jm + malware   30

The World Is Getting Hacked. Why Don’t We Do More to Stop It? - The New York Times
Zeynep Tufekci is (as usual!) on the money with this op-ed. I strongly agree with the following:
First, companies like Microsoft should discard the idea that they can abandon people using older software. The money they made from these customers hasn’t expired; neither has their responsibility to fix defects. Besides, Microsoft is sitting on a cash hoard estimated at more than $100 billion (the result of how little tax modern corporations pay and how profitable it is to sell a dominant operating system under monopolistic dynamics with no liability for defects).

At a minimum, Microsoft clearly should have provided the critical update in March to all its users, not just those paying extra. Indeed, “pay extra money to us or we will withhold critical security updates” can be seen as its own form of ransomware. In its defense, Microsoft probably could point out that its operating systems have come a long way in security since Windows XP, and it has spent a lot of money updating old software, even above industry norms. However, industry norms are lousy to horrible, and it is reasonable to expect a company with a dominant market position, that made so much money selling software that runs critical infrastructure, to do more.

Microsoft should spend more of that $100 billion to help institutions and users upgrade to newer software, especially those who run essential services on it. This has to be through a system that incentivizes institutions and people to upgrade to more secure systems and does not force choosing between privacy and security. Security updates should only update security, and everything else should be optional and unbundled.

More on this twitter thread: https://twitter.com/zeynep/status/863734133188681732
security  microsoft  upgrades  windows  windows-xp  zeynep-tufekci  worms  viruses  malware  updates  software 
11 days ago by jm
the Wire-Wire fraud
'Researchers learn about wire-fraud scam after Nigerian scammers infect themselves with their own malware.'
The researchers observed Wire-Wire scores of $5,000 to $250,000 with the average between $30,000-$50,000 from small- and medium-sized businesses. The scammers themselves were "well-respected and admired" in their communities.


I've heard about this scam -- it's nasty, and worst of all, banks won't reimburse the losses.
scams  fraud  wire-wire  nigeria  malware  banking 
august 2016 by jm
Malware infecting jailbroken iPhones stole 225,000 Apple account logins | Ars Technica

KeyRaider, as the malware family has been dubbed, is distributed through a third-party repository of Cydia, which markets itself as an alternative to Apple's official App Store. Malicious code surreptitiously included with Cydia apps is creating problems for people in China and at least 17 other countries, including France, Russia, Japan, and the UK. Not only has it pilfered account data for 225,941 Apple accounts, it has also disabled some infected phones until users pay a ransom, and it has made unauthorized charges against some victims' accounts.


Ouch. Not a good sign for Cydia
cydia  apple  security  exploits  jailbreaking  ios  iphone  malware  keyraider  china 
september 2015 by jm
AV vendors still relying on MD5 to identify malware
oh dear. I can see how this happened -- in many cases they may not still have samples to derive new sums from :(
md5  hashing  antivirus  malware  security  via:fanf  bugs 
june 2015 by jm
5% of Google visitors have ad-injecting malware installed
Ad injectors were detected on all operating systems (Mac and Windows), and web browsers (Chrome, Firefox, IE) that were included in our test. More than 5% of people visiting Google sites have at least one ad injector installed. Within that group, half have at least two injectors installed and nearly one-third have at least four installed.


via Nelson.
via:nelson  ads  google  chrome  ad-injectors  malware  scummy 
april 2015 by jm
How “omnipotent” hackers tied to NSA hid for 14 years—and were found at last
'"Equation Group" ran the most advanced hacking operation ever uncovered.' Mad stuff. The security industry totally failed here
nsa  privacy  security  surveillance  hacking  keyloggers  malware 
february 2015 by jm
Operation Socialist: How GCHQ Spies Hacked Belgium’s Largest Telco
Chilling.
GCHQ maintains a huge repository named MUTANT BROTH that stores billions of these intercepted cookies, which it uses to correlate with IP addresses to determine the identity of a person. GCHQ refers to cookies internally as “target detection identifiers.”
privacy  gchq  surveillance  belgacom  regin  uk  spying  belgium  isps  cookies  malware 
december 2014 by jm
Wired on "Regin"
The researchers have no doubt that Regin is a nation-state tool and are calling it the most sophisticated espionage machine uncovered to date—more complex even than the massive Flame platform, uncovered by Kaspersky and Symantec in 2012 and crafted by the same team who created Stuxnet.

“In the world of malware threats, only a few rare examples can truly be considered groundbreaking and almost peerless,” writes Symantec in its report about Regin.

Though no one is willing to speculate on the record about Regin’s source, news reports about the Belgacom and Quisquater hacks pointed a finger at GCHQ and the NSA. Kaspersky confirms that Quisqater was infected with Regin, and other researchers familiar with the Belgacom attack have told WIRED that the description of Regin fits the malware that targeted the telecom, though the malicious files used in that attack were given a different name, based on something investigators found inside the platform’s main file.
regin  malware  security  hacking  exploits  nsa  gchq  symantec  espionage 
november 2014 by jm
The boss has malware, again... : talesfromtechsupport
Finally after all traditional means of infection were covered; IT started looking into other possibilities. They finally asked the Executive, “Have there been any changes in your life recently”? The executive answer “Well yes, I quit smoking two weeks ago and switched to e-cigarettes”. And that was the answer they were looking for, the made in china e-cigarette had malware hard coded into the charger and when plugged into a computer’s USB port the malware phoned home and infected the system. Moral of the story is have you ever question the legitimacy of the $5 dollar EBay made in China USB item that you just plugged into your computer? Because you should, you damn well should.


(Via Elliot)
via:elliot  malware  e-cigarettes  cigarettes  smoking  china  risks 
november 2014 by jm
UK police to investigate alleged Bahraini hacking of exiles’ computers
Criminal complaints have been filed in the UK against Gamma "acting as an accessory to Bahrain's illegal targeting of activists" using the FinFisher spyware
finfisher  spyware  malware  gamma  bahrain  law  surveillance  privacy  germany  hacking 
october 2014 by jm
All at sea: global shipping fleet exposed to hacking threat | Reuters
Hackers recently shut down a floating oil rig by tilting it, while another rig was so riddled with computer malware that it took 19 days to make it seaworthy again; Somali pirates help choose their targets by viewing navigational data online, prompting ships to either turn off their navigational devices, or fake the data so it looks like they're somewhere else; and hackers infiltrated computers connected to the Belgian port of Antwerp, located specific containers, made off with their smuggled drugs and deleted the records.


(via Mikko Hypponen)
via:mikko  security  hacking  oilrigs  shipping  ships  maritime  antwerp  piracy  malware 
april 2014 by jm
How the NSA Plans to Infect 'Millions' of Computers with Malware - The Intercept
The implants being deployed were once reserved for a few hundred hard-to-reach targets, whose communications could not be monitored through traditional wiretaps. But the documents analyzed by The Intercept show how the NSA has aggressively accelerated its hacking initiatives in the past decade by computerizing some processes previously handled by humans. The automated system – codenamed TURBINE – is designed to “allow the current implant network to scale to large size (millions of implants) by creating a system that does automated control implants by groups instead of individually.” In a top-secret presentation, dated August 2009, the NSA describes a pre-programmed part of the covert infrastructure called the “Expert System,” which is designed to operate “like the brain.”


Great. Automated malware deployment to millions of random victims. See also the "I hunt sysadmins" section further down...
malware  gchq  nsa  oversight  infection  expert-systems  turbine  false-positives  the-intercept  surveillance 
march 2014 by jm
Target Hackers Broke in Via HVAC Company
Avivah Litan, a fraud analyst with Gartner Inc., said that although the current PCI standard does not require organizations to maintain separate networks for payment and non-payment operations (page 7), it does require merchants to incorporate two-factor authentication for remote network access originating from outside the network by personnel and all third parties.


Target shared the same network for outside contractor access and the critical POS devices. fail. (via Joe Feise)
via:joe-feise  hvac  contractors  fraud  malware  2fa  security  networking  payment  pci 
february 2014 by jm
Full iSight report on the Kaptoxa attack on Target
'POS malware is becoming increasingly available to cyber criminals' ... 'there is growing demand for [this kind of malware]'. Watch your credit cards...
debit-cards  credit-cards  security  card-present  attacks  kaptoxa  ram-scrapers  trojans  point-of-sale  pos  malware  target 
january 2014 by jm
Russia: Hidden chips 'launch malware attacks from irons'
Cyber criminals are planting chips in electric irons and kettles to launch spam [jm: actually, malware] attacks, reports in Russia suggest. State-owned channel Rossiya 24 even showed footage of a technician opening up an iron included in a batch of Chinese imports to find a "spy chip" with what he called "a little microphone". Its correspondent said the hidden devices were mostly being used to spread viruses, by connecting to any computer within a 200m (656ft) radius which were using unprotected Wi-Fi networks. Other products found to have rogue components reportedly included mobile phones and car dashboard cameras.
wifi  viruses  spam  malware  security  russia  china  toasters  kettles  appliances 
october 2013 by jm
FBI Admits It Controlled Tor Servers Behind Mass Malware Attack
The code’s behavior, and the command-and-control server’s Virginia placement, is also consistent with what’s known about the FBI’s “computer and internet protocol address verifier,” or CIPAV, the law enforcement spyware first reported by WIRED in 2007. Court documents and FBI files released under the FOIA have described the CIPAV as software the FBI can deliver through a browser exploit to gather information from the target’s machine and send it to an FBI server in Virginia. The FBI has been using the CIPAV since 2002 against hackers, online sexual predators, extortionists, and others, primarily to identify suspects who are disguising their location using proxy servers or anonymity services, like Tor.

Prior to the Freedom Hosting attack, the code had been used sparingly, which kept it from leaking out and being analyzed.
cipav  fbi  tor  malware  spyware  security  wired 
september 2013 by jm
Secret Bitcoin mining code added to game sparks outrage
Thunberg's admission that [the E-Sports Entertainment Association client software] ran Bitcoin-mining software without explicit user consent is startling. Aside from potentially opening the company up to huge legal liability, the move is likely to engender distrust among some of the company's most loyal fans. The nonchalance of some of Thunberg's comments may only add insult to the betrayal many users are likely to feel.

"But for the record, I told jag he shouldn't be lazy and run the miner in a separate process," he wrote in a post, referring to one of his software engineers with the screen name Jaguar, who didn't take steps to conceal the Bitcoin miner. "Rookie move." In the later post he wrote: "100% of the funds are going into the s14 prize pot, so at the very least your melted gpus contributed to a good cause."
bitcoin  abuse  games  malware  esea  gpus 
may 2013 by jm
Romania believes rival nation behind MiniDuke cyber attack | Reuters
"It is a cyber attack ... pursued by an entity that has the characteristics of a state actor," [Romanian secret service] SRI spokesman Sorin Sava told Reuters [...]. "Our estimations show the attack is certainly relevant to Romania's national security taking into account the profile of the compromised entities." [...]

In this case, computer experts say an attacker from the former Soviet Union could be more likely. "MiniDuke" in some ways resembles a banking fraud Trojan dubbed "TinBa" believed to have been created by Russian criminal hackers.
ireland  malware  attacks  pdf  security  espionage  romania  miniduke 
march 2013 by jm
The MiniDuke Mystery: PDF 0-day Government Spy Assembler 0x29A Micro Backdoor - Securelist
By analysing the logs from the command servers, we have observed 59 unique victims in 23 countries: Belgium, Brazil, Bulgaria, Czech Republic, Georgia, Germany, Hungary, Ireland, Israel, Japan, Latvia, Lebanon, Lithuania, Montenegro, Portugal, Romania, Russian Federation, Slovenia, Spain, Turkey, Ukraine, United Kingdom and United States.
miniduke  pdf  malware  attacks  ireland  espionage 
march 2013 by jm
Irish government attacked using 'MiniDuke' PDF malware
although I haven't seen a word of it in the Irish media yet -- wonder if the government have noticed?
Cyber criminals have targeted government officials in more than 20 countries, including Ireland and Romania, in a complex online assault seen rarely since the turn of the millennium. The attack, dubbed "MiniDuke" by researchers, has infected government computers as recently as this week in an attempt to steal geopolitical intelligence, according to security experts.
ireland  malware  attacks  pdf  security  espionage  romania  miniduke 
march 2013 by jm
Bit9's whitelisting keys stolen
Black hats steal code-signing keys from software whitelisting anti-malware firm. Pretty audacious
malware  security  whitelisting  av 
february 2013 by jm
A Closer Look: Email-Based Malware Attacks
'The average detection rate for these samples was 24.47 percent, while the median detection rate was just 19 percent.' That is *atrocious*. (via Tony Finch)
via:fanf  fail  malware  filtering  av  smtp  email  viruses 
june 2012 by jm
Analyzing Flame's MD5 Collision Attack [slides, PDF]
really detailed slide deck by Alex Sotirov, Co-Founder and Chief Scientist, Trail of Bits, Inc. (via Tony Finch) Plenty of security fail by MS, and also: PKI is clearly too hard
via:fanf  flame  security  malware  md5  collisions  hashing  pki  tls  ssl  microsoft 
june 2012 by jm
The Cybercrime Wave That Wasn’t - NYTimes.com
MSFT researchers discover fundamental scientific failures in almost all data on cybercrime/spam/malware damages. 'In numeric surveys, errors are almost always upward: since the amounts of estimated losses must be positive, there’s no limit on the upside, but zero is a hard limit on the downside. As a consequence, respondent errors -- or outright lies -- cannot be canceled out. Even worse, errors get amplified when researchers scale between the survey group and the overall population. [...] The cybercrime surveys we have examined exhibit exactly this pattern of enormous, unverified outliers dominating the data. In some, 90 percent of the estimate appears to come from the answers of one or two individuals. In a 2006 survey of identity theft by the FTC, two respondents gave answers that would have added $37 billion to the estimate, dwarfing that of all other respondents combined.' my opinion: this is what happens when PR drives the surveys -- numbers tend to inflate to make headlines
fail  science  pr  press  cybercrime  ms  via:mark-russinovitch  data  surveys  spam  malware  viruses  phishing 
april 2012 by jm
Israeli general claims Stuxnet attacks as one of his successes
'Haaretz reports [on a] video that was played at a party organized for General Gabi Ashkenazi's last day on the job. The video contained references to the successes he achieved during his stint as chief of staff, [including] the Stuxnet worm attack on Iran's uranium enrichment facility at Natanz and and the nuclear reactor at Bushehr.'
israel  iran  stuxnet  cyberwar  via:slashdot  malware  from delicious
february 2011 by jm
Stuxnet is embarrassing, not amazing « root labs rdist
interesting post from Nate Lawson -- he suggests that Stuxnet could have been much better in payload obfuscation, had the authors studied the state of the art in malware implementation.  I'm not convinced, however; as Halvar Flake suggests, KISS applies
kiss  stuxnet  security  malware  obfuscation  siemens  from delicious
january 2011 by jm
Schneier on Security: Internet Worm Targets SCADA
'Stuxnet is a new Internet worm that specifically targets Siemens WinCC SCADA systems: used to control production at industrial plants such as oil rigs, refineries, electronics production, and so on. The worm seems to uploads plant info (schematics and production information) to an external website. Moreover, owners of these SCADA systems cannot change the default password because it would cause the software to break down.'
wow  malware  worms  passwords  security  schneier  policies  defaults  from delicious
july 2010 by jm
Signature-based AV is failing
on average across the AV industry, 40% block rates just after 0-hour of a new malware sample, rising to 60% after 5 days. sounds like the AV industry is losing, if this chart is valid. (via Terry Zink)
via:tzink  malware  av  fail  accuracy  detection  false-negatives  scanners  viruses  from delicious
june 2010 by jm
Security Fix - Clampi Trojan: The Rise of Matryoshka Malware
'[Joe] Stewart said the sophistication and stealth of this malware strain has become so bad that it's time for Windows users to start thinking of doing their banking and other sensitive transactions on a dedicated system that is not used for everyday Web surfing.' it's that bad
joe-stewart  secureworks  malware  reverse-engineering  clampi  trojans  banking  security  danger  risks  windows  microsoft  fraud 
august 2009 by jm

related tags

2fa  abuse  accuracy  ad-injectors  ads  antivirus  antwerp  apple  appliances  attacks  av  bahrain  banking  belgacom  belgium  bitcoin  bugs  card-present  china  chrome  cigarettes  cipav  clampi  collisions  contractors  cookies  credit-cards  cybercrime  cyberwar  cydia  danger  data  debit-cards  defaults  detection  e-cigarettes  email  esea  espionage  expert-systems  exploits  fail  false-negatives  false-positives  fbi  filtering  finfisher  flame  fraud  games  gamma  gchq  germany  google  gpus  hacking  hashing  hvac  infection  ios  iphone  iran  ireland  isps  israel  jailbreaking  joe-stewart  kaptoxa  kaspersky  kettles  keyloggers  keyraider  kiss  law  malware  maritime  md5  microsoft  miniduke  ms  networking  nigeria  nsa  obfuscation  oilrigs  oversight  passwords  payment  pci  pdf  phishing  piracy  pki  point-of-sale  policies  pos  pr  press  privacy  ram-scrapers  regin  reverse-engineering  risks  romania  russia  scams  scanners  schneier  science  scummy  secureworks  security  shipping  ships  siemens  smoking  smtp  software  spam  spying  spyware  ssl  stuxnet  surveillance  surveys  symantec  target  the-intercept  tls  toasters  tor  trojans  turbine  uk  updates  upgrades  via:elliot  via:fanf  via:joe-feise  via:mark-russinovitch  via:mikko  via:nelson  via:slashdot  via:tzink  virus  viruses  whitelisting  wifi  windows  windows-xp  wire-wire  wired  worms  wow  zeynep-tufekci 

Copy this bookmark:



description:


tags: