Tag Archive for MSFT

| October 6, 2011
Comments Off on 40 Years of Malware – Part 3

40 Years of Malware – Part 3

40 Years of Malware - Part 32011 marks the 40th anniversary of the computer virus. Help Net Security notes that over the last four decades, malware instances have grown from 1,300 in 1990, to 50,000 in 2000, to over 200 million in 2010. Fortinet (FTNT) marks this dubious milestone with an article that counts down some of the malware evolution low-lights.

The Sunnyvale, CA network security firm says that viruses evolved from academic proof of concepts to geek pranks which have evolved into cybercriminal tools. By 2005, the virus scene had been monetized, and almost all viruses developed for the sole purpose of making money via more or less complex business models. According to FortiGuard Labs, the most significant computer viruses over the last 40 years are:

See Part 1 HereSee Part 2 Here – See Part 3 Here  – See Part 4 Here

Code Red Worm2001 – E-mail and the Internet become primary transmission vectors for malware by 2001 as scripts automatically load viruses from infected Websites. The Code Red worm targeted Web servers and not users. By exploiting a vulnerability in Microsoft IIS servers Code Red automatically spread to nearly 400,000 servers in less than one week. The Code red worm replaced the homepage of the compromised websites with a “Hacked By Chinese!” page.  Code Red had a distinguishing feature designed to flood the White House Website with traffic (from the infected servers), probably making it the first case of documented ‘hacktivism’ on a large scale.

Shortly after the September 11 attacks, the Nimda worm (admin spelled backward) infected hundreds of thousands of computers worldwide. Nimda is one of the most complicated viruses, having many different methods of infecting computers systems and duplicating itself.

Microsoft SQL Server2003 – Widespread Internet attacks emerge as SQL Slammer (or Sapphire) infects the memory in servers worldwide, clogging networks and causing shutdowns. on January 25, 2003, Slammer first appeared as a single-packet, 376-byte worm that generated random IP addresses and sent itself to those IP addresses. If the IP address was a computer running an unpatched copy of Microsoft’s (MSFT) SQL Server Desktop Engine, that computer would immediately begin firing the virus off to random IP addresses. Slammer was remarkably effective at spreading, it infected 75,000 computers in 10 minutes. The explosion of traffic overloaded routers across the globe, which created higher demands on other routers, which shut them down, and so on.

The summer of 2003 saw the release of both the Blaster and Sobig worms. Blaster (aka Lovsan or MSBlast) was the first to hit. The worm was detected on August 11 and spread rapidly, peaking in just two days. Transmitted via network and Internet traffic, this worm exploited a vulnerability in Windows 2000 and Windows XP, and when activated, presented the PC user with a menacing dialog box indicating that a system shutdown was imminent.

The Sobig worm hit right on the heels of Blaster. The most destructive variant was Sobig.F, which generated over 1 million copies of itself in its first 24 hours. The worm infected host computers via e-mail attachments such as application.pif and thank_you.pif. When activated, the worm transmitted itself to e-mail addresses discovered on a host of local file types. The result was massive amounts of Internet traffic. Microsoft has announced a $250,000 bounty for anyone who identifies Sobig.F’s author, but to date, the perpetrator has not been caught.

Sasser shutdown2004 – The Sasser worm built on the autonomous nature of Code Red. It spread without anyone’s help by exploiting a vulnerability in Microsoft Windows XP and Windows 2000 operating systems called the Local Security Authority Subsystem Service or LSASS. Microsoft Security Bulletin MS04-011 here. This is the first widespread Windows malware, made even more annoying by a bug in the worm’s code, that turned infected systems off every couple of minutes.

This is the first time that systems whose function isn’t normally related to the Internet (and that mostly existed before the Internet) were severely affected. Sasser infected more than one million systems. The damage amount is thought to be more than $18 billion.

Bagle was first detected in 2004, it infected users through an email attachment, and used email to spread itself. Unlike earlier mass-mailing viruses, Bagle did not rely on the MS Outlook contact list rather it harvested email addresses from various document files stored in the infected computer to attack. Bagle opened a backdoor where a hacker could gain access and control of the infected computer. Through the backdoor, the attacker could download more components to either spy and steal information from the user or launch DDoS attacks.

MyDoom is another mass-mailing worm discovered in 2004. It spread primarily through email but it also attacked computers by infecting programs stored in the shared folder of the Peer-to-Peer software KaZaA. MyDoom slowed down global Internet access by ten percent and caused some website access to be reduced by 50 percent. It is estimated that during the first few days, one out of ten email messages sent contained the virus.

2005 – In 2005 Sony BMG introduced secret DRM software to report music copying; Other rootkits appear, providing hidden access to systems.

MyTob appeared in 2005 and was one of the first worms to combine a botnet and a mass-mailer. MyTob marks the emergence of cybercrime. The cybercriminals developed business models to “monetize” botnets that installed spyware, sent spam, hosted illegal content, and intercepted banking credentials, etc. The revenue generated from these new botnets quickly reached billions of dollars per year today.

rb-

By 2005 cybercriminals are starting to put all the parts together, Slammer proves that Microsoft systems can be used to spread attacks, Blaster and SoBig improved the infection rate, Bagel began to mine the targets for data and install backdoors so the attackers could continue to re-use the victims’ systems. MyDoom stated to use the first social network, the P2P networks for attacks. Sony proved that rootkits could be widely distributed and MyTob was the first of the modern botnet, leading the world into today’s monetized cybercrime age, described in part 4.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , , , , , , ,
| September 20, 2011
2 comments

Super-Fi OK’d by IEEE

Super-Fi OK'd by IEEEI usually don’t have a problem getting a wireless signal where in my Bach Seat. However, there are some areas where I coordinate technical services that don’t get wired or wireless Internet. In these rural areas, where AT&T (T), Verizon (VZ), Sprint Nextel (S), and Comcast (CMCSA) and their fellow travelers fear to tread because they can’t make a buck in these areas, some help may be on the way from the IEEE.

IEEE logoIn 2009, the Institute of Electrical and Electronics Engineers (IEEE) started the development of IEEE standard 802.22, which addressed the need for broadband wireless access in rural areas, those where it is not economical to deploy a wired infrastructure. In July 2011, the IEEE announced that it has published the standard titled: “IEEE 802.22-2011 Standard for Wireless Regional Area Networks in TV Whitespaces” (PDF).

The IEEE press release states: “This new standard for Wireless Regional Area Networks (WRANs) takes advantage of the favorable transmission characteristics of the VHF and UHF TV bands to provide broadband wireless access over a large area up to 100 km (60 miles) from the transmitter. Each WRAN will deliver up to 22 Mbps per channel without interfering with reception of existing TV broadcast stations, using the so-called white spaces between the occupied TV channels.”That part of the spectrum, known as white spaces, sits between broadcast TV channels and will become available when broadcast TV stations switch from analog to digital in 2009.

VHF and UHF TV bands to provide broadband wireless accessThe White Space Coalition led by Microsoft (MSFT), Google (GOOG), Dell (DELL), and other tech titans strongly support the use of the white spaces in the U.S., going up against strong opposition lead by Michigan’s own John Dingell and big media like the NFL, MLB, NASCAR, NBA, NHL, NCAA, PGA Tour and ESPN who say unlicensed devices in the TV bands would interfere with their signals.IEEE 802.22 reportedly will not interfere with TV broadcasts, because it incorporates advanced cognitive radio capabilities including:

rb-

I met Mr. Dingell about a dozen years ago, at a school to encourage the politician to support schools when the USF started the eRate program for schools. I recall Mr. Dingell telling me he could not support eRate because he did not trust the FCC to get it right. At least he is consistent.

I believe there is a very good chance this technology will never be a commercial success. The wireless carriers will squash this technology like they have squashed municipal wi-fi and community fiber networks. The improved speeds and coverage areas are a threat to their limited 4G coverage and they would lose out on their monthly pound of flesh capped rate-limited data plan.

It will be up to us in the public sector to implement this technology for our clients.

What do you think?

Will Super-Fi ever see the light of day?

View Results

Loading ... Loading ...

Related articles:

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , , , , ,
| September 6, 2011
One comment

Malware in Text

A team of security researchers has engineered a way of hiding malware in sentences that read like English language spam. The research led by Dr. Josh Mason of Johns Hopkins University along with Dr. Sam Small of Johns Hopkins, Dr. Fabian Monrose of the University of North Carolina, and Greg MacManus of iSIGHT Partners outlined the threat in a paper English Shellcode (PDF) presented at the 2009 ACM Conference on Computer and Communications Security. According to the UK’s Computing, the paper shows hackers could evade anti-virus protection by hiding malicious code in sentences that read like English language spam

alphanumeric shellcodeThe article says that attackers could develop a tool that would be the next step in the hacking and virus arms race. Hackers could hide alphanumeric shellcode in valid files which would activate the malicious payload of a code-injection attack. This attack vector could give attackers control of system resources, applications, and data on a compromised computer.

The researchers report they can generate English shellcode in less than one hour on standard PC hardware. The text in bold is the instruction set and the plain text is skipped. “There is a major center of economic activity, such as Star Trek, including The Ed Sullivan Show. The former Soviet Union. International organization participation.”

The good news, Dr. Mason said that the widespread use of this attack vector is limited because the alphanumeric character set is much smaller than the set of characters available in Unicode and UTF-8 encodings. This means that the set of instructions available for composing alphanumeric shellcode is relatively small. “There was really not a lot to suggest it could be done because of the restricted instruction set,” said Dr. Mason. Long strings of mostly capital letters, for example, would be very suspicious.

Computing claims the work is a breakthrough. Current network security techniques work on the assumption that the code used in code-injection attacks, where it is delivered and run on victims’ computers, has a different structure to non-executable plain data, such as English prose. If an attacker challenge’s the assumption that executable code structure is different from non-executable data malware would be almost impossible to detect.

Dr. Nicolas T Courtois, an expert in security and cryptology at University College London, said malware deployed in this way would be “hard, if not impossible, to detect reliably.” The research is a proof of concept, but Dr. Mason doubts any hackers are using the technique to disguise their code. “I’d be astounded if anyone is using this method in the real world owing to the amount of engineering it took to pull off,” he said. “A lot of people didn’t think it could be done.

Professor John Walker, managing director of forensics consultancy Secure-Bastion, argued the research highlights the flaws in the anti-virus community’s approach to security exploits. “There is no doubt in my mind that anti-virus software as we know it today has gone well past its sell-by date,” he said.

Related articles

rb-

Carly Fiorina

If this technology gets out in the wild, most experts believe that the current signature-based anti-malware products will miss the attack and leave us all defenseless. Sounds like something the chip makers should be working on. Is this why Intel bought McAfee?

What do you think?

Can the anti-malware industry adapt to new threats from attachers?

View Results

Loading ... Loading ...

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , ,
| September 1, 2011
Comments Off on Mobile Patent Warfare

Mobile Patent Warfare

Mobile Patent WarfareOne of the hobbies i have taken up is patent troll watching. Thanks to Flowing Data for pointing out work by Mike Bostock which visualizes the data of who is suing who in the mobile patent warfare battles. To see a live version of this data network go to the bl.ocks.org website here.

Moblie patent suits

Apple ComputersThe data on this chart indicates that Apple is at the heart of mobile patent warfare. Apple (AAPL) has been involved in 9 patent lawsuits. Other prodigious mobile patent litigators include Microsoft (MSFT) with 8 lawsuits, Kodak (KODK) with 7 suits, and newly created Google (GOOG)/Motorola union is involved in 5 mobile patent warfare skirmishes.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , ,
| August 25, 2011
One comment

Facebook Violates EU Privacy Rules

The Facebook Violates EU Privacy RulesFacebook facial recognition application “Tag Suggestions” violates European Union (EU) and German data protection law according to German regulators. The social network must stop the program for Germans and delete all data already collected on German users or face fines up to €300,000 ($430,560), says Johannes Caspar, head of the Hamburg Data Protection Authority, reports eBrandz.com.

Facebook logoMr. Casper notified the Palo Alto, CA firm that the company’s facial recognition application which is active by default amounts to unauthorized data collection on individuals. Mr. Caspar gave Facebook two weeks to respond. “Should Facebook plans to continue the function, it must ensure that only data from persons who have granted their approval to the storage of their biometric facial profiles be stored in the database,” he said.

The software offered the potential for “considerable abuse” and was illegal. “If the users’ data lands into the wrong hands, it would be possible to compare and identify anybody captured in a photo taken with a mobile phone,” Mr. Caspar told the Hamburger Abenblatt newspaper.

Facebook facial recognition applicationThe Facebook application tries to find faces on uploaded photos according to physical features and automatically saves them, creating “the world’s largest database of biometric features,” according to Bloomberg. The program attempts to compare data captured in a picture with the trove of data it has already collected from its hundreds of millions of users.

Users can opt-out of the automatic tagging, but Facebook can still gather and store (indefinitely) all photos added to the site. “This is what is most troublesome. The program feeds off a stock of data designed to physically identify millions of users,” Mr. Casper said.

The legal situation is clear in my opinion,” Caspar told the newspaper that such a system could be exploited by undemocratic governments to spy on the opposition or by security services around the world. “The right to anonymity is in danger,” he said.

could be exploited by security services around the world.The German federal consumer protection ministry backs Mr. Casper. “We expect Facebook to comply with all European and German data protection standards and for it to respond to the request from the Hamburg regional data protection officer,” said a spokeswoman.

As expected Facebook denies any wrongdoing and responded, “We will consider the points the Hamburg Data Protection Authority have made about the ‘photo tag suggest’ feature, but “firmly rejected any accusations that we are not complying with our obligations to European Union data protection laws” reports eBrandz.

American web 2.0 companies have often had problems in Germany which takes online privacy much more seriously than the US. Bloomberg says German privacy laws restrict photographs of people and property except in public places without a person’s consent. These policies have also caught Microsoft’s (MSFT) Bing Maps Streetside service and Google’s (GOOG) Streetview ran afoul Germany’s privacy laws.

rb-

Facebook users should have noticed the automatic tagging application, which finds your friends when you upload photos. Like with many Facebook “features” it is, in my opinion intentionally hard for the average user to switch off – and is on by default.

In the US, privacy is a joke.  I have covered firms like Rapleaf several times here and here. In Germany, their history drives them to take privacy seriously. They are rightfully suspicious of large collections of personal data that can be turned over to the State and used to categorize people. Facebook has over 750 million users, most of which don’t care about their privacy and help Facebook build the world’s largest biometric database. It makes you wonder how many three-letter agencies already own the Facebook biometric database.

What do you think?

Do the spooks already have the Facebook biometric database?

View Results

Loading ... Loading ...

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Social Networking | Tags: , , , , , , , , ,
« Older Entries   Recent Entries »