Subject: General Tech | July 3, 2013 - 01:16 PM | Jeremy Hellstrom
Tagged: Vobfus, Beebone, Malware, security
Vobfus has been around the block a few times, some Visual Basic code that first popped up in 2009 which tried to download and install code to attack machines that managed to get Vobfus on their systems. Beebone, aka Win32/Beebone is newer, a fairly common Trojan infection which is similar to Vobfus in that it attempts to download other malware as opposed to attacking your machine directly. According to this story on The Inquirer, they have developed a symbiotic relationship, where when one infects you it immediately tries to infect you with the other. That way it can fool anti-malware programs into beleiving that they've sanitized your machine of all infections when in fact you only remove one of the two infections and the remaining one immediately downloads and installs a different variant of the one you just removed.
"SOFTWARE HOUSE Microsoft's security researchers have discovered a pair of malware programs that help one another to avoid being detected by antivirus software.
Known as Vobfus and Beebone, the collaborating malware prove difficult to remove from infected machines as they work together, foiling the removal by regularly downloading updated versions of their respective partners."
Here is some more Tech News from around the web:
- Salvaging Lithium cells and circuits @ Hack a Day
- Texas Instruments releases chips to provide HD 720p touchscreens in cars @ The Inquirer
- Crimelords: Stolen credit cards... keep 'em. It's all about banking logins now @ The Register
- E3 2013 Awards @ OCC
Subject: General Tech | July 2, 2013 - 01:29 PM | Jeremy Hellstrom
Tagged: Malware, IE10, chrome, security
Just in case you weren't already getting tired of captchas there is a new click-jacking technique which works on both IE9 and 10 in Windows 7 and also on Chrome for Windows 8 so for the time being you might want to avoid any captchas that begin with an 'R'. The new Smartscreen features on Win8 as well as UAC should give you at least some defense and require you to allow the exectuable to run and infect your machine but you can be guaranteed that some less observant users will click straight through without reading the messages which appear. While this type of attack is nothing new, the particular technique mentioned at The Register does have some new tricks.
"A security researcher has discovered a sneaky social engineering trick that might be used to disguise the go-ahead to run hostile code on Windows 8 machines.
The so-called keyjacking technique, uncovered by Italian security researcher Rosario Valotta, is similar to clickjacking. However, instead of fooling marks into generating fake Facebook likes, the keyjacking involves disguising a "run executable" dialogue box within a CAPTCHA challenge."
Here is some more Tech News from around the web:
- Microsoft's murder most foul: TechNet is dead @ The Register
- ASUS USB-AC53 Dual-band Wireless-AC1200 Adapter Review @ Legit Reviews
- Last Call: Google Reader Dies Monday, Here Are The Best Alternatives @ TechSpot
- Genius DVR-FHD590 Dash Camera Vehicle Recorder @ Benchmark Reviews
- More Great Linux Awk, Sed, and Bash Tips and Tricks @ Linux.com
- Apple applies for 'iWatch' trademark in multiple countries @ The Inquirer
- VR-Zone Posts Intel SSD 5Q Roadmap – LSI SandForce Based 530 and 1500/2500 Pro M.2 SSDs On The Way
- Firefox Takes the Performance Crown From Chrome @ Slashdot
- Ninjalane Podcast Episode 30
- AT&T patents P2P content tracking system @ The Register
- July 2013 Contest - WIN an Apple iPad Mini 32GB @ Funky Kit
Subject: Editorial, General Tech | May 16, 2013 - 03:45 PM | Scott Michaud
Tagged: web browser, Malware, IE10
If you consider your browser security based solely on whether it will allow you to manually download a malicious executable: IE10 is the best browser ever!
Rod Trent over at Windows IT Pro seems to believe this when NSS labs released their report, "Socially Engineered Malware Blocking". In this report, Internet Explorer blocked the user from downloading nearly all known malware (clarification: all known malware within the test). Google Chrome came in second place with a little less than 17% fail rate and the other browsers were quite far behind with approximately a 90% failure rate.
Based on that one metric alone, Rod Trent used a cutesy chess image to proclaim IE the... king... of the hill. Not only that, he suggests Safari, Opera, and Firefox consider "shuttering their doors." After about a decade of Internet Explorer suffering from countless different and unique vectors of exploitation, now is the time to proclaim a victor for attacks which require explicit user action?
Buckle in, readers, it's a rant.
Firstly, this reminds me a little bit of Microsoft Security Essentials. Personally, I use it, because it provides enough protection for me. Unlike its competitors, MSE has next to no false positives because almost ignores zero-day exploits. The AV package drew criticism from lab tests which test zero-day exploits. Microsoft Security Essentials was ranked second-worst by this metric.
Well, time to shutter your doors Micr... oh wait Rod Trent lauded it as award-winning. Huh...
But while we are on the topic of false positives, how do you weigh those in your grading of a browser? According to the report, and common sense, achieving pure success in this metric is dead simple if you permit your browser to simply block every download, good or bad.
If a 100% false positive acceptance rate is acceptable, it is trivial to protect users from all malicious download. With just a few lines of code, Firefox, Safari, and Opera could displace Internet Explorer and Chrome as the leaders of protection against socially engineered malware. However, describing every download as "malicious" would break the internet. Finding a balance between accuracy and safety is the challenge for browsers at the front of protection technology.
A browser that is capable of blocking malware without blocking legitimate content would certainly be applause-worthy. I guess time will tell whether Internet Explorer 10 is able to walk the balance, or whether it will just be a nuisance like the first implementations of UAC.
OK, Google did actually release exactly one native Windows application at Google I/O: It's called Android Studio, an application that helps developers create apps that run on Android, Google’s answer to Windows. But don’t worry, Microsoft fans: Internet Explorer (IE) flags the Android Studio download as potential malware.
Ah crap... that was quick.
Now to be fair, Internet Explorer 10 and later have been doing things right. I am glad to see Microsoft support standards and push for an open web after so many years. This feature helps protect users from their own complacency.
Still, be careful when you call checkmate: some places may forfeit your credibility.
Subject: General Tech | January 23, 2013 - 01:17 PM | Jeremy Hellstrom
Tagged: Samsung, apple, andriod, Malware, fud
The good news for Samsung last year is that it bought $23.9bn worth of semiconductor orders in 2012, while Apple ordered a mere $21.4bn which implies that Samsung is buying more chips than Apple, or perhaps is just getting a worse deal. If the information from Gartner that The Inquirer picked up on is correct, Samsung accounted for 8% of the total semiconductor market in 2012, a very impressive feat. That is more than Dell and HP's market share combined which supports the theory that the falling sales we saw in PCs was not reflected at all in the smartphone and tablet markets.
Unfortunately that success comes at a price as Samsung's OS of choice, Android, is expected to see more than one million malware threats by the end of 2013. According to Trend Micro there were about 350,000 malware threats over 2012 with only one in five Android devices actually having any sort of security software installed. Perhaps it is time to start thinking more about protecting your phone, especially if you have banking apps or the so called "pay by bonk" enabled on your phone.
"Apple, thanks in large part to its hugely popular iPhone and iPad products, was the largest consumer of semiconductor chips, that is, until 2012. Gartner claims that Samsung has overtaken Apple to become the largest semiconductor user with eight percent of all chips sold going to the firm."
Here is some more Tech News from around the web:
- AMD alllllmost promises profitability by year end @ The Register
- AMD's chip-supply reassessment leads to big quarterly losses @ The Register
- Micron intros high-endurance MLC SSD for data center storage @ DigiTimes
- Foxit outfoxes fiendish flaw to fix foxed-up Firefox PDF plugin @ The Register
- iPad 5 with iOS7 launches alongside JOBS film at Easter @ Kitguru
- Desktop PC: Intel Says the End is Near @ Benchmark Reviews
- Professional Graphics Creation on Linux @ Linux.com
Subject: General Tech | December 14, 2012 - 02:53 PM | Jeremy Hellstrom
Tagged: Malware, dexter
Just in time for last minute Christmas shopping comes malware designed to infect POS machines and record any PIN and credit card information stored on the machine. The US, the UK, and Canada are all affected with the US accounting for almost a third of the current infections. Instead of using RDP vulnerabilities this particular piece of malware will install its self on any networked machine that is running POS software and it copies the memory of that machine to a server which then parses the information and gives the crooks the ability to clone any credit cards that were used on that machine recently. Scare yourself by reading more about Dexter at The Register.
"You could be getting more than you bargained for when you swipe your credit card this holiday shopping season, thanks to new malware that can skim credit card info from compromised point-of-sale (POS) systems.
First spotted by security firm Seculert, the malware dubbed "Dexter" is believed to have infected hundreds of POS systems in 40 countries worldwide in recent months. Companies targeted include retailers, hotel chains, restaurants, and private parking provider"
Here is some more Tech News from around the web:
- DSLR trick lets you change focus after taking the picture @ Hack a Day
- Embedded Linux Distros Follow Yocto Project Lead @ Linux.com
- Rooting your AT&T U-verse modem @ Hack a Day
- Interview with Antec's Barry Loynes @ HardwareHeaven
- Think Tank Photo Urban Disguise 50 V2.0 Review @ Custom PC Review
- Spammers Make Fun of Microsoft Windows 8 @ NGOHQ
- Startup Launches Open Wi-Fi, Challenging ISPs @ Slashdot
- Is this the sleek new BlackBerry mobe that will save RIM jobs? @ The Register
- Worldwide Gmail crash was due to Google Sync bug @ The Register
- EpicGear & Thortech Competition – WIN WIN! @ Kitguru
- Have a Black Edition Christmas with AMD – win FX8350′s @ Kitguru
Subject: General Tech | September 9, 2012 - 04:19 PM | Scott Michaud
Tagged: Malware, IE10, flash
Recent statements from Microsoft show that they are not afraid to wait a little bit before shipping patches with their bundled Flash in Internet Explorer 10. The issue is more contained than is let on by Ars Technica – but also raises a bigger security issue for all of us at all times.
By far the worst enemy for security is complacency.
I often pick on Apple for their security practices. They are perceived as being secure despite their horrendous record of handling security updates – delaying a critical patch for privately disclosed vulnerabilities until after its reveal at Blackhat because Apple could not devote the programmer to the task.
That mentality has been everywhere – from Sony to Microsoft in the Windows XP era to Macromedia & Adobe.
In this case the issue is that Microsoft has been delaying updates to the built in copy of Adobe Flash preinstalled with Internet Explorer 10. Once a patch has been released attackers are able to figure out what the patch fixes and potentially exploit it for those who have yet to update. There are quite a few subtle caveats with this story which need to be discussed before opinions are made.
... Relatively speaking...
First and foremost – Flash support on the Metro-based Internet Explorer 10 is limited to a whitelist. Flash is not exposed to websites which have not been flagged by Microsoft as safe and requiring backwards compatibility with Flash.
Websites become compromised all the time. Should one of the whitelisted websites get attacked it could become forced to serve a Flash applet to its users. The delay between Adobe and Microsoft patching dates gives the attackers a window to exploit all IE10 users until the whitelisted website notices. Attacks like these are very commonplace recently.
As an aside – there is quite a bit of confusion over Internet Explorer 10 on the desktop. According to the RTM evaluation it appears as though the only way to update Flash for Internet Explorer is through Windows Update even when not using the Metro browser. The whitelist is also in effect for Windows on the desktop although it seems like users are able to add their own exemptions. It appears like user-set exemptions is unique to the desktop version of IE.
It is disconcerting to see a platform become complacent to potential security issues intentionally. To be fair it is entirely possible that Google Chrome could have similar issues as they too handle Adobe Flash integration. Unlike IE10, Google Chrome does allow you to disable the built in Flash and manage your updates directly from Adobe although the process is far too complicated for most users.
Infectious fear is infectious
PCMag and others have released articles based on a blog post from Sophos. The original post discussed how frequently malware designed for Windows is found on Mac computers. What these articles mostly demonstrate is that we really need to understand security: what it is, and why it matters. The largest threats to security are complacency and misunderstanding; users need to grasp the problem rather than have it burried under weak analogies and illusions of software crutches.
Your data and computational ability can be very valuable to people looking to exploit it.
The point of security is not to avoid malware, nor is it to remove it if you failed to avoid it. Those actions are absolutely necessary components of security -- do those things -- but they are not the goal of security. The goal of security is to retain control of what is yours. At the same time, be a good neighbor and make it easier for others to do the same with what is theirs.
Your responsibility extends far beyond just keeping a current antivirus subscription.
The problem goes far beyond throwing stones...
The distinction is subtle.
Your operating system is irrelevant. You could run Windows, Mac, Android, iOS, the ‘nixes, or whatever else. Every useful operating system has vulnerabilities and run vulnerable applications. The user is also very often tricked into loading untrusted code either directly or delivering it within data to a vulnerable application.
Blindly fearing malware -- such as what would happen if someone were to draw parallels to Chlamydia -- does not help you to understand it. There are reasons why malware exists; there are certain things which malware is capable of; and there are certain things which malware is not.
The single biggest threat to security is complacency. Your information is valuable and you are responsible to prevent it from being exploited. The addition of a computer does not change the fundamental problem. Use the same caution on your computer and mobile devices as you should on the phone or in person. You would not leave your credit card information on a park bench unmonitored.
Subject: General Tech | January 26, 2012 - 12:47 PM | Jeremy Hellstrom
Tagged: fud, Malware, Virus, Worm
Back in the ancient days of gaming and repeated in Skyrim's Draugr your enemies started out simple, a simple zombie or leever becoming a Infected Death Lord Zombie of Fiery Devastation. Another way to look at is a supervillain origin story where exposure to something that should have killed them instead grants them powers beyond mere mortals. There may have also been a dozen decent SciFi novels written about the topic (well, probably more like a gross) ... however you look at it, computer worms are mutating!
It seems that systems infected with a worm are being hit by certain viruses which inadvertently infect the worm, creating malware with twice the command and control servers, twice the backdoors and twice the methods to spread its self. The Register cites a specific example of the Rimecud worm which steals passwords becoming infected by Virtob which creates a backdoor on a system. At this moment BitDefender has found that 0.4% of the infected systems they detected had an infected worm present, a number you can expect to grow.
Be careful out there!
"Viruses are accidentally infecting worms on victims’ computers, creating super-powered strains of hybrid software nasties.
The monster malware spreads quicker than before, screws up systems worse than ever, and exposes private data in a way not even envisioned by the original virus writers.
A study by antivirus outfit BitDefender found 40,000 such "Frankenmalware samples" in a study of 10 million infected files in early January, or 0.4 per cent of malware strains sampled. These cybercrime chimeras pose a greater risk to infected users than standard malware, the Romanian antivirus firm warns."
Here is some more Tech News from around the web:
- Real-time depth smoothing for the Kinect @ Hack a Day
- TurboTax Premier Online (2011) Review @ TechReviewSource
- pcAnywhere let anyone anywhere inject code into PCs @ The Register
- Jam a remote helicopter @ Hack a Day
- Nvidia hit by GPU slump, too @ The Register
New Trojan.Badminer Malware Steals Your Spare Processing Cycles To Make Criminals Money At Your Expense
Subject: General Tech | August 17, 2011 - 11:02 PM | Tim Verry
Tagged: trojan, opencl, mining, Malware, gpgpu, bitcoin
A new piece of malware was recently uncovered by anti-virus provider Symantec that seeks to profit from your spare computing cycles. Dubbed Trojan.Badminer, this insidious piece of code is a trojan that (so far) is capable of affecting Windows operating systems from Windows 98 to Windows 7. Once this trojan has been downloaded and executed (usually through an online attack vector via an unpatched bug in flash or java), it proceeds to create a number of files and registry entries.
It's a trojan infected bitcoin, oh the audacity of malware authors!
After it has propagated throughout the system, it is then able to run one of two mining programs. It will first search for a compatible graphics card, and run Phoenix Miner. However, if a graphics card is not found, it will fall back to RPC miner and instead steal your CPU cycles. The miners then start hashing in search of bitcoin blocks, and if found, will then send the reward money to the attacker’s account.
It should be noted that bitcoin mining itself is not inherently bad, and many people run it legitimately. In fact, if you are interested in learning more about bitcoins, we ran an article on them recently. This trojan on the other hand is malicious because it is infecting the user’s computer with unwanted code that steals processing cycles from the GPU and CPU to make the attacker money. All these GPU and CPU cycles come at the cost of reduced system responsiveness and electricity, which can add up to a rather large bill, depending on where you live and what hardware the trojan is able to get its hands on.
Right now, Symantec is offering up general tips on keeping users’ computers free from the infection, including enabling a software firewall (or at least being behind a router with its own firewall that blocks unsolicited incoming connections), running the computer as the lowest level user possible with UAC turned on, and not clicking on unsolicited email attachments or links.
If you are also a bitcoin miner, you may want to further protect yourself by securing your bitcoin wallet in the event that you also accidentally become infected by a trojan that seeks to steal the wallet.dat file (the file that essentially holds all your bitcoin currency).
Stay vigilant folks, and keep an eye out on your system GPU and CPU utilization in addion to using safer computing habits to keep nastly malware like this off of your system. On a more opinionated note, is it just me or have malware authors really hit a new low with this one?
Subject: Editorial, General Tech | July 25, 2011 - 10:24 PM | Scott Michaud
Tagged: Malware, apple
Okay, so the title is more joke than anything else but security researcher Charlie “Safari Charlie” Miller discovered a vulnerability in Apple devices, sort of. This exploit, which appears to not actually be a security flaw and rather just an over-permissive design, allows an attacker to gain access to your battery control using one of two static company-wide passwords. Charlie has discovered many exploits in the past several years on the OSX and iOS platforms. One of the most high profile attacks he discovered involved a data-execution vulnerability in the iPhone’s SMS handling: under certain conditions your iPhone could potentially confuse inbound text messages as code and run it with high permissions.
Malware assaults and battery charges.
(Image from Apple, modified)
So what does having the ability to write to a laptop’s battery firmware mean? Firstly, remember the old advice of “Get a virus? Reinstall your OS!”? Well assuming you actually can perform a clean install without ridiculous hacking (thanks Lion) the battery controller can simply re-infect you if the attacker knows an exploit for your version of OSX. But how does the attacker know your current version of OSX? Well if you are installing from an optical disk they just need to know a Snow Leopard RTM exploit; unless of course you extract Lion from the Mac App Store and clean install using it – assuming the attacker does not know an exploit for Lion or simply just infects the reinstall media if you created it from the infected computer. True, malware is about money so it is highly unlikely that an attacker would go for that narrow of a market of Mac users (already a narrow-enough market to begin with) but the security risk is there if for some reason you are a tempting enough target to spear-phish. Your only truely secure option is removing the battery while performing the OHHHHHHHH.
You know, while working (very temporarily) on the Queen's University Solar Vehicle project I was told that Lithium cells smell like sweet apples when they rupture. I have never experienced it but if true I find it delightfully ironic.
While that would all require knowledge of other exploits in your operating system, there is a more direct problem. If for some reason someone would like to cause damage against your Apple devices they could use this flaw to simply break your batteries. Charlie has bricked nine batteries in his testing but has not even attempted to see whether it would be possible to over-charge a battery into exploding. While it is possible to force the battery controller to create the proper conditions for an explosion there are other, physical, safe guards in place. Then again, batteries have exploded in the past often making highly entertaining Youtube videos and highly unentertaining FOX news clips.