The TIFF of Doom!

Subject: General Tech | November 6, 2013 - 01:08 PM |
Tagged: security, Malware, TIFF, windows

A newly discovered flaw in the handling of TIFF image files effects machines running Windows Vista or Server 2008 as well as Office 2003 to 2010 and Microsoft Lync products on WinXP and Win7 with Windows 8 being the only one that does not contain this vulnerability.  According to The Register attack code is launched when the image is display with tricks the "OS into copying malicious code stashed in the file into memory and then hijacking the processor to execute it."

index.jpg

"The software giant said the flaw allows attackers to remotely execute code and install malware on a vulnerable system by sending an email or instant message or convincing a user to open a specially crafted webpage."

Here is some more Tech News from around the web:

Tech Talk

Source: The Register

You're Supposed to Incinerate Plagued Corpses, Right?

Subject: General Tech | July 8, 2013 - 09:24 PM |
Tagged: Malware, derp

Sometimes I like to cleanse the palette with a lighthearted feel-good story. A little over a year and a half ago, Department of Homeland Security (DHS) alerted the Economic Development Administration (EDA) and the National Oceanic and Atmospheric Administration (NOAA) of potential security breaches with their hardware. NOAA handled their clean-up well, EDA seemed to apply the logic commonly reserved for diseased cattle. I guess this counts?

killitwithfire.jpg

Image: Memegenerator

Ultimately, it was paranoia that harmed the EDA. They spent a million dollars hiring an external firm to sanitize, secure, and guarantee immunity against malicious software. Unsatisfied with the lack of results under the final mandate, the EDA decided to destroy any hardware adjacent to any contamination.

Computers... printers... cameras... keyboards... mice...

$170,500 USD of hardware was demolished and almost a year was spent getting back on track. A further $3 million worth of equipment would have reached the same fate if the budget had not run out. This news was made public during their audit, released last month, by the Department of Commerce. The infections, discovered through this cleansing, were common malware and not a targeted attack.

The final cost of this overreaction was $2.7 million.

Source: Ars Technica

Tag teaming malware, just what everyone needs

Subject: General Tech | July 3, 2013 - 10:16 AM |
Tagged: Vobfus, Beebone, Malware, security

Vobfus has been around the block a few times, some Visual Basic code that first popped up in 2009 which tried to download and install code to attack machines that managed to get Vobfus on their systems.  Beebone, aka Win32/Beebone is newer, a fairly common Trojan infection which is similar to Vobfus in that it attempts to download other malware as opposed to attacking your machine directly.  According to this story on The Inquirer, they have developed a symbiotic relationship, where when one infects you it immediately tries to infect you with the other.  That way it can fool anti-malware programs into beleiving that they've sanitized your machine of all infections when in fact you only remove one of the two infections and the remaining one immediately downloads and installs a different variant of the one you just removed.

rkill.jpg

"SOFTWARE HOUSE Microsoft's security researchers have discovered a pair of malware programs that help one another to avoid being detected by antivirus software.

Known as Vobfus and Beebone, the collaborating malware prove difficult to remove from infected machines as they work together, foiling the removal by regularly downloading updated versions of their respective partners."

Here is some more Tech News from around the web:

Tech Talk

Source: The Inquirer

Beware the click-jacking Captcha of Evil!

Subject: General Tech | July 2, 2013 - 10:29 AM |
Tagged: Malware, IE10, chrome, security

Just in case you weren't already getting tired of captchas there is a new click-jacking technique which works on both IE9 and 10 in Windows 7 and also on Chrome for Windows 8 so for the time being you might want to avoid any captchas that begin with an 'R'.  The new Smartscreen features on Win8 as well as UAC should give you at least some defense and require you to allow the exectuable to run and infect your machine but you can be guaranteed that some less observant users will click straight through without reading the messages which appear.  While this type of attack is nothing new, the particular technique mentioned at The Register does have some new tricks.

CAPTCHA.jpg

"A security researcher has discovered a sneaky social engineering trick that might be used to disguise the go-ahead to run hostile code on Windows 8 machines.

The so-called keyjacking technique, uncovered by Italian security researcher Rosario Valotta, is similar to clickjacking. However, instead of fooling marks into generating fake Facebook likes, the keyjacking involves disguising a "run executable" dialogue box within a CAPTCHA challenge."

Here is some more Tech News from around the web:

Tech Talk

Source: The Register

IE10 is the safest web browser in one way; checkmate!

Subject: Editorial, General Tech | May 16, 2013 - 12:45 PM |
Tagged: web browser, Malware, IE10

If you consider your browser security based solely on whether it will allow you to manually download a malicious executable: IE10 is the best browser ever!

Rod Trent over at Windows IT Pro seems to believe this when NSS labs released their report, "Socially Engineered Malware Blocking". In this report, Internet Explorer blocked the user from downloading nearly all known malware (clarification: all known malware within the test). Google Chrome came in second place with a little less than 17% fail rate and the other browsers were quite far behind with approximately a 90% failure rate.

ie10-malware.jpg

Based on that one metric alone, Rod Trent used a cutesy chess image to proclaim IE the... king... of the hill. Not only that, he suggests Safari, Opera, and Firefox consider "shuttering their doors." After about a decade of Internet Explorer suffering from countless different and unique vectors of exploitation, now is the time to proclaim a victor for attacks which require explicit user action?

Buckle in, readers, it's a rant.

Firstly, this reminds me a little bit of Microsoft Security Essentials. Personally, I use it, because it provides enough protection for me. Unlike its competitors, MSE has next to no false positives because almost ignores zero-day exploits. The AV package drew criticism from lab tests which test zero-day exploits. Microsoft Security Essentials was ranked second-worst by this metric.

Well, time to shutter your doors Micr... oh wait Rod Trent lauded it as award-winning. Huh...

But while we are on the topic of false positives, how do you weigh those in your grading of a browser? According to the report, and common sense, achieving pure success in this metric is dead simple if you permit your browser to simply block every download, good or bad.

If a 100% false positive acceptance rate is acceptable, it is trivial to protect users from all malicious download. With just a few lines of code, Firefox, Safari, and Opera could displace Internet Explorer and Chrome as the leaders of protection against socially engineered malware. However, describing every download as "malicious" would break the internet. Finding a balance between accuracy and safety is the challenge for browsers at the front of protection technology.

-NSS Labs, "Socially Engineered Malware Blocking"

A browser that is capable of blocking malware without blocking legitimate content would certainly be applause-worthy. I guess time will tell whether Internet Explorer 10 is able to walk the balance, or whether it will just be a nuisance like the first implementations of UAC.

OK, Google did actually release exactly one native Windows application at Google I/O: It's called Android Studio, an application that helps developers create apps that run on Android, Google’s answer to Windows. But don’t worry, Microsoft fans: Internet Explorer (IE) flags the Android Studio download as potential malware.

-Paul Thurrott, Windows IT Pro

Ah crap... that was quick.

Now to be fair, Internet Explorer 10 and later have been doing things right. I am glad to see Microsoft support standards and push for an open web after so many years. This feature helps protect users from their own complacency.

Still, be careful when you call checkmate: some places may forfeit your credibility.

Samsung tops Apple for both buying chips and malware

Subject: General Tech | January 23, 2013 - 10:17 AM |
Tagged: Samsung, apple, andriod, Malware, fud

The good news for Samsung last year is that it bought $23.9bn worth of semiconductor orders in 2012, while Apple ordered a mere $21.4bn which implies that Samsung is buying more chips than Apple, or perhaps is just getting a worse deal.  If the information from Gartner that The Inquirer picked up on is correct, Samsung accounted for 8% of the total semiconductor market in 2012, a very impressive feat.  That is more than Dell and HP's market share combined which supports the theory that the falling sales we saw in PCs was not reflected at all in the smartphone and tablet markets. 

Unfortunately that success comes at a price as Samsung's OS of choice, Android, is expected to see more than one million malware threats by the end of 2013.  According to Trend Micro there were about 350,000 malware threats over 2012 with only one in five Android devices actually having any sort of security software installed.  Perhaps it is time to start thinking more about protecting your phone, especially if you have banking apps or the so called "pay by bonk" enabled on your phone.

Sick_Android.jpg

"Apple, thanks in large part to its hugely popular iPhone and iPad products, was the largest consumer of semiconductor chips, that is, until 2012. Gartner claims that Samsung has overtaken Apple to become the largest semiconductor user with eight percent of all chips sold going to the firm."

Here is some more Tech News from around the web:

Tech Talk

Source: The Inquirer

You can't protect your PIN from a hacked POS machine

Subject: General Tech | December 14, 2012 - 11:53 AM |
Tagged: Malware, dexter

Just in time for last minute Christmas shopping comes malware designed to infect POS machines and record any PIN and credit card information stored on the machine.  The US, the UK, and Canada are all affected with the US accounting for almost a third of the current infections.  Instead of using RDP vulnerabilities this particular piece of malware will install its self on any networked machine that is running POS software and it copies the memory of that machine to a server which then parses the information and gives the crooks the ability to clone any credit cards that were used on that machine recently.  Scare yourself by reading more about Dexter at The Register.

Dexter_TV_Series_Title_Card.jpg

"You could be getting more than you bargained for when you swipe your credit card this holiday shopping season, thanks to new malware that can skim credit card info from compromised point-of-sale (POS) systems.

First spotted by security firm Seculert, the malware dubbed "Dexter" is believed to have infected hundreds of POS systems in 40 countries worldwide in recent months. Companies targeted include retailers, hotel chains, restaurants, and private parking provider"

Here is some more Tech News from around the web:

Tech Talk

Source: The Register

Internet Explorer 10 Exploitable: Both More & Less Than Hype

Subject: General Tech | September 9, 2012 - 01:19 PM |
Tagged: Malware, IE10, flash

Recent statements from Microsoft show that they are not afraid to wait a little bit before shipping patches with their bundled Flash in Internet Explorer 10. The issue is more contained than is let on by Ars Technica – but also raises a bigger security issue for all of us at all times.

By far the worst enemy for security is complacency.

I often pick on Apple for their security practices. They are perceived as being secure despite their horrendous record of handling security updates – delaying a critical patch for privately disclosed vulnerabilities until after its reveal at Blackhat because Apple could not devote the programmer to the task.

That mentality has been everywhere – from Sony to Microsoft in the Windows XP era to Macromedia & Adobe.

In this case the issue is that Microsoft has been delaying updates to the built in copy of Adobe Flash preinstalled with Internet Explorer 10. Once a patch has been released attackers are able to figure out what the patch fixes and potentially exploit it for those who have yet to update. There are quite a few subtle caveats with this story which need to be discussed before opinions are made.

windowsupdate.png

... Relatively speaking...

First and foremost – Flash support on the Metro-based Internet Explorer 10 is limited to a whitelist. Flash is not exposed to websites which have not been flagged by Microsoft as safe and requiring backwards compatibility with Flash.

Websites become compromised all the time. Should one of the whitelisted websites get attacked it could become forced to serve a Flash applet to its users. The delay between Adobe and Microsoft patching dates gives the attackers a window to exploit all IE10 users until the whitelisted website notices. Attacks like these are very commonplace recently.

As an aside – there is quite a bit of confusion over Internet Explorer 10 on the desktop. According to the RTM evaluation it appears as though the only way to update Flash for Internet Explorer is through Windows Update even when not using the Metro browser. The whitelist is also in effect for Windows on the desktop although it seems like users are able to add their own exemptions. It appears like user-set exemptions is unique to the desktop version of IE.

It is disconcerting to see a platform become complacent to potential security issues intentionally. To be fair it is entirely possible that Google Chrome could have similar issues as they too handle Adobe Flash integration. Unlike IE10, Google Chrome does allow you to disable the built in Flash and manage your updates directly from Adobe although the process is far too complicated for most users.

Source: Ars Technica
Manufacturer: PC Perspective
Tagged: Malware

Infectious fear is infectious

PCMag and others have released articles based on a blog post from Sophos. The original post discussed how frequently malware designed for Windows is found on Mac computers. What these articles mostly demonstrate is that we really need to understand security: what it is, and why it matters. The largest threats to security are complacency and misunderstanding; users need to grasp the problem rather than have it burried under weak analogies and illusions of software crutches.

Your data and computational ability can be very valuable to people looking to exploit it.

The point of security is not to avoid malware, nor is it to remove it if you failed to avoid it. Those actions are absolutely necessary components of security -- do those things -- but they are not the goal of security. The goal of security is to retain control of what is yours. At the same time, be a good neighbor and make it easier for others to do the same with what is theirs.

Your responsibility extends far beyond just keeping a current antivirus subscription.

16-ShatteredWindows3.jpg

The problem goes far beyond throwing stones...

The distinction is subtle.

Your operating system is irrelevant. You could run Windows, Mac, Android, iOS, the ‘nixes, or whatever else. Every useful operating system has vulnerabilities and run vulnerable applications. The user is also very often tricked into loading untrusted code either directly or delivering it within data to a vulnerable application.

Blindly fearing malware -- such as what would happen if someone were to draw parallels to Chlamydia -- does not help you to understand it. There are reasons why malware exists; there are certain things which malware is capable of; and there are certain things which malware is not.

The single biggest threat to security is complacency. Your information is valuable and you are responsible to prevent it from being exploited.  The addition of a computer does not change the fundamental problem. Use the same caution on your computer and mobile devices as you should on the phone or in person. You would not leave your credit card information on a park bench unmonitored.

Read on to understand what malware is and what it could do.

Frankenmalware, an antiviral boss fight

Subject: General Tech | January 26, 2012 - 09:47 AM |
Tagged: fud, Malware, Virus, Worm

Back in the ancient days of gaming and repeated in Skyrim's Draugr your enemies started out simple, a simple zombie or leever becoming a Infected Death Lord Zombie of Fiery Devastation.  Another way to look at is a supervillain origin story where exposure to something that should have killed them instead grants them powers beyond mere mortals.  There may have also been a dozen decent SciFi novels written about the topic (well, probably more like a gross) ... however you look at it, computer worms are mutating!

It seems that systems infected with a worm are being hit by certain viruses which inadvertently infect the worm, creating malware with twice the command and control servers, twice the backdoors and twice the methods to spread its self.  The Register cites a specific example of the Rimecud worm which steals passwords becoming infected by Virtob which creates a backdoor on a system.  At this moment BitDefender has found that 0.4% of the infected systems they detected had an infected worm present, a number you can expect to grow. 

Be careful out there!

The-special-infected.jpg

"Viruses are accidentally infecting worms on victims’ computers, creating super-powered strains of hybrid software nasties.

The monster malware spreads quicker than before, screws up systems worse than ever, and exposes private data in a way not even envisioned by the original virus writers.

A study by antivirus outfit BitDefender found 40,000 such "Frankenmalware samples" in a study of 10 million infected files in early January, or 0.4 per cent of malware strains sampled. These cybercrime chimeras pose a greater risk to infected users than standard malware, the Romanian antivirus firm warns."

Here is some more Tech News from around the web:

Tech Talk

 

Source: The Register