Subject: General Tech | September 9, 2012 - 04:19 PM | Scott Michaud
Tagged: Malware, IE10, flash
Recent statements from Microsoft show that they are not afraid to wait a little bit before shipping patches with their bundled Flash in Internet Explorer 10. The issue is more contained than is let on by Ars Technica – but also raises a bigger security issue for all of us at all times.
By far the worst enemy for security is complacency.
I often pick on Apple for their security practices. They are perceived as being secure despite their horrendous record of handling security updates – delaying a critical patch for privately disclosed vulnerabilities until after its reveal at Blackhat because Apple could not devote the programmer to the task.
That mentality has been everywhere – from Sony to Microsoft in the Windows XP era to Macromedia & Adobe.
In this case the issue is that Microsoft has been delaying updates to the built in copy of Adobe Flash preinstalled with Internet Explorer 10. Once a patch has been released attackers are able to figure out what the patch fixes and potentially exploit it for those who have yet to update. There are quite a few subtle caveats with this story which need to be discussed before opinions are made.
... Relatively speaking...
First and foremost – Flash support on the Metro-based Internet Explorer 10 is limited to a whitelist. Flash is not exposed to websites which have not been flagged by Microsoft as safe and requiring backwards compatibility with Flash.
Websites become compromised all the time. Should one of the whitelisted websites get attacked it could become forced to serve a Flash applet to its users. The delay between Adobe and Microsoft patching dates gives the attackers a window to exploit all IE10 users until the whitelisted website notices. Attacks like these are very commonplace recently.
As an aside – there is quite a bit of confusion over Internet Explorer 10 on the desktop. According to the RTM evaluation it appears as though the only way to update Flash for Internet Explorer is through Windows Update even when not using the Metro browser. The whitelist is also in effect for Windows on the desktop although it seems like users are able to add their own exemptions. It appears like user-set exemptions is unique to the desktop version of IE.
It is disconcerting to see a platform become complacent to potential security issues intentionally. To be fair it is entirely possible that Google Chrome could have similar issues as they too handle Adobe Flash integration. Unlike IE10, Google Chrome does allow you to disable the built in Flash and manage your updates directly from Adobe although the process is far too complicated for most users.
Infectious fear is infectious
PCMag and others have released articles based on a blog post from Sophos. The original post discussed how frequently malware designed for Windows is found on Mac computers. What these articles mostly demonstrate is that we really need to understand security: what it is, and why it matters. The largest threats to security are complacency and misunderstanding; users need to grasp the problem rather than have it burried under weak analogies and illusions of software crutches.
Your data and computational ability can be very valuable to people looking to exploit it.
The point of security is not to avoid malware, nor is it to remove it if you failed to avoid it. Those actions are absolutely necessary components of security -- do those things -- but they are not the goal of security. The goal of security is to retain control of what is yours. At the same time, be a good neighbor and make it easier for others to do the same with what is theirs.
Your responsibility extends far beyond just keeping a current antivirus subscription.
The problem goes far beyond throwing stones...
The distinction is subtle.
Your operating system is irrelevant. You could run Windows, Mac, Android, iOS, the ‘nixes, or whatever else. Every useful operating system has vulnerabilities and run vulnerable applications. The user is also very often tricked into loading untrusted code either directly or delivering it within data to a vulnerable application.
Blindly fearing malware -- such as what would happen if someone were to draw parallels to Chlamydia -- does not help you to understand it. There are reasons why malware exists; there are certain things which malware is capable of; and there are certain things which malware is not.
The single biggest threat to security is complacency. Your information is valuable and you are responsible to prevent it from being exploited. The addition of a computer does not change the fundamental problem. Use the same caution on your computer and mobile devices as you should on the phone or in person. You would not leave your credit card information on a park bench unmonitored.
Subject: General Tech | January 26, 2012 - 12:47 PM | Jeremy Hellstrom
Tagged: fud, Malware, Virus, Worm
Back in the ancient days of gaming and repeated in Skyrim's Draugr your enemies started out simple, a simple zombie or leever becoming a Infected Death Lord Zombie of Fiery Devastation. Another way to look at is a supervillain origin story where exposure to something that should have killed them instead grants them powers beyond mere mortals. There may have also been a dozen decent SciFi novels written about the topic (well, probably more like a gross) ... however you look at it, computer worms are mutating!
It seems that systems infected with a worm are being hit by certain viruses which inadvertently infect the worm, creating malware with twice the command and control servers, twice the backdoors and twice the methods to spread its self. The Register cites a specific example of the Rimecud worm which steals passwords becoming infected by Virtob which creates a backdoor on a system. At this moment BitDefender has found that 0.4% of the infected systems they detected had an infected worm present, a number you can expect to grow.
Be careful out there!
"Viruses are accidentally infecting worms on victims’ computers, creating super-powered strains of hybrid software nasties.
The monster malware spreads quicker than before, screws up systems worse than ever, and exposes private data in a way not even envisioned by the original virus writers.
A study by antivirus outfit BitDefender found 40,000 such "Frankenmalware samples" in a study of 10 million infected files in early January, or 0.4 per cent of malware strains sampled. These cybercrime chimeras pose a greater risk to infected users than standard malware, the Romanian antivirus firm warns."
Here is some more Tech News from around the web:
- Real-time depth smoothing for the Kinect @ Hack a Day
- TurboTax Premier Online (2011) Review @ TechReviewSource
- pcAnywhere let anyone anywhere inject code into PCs @ The Register
- Jam a remote helicopter @ Hack a Day
- Nvidia hit by GPU slump, too @ The Register
New Trojan.Badminer Malware Steals Your Spare Processing Cycles To Make Criminals Money At Your Expense
Subject: General Tech | August 17, 2011 - 11:02 PM | Tim Verry
Tagged: trojan, opencl, mining, Malware, gpgpu, bitcoin
A new piece of malware was recently uncovered by anti-virus provider Symantec that seeks to profit from your spare computing cycles. Dubbed Trojan.Badminer, this insidious piece of code is a trojan that (so far) is capable of affecting Windows operating systems from Windows 98 to Windows 7. Once this trojan has been downloaded and executed (usually through an online attack vector via an unpatched bug in flash or java), it proceeds to create a number of files and registry entries.
It's a trojan infected bitcoin, oh the audacity of malware authors!
After it has propagated throughout the system, it is then able to run one of two mining programs. It will first search for a compatible graphics card, and run Phoenix Miner. However, if a graphics card is not found, it will fall back to RPC miner and instead steal your CPU cycles. The miners then start hashing in search of bitcoin blocks, and if found, will then send the reward money to the attacker’s account.
It should be noted that bitcoin mining itself is not inherently bad, and many people run it legitimately. In fact, if you are interested in learning more about bitcoins, we ran an article on them recently. This trojan on the other hand is malicious because it is infecting the user’s computer with unwanted code that steals processing cycles from the GPU and CPU to make the attacker money. All these GPU and CPU cycles come at the cost of reduced system responsiveness and electricity, which can add up to a rather large bill, depending on where you live and what hardware the trojan is able to get its hands on.
Right now, Symantec is offering up general tips on keeping users’ computers free from the infection, including enabling a software firewall (or at least being behind a router with its own firewall that blocks unsolicited incoming connections), running the computer as the lowest level user possible with UAC turned on, and not clicking on unsolicited email attachments or links.
If you are also a bitcoin miner, you may want to further protect yourself by securing your bitcoin wallet in the event that you also accidentally become infected by a trojan that seeks to steal the wallet.dat file (the file that essentially holds all your bitcoin currency).
Stay vigilant folks, and keep an eye out on your system GPU and CPU utilization in addion to using safer computing habits to keep nastly malware like this off of your system. On a more opinionated note, is it just me or have malware authors really hit a new low with this one?
Subject: Editorial, General Tech | July 25, 2011 - 10:24 PM | Scott Michaud
Tagged: Malware, apple
Okay, so the title is more joke than anything else but security researcher Charlie “Safari Charlie” Miller discovered a vulnerability in Apple devices, sort of. This exploit, which appears to not actually be a security flaw and rather just an over-permissive design, allows an attacker to gain access to your battery control using one of two static company-wide passwords. Charlie has discovered many exploits in the past several years on the OSX and iOS platforms. One of the most high profile attacks he discovered involved a data-execution vulnerability in the iPhone’s SMS handling: under certain conditions your iPhone could potentially confuse inbound text messages as code and run it with high permissions.
Malware assaults and battery charges.
(Image from Apple, modified)
So what does having the ability to write to a laptop’s battery firmware mean? Firstly, remember the old advice of “Get a virus? Reinstall your OS!”? Well assuming you actually can perform a clean install without ridiculous hacking (thanks Lion) the battery controller can simply re-infect you if the attacker knows an exploit for your version of OSX. But how does the attacker know your current version of OSX? Well if you are installing from an optical disk they just need to know a Snow Leopard RTM exploit; unless of course you extract Lion from the Mac App Store and clean install using it – assuming the attacker does not know an exploit for Lion or simply just infects the reinstall media if you created it from the infected computer. True, malware is about money so it is highly unlikely that an attacker would go for that narrow of a market of Mac users (already a narrow-enough market to begin with) but the security risk is there if for some reason you are a tempting enough target to spear-phish. Your only truely secure option is removing the battery while performing the OHHHHHHHH.
You know, while working (very temporarily) on the Queen's University Solar Vehicle project I was told that Lithium cells smell like sweet apples when they rupture. I have never experienced it but if true I find it delightfully ironic.
While that would all require knowledge of other exploits in your operating system, there is a more direct problem. If for some reason someone would like to cause damage against your Apple devices they could use this flaw to simply break your batteries. Charlie has bricked nine batteries in his testing but has not even attempted to see whether it would be possible to over-charge a battery into exploding. While it is possible to force the battery controller to create the proper conditions for an explosion there are other, physical, safe guards in place. Then again, batteries have exploded in the past often making highly entertaining Youtube videos and highly unentertaining FOX news clips.
Subject: General Tech | June 17, 2011 - 02:37 PM | Scott Michaud
We have been long battling online menaces that are looking to generate money off of the grief of others. It used to be simple for the attack to be successful: release virus; ???; profit. Now that worms are much less common the focus has shifted from invading a person’s computer to tricking the person to allow you in their computer or attacking the service they are accessing. Now, what was once a far-fetched joke by a popular comic strip is true: people are being contacted at home and told to infect their computer.
Your call is VERY important to us.
The story for security has always been the same: be careful what you do, keep your attack surface as small as possible, and limit the damage in the event of a breech. You need to be aware, regardless of what platform you utilize, that you are only as safe as your level of complacency. If someone is attempting to get you to do something quickly, they likely are trying to play on your complacency by distracting you with an urgency. The disappointing part is that in the heat of the moment even someone aware of these attacks could still be susceptible to them because social engineering is simply very effective.
All of the above said, the silver lining to this whole problem is that the attackers are getting substantially more desperate which means that it is only a matter of time before the pool of attackers shrinks due to lack of profitability. The problem will never go away, but as the difficulty steadily increases for the attackers (which it is, otherwise they would not be so inventive) the draw of money will seem much less luscious.
Subject: Editorial, General Tech | May 25, 2011 - 09:22 PM | Scott Michaud
Tagged: Malware, apple
Apple users have been dealing with a bad bout of malware over the last few weeks ironically called Mac Defender. Its modus operandi involves scaring the Apple user with claims of malware in a phony file browser and giving them a magical option to remove all problems. That option is actually the malware, but since the users are convinced they are downloading anti-malware they will often allow it to happen and provide their admin password. At that point, they are prompted to provide their credit card number to actually remove the now-present infection. Apple was actively quiet about the whole experience but has now gone vocal about the experience. Also, a new revision of Mac Defender just got substantially harder to avoid.
It should be noted that admin password or not; Apple or not; patch or not; this form of malware strikes the most vulnerable point of any system: the user’s complacency. It does not matter how good of an antivirus solution you have, or how protected your operating system and programs are (though in many cases both of those are lacking as well) you need to be cautious about what you do with any device that accepts information that is not yours. Food for thought: software that can jailbreak an iPhone steal admin privileges from Apple and give it to you. Even in a locked down system such as an iPhone where the user does not have admin rights, what would have happened had you not been the recipient of the admin privileges?
Subject: General Tech | May 4, 2011 - 05:28 PM | Scott Michaud
Tagged: mse, Malware, antivirus
One of the major drawbacks of having general purpose computation devices is malware. Your computers are designed to manipulate and store instructions and information and they do that amazingly. Your computers, however, cannot tell who gave what instruction; they follow a set of instructions until it links to another, which they follow, ad infinitum. When someone who wants to use your computer can get their series of instructions run by your computer: that is when you got a problem.
Subject: General Tech | April 15, 2011 - 11:56 AM | Jeremy Hellstrom
Tagged: Virus, Malware, China, Android
"Android handsets used in China accounted for 64.1% of global virus/malware attacks in the first quarter of 2011, according to China-based mobile security solutions provider NetQin Mobile.
There were 2.53 million Android handsets infected by viruses or malware around the world during the first quarter, and most were in China due to the popularity of white-box Android handsets in the country, NetQin indicated. US ranked second with 7.6%, followed by Russia with 6.1%, India with 3.4%, Indonesia with 3.2%, Hong Kong with 2.7% and UK with 2.1%. In the first quarter, there were 1,014 new malware items and 101 new viruses, NetQin said.
Of the infected Android handsets globally, 57% were through downloading applications from Android Market, followed by using unbranded handsets with 17%, downloading applications from WAP or www. websites with 14%, using Bluetooth with 7% and using memory cards with 3%, it said.
A breakdown of the attacks by Android version shows that 1.6 and previous versions accounted for 5%, 2.1 34%, 2.2 45% and 2.3 16%."
Here is some more Tech News from around the web:
- WebOS 3.0 Beta Leaked -- Looks Good, Interesting @ Linux.com
- Windows Home Server 2011 review @ The Inquirer
- Watch Windows 8's new Metro login while this creepy guy watches you @ Engadget
- Samsung SuperSpeed drives out next month @ The Register
- Hypertext Creator: Structure of the Web 'Completely Wrong' @ Slashdot
- High-Quality Open Source Body Tracking Sans Kinect @ Make:Blog
- Google squashes Chrome security bugs, updates Flash Player @ The Inquirer
- TRENDnet TV- IP612WN ProView Wireless N Pan/Tilt/Zoom Internet Camera Review @ Madshrimps
- Open-sourced blueprints for civilization @ Make:Blog
- Teaching an old PSU new tricks @ The Tech Report
- Hardware and Games at Gadget Show 2011 - XSR
- Antec KÜHLER H2O 920 Giveaway at Asetek.com/Twitter
- OC3D & Aria @ Gadget Show Live Part 2