Apr 18 2009

A Secure OS For the Dalai Lama?

Jamyang (Greg Walton) writes “I am editor of the Infowar Monitor and co-author of the recent report, Tracking Ghostnet. I have been asked by the Office of His Holiness, the Dalai Lama (OHHDL) and the Tibetan Government in Exile (TGIE) to offer some policy recommendations in light of the ongoing targeted malware attacks directed at the Tibetan community worldwide. Some of the recommendations are relatively straightforward. For example, I will suggest that OHHDL convene an international Board of Advisers, bringing together some of the brightest minds in computer and international security to advise the Tibetans, and that the new Tibetan university stands up a Certified Ethical Hacking course. However, one of the more controversial moves being actively debated by Tibetans on the Dharamsala IT Group [DITG] list, is a mass migration of the exile community (including the government) to Linux, particularly since all of the samples of targeted malware collected exploit vulnerabilities in Windows. I would be very interested to hear Slashdot readers opinions on this debate here.” (More below.)

Read more of this story at Slashdot.

Share

Apr 16 2009

Zombie Macs Launch DoS Attack

Cludge writes “ZDNet has a story (and several related articles) about how Symantec has discovered evidence of an all-Mac based botnet that is actively involved in a DOS attack. Apparently, security on the exploited Macs (call them iBots?) was compromised when unwary users bit-torrented pirated copies of iWork 09 and Photoshop CS4 that contained malware. From the article: ‘They describe this as the “first real attempt to create a Mac botnet” and notes that the zombie Macs are already being used for nefarious purposes.'”

Read more of this story at Slashdot.

Share

Apr 6 2009

Ad Block Plus Filter Maintainer "rick752" Dies At 56

A user on Reddit pointed out that Richard “rick752” Petnel, maintainer of one of the most popular filter lists for Ad Block Plus, has passed away at age 56. In an article last year Petnel described a bit of what he was up against in the ad world. “‘I’m playing against some pretty big players,’ he said, explaining his reluctance to step forward. ‘I don’t want to be harassed. . . . I don’t want to be bribed. I started it because I was frustrated with getting my computer infected from ads — malware and spyware and all that stuff,’ he said. ‘I kind of went overboard with it. But you have to admit, it’s pretty amazing, right?'” Update 15:05 GMT by SM: updated to reflect Rick’s status as maintainer of the most popular Ad Block Plus filter as opposed to Ad Block Plus itself.

Read more of this story at Slashdot.

Share

Apr 6 2009

Ad Block Plus Maintainer "rick752" Dies at 56

A user on Reddit pointed out that Richard “rick752” Petnel, maintainer of Ad Block Plus, has passed away at age 56. In an article last year Petnel described a bit of what he was up against in the ad world. “‘I’m playing against some pretty big players,’ he said, explaining his reluctance to step forward. ‘I don’t want to be harassed. . . . I don’t want to be bribed. I started it because I was frustrated with getting my computer infected from ads — malware and spyware and all that stuff,’ he said. ‘I kind of went overboard with it. But you have to admit, it’s pretty amazing, right?'”

Read more of this story at Slashdot.

Share

Apr 1 2009

Instant Messaging Vulnerable To New Smiley Attacks

titus writes “Security researchers Yoann Guillot and Julien Tinnes have found a way to encode malicious code into smileys and provided a proof of concept encoder to automate the process. The researchers said their discovery paves the way for IM malware that would be impossible to detect since the malicious code would be ‘indistinguishable from genuine chat messages.’ I’ve tested the proof of concept code which works very well. Time to panic?”

Read more of this story at Slashdot.

Share

Mar 28 2009

Vast Electronic Spying Operation Discovered

homesalad writes “Researchers in Toronto have discovered a huge international electronic spying operation that they are calling ‘GhostNet.’ So far it has infiltrated government and corporate offices in 103 countries, including the office of the Dalai Lama (who originally went to the researchers for help analyzing a suspected infiltration). The operation appears to be based in China, and the information gained has been used to interfere with the actions of the Dalai Lama and to thwart individuals seeking to help Tibetan exiles. The researchers found no evidence of infiltration of US government computers, although machines at the Indian embassy were compromised. Here is he researchers’ summary; a full report, ‘Tracking “GhostNet”: Investigating a Cyber Espionage Network’ will be issued this weekend.” A separate academic group in the UK that helped with the research is issuing its own report, expected to be available on March 29. Here is the abstract. They seem to be putting more stress on the “social malware” nature of the attack and ways to mitigate such techniques.

Read more of this story at Slashdot.

Share

Mar 27 2009

Linux : Psyb0t Attacks Linux Routers (Update)

Already in January Australian Terry Baume had written a short paper describing the psyb0t malware that was beginning to crop up in Linux systems. Most of these are DSL routers, in that they allow a greater level of stealth because they are online longer than individual PCs.

Share

Mar 25 2009

Apple Mac malware: caught on camera

Pob in our analysis labs blogged earlier this week about a new variant of the RSPlug Trojan horse for Mac OS X that he had written protection against. One of the ways in which the OSX/RSPlug-F Mac Trojan horse is being distributed by hackers is in the form of a poisoned HDTV/DTV program called MacCinema.

Share

Mar 23 2009

Researchers Demo BIOS Attack That Survives Disk Wipes

suraj.sun writes “A pair of Argentinian researchers have found a way to perform unveil a BIOS level malware attack capable of surviving even a hard-disk wipe. Alfredo Ortega and Anibal Sacco from Core Security Technologies — used the stage at last week’s CanSecWest conference to demonstrate methods for infecting the BIOS with persistent code that will survive reboots and re-flashing attempts. The technique includes patching the BIOS with a small bit of code that gave them complete control of the machine. The demo ran smoothly on a Windows machine, a PC running OpenBSD and another running VMware Player.”

Read more of this story at Slashdot.

Share

Mar 19 2009

Microsoft Releases Final IE8

Microsoft plans to make its Internet Explorer 8 browser available on Thursday, along with a company-commissioned report claiming IE8 is more secure against malware than rival browsers from Mozilla and Google.

Share