Sketchy. (Photo: Symantec.com)

The golden rule of the Internet is simple: Never (ever) pay for porn. That premise, however, doesn’t fully translate into Japanese. Symantec reports that more than 200 explicitly themed and fraudulent apps are suckering an unknown amount of users into shelling out up to $1,000 for porn.

About 50 developers are perpetrating this “one-click fraud campaign," Symantec reported yesterday. When people search for pornographic keywords, like “boobs,” in the Google Play store, the infected apps show up at the top of the search results. Once users download the app, it funnels them to porn sites, where the user is charged. The apps themselves have no other features.

The apps have been downloaded at least 5,000 times since January, when Symantec first noticed the trend. The speediness of the developers, who are constantly submitting the apps, has proven challenging.

It’s also unclear how many people are paying for the apps, but Symantec pontificates that it “must be worth the time and effort” to keep doing this. At least someone is getting a happy ending here.

Many media outlets reported a possible PayPal hack as well, however PayPal issued a denial, stating they had no evidence of a breach.

Additionally, credit for the Symantec hack may go to a hacker or group of hackers called HTP, not the larger de-centralized mass of Anons.

The ImageShack hack appears pretty comprehensive. In a Pastebin post of ImageShack data, the hackers wrote that "ImageShack has been completely owned, from the ground up. We have had root and physical control of every server and router they own. For years." The data dump included pages of code, email addresses and encrypted passwords.

In addition to the hacks, Anonymous is re-enacting the final scene from the movie V for Vendetta, from which the group was inspired to adopt its now-iconic Guy Fawkes mask. The peaceful action is taking place in Trafalgar Square in London. On the Facebook page for the event, Anonymous writes that the event "is the centrepiece of a worldwide Anonymous operation of global strength and solidarity, a warning to all governments worldwide that if they keep trying to censor, cut, imprison, or silence the free world or the free internet they will not be our governments for much longer. Change is coming."

Anonymous includes an important disclaimer at the bottom of the page: "We will NOT blow up Parliament." A long-standing rumor that Anonymous would target Facebook today is also false:

Again... regarding the Facebook attack... it's FAKE! #kthx

— Anonymous Press (@AnonymousPress) November 5, 2012

So Parliament and Facebook are both safe, but our favorite photo websites circa 2005? Not so much.

What Flame did to Iranian computers. (Image: William Warby, Flickr)

The Cold War is over and Russia and America are getting along. So surely the Men in Black behind the United States' cyber weapons program based at Area 51 or wherever will not be too concerned that a Russian researcher cracked an encoded password associated with the now infamous, allegedly American-made Flame malware.

Symantec and Kaspersky recently teamed to pick apart Flame's command and control systems, discovering at least three previously unknown infectious scripts in the process. The researchers also discovered a great deal about how the weapons were assembled and launched against enemy targets, but were left with a hashed passcode they couldn't break. They put out a call for help but didn't need the assistance of anyone outside either outfit, after all:

Kaspersky analyst Dmitry Bestuzhev cracked the hash for the password Sept. 17 just hours after Symantec put out a public request for help getting into the control panel for Flame, which infected thousands of computers in the Mideast. [...]

The hash - 27934e96d90d06818674b98bec7230fa - was resolved to the plain text password 900gage!@# by Bestuzhev.

So now the whole world knows the password that once protected the servers behind Flame, a complex and sophisticated cyber weapon that was a major blow to Iran's nuclear program.

Which is a little scary, because if someone can crack the password that once protected such a covert weapon created by a nation state, the average Internet user's method of password protecting their GMail with a pet's name plus grandma's birthday doesn't seem too safe anymore.

Attack workflow for Flame controllers (Symantec)

Kaspersky Lab and Symantec have teamed up to peel apart the United States' cyber warfare efforts. So far, they have uncovered the command and control systems behind the sophisticated malware as well as three previously unknown chunks of malicious code possibly related to alleged American cyber superbugs Flame and Duqu.

Reuters reports that researchers from the security firms discovered how the malware was disseminated--through an outwardly innocent-seeming content management system (CMS) named Newsforyou:

It was designed to look like a common program for managing content on websites, which was likely done in a bid to disguise its real purpose from hosting providers or investigators so that the operation would not be compromised, Kaspersky said in its report.

Newsforyou handled four types of malicious software: Flame and programs code-named SP, SPE and IP, according to both firms. Neither firm has obtained samples of the other three pieces of malware.

According to Symantec, Newsforyou allowed attackers to "upload packages of code, to deliver to compromised computers, and to download packages containing stolen client data." Symantec writes that the mystery chunks of code were "likely unknown variants" on Flame but could have been "totally distinct malware."

More intriguing, researchers uncovered nicknames for a handful of programmers who worked on the malware over the course of the last six years or so:

The attackers were not thorough enough, however, as a file revealing the entire history of the server‘s setup was available. In addition, a limited set of encrypted records in the database revealed that compromised computers had been connecting from the Middle East. We were also able to recover the nicknames of four authors—D***, H*****, O******, and R***—who had worked on the code at various stages and on differing aspects of the project, which appear to have been written as far back as 2006.

Symantec and Kaspersky have an additional mystery for which they seek the public's help--this mysterious encoded password: 27934e96d90d06818674b98bec7230fa.

Researchers say they have attempted "brute-force" cracks of the hashed code, to no avail. If you're up for a juicy password cracking challenge that may also put you on a government watchlist, hit them up on Twitter.

Do not order these via junk filter email. (flickr.com/melloveschallah)

Symantec just released its annual Internet Threat Security Report, which offers a nice wrap-up of the last year in cybersecurity. The company's software blocked 5.5 billion total attacks in 2011, versus 3 billion in 2010; 42 percent of mailboxes targeted for attack are “high level executives, senior managers, and people in R&D," which is pretty alarming if you're trying to protect IP.

That's all useful intel for IT and security pros. But parts of the report read... a little random. Betabeat found this so noticeable, we picked out a few of our favorite facts, selected for wtfery rather than newsworthiness:

1. The percentage of spam that's pharmaceutical in nature dropped dramatically, from 74 percent in 2010 to 40 percent in 2011. Perhaps people are catching onto the fact that Duane Reade is a more reliable option than misshottie@cheapgooddrugs.com? (Actually it's mostly due to the shutdown of the Rustock botnet, a spam-producing powerhouse.)

2. Data breaches spiked in April. Hey, hackers get spring fever, too.

3. English, the report tells us, is still the "lingua franca" of spam. The next most popular: Portuguese, Russian and Dutch.

4. The most malware ridden category of website? "Blogs and web communications." [Looks around, shiftily.]

5. And of course, the biggest doozy of them all: "Religious and ideological sites" apparently had three times the number of threats per infected website--and that's compared to "adult" sites. The report speculates porno companies have more financial incentive to keep their sites scoured of malware.

After the Jan. 20 raid on Megaupload, a law enforcement sting that drew the immediate anger of Anonymous hackers, an unnamed attacker took a distributed denial-of-service (DDoS) attack tool called Slowloris, popular with Anonymous supporters, and rigged it to include the Zeus Trojan, a devious piece of malware used to siphon victims' online banking credentials.

The trojan-infected Slowloris was included in a list of Anonymous-approved DDoS tools released in anticipation of Operation Megaupload, which targeted the Department of Justice, F.B.I. and Recording Industry Association of America (R.I.A.A.), to name a few.

According to Symantec, anyone who acquired the compromised DDoS tool may have also compromised their banking account.

Symantec put a fine point on just how perilous the situation might be for some Anons:

Not only will supporters be breaking the law by participating in DoS attacks on Anonymous hacktivism targets, but may also be at risk of having their online banking and email credentials stolen.

Symantec waxed apocalyptic about the combination of malware and hacktivism, calling it a "dangerous development."

Anonymous may take all this with a grain of salt, however, considering they were negotiating with Symantec as recently as early February over a 2006 hack of the source code to Symantec's pcAnywhere.

So it goes.