Showing posts with label malware. Show all posts
Showing posts with label malware. Show all posts

19 September 2013

Clueless Spanish Politicians Want To Join The Government Malware Club

As we've noted before, when it comes to the Internet, governments around the world have an unfortunate habit of copying each other's worst ideas. Thus the punitive three-strikes approach based on accusations, not proof, was pioneered by France, and then spread to the UK, South Korea, New Zealand and finally the US (where, naturally, it became the bigger and better "six strikes" scheme). France appears to be about to abandon this unworkable and ineffective approach, leaving other countries to deal with all the problems it has since discovered. 

On Techdirt.

How Can Any Company Ever Trust Microsoft Again?

Irrespective of the details of the current revelations about US spying being provided by Edward Snowden in the Guardian, there is already a huge collateral benefit. On the one hand, the US government is falling over itself to deny some of the allegations by offering its own version of the story. That for the first time gives us official details about programmes that before we only knew through leaks and rumours, if at all. Moreover, the unseemly haste and constantly-shifting story from the US authorities is confirmation, if anyone still needed it, that what Snowden is revealing is important - you don't kick up such a fuss over nothing.

On Open Enterprise blog.

18 September 2013

The Most Dangerous Windows Infection of All

Readers of this blog don't need to be told about Windows' awful security record, or how, when news outlets talk glibly of "viruses", they actually nearly always mean Windows malware. But sometimes there are stories from this weird world that make even seasoned Windows-watchers like me shake my head in disbelief.

On Open Enterprise blog.

Mozilla Sends Cease And Desist Letter To Commercial Spyware Company For Using Firefox Trademark And Code To Trick Users

Techdirt has written several times about the increasing tendency for governments around the world to turn to malware as a way of spying on people, without really thinking through the risks. One company that is starting to crop up more and more in this context is Gamma International, thanks to its FinFisher suite of spyware products, which includes FinSpy. A recent report by Citizenlab, entitled "For Their Eyes Only: The Commercialization of Digital Spying", has explored this field in some depth. Among its findings is the following: 

On Techdirt.

08 December 2012

Stuxnet's Infection Of Chevron Shows Why 'Weaponized' Malware Is A Bad Idea

The Stuxnet worm that attacked an Iranian nuclear enrichment facility a couple of years ago was exceptional from several viewpoints. It is believed to have been the costliest development effort in malware history, involving dozens of engineers. It also made use of an unprecedented number of zero-day exploits in Microsoft Windows in order to operate. Finally, Stuxnet seems to be the first piece of malware known with reasonable certainty to have been created by the US, probably working closely with Israel. 

On Techdirt.

13 October 2012

Creepy Smartphone Malware Re-creates Your Home For Stalkers

It's become something of a cliché that anyone with a mobile phone is carrying a tracking device that provides detailed information about their location. But things are moving on, as researchers (and probably others as well) explore new ways to subvert increasingly-common smartphones to gain other revealing data about their users. Here's a rather clever use of malware to turn your smartphone into a system for taking clandestine photos -- something we've seen before, of course, in other contexts -- but which then goes even further by stitching them together to form a pretty accurate 3D model of your world: 

On Techdirt.

16 December 2011

People in Glasshouses (With Windows) Shouldn't Throw Stones

It's no secret that Windows Phone is struggling desperately in the battle against the smartphone leaders, iPhone and Android. And desperate times demand desperate measures; but even so, this move by Microsoft is pretty extraordinary:

On Open Enterprise blog.

04 August 2011

One Thing We Know about the Shady Rats

The news about "Operation Shady Rat" has naturally provoked much interest (as it was intended to....) After all, who could not fail to be impressed by claims like this?


I am convinced that every company in every conceivable industry with significant size and valuable intellectual property and trade secrets has been compromised (or will be shortly), with the great majority of the victims rarely discovering the intrusion or its impact. In fact, I divide the entire set of Fortune Global 2000 firms into two categories: those that know they’ve been compromised and those that don’t yet know.

Ouch.

You can read the rest of the McAfee post for more details - but not for an answer to the key question: who is doing this? You don't have to be a genius to work out that it's probably one of two large, countries situated in Asia, and personally I'd guess it's the one with lots of people in it, FWIW.

But that's not really what interests me here. Instead, I'd like to focus on this final part of the post:

Although Shady RAT’s scope and duration may shock those who have not been as intimately involved in the investigations into these targeted espionage operations as we have been, I would like to caution you that what I have described here has been one specific operation conducted by a single actor/group. We know of many other successful targeted intrusions (not counting cybercrime-related ones) that we are called in to investigate almost weekly, which impact other companies and industries. This is a problem of massive scale that affects nearly every industry and sector of the economies of numerous countries, and the only organizations that are exempt from this threat are those that don’t have anything valuable or interesting worth stealing.

It's a nice ending to a fascinating piece, but in one respect it's almost certainly not true.

That's because, like just about every similar piece describing massive intrustions of this kind, the McAfee doesn't actually say anything about the platforms that were affected, simply noting:

The compromises themselves were standard procedure for these types of targeted intrusions: a spear-phishing email containing an exploit is sent to an individual with the right level of access at the company, and the exploit when opened on an unpatched system will trigger a download of the implant malware. That malware will execute and initiate a backdoor communication channel to the Command & Control web server and interpret the instructions encoded in the hidden comments embedded in the webpage code. This will be quickly followed by live intruders jumping on to the infected machine and proceeding to quickly escalate privileges and move laterally within the organization to establish new persistent footholds via additional compromised machines running implant malware, as well as targeting for quick exfiltration the key data they came for.

But somebody in the comments asked the obvious question: "Were the initial intrusions all on Microsoft OS machines? Also, was a particular browser targeted?" To which the answer came:

All the malware we’ve seen was Windows-based. There were a variety of vulnerabilities used

Think about that. This massive breach of security, and loss of possibly highly-sensitive information, was all down to two things: the abiding thoughtlessness of people opening attachments, and a range of flaws in Microsoft's software.

So the statement that "the only organizations that are exempt from this threat are those that don’t have anything valuable or interesting worth stealing" is not true; another class would be those wise enough not to allow any of their personnel to use Microsoft products. We may not know definitively who the Shady Rats are, but we certainly know what they *really* love.

Follow me @glynmoody on Twitter and identi.ca, or on Google+

04 March 2011

Malware at the Heart of the BBC's Decline

Anyone who has been following me on Twitter or identi.ca will have noticed that I have a bee in my bonnet - actually, make that a Beeb in my bonnet - about the BBC.

In fact, I have several - including the fact that I really want it to be the best broadcasting organisation in the world, as it once was. But my other bee/Beeb is that its journalistic standards in the few areas where I can claim some knowledge are pretty woeful.

This is seen nowhere more clearly than in its coverage of malware.

To read the reports on the BBC website (I don't watch UK television, so I've no idea what happens there, but suspect it's just as bad), you'd think that malware were some universal affliction, an unavoidable ill like death and taxes. Rarely does the BBC trouble its readers' pretty little heads with the tiresome fact that the overwhelming majority of viruses and trojans affect one operating system, and one operating system only: Microsoft Windows.

To see this, try the following experiment. Search on the BBC news site for "microsoft windows virus" or "microsoft windows trojan" or "microsoft windows malware", and you'll get a few dozen hits, not all of which refer to Microsoft malware.

But try the same searches without the words "microsoft windows", and you will get many more hits every year (try "computer malware", for example), very few of which mention that such malware is almost exclusively for Microsoft's platform.

That sin of omission has now been matched by an equally telling sin of commission. For hot on the heels of the first serious Android viruses, we have a report on BBC news spelling out the terrible facts:

More than 50 applications available via the official Android Marketplace have been found to contain a virus.

Analysis suggests that the booby-trapped apps may have been downloaded up to 200,000 times.

The malicious apps were copies of existing applications, such as games, that had been repackaged to include the virus code.

Fifty applications, can you believe it? Terrifying stuff. And downloaded no less than 200,000 times...shocking.

Of course, the fact that back in 2007

Symantec detected more than 711,912 novel threats which brings the total number of malicious [Microsoft Windows] programs that the security firm's anti-virus programs detect to 1,122,311.

as reported by the BBC in one of its rare balanced pieces on the subject, rather puts those 50 Android programs in context. Similarly, if you consider how many *billions* of times all those Windows viruses have been downloaded over the years, the 200,000 Android downloads pale into insignificance. And yet the BBC chooses not to provide any of that background information.

And it hasn't finished there. Not content with reporting on the Android virus without providing any context, the BBC article then goes on to trash - guess what? - yes, Android's open approach, via this quotation:

"This greater openness of the developer environment has been argued to foster an atmosphere of creativity," he wrote, "but as Facebook have already discovered it is also a very attractive criminal playground."

Again, the missing context is that the *closed* world of Windows has not only provided a rather larger and more attractive "criminal playground", but has caused tens of billions of dollars of economic damage every year according to one estimate. Rather more than just a playground for criminals, one might say - an entire global industry.

All-in-all, this is extraordinarily poor journalism from the BBC, and something that would never have been tolerated when it was at the height of its reputation. What's really sad is that the latest one-sided reporting of the Android viruses suggests that far from getting better, things are getting even worse in this particular area. That is truly a great loss for not just the BBC but for all of its long-time supporters (like me) who would like to see it flourish in the digital age, not shrivel into irrelevance.

Follow me @glynmoody on Twitter or identi.ca.

16 December 2010

Microsoft: Hoist by its Own Petard

I always look forward to reading Microsoft-funded research, because over the years it's evolved into a kind of game. The results - of course - are always amazingly good for Microsoft, but hidden away in there, like a secret at the heart of a complex puzzle, there's something that we're not supposed to notice that undermines the final result.

On Open Enterprise blog.

06 December 2008

NYT Has Clue about Malware

Following my post below about malware, here's an example of how it might be done:


Internet security is broken, and nobody seems to know quite how to fix it.

Despite the efforts of the computer security industry and a half-decade struggle by Microsoft to protect its Windows operating system, malicious software is spreading faster than ever. The so-called malware surreptitiously takes over a PC and then uses that computer to spread more malware to other machines exponentially. Computer scientists and security researchers acknowledge they cannot get ahead of the onslaught.

Macintosh is mentioned, but GNU/Linux is not, so the piece isn't perfect, but it's a start.

05 December 2008

Misinformed about Malware

I was moaning recently about the appalling sloppiness when it comes to viruses et al.: they are practically all for Windows, and yet nobody mentions this fact. Here are two more egregious examples.

First:

Researchers at BitDefender have discovered a new type of malicious software that collects passwords for banking sites but targets only Firefox users.

The malware, which BitDefender dubbed "Trojan.PWS.ChromeInject.A" sits in Firefox's add-ons folder, said Viorel Canja, the head of BitDefender's lab. The malware runs when Firefox is started.

The malware uses JavaScript to identify more than 100 financial and money transfer Web sites, including Barclays, Wachovia, Bank of America, and PayPal along with two dozen or so Italian and Spanish banks. When it recognizes a Web site, it will collect logins and passwords, forwarding that information to a server in Russia.

Firefox has been continually gaining market share against main competitor Internet Explorer since its debut four years ago, which may be one reason why malware authors are looking for new avenues to infect computers, Canja said.

Bad, wicked Firefox, bad wicked open source...except that this trojan *only* works on Windows...which means it's bad wicked Windows, yet again. But the article never mentions this, of course.

Or take this:

BATTLEFIELD bandwidth is low at best, making networks sticky and e-mails tricky. American soldiers often rely on memory sticks to cart vital data between computers. Off-duty, they use the same devices to move around music and photos. The dangers of that have just become apparent with the news that the Pentagon has banned the use of all portable memory devices because of the spread of a bit of malicious software called agent.btz.

...


The most remarkable feature of the episode may not be the breach of security, but the cost of dealing with it. In the civilian world, at least one bank has dealt with agent.btz by blocking all its computers’ USB ports with glue. Every bit of portable memory in the sprawling American military establishment now needs to be scrubbed clean before it can be used again. In the meantime, soldiers will find it hard or outright impossible to share, say, vital digital maps, let alone synch their iPods or exchange pictures with their families.

And yes, you guessed it, it only works on Windows. So that bit about "[t]he most remarkable feature of the episode may not be the breach of security, but the cost of dealing with it" is really about the cost of using Windows - well, it's The Economist, what do you expect, accuracy? When will they ever learn?

05 November 2008

Another Reason Not to Run Windows

Windows malware on a computer running Ubuntu? Strange.

06 June 2007

Google Points Finger at Microsoft IIS

Interesting bit of shin-kicking here:

Web sites running Microsoft Corp.'s Web server software are twice as likely to be hosting malicious code as other Web sites, according to research from Google Inc.

Last month, Google's Anti-Malware team looked at 70,000 domains that were either distributing malware or hosting attack code. "Compared to our sample of servers across the Internet, Microsoft IIS features twice as often as a malware-distributing server," wrote Google's Nagendra Modadugu, in a Tuesday blog posting.

Together, IIS (Internet Information Services) and Apache servers host about 89 percent of all Web sites, but collectively they're responsible for 98 percent of all Web-based malware. Google actually found an equal number of Apache and IIS Web sites hosting malicious software, but because there are so many more sites hosted by Apache servers (66 percent versus Microsoft's 23 percent) malicious sites make up a much larger percentage of all IIS servers.

30 May 2007

IE Indeed

Sigh. Tell me again why people are still using Internet Explorer:

It turns out the link installs a malicious post logger that transmits all information submitted through Internet Explorer to a website controlled by the attackers.

After reverse engineering the rogue browser helper object that attaches itself to IE (the malware doesn't work on other browsers), Stewart says he was able to locate a site that stored detailed information on some 1,400 executives who fell for the scam.

When will they learn? (Via Mobile Open Source.)