother Inc, by Privacy International, which claims that the surveillance industry has grown to be worth $5 billion per year, and that export control regulations have not kept pace with developments in such technology.

Capabilities of surveillance have grown hugely

“The capabilities of surveillance technology have grown hugely in the past decade – in the hands of a repressive regime, this equipment eradicates free speech, quashes dissent and places dissidents at the mercy of ruling powers as effectively as guns and bombs, if not more so,” Privacy International says in its report.

Mark James, security specialist at ESET, says there is a broader issue about the ownership of the data generated by such devices, and in particular the rights of the end user.

“The main concern here is the lack of international laws to protect the end user,” says James. “Without a global policy in place there will always be some countries that can be used to track people’s locations and activity.”

“With users now requiring the latest technology advancements in their mobile devices which include GPS location, mobile internet and the ability to be contacted wherever they are, it is often overlooked that this technology is two-way.

“Even if in your contract there were to be a paragraph stating that you can be monitored whenever and wherever, the likelihood of you reading it and acknowledging it exists is remote, and let’s be honest would you refuse to have the phone if this were made clear to you when you purchased it in the first place? I honestly think not.”

“This type of surveillance has been around for a while and it’s not going anywhere, all we can do is put measures in place for an independent organization to monitor its use and work harder to have an international  agreement in place to limit where this data ends up.”

Privacy International is now campaigning for more regulation of the surveillance industry, and in particular to restrict the sale of such technologies to repressive regimes. The group points to some limited successes, such as the EU Parliament’s resolution calling for stricter oversight of surveillance technology exports, and President Obama’s  executive order to prevent such exports to Syria and Iran.

The group says, “Export control regulations have not kept pace with this development, nor have companies taken it upon themselves to vet the governments to whom they sell their technology. The situation has now reached a crisis point: countries must enact strict export controls now, or be guilty of a staggering and continued hypocrisy with regard to global human rights.”

The post Surveillance fears over systems which ‘follow’ cellphone users appeared first on We Live Security.

Science @ Avira, the ITES project

It is well known that classical computer architectures were not designed with security in mind. We intend to change that. The ITES project is creating a system purposefully built for high-security environments.

The current ITES system deploys verified compartments via Virtual Machines for different tasks. A compartment contains an operating system and the required programs (e.g. email client). Each compartment has restricted permissions that are unique. For example the browser compartment does not have access to the business plan, so if an exploited browser is running on a different OS than the email client, which has access to critical information, the impact of an attack is reduced.

ites

 

 

 

Our goal in the ITES research project has been to extend the compartments system to identify hacked Virtual Machines and start countermeasures. We identify hacked machines by observing them with different sensors (user-space hooking, memory forensics and VMI – Virtual Machine Introspection).

After gathering information about the current situation in Virtual Machines, a central component will classify the state of the machines into ‘trustworthy’ or ‘suspicious’. Depending on the decision, the machine can be stopped, analyzed, repaired or restored from a snapshot.

The goal of a scientific project is to learn by building a „Demonstrator“ (an Alpha Prototype) – it is not to create a product. The operating system is split into several compartments with Antivirus (AV) technology and hypervisor sensors attached.

However, many of the pioneering technologies we developed to build Demonstrator are or will soon be integrated into our internal processes. One of our backend systems in the Virus Lab at Avira is now classifying samples for our customers based on this new technology.

Classification

Identifying malicious files is the Virus Lab’s first task when encountering unknown software.
Three methods are usually deployed to identify malicious code.

1. Static

This is Avira’s traditional forte and is how we’ve been identifying malicious code for years. Malware is, for example, identified by exact hash, fuzzy hash, byte patterns, structural generics, or by an AI while the engine complements the analysis by gathering behavioral patterns. It is not part of the ITES project.

2. Dynamic

Dynamic analysis monitors the behavior of malware. You can do it on the end-user’s system (behavior analysis performed by the AV software) or using specific analysis systems (e.g. Analysis Sandbox like Cuckoosandbox or our internal cloud-enabled Autodumper tool).

Depending on the type of the malware, we will have to monitor it in different ways. By monitoring the User-Space API, we are able to detect the Dropper of malware. Sensors in Kernel Space or below are required to identify rootkits. Kernel space sensors are drivers, and you get those with your AV software.

They will have a different (less detailed) point of view, but cannot be easily tricked by the malware in the User-Space API. Monitoring the OS from outside of the Virtual Machine is even better. One existing tool that does this is Volatility. It uses a memory snapshot of a real machine or a virtual machine and checks for anomalies in the OS data structures. As a part of the ITES project, we integrated Volatility into a Cuckoo Sandbox and use it as a second sensor.

A disadvantage of Volatility is that it only uses a snapshot, so it is possible to observe the effects of the infection, but not the process of the system being infected. Additionally User-Space events are not observed at an acceptable level of quality.

Virtual Machine Introspection (VMI) takes this approach to the next level and is currently being researched by the RUB (Ruhr University Bochum) & IFIS (Institute For Internet Security) as part of the ITES project. By monitoring the system through the hypervisor we could achieve a similar perspective as with Volatility, but without having to create snapshots. Soon we will know what granularity of data will be possible.

3. Reputation

Having a cloud service and large databases on our backend servers, it is possible to identify specific spread patterns that are typical for malware. Suspicious patterns can be defined by scripts. Rules might look like

  • If a user is running a sample, which has not been seen by the cloud yet, and is strangely packed:  trigger a warning
  • If a computer executed an unknown file, after the user visited a suspiscious page on a freehoster, and the computer is running an outdated PDF reader program: trigger a warning

You get the idea. The ITES project does not cover this area.

There will be more blog posts covering the details soon.

TL;DR

Avira is investing into scientific research to deliver superior protection to our customers.

For Science,
Thorsten Sick

Sponsored_by_Federal_Ministry_of_Education_and_Research

The post Science @ Avira, the ITES project appeared first on Avira Blog.

Self-propagating ransomware written in Windows batch hits Russian-speaking countries

Ransomware steals email addresses and passwords; spreads to contacts.

Recently a lot of users in Russian-speaking countries received emails similar to the message below. It says that some changes in an “agreement’ were made and the victim needs to check them before signing the document.

msg
The message has a zip file in an attachment, which contains a downloader in Javascript. The attachment contains a simple downloader which downloads several files to %TEMP% and executes one of them.
payload
The files have .btc attachment, but they are regular executable files.

coherence.btc is GetMail v1.33
spoolsv.btc is Blat v3.2.1
lsass.btc is Email Extractor v1.21
null.btc is gpg executable
day.btc is iconv.dll, library necessary for running gpg executable
tobi.btc is   Browser Password Dump v2.5
sad.btc is sdelete from Sysinternals
paybtc.bat is a long Windows batch file which starts the malicious process itself and its replication

After downloading all the available tools, it opens a document with the supposed document to review and sign. However, the document contains nonsense characters and a message in English which says, “THIS DOCUMENT WAS CREATED IN NEWER VERSION OF MICROSOFT WORD”.

msg2

While the user is looking at the document displayed above, the paybtc.bat payload is already running in the background and performing the following malicious operations:

  • The payload uses gpg executable to generate a new pair of public and private keys based on genky.btc parameters. This operation creates several files. The most interesting ones are pubring.gpg and secring.gpg.

genky

  • It then imports a public key hardcoded in the paybtc.bat file. This key is called HckTeam. Secring.gpg is encrypted with the hardcoded public key, and then renamed to KEY.PRIVATE. All remains of the original secring.gpg are securely deleted with sdelete. If anyone wants to get the original secring.gpg key, he/she must own the corresponding private key (HckTeam). However, this key is known only to the attackers.

keys2

  • After that, the ransomware scans through all drives and encrypts all files with certain extensions. The encryption key is a previously-generated public key named cryptpay. The desired file extensions are *.xls *.xlsx *.doc *.docx *.xlsm *.cdr *.slddrw *.dwg *.ai *.svg *.mdb *.1cd *.pdf *.accdb *.zip *.rar *.max *.cd *jpg. After encryption, the files are added to extension “[email protected]“. To decrypt these files back to their original state, it is necessary to know the cryptpay private key, however, this key was encrypted with the HckTeam public key. Only the owner of the HckTeam private key can decrypt it.

keys3

  • After the successful encryption, the ransomware creates several copies (in root directories, etc.) of the text file with a ransom message. The attackers ask the victim to pay 140 EUR. They provide a contact email address ([email protected]) and ask the victim to send two files, UNIQUE.PRIVATE and KEY.PRIVATE.

message

A list of the paths of all the encrypted files is stored in UNIQUE.BASE file. From this file, the paths without interesting paths are stripped (these paths include the following: windows temp recycle program appdata roaming Temporary Internet com_ Intel Common Resources).
This file is encrypted with the cryptpay public key and stored in UNIQUE.PRIVATE. To decrypt this file, the attackers need the cryptpay private key, which was previously encrypted with HckTeam public key. It means that only the owner of theHckTeam private key can decrypt UNIQUE.PRIVATE.
keys4

When we display a list of all the available keys (–list-keys parameter) in our test environment, we can see two public keys; one of them is hardcoded in paybtc.bat file (HckTeam), the second one is recently generated and unique for a particular computer (cryptpay).

keys

Then Browser Password Dump (renamed to ttl.exe) is executed. The stolen website passwords are stored in ttl.pwd file.
keys5

The ttl.pwd file is then sent to the attacker with the email address and password hardcoded in the bat file.
keys6

Then the ttl.pwd is processed. The ransomware searches for stored passwords to known Russian email service providers. These sites include auth.mail.ru, mail.ru, e.mail.ru, passport.yandex.ru, yandex.ru, mail.yandex.ru. When a user/password combination is found, it is stored for future usage.
keys7

The GetMail program is used later to read emails from a user account and extract contacts. The ransomware will spread itself to these contacts.

With the stolen passwords, the virus then runs coherence.exe (renamed GetMail utility), which is a utility to retrieve emails via POP3. The virus only knows the username and password, not the domain, so it takes a few tries to bruteforce all major email providers to find the only missing piece of information. If an email is downloaded while bruteforcing, it confirms two things: 1. The domain the victim uses, and 2. the fact that the password works. Then the virus downloads the last 100 emails, extracts “From” email addresses and runs a simple command to filter out specific addresses, like automatic emails.

email_extracting

Next, ten variants of email are created, each with one custom link.
emails

The links all point to different files, but after unzipping we obtain the original JavaScript downloader.

urls

The virus now has a fake email with a malicious link, addresses to send it to, and the email address and password of the sender. In other words, everything it needs to propagate.

Propagation is achieved using program Blat renamed as spoolsv.btc. The last step of the virus is to remove all temporary files – nothing will ever  be needed again.

cleanup

Conclusion:

In the past we regularly got our hands dirty with ransomware which was typically a highly obfuscated executable. This case was quite different. It was interesting mainly because it was written purely in a batch file and relied on many open source and/or freely available third party utilities. Also, self-replication via emails was something we do not usually see.

avast! security products detect this ransomware and protect our users against it. Make sure your friends and family are protected as well. Download avast! Free Antivirus now.

SHAs and Avast’s detections:

Javascript downloader (JS:Downloader-COB)

ee928c934d7e5db0f11996b17617851bf80f1e72dbe24cc6ec6058d82191174b

BAT ransomware (BV:Ransom-E [Trj])

fa54ec3c32f3fb3ea9b986e0cfd2c34f8d1992e55a317a2c15a7c4e1e8ca7bc4

Acknowledgement:

This analysis was jointly accomplished by Jaromir Horejsi and Honza Zika.

Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on Facebook, Twitter and Google+. Business owners – check out our business products.

U.S. schools give an F to 2014-15 IT budget

AVAST Free For Education saves school IT money

AVAST Free for Education protects schools while significantly decreasing IT costs for security.

The beginning of the 2014/2015 school year is here. Parents and children are ready after a long summer break, but are schools prepared for the start of the new academic year?

AVAST surveyed more than 900 school IT professionals who participate in the AVAST Free for Education program and found that in terms of technology, schools are not as well equipped as parents expect.

  • 8 out of every 10 schools surveyed by AVAST said they do not feel they have adequate funding to keep up-to-date with technologies
  • 1 out of 5 schools still run Windows XP, and 12% of these schools said they do not intend to upgrade the unsupported operating system

Failing to upgrade to the most up-to-date software not only makes machines vulnerable to attacks, but also hinders the amount of programs that can be used by teachers and students. Keeping up with the most current technology is vital, as it has become ubiquitous in daily life, making it a valuable skill for children to have for the future. Despite technology’s important place in education,

  • 4 out of 10 school’s IT budgets are slashed for the upcoming school year
  • More than a quarter of schools have a $0 IT budget for this year

Technology in schools is not limited to instruction. Sensitive information about faculty, staff, and students is stored on administrative computers. This information needs to be protected from cybercriminals, which is difficult for schools with little to no IT budget. Schools without adequate protection put local families, faculty, and expensive hardware at risk.

AVAST Free for Education helps schools by providing them with enterprise-grade antivirus protection for free, saving school districts an average of $14,285 a year. The AVAST Free for Education program saves school IT departments money they can spend on software and hardware upgrades or use for supplies and salaries.

EDU infograph August 2014

Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on Facebook, Twitter and Google+. Business owners – check out our business products.

Online fraud – POS malware has now hit 1,000 U.S. firms

More than a thousand U.S. businesses have been affected by point-of-sale malware – malicious software written specifically for online fraud – to steal information such as credit card details from companies and their customers.

The United States Computer Emergency Readiness Team issued a statement saying that the “Backoff” malware was rife in U.S. businesses, taking over administrator accounts and removing customer data from several hundreds of companies.

POS malware was a footnote in computing history until the Target breach, but the hi-tech online fraud now appears to be a growth industry. Ars Technica points out how quickly the software has evolved during the past two years, and emphasizes the direct impact on American consumers.

ESET Malware Researcher Lysa Myers says, “Malware attacks on Point of Sale (PoS) systems are coming thick and fast right now.” Myers offers a detailed guide for businesses concerned that they may be being targeted with POS malware.

Online fraud: Shop terminals under attack

“Over the past year, the Secret Service has responded to network intrusions at numerous businesses throughout the United States that have been impacted by the ‘Backoff’ malware,” the advisory stated. “Seven PoS system providers/vendors have confirmed that they have had multiple clients affected. Reporting continues on additional compromised locations, involving private sector entities of all sizes.”

The figure of 1,000 businesses comes from a Secret Service estimate, based on figures from vendors of POS software.

“Seven PoS system providers/vendors have confirmed that they have had multiple clients affected. Reporting continues on additional compromised locations, involving private sector entities of all sizes, and the Secret Service currently estimates that over 1,000 U.S. businesses are affected,” the advisory says.

Criminals target makers of software for shops

Ars refers to a recent  attack, where the attackers were able to guess the password to the system,and  installed the Backoff program. The malware disguises itself as an innocent Java component but ‘listens’ for credit card transactions, storing them and transmitting them to criminals, according to  US-CERT’s original advisory.

The US-CERT advisory advises companies, “Organizations that believe they have been impacted should contact their local Secret Service field office and may contact the NCCIC for additional information.”

 

The post Online fraud – POS malware has now hit 1,000 U.S. firms appeared first on We Live Security.

Google Images hacked? Searches fill with morbid image

An image of a Russian car crash has piled up in Google Images, regardless of what users search for. Time magazine searched for ‘puppy” and instead saw multiple images of the crash – leading to speculation that the service has been hacked. What’s less clear is why, or who might have done it.

One user says that regardless of what he searches for, he sees dozens of images of the same car crash, “Every time I search something in Google images, these creepy images are appearing. It’s apparently a crashed truck or something, but I didn’t look it up. People could say that it had something to do with what I was searching, but if I click on it, a different image appears. I have some screenshots attached.”

Google Images: ‘Creepy images appearing’

The issue is not affecting all users, but Google product forums are full of complaints about the image, which shows a fatal car crash from several years ago.

Time magazine reports that the images vary –  Google’s own support forums tracked back and found the image came from a report on a Ukrainian news site. We’ve not linked to the report as it contains many more grisly images of the crash.

Time also reported that a related Reddit chain say that images of basketball player and occasional actor Kevin Durant have also been reported by some user.

Hours of glitches

Jalopnik says, “In the meantime, Reddit user anvile noticed that the original photos stem from a story about a car crash in Moscow that killed three people. The driver, a 28-year-old woman, was reported to be intoxicated.”

“Weirder still, the crash occurred in November of 2012, according to this Pravda article, so it isn’t recent.”

Google has as yet not offered comment on the images, or their origin.

The post Google Images hacked? Searches fill with morbid image appeared first on We Live Security.

What does the future hold for our privacy?

Nothing is ever certain about our future, but when it comes to privacy, we can take a look at current trends and make some educated guesses as to what we will see tomorrow, next year, or even in 10 years’ time…

Looking at those trends, it’s clear that no matter how people’s privacy is violated and taken away, there will always be new tools to help protect it combat them and most important of all, keep people in control of their own privacy.

Innovation helps both sides of the spectrum and will lead to many games of cat and mouse moving forward into the future. To be more specific though I see two primary areas where privacy will be influenced the most in the future: anonymity and user owned data.

 

Anonymity

Being anonymous is one of the hardest things to do, if not impossible, in this day and age. With the prevalence of online tracking, government surveillance, and login systems everywhere it is very difficult to keep things to yourself unless you are willing to forgo the online world. While there are many services that start to offer “anonymous” services such as Secret and Telegram, there is always something that is connecting your device to the posts you do or the interactions you make. That’s why I see a future where pseudo-anonymity is commonplace.

Pseudo-anonymity would allow people to be anonymous to others and possibly to the application they are interacting with, but still be able to put together a profile and have an account. Adopting a pseudo-anonymous system has potential far beyond simple messaging apps and in something like Bitcoin, has the potential to really change the world.

In Bitcoin, everyone has a public address where you can see where Bitcoins are being sent to and from, and follow transactions very publicly, but you can’t actually identify the person that has the addresses unless they specifically tell you. This form of pseudo-anonymity is regarded as a positive step for privacy as it allows for direct audits and transparency of information while still letting individuals control their identifiable data.

Bitcoin is just one example of pseudo-anonymous technology, while even Facebook is taking steps to allow for Facebook login where apps cannot access your identity but rather just verify you are a person. It’s important I think to separate out task of verifying users as real people and learning their identities. That way we can have quality services supported by real users but without them having to sacrifice their privacy. Pseudo-anonymityis a good bridge for these two things.

 

User Owned Data

Right now as you browse the web there are dozens of companies that are collecting information about what you search for, what pages you visit, what you watch, and more. These companies make inferences about you such as your gender, income bracket, and marital status. They then sell this information to advertisers who will try to serve you with more relevant ads so that you are more inclined to click on them. This is the current status quo but it relies heavily on inferences and guesswork, which means there is a limit to how accurate the information can be.

Currently many companies have tried to bring user control to this aspect of online data collection, but nobody has truly succeeded. To get users to willingly hand over their data to companies, there needs to be a high enough value proposition for the users. Facebook and Google do a great job of this currently by providing free services that we use every day in return for data to be used for advertising. Other companies are still trying to crack the code on what would be valuable enough to these users. Online advertising is still in a high growth phase though and has a strong outlook to expand and grow into the future. Once advertising matures enough, it may become worth enough for other companies to be able to provide proper incentives to users in return for access to their data.

While nobody can predict the future we can help build the future we want to be a part of. The next time you sign up for a site or enter a competition in exchange for your email address and phone number, consider what information you are really giving up, who is getting access to it, and how it will be used. If we want a future where we are all more in control of our privacy we must start to take better care of our data.

 

If you have any ideas of what would be ideal in your future for privacy, let us know in the comments or drop us a line on our Facebook page at https://www.facebook.com/AVG.

California Earthquake serves up privacy reminder

This weekend’s earthquake near American Canyon has highlighted the risk of living in the Bay Area and also given us all insight to how people behave in today’s connected world.

The speed at which tweets started appearing of people sharing their experiences shows that many of us are sleeping with a connected device next to the bed that is the first thing we grab for when awoken in the middle of the night. Now though, our connected devices are no longer relegated to the nightstand, but instead are in bed with us.

After the quake, an interesting story emerged from Jawbone, the manufacturer of a fitness/sleep tracker UP. They have released data on the number of people that were woken by the earthquake based on location and the epicenter. The data is interesting, 93 percent of UP wearers in Napa, Sonoma, Vallejo and Fairfield woke up instantly, while just over half in the areas of San Francisco and Oakland. And 45 percent of those within 15 miles of the epicenter then remained awake for the remainder of the night. The data gives you some indication on the magnitude and effect the earthquake had on people.

jawbone

While the information is very interesting and offers fascinating insight into human behavior, it does also serve as a gentle reminder that as connect our lives to the Internet, that data takes on a life of its own.

I wonder if the users of fitness/sleep devices are aware that their data could be used for analysis such as this? While the data Jawbone shared was anonymous and pretty much harmless, it does make me think, what else is being collected? What other insights do they have into our daily lives?

Fitness/sleep trackers collect information about the user and most of it is of a very personal nature and includes name, gender, height, weight, date of birth and even what you eat and drink if you are logging this in the app. Now couple this with location data that is being collected and you may even be able to understand where people regularly work out or go to eat..

I use a fitness tracker and as a user I limit the sharing of my data, I have switched off the sharing through social media as I don’t think my friends and family really need to know how many steps I took today. But I do understand that many users bounce off their friends as motivation to do more exercise which is not a bad thing if that’s the way you get your motivation.

 

Checking privacy policies

It sounds boring but I would absolutely advise reading the privacy policy of a fitness tracker before purchasing/installing. It cannot hurt to be more informed about what you are agreeing to reveal about yourself and who you are happy to share that information with.

After all its your data, it should be up to you how it gets used.

 

 

Games hit by massive outage: Sony PSN, Blizzard, Riot and more affected

Gamers, you better dig out your good old offline games: some of the most popular online gaming networks are getting attacked by hackers. On Sunday, August 24th2014, a group which calls themselves the “Lizard Squad”:

lizard squad

 

They have started attacking Sony’s PlayStation network (PSN) though which the company sells all of their online games and which serves as a hub for all multiplayer games. The method used: DDoS (Distributed Denial of Service). Sony, being burned in 2011 by a massive hack attack, immediately issued a statement saying that no customer data was stolen this time and that it’s back up since Monday August 25th.

Riot, Blizzard, Xbox Live affected too

On Monday, however, the group moved on to Blizzard, the makers of World of Warcraft, and Riot Games, the ones behind games like League of Legends and continued to attack other sites. Here’s the latest:

PSN Network: Is back online, according to their statement on Monday, August 25th. Lizard attacked PSN for what they perceive to be a lack of PSN customer service: “Sony, yet another large company, but they aren’t spending the waves of cash they obtain on their customers’ PSN service. End the greed.”

Blizzard: Battle.net, the online service behind World of Warcraft, seemed to be heavily affected on Sunday, but was in the process of stabilization on Monday. But other than the fact that Battle.net was a target, the group doesn’t seem to offer any reasons for hacking – other than their typical “lulz” by asking users to write the groups name on their forehead while playing Hearthstone and Dota 2 on Twitch.

Xbox Live: in addition to the networks above, Microsofts Xbox Live network has been hit, too – users should regularly check the status here:

 

XBL

 

 

However, the negative “icing on the cake” came when the group announced that they’ve seen “reports of explosives” on board an American Airlines flight from Dallas to San Diego carrying Sony Online Entertainment president John Smedley.

 

Flight362

American Airlines immediately redirected the plane, which just goes to show how much of an impact this series of DDoS attacks and its publicity just had on people.

Should you be worried?

For now: no! DDoS attacks are not traditional hacking attacks, but rather “clogging the Internet toilet” by which a server gets hits with hundreds of thousands of requests. So far, there appears to be no evidence of an actual hacking attack. We will keep you posted, but other than the major inconvenience for gamers, there seems to be no data compromised!