New Trojan.Badminer Malware Steals Your Spare Processing Cycles To Make Criminals Money At Your Expense
Subject: General Tech | August 17, 2011 - 11:02 PM | Tim Verry
Tagged: trojan, opencl, mining, Malware, gpgpu, bitcoin
A new piece of malware was recently uncovered by anti-virus provider Symantec that seeks to profit from your spare computing cycles. Dubbed Trojan.Badminer, this insidious piece of code is a trojan that (so far) is capable of affecting Windows operating systems from Windows 98 to Windows 7. Once this trojan has been downloaded and executed (usually through an online attack vector via an unpatched bug in flash or java), it proceeds to create a number of files and registry entries.
It's a trojan infected bitcoin, oh the audacity of malware authors!
After it has propagated throughout the system, it is then able to run one of two mining programs. It will first search for a compatible graphics card, and run Phoenix Miner. However, if a graphics card is not found, it will fall back to RPC miner and instead steal your CPU cycles. The miners then start hashing in search of bitcoin blocks, and if found, will then send the reward money to the attacker’s account.
It should be noted that bitcoin mining itself is not inherently bad, and many people run it legitimately. In fact, if you are interested in learning more about bitcoins, we ran an article on them recently. This trojan on the other hand is malicious because it is infecting the user’s computer with unwanted code that steals processing cycles from the GPU and CPU to make the attacker money. All these GPU and CPU cycles come at the cost of reduced system responsiveness and electricity, which can add up to a rather large bill, depending on where you live and what hardware the trojan is able to get its hands on.
Right now, Symantec is offering up general tips on keeping users’ computers free from the infection, including enabling a software firewall (or at least being behind a router with its own firewall that blocks unsolicited incoming connections), running the computer as the lowest level user possible with UAC turned on, and not clicking on unsolicited email attachments or links.
If you are also a bitcoin miner, you may want to further protect yourself by securing your bitcoin wallet in the event that you also accidentally become infected by a trojan that seeks to steal the wallet.dat file (the file that essentially holds all your bitcoin currency).
Stay vigilant folks, and keep an eye out on your system GPU and CPU utilization in addion to using safer computing habits to keep nastly malware like this off of your system. On a more opinionated note, is it just me or have malware authors really hit a new low with this one?
Subject: Editorial, General Tech | July 25, 2011 - 10:24 PM | Scott Michaud
Tagged: Malware, apple
Okay, so the title is more joke than anything else but security researcher Charlie “Safari Charlie” Miller discovered a vulnerability in Apple devices, sort of. This exploit, which appears to not actually be a security flaw and rather just an over-permissive design, allows an attacker to gain access to your battery control using one of two static company-wide passwords. Charlie has discovered many exploits in the past several years on the OSX and iOS platforms. One of the most high profile attacks he discovered involved a data-execution vulnerability in the iPhone’s SMS handling: under certain conditions your iPhone could potentially confuse inbound text messages as code and run it with high permissions.
Malware assaults and battery charges.
(Image from Apple, modified)
So what does having the ability to write to a laptop’s battery firmware mean? Firstly, remember the old advice of “Get a virus? Reinstall your OS!”? Well assuming you actually can perform a clean install without ridiculous hacking (thanks Lion) the battery controller can simply re-infect you if the attacker knows an exploit for your version of OSX. But how does the attacker know your current version of OSX? Well if you are installing from an optical disk they just need to know a Snow Leopard RTM exploit; unless of course you extract Lion from the Mac App Store and clean install using it – assuming the attacker does not know an exploit for Lion or simply just infects the reinstall media if you created it from the infected computer. True, malware is about money so it is highly unlikely that an attacker would go for that narrow of a market of Mac users (already a narrow-enough market to begin with) but the security risk is there if for some reason you are a tempting enough target to spear-phish. Your only truely secure option is removing the battery while performing the OHHHHHHHH.
You know, while working (very temporarily) on the Queen's University Solar Vehicle project I was told that Lithium cells smell like sweet apples when they rupture. I have never experienced it but if true I find it delightfully ironic.
While that would all require knowledge of other exploits in your operating system, there is a more direct problem. If for some reason someone would like to cause damage against your Apple devices they could use this flaw to simply break your batteries. Charlie has bricked nine batteries in his testing but has not even attempted to see whether it would be possible to over-charge a battery into exploding. While it is possible to force the battery controller to create the proper conditions for an explosion there are other, physical, safe guards in place. Then again, batteries have exploded in the past often making highly entertaining Youtube videos and highly unentertaining FOX news clips.
Subject: General Tech | June 17, 2011 - 02:37 PM | Scott Michaud
We have been long battling online menaces that are looking to generate money off of the grief of others. It used to be simple for the attack to be successful: release virus; ???; profit. Now that worms are much less common the focus has shifted from invading a person’s computer to tricking the person to allow you in their computer or attacking the service they are accessing. Now, what was once a far-fetched joke by a popular comic strip is true: people are being contacted at home and told to infect their computer.
Your call is VERY important to us.
The story for security has always been the same: be careful what you do, keep your attack surface as small as possible, and limit the damage in the event of a breech. You need to be aware, regardless of what platform you utilize, that you are only as safe as your level of complacency. If someone is attempting to get you to do something quickly, they likely are trying to play on your complacency by distracting you with an urgency. The disappointing part is that in the heat of the moment even someone aware of these attacks could still be susceptible to them because social engineering is simply very effective.
All of the above said, the silver lining to this whole problem is that the attackers are getting substantially more desperate which means that it is only a matter of time before the pool of attackers shrinks due to lack of profitability. The problem will never go away, but as the difficulty steadily increases for the attackers (which it is, otherwise they would not be so inventive) the draw of money will seem much less luscious.
Subject: Editorial, General Tech | May 25, 2011 - 09:22 PM | Scott Michaud
Tagged: Malware, apple
Apple users have been dealing with a bad bout of malware over the last few weeks ironically called Mac Defender. Its modus operandi involves scaring the Apple user with claims of malware in a phony file browser and giving them a magical option to remove all problems. That option is actually the malware, but since the users are convinced they are downloading anti-malware they will often allow it to happen and provide their admin password. At that point, they are prompted to provide their credit card number to actually remove the now-present infection. Apple was actively quiet about the whole experience but has now gone vocal about the experience. Also, a new revision of Mac Defender just got substantially harder to avoid.
It should be noted that admin password or not; Apple or not; patch or not; this form of malware strikes the most vulnerable point of any system: the user’s complacency. It does not matter how good of an antivirus solution you have, or how protected your operating system and programs are (though in many cases both of those are lacking as well) you need to be cautious about what you do with any device that accepts information that is not yours. Food for thought: software that can jailbreak an iPhone steal admin privileges from Apple and give it to you. Even in a locked down system such as an iPhone where the user does not have admin rights, what would have happened had you not been the recipient of the admin privileges?
Subject: General Tech | May 4, 2011 - 05:28 PM | Scott Michaud
Tagged: mse, Malware, antivirus
One of the major drawbacks of having general purpose computation devices is malware. Your computers are designed to manipulate and store instructions and information and they do that amazingly. Your computers, however, cannot tell who gave what instruction; they follow a set of instructions until it links to another, which they follow, ad infinitum. When someone who wants to use your computer can get their series of instructions run by your computer: that is when you got a problem.
Subject: General Tech | April 15, 2011 - 11:56 AM | Jeremy Hellstrom
Tagged: Virus, Malware, China, Android
"Android handsets used in China accounted for 64.1% of global virus/malware attacks in the first quarter of 2011, according to China-based mobile security solutions provider NetQin Mobile.
There were 2.53 million Android handsets infected by viruses or malware around the world during the first quarter, and most were in China due to the popularity of white-box Android handsets in the country, NetQin indicated. US ranked second with 7.6%, followed by Russia with 6.1%, India with 3.4%, Indonesia with 3.2%, Hong Kong with 2.7% and UK with 2.1%. In the first quarter, there were 1,014 new malware items and 101 new viruses, NetQin said.
Of the infected Android handsets globally, 57% were through downloading applications from Android Market, followed by using unbranded handsets with 17%, downloading applications from WAP or www. websites with 14%, using Bluetooth with 7% and using memory cards with 3%, it said.
A breakdown of the attacks by Android version shows that 1.6 and previous versions accounted for 5%, 2.1 34%, 2.2 45% and 2.3 16%."
Here is some more Tech News from around the web:
- WebOS 3.0 Beta Leaked -- Looks Good, Interesting @ Linux.com
- Windows Home Server 2011 review @ The Inquirer
- Watch Windows 8's new Metro login while this creepy guy watches you @ Engadget
- Samsung SuperSpeed drives out next month @ The Register
- Hypertext Creator: Structure of the Web 'Completely Wrong' @ Slashdot
- High-Quality Open Source Body Tracking Sans Kinect @ Make:Blog
- Google squashes Chrome security bugs, updates Flash Player @ The Inquirer
- TRENDnet TV- IP612WN ProView Wireless N Pan/Tilt/Zoom Internet Camera Review @ Madshrimps
- Open-sourced blueprints for civilization @ Make:Blog
- Teaching an old PSU new tricks @ The Tech Report
- Hardware and Games at Gadget Show 2011 - XSR
- Antec KÜHLER H2O 920 Giveaway at Asetek.com/Twitter
- OC3D & Aria @ Gadget Show Live Part 2