Tag Archive for Malware

| September 8, 2011
Comments Off on Adobe Flash Still Full of Holes

Adobe Flash Still Full of Holes

Adobe Flash Still Full of Holes

I wrote about Adobe’s (ADBE) problem with writing secure software earlier. The problems still exists according to an article in Help Net Security. The article lays out claims by Google (GOOG) researcher Tavis Ormandy that he notified Adobe of some 400 holes in  Flash Player. According the the article, Adobe fell short on the latest Flash patch. In the article Mr. Ormandy claims that Adobe’s latest release of Flash:

  • Only patched 13 fixed holes in the application, failed to document other holes; and
  • Did not give credit to those that found the bugs using a technique called fuzzing to reveal the bugs.

the Google researchers wrote on their blog, “The initial run of the ongoing effort resulted in about 400 unique crash signatures, which were logged as 106 individual security bugs … each crash was treated as though it were potentially exploitable and addressed by Adobe. In the final analysis, the Flash Player update Adobe shipped earlier this week contained about 80 code changes to fix these bugs.”

Adobe Flash Still Full of Holes

Help Net Security notes that after an initial silence on the matter, Adobe told Computerworld, that Mr. Ormandy had reported some 80 bugs in Flash Player, but defended their decision to not list all the vulnerabilities in the released security bulletins by saying that it usually doesn’t reveal or mention vulnerabilities found internally – by them or their partners. Also, the question is whether all those 80 flaws would lead to an exploitable hole. It seems that Adobe believes that only holes get a CVE number.

Related articles

What do you think?

Is Flash still worth it?

View Results

Loading ... Loading ...

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers and anything else that catches his attention since 2005. You can follow him at LinkedInFacebook and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , ,
| September 6, 2011
One comment

Malware in Text

A team of security researchers has engineered a way of hiding malware in sentences that read like English language spam. The research led by Dr. Josh Mason of Johns Hopkins University along with Dr. Sam Small of Johns Hopkins, Dr. Fabian Monrose of the University of North Carolina, and Greg MacManus of iSIGHT Partners outlined the threat in a paper English Shellcode (PDF) presented at the 2009 ACM Conference on Computer and Communications Security. According to the UK’s Computing, the paper shows hackers could evade anti-virus protection by hiding malicious code in sentences that read like English language spam

alphanumeric shellcodeThe article says that attackers could develop a tool that would be the next step in the hacking and virus arms race. Hackers could hide alphanumeric shellcode in valid files which would activate the malicious payload of a code-injection attack. This attack vector could give attackers control of system resources, applications, and data on a compromised computer.

The researchers report they can generate English shellcode in less than one hour on standard PC hardware. The text in bold is the instruction set and the plain text is skipped. “There is a major center of economic activity, such as Star Trek, including The Ed Sullivan Show. The former Soviet Union. International organization participation.”

The good news, Dr. Mason said that the widespread use of this attack vector is limited because the alphanumeric character set is much smaller than the set of characters available in Unicode and UTF-8 encodings. This means that the set of instructions available for composing alphanumeric shellcode is relatively small. “There was really not a lot to suggest it could be done because of the restricted instruction set,” said Dr. Mason. Long strings of mostly capital letters, for example, would be very suspicious.

Computing claims the work is a breakthrough. Current network security techniques work on the assumption that the code used in code-injection attacks, where it is delivered and run on victims’ computers, has a different structure to non-executable plain data, such as English prose. If an attacker challenge’s the assumption that executable code structure is different from non-executable data malware would be almost impossible to detect.

Dr. Nicolas T Courtois, an expert in security and cryptology at University College London, said malware deployed in this way would be “hard, if not impossible, to detect reliably.” The research is a proof of concept, but Dr. Mason doubts any hackers are using the technique to disguise their code. “I’d be astounded if anyone is using this method in the real world owing to the amount of engineering it took to pull off,” he said. “A lot of people didn’t think it could be done.

Professor John Walker, managing director of forensics consultancy Secure-Bastion, argued the research highlights the flaws in the anti-virus community’s approach to security exploits. “There is no doubt in my mind that anti-virus software as we know it today has gone well past its sell-by date,” he said.

Related articles

rb-

Carly Fiorina

If this technology gets out in the wild, most experts believe that the current signature-based anti-malware products will miss the attack and leave us all defenseless. Sounds like something the chip makers should be working on. Is this why Intel bought McAfee?

What do you think?

Can the anti-malware industry adapt to new threats from attachers?

View Results

Loading ... Loading ...

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , ,
| August 2, 2011
2 comments

Jay Leno Most Dangerous Celebrity in Cyberspace

There are many late nights when I sit in the Bach Seat after a long day of coordinating shared technical services and need some silliness. Tonight Show funny-guy Jay Leno was my late-night source of silliness until BitDefender told me he is the Most Dangerous Celebrity in Cyberspace.

Jay Leno is BitDefenders 2011 Most Dangerous Celebrity in CyberspaceAccording to an analysis of 25 million spam messages by the Bucharest, Romania-based anti-malware firm, comedian and TV host Jay Leno is the most dangerous Hollywood celebrity in cyberspace. BitDefender found Mr. Leno mentioned in the subject line of 38,000 spam messages most of which focused around medicine and the purchasing of pills but come with enticing subjects such as ‘Jay Leno found taking drugs.’

“Cybercriminals follow the latest trends just as consumers do and they use these and the names of popular celebrities in their campaigns to lure people to websites that are full of malicious software (malware),” said Catalin Cosoi, Head of the BitDefender Online Threats Lab.

AfBitDefender logoter Mr. Leno, the article at InfosSec Island says that cybercriminals next most often used Madonna and Cameron Diaz to spread spam. (I noted Cameron Diaz’s reign as the McAfee “Most Dangerous Celebrity on the Web” here). The rest of the top 10 personalities used by spammers include:

Other notables on the list are:

Notable for their absence from the list are:

rb-

The use of celebrities to promote malware and spam is deeply rooted in social networking and Web 2.0. In 2009, Barracuda Networks identified a ‘Twitter crimewave’ on Twitter after popular celebrities joined the service to tweet to fans. Criminals followed the celebrities to the new service sensing a new population of easy-to-fool users, using a range of techniques including impersonation and simple link spamming to draw people to malware-infested websites. Facebook still has a major problem with celebrity abuse.

This may seem trivial because most firms have set up gateways to filter these spam-mails from hapless users’ inboxes. However, there are enough users that ignore the warnings and open spam-mails to make spamming on a vast scale worthwhile to the spammers.

Related articles

What do you think?

Who is your favorite late nigt host?

View Results

Loading ... Loading ...

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , , ,
| June 25, 2011
Comments Off on 40 Years of Malware – Part 2

40 Years of Malware – Part 2

40 Years of Malware - Part 22011 marks the 40th anniversary of the computer virus. Help Net Security notes that over the last four decades, malware instances have grown from 1,300 in 1990, to 50,000 in 2000, to over 200 million in 2010. Fortinet (FTNT) marks this dubious milestone with an article that counts down some of the malware evolution low-lights.

The Sunnyvale, CA network security firm says that viruses evolved from academic proof of concepts to geek pranks which have evolved into cybercriminal tools. By 2005, monetization of the virus scene was underway and almost all viruses developed for the sole purpose of making money via more or less complex business models. According to FortiGuard Labs, the most significant computer viruses over the last 40 years are:

See Part 1 Here – See Part 2 Here  – See Part 3 Here  – See Part 4 Here

1945 – A Bug is Born –  Grace Murray Hopper, a researcher at Harvard, notes a system failure and finds a moth trapped in relay panels.

1949 – Self-replicating programsJohn von Newman a researcher from Hungary published the theoretical base for computers that store information in their “memory”.

1962 – A group of Bell Telephone Labs researchers invents a game that destroys software programs.

1971 – The Creeper Virus appears on ARPANET, the forerunner of the Internet. It replicates itself and displays a message: “I’m the Creeper: Catch Me if You Can.”

1974 – The Wabbit – was a self-replicating program, that made multiple copies of itself on a computer until it bogs down the system to such an extent that system performance is reduced to zero and the computer eventually crashes. This virus was named wabbit because of the speed at which it was able to replicate.

Apple IIe1981 – Elk Cloner – the first widespread virus on the Apple (AAPL) II platform, spreads by the floppy disk and infects boot sectors, generating messages and impairing performance.

1983 –  The term “computer virus” comes into vogue after Professor Len Adleman at Lehigh University demonstrates the concept at a seminar.

1986 – The Brain is the first global epidemic on the PC platform and shows businesses and consumers are clueless about protection.

1987 – Jerusalem virus – On any Black Friday (Friday the 13th), it would delete any programs that were run, instead of infecting them, so it simply couldn’t be ignored,” Roger Thompson told News.com, Australia. “You couldn’t throw away your hard drive, and reformatting it didn’t remove the virus,” the chief research officer for AVG said.

BSD Daemon1988 – The Morris worm – created by Robert Tappan Morris, infects DEC VAX and Sun machines running BSD UNIX connected to the Internet and becomes the first worm to spread extensively “in the wild”, and one of the first well-known programs exploiting buffer overrun vulnerabilities.

1990 – Chameleon– the first documented polymorphic virus, malware that adapts and changes to avoid detection.

1992 – Michelangelo – was expected to create a digital apocalypse on March 6, with millions of computers having their information wiped according to mass media hysteria surrounding the virus.  Later assessments of the damage showed the aftermath to be minimal.

1995 –  Concept – the first Macro virus attacked Microsoft (MSFT) Word documents.

1996 – Laroux – the first Microsoft (MSFT) Excel virus, appears in the wild.

1999 – The Happy99 worm – invisibly attached itself to emails and would display fireworks to hide the changes being made then wished the user a happy New Year. It modified system files related to Microsoft (MSFT) Outlook Express and Internet Explorer (IE) on Windows 95 and Windows 98.

1999 – The Melissa worm targeted Microsoft (MSFT) Word and Outlook-based systems, and created considerable network traffic.

rb-

Back in the day, I had to deal with both Happy99 and Melissa, as well as the occasional Stoned. Melissa was the easiest to deal with since I was running a GroupWise shop at the time, once the news spread, we just pulled the Cat5 from the GWIA and we saw minimal blowback. Let’s hear it for technological diversity.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , , , , , , , , , ,
| May 23, 2011
Comments Off on 40 Years of Malware – Part 1

40 Years of Malware – Part 1

40 Years of Malware - Part 1Twenty-five years ago, two brothers in Pakistan came up with one of the greatest annoyances in the modern world. Basit and Amjad Farooq Alvi developed the first major personal computer malware “Brain” in 1986 at their Lahore, Pakistan computer shop. Brain spread eventually spread across the world,  one infected floppy disk at a time.

– See Part 1 Here – See Part 2 HereSee Part 3 HereSee Part 4 Here

Floppy diskBrain was the first of what became known as “stealth viruses.” Because most 1980s computers only had tiny internal hard drives or none at all, everything had to be run from floppy disks. Brain would bury itself in the part of the disk necessary for running programs and infect any computer it ran into. It would then sit in the computer’s memory and infect new disks inserted into that machine as well. While Brain was relatively harmless, it was the mother of all viruses, which spawned a host of malicious malware.

Robert Slade, a senior instructor at the International Information System Security Certification Consortium (ISC2) told News.Com, Australia:

… the virus itself spreads far and wide without any reference to the original media and programs they were selling … Because this was a boot sector infector, it just spread on to any floppy disk that had been put into an infected machine.

There has been a great deal of speculation about why the brothers created the virus. So on the 25th anniversary, F-Secure (FSC1V) researcher Mikko Hypponen, who was among the first to analyze Brain, decided to track down the Farooq brothers and ask them about their groundbreaking work. Mr. Hypponen originally reverse-engineered the virus and discovered a short block of text with the phone number and address of the place where it was created buried within Brain’s code.  Amazingly enough, the brothers are still working at their company, Brain Telecommunications, which is still headquartered at the same Pakistan address near Lahore Railway Station listed in the virus code.

During the interview, the brothers explained how and why they created Brain, adding that they wrote the code primarily as an experiment to see how far it could spread via floppy disk. The brothers, who are now successful businessmen in Lahore, were quick to point out that Brain wasn’t destructive, and explicitly distanced themselves from the more malicious viruses that have sprung up in the past quarter of a century. To the Farooqs, today’s malware is rooted in pure criminality — something they denounce, but don’t feel entirely responsible for spawning. As they pointed out, if they hadn’t created the world’s first PC virus, someone else surely would have.

 

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , ,
« Older Entries   Recent Entries »