07/28/2011

Happy 30th Birthday MS-DOS



Happy 30th Birthday MS-DOS

Move Over Tom Clancy...A Real World Thriller: Stuxnet



WOW.

An incredible piece at Wired.com, "How Digital Detectives Deciphered Stuxnet, the Most Menacing Malware in History", details the jaw-dropping, almost impossible to believe international tale of how researchers for Symantec (makers of Norton Antivirus and Norton Internet Security) tracked down and reverse engineered the Stuxnet worm.

It's a long piece that I thought I'd glance through at first, but that I found myself reading every word of.

Hat-tip to Kim Zetter for some incredible reporting and equally good story telling.
...the answer would come only after dozens of computer security researchers around the world would spend months deconstructing what would come to be known as the most complex malware ever written — a piece of software that would ultimately make history as the world’s first real cyberweapon.
Satellite image of the Natanz nuclear enrichment plant in Iran taken in 2002 when it was still under construction.

Image source: http://www.wired.com/threatlevel/2011/07/how-digital-detectives-deciphered-stuxnet/

07/26/2011

Keep Malware on Your PC, Get Jailed?!



In what sounds too hard to believe to be true, Japanese police have arrested their first victim suspect in the controversial Japanese anti-malware law.
The revised Penal Code... bans storage of a computer virus for the purpose of infecting other computers. Violators can be sentenced to a maximum of two years in prison or fined up to 300,000 yen.
Now, let's think this through here.

There are really four types of people that fall into this category:
  1. malware writers
  2. malware distributors
  3. malware researchers
  4. malware infected
Clearly, those folks that fall into the first two categories are up to no good, but what about those of us the fall into the third category? Legitimate researchers like we are?

And, what about the average individual or business owner whose computer(s) have been infected by a virus or other malware and whose computer(s) are now infecting others without their knowledge.

I'm not talking about someone claiming they had no knowledge of something when in fact they did; nor am I talking about someone who's claiming ignorance of the law.

I'm talking about someone like your brother, sister, uncle, aunt, father, mother... like YOU. Your computer is infected, and you don't know it. Now your PC is infecting other people's PCs.

Where does someone like this end up in the eyes of the law?

For those of you out there who're smugly thinking, "Pffft... I'd know if my computer we're infected. Pfft... These people are stupid."

You sure about that, smart guy? So sure you're willing to bet the next two or three years of your life on it? Literally?

As for researchers like us, we here, obviously, store malware explicitly for the purpose of infecting other computers. Granted in our case it's only our own computers we're infecting, but regardless, this law really seems good intent that's terribly misplaced and extremely easy to get around for someone who's arrested under its provisions.

Here are several possible scenarios, all of which start with, "Yes, your honor, I did have this malware on my computer, and...
  • "I've been trying to get rid of it, and it keeps coming back."
  • "I didn't even know it was there."
  • "Many people use my computer. It could belong to any number of people, it certainly wasn't mine.
  • "I'm an antivirus researcher. How else do I do my job without real viruses on my computer?"
How stiff are the penalties?

According to a piece at TheNextWeb on the Japanese antivirus legislation,
the legislation makes the creation or distribution of a computer virus without a reasonable cause punishable by up to three years in prison or 500,000 yen in fines, and the acquisition or storage of one punishable by up to two years in prison or 300,000 yen in fines.
Create or distribute a virus: 3 years or 500,000 yen (about $6,500 USD).
Store a virus: 2 years or 300,000 yen (about $4,000 USD).

There are so many crappy things to this law I don't know where to begin.

So many people who've had their computers infected by malware--particularly a worm or trojan spambot--may be infecting other computers without their knowledge.

And, what about those people who aren't running antivirus software when their PCs get infected?

What about someone who knows their PC is infected but who can't get rid of the infection while it propagates to infecting other PCs on its own.

Rationally, we may say to ourselves, "Oh, but c'mon, they can't be jailed for that!"

Would you be willing to stake the next two or three years of your life on that assumption?

07/20/2011

Make the Web Safer, Get $10,000

Well, it's not quite that easy for most of us, but this week I was delighted to learn the Dragon Research Group, a security resarch organization, awarded their 2011 Security Innovation Grant (a $10,000 grant) to NoScript, a free and outstanding security add-on for Mozilla Firefox.

About the $10,000 grant, Giorgio Maone, who leads NoScript's development, said,
The grant will fund the effort to merge the current two development lines, i.e. 'traditional' NoScript for desktop environments and NSA (NoScript 3.0 alpha for Android, generously aided by the NLNet Foundation).

"...it will support the implementation of a desktop UI [and] will allow an unified 'NoScript Anywhere' package to be installed indifferently on PCs and mobile devices, sharing the same configuration and permissions everywhere via secure remote synchronization.
In non-geek speak: your Android phone and your PC will be able to share NoScript configuration data, and they'll be easy to use, too.

If you're a fan of Firefox, which we are here, running NoScript adds another layer of security to your web surfing; it's great to see DRG recognizing how important NoScript is and to help fund its continued development.

If you haven't used Firefox in a while (or haven't updated yours in a while), here's where you can Download Firefox.

As for NoScript, it works by blocking scripts like Javascript and other embedded elements on every web page you encounter 'til you specifically permit them to run. Nice.

The first week or so you're running NoScript, like a software firewall, it needs a little training to get it to understand what sites you regularly visit and are "trusted," but after that, it's always on guard against the rogue site doing things it shouldn't to your PC.

Josh, this site's other editor, likes to call it the "firewall for Firefox." Sure, techies may take umbrage with his metaphor, but it gets the point across: NoScript blocks things from happening in and to Firefox.

Regardless of whether or not you run antivirus or Internet security software, NoScript adds another layer of security to Firefox and to your PC and information security.

It's definitely worth a look.

07/18/2011

$250,000 Reward for Information about the Rustock Botnet


Microsoft made an announcement in their blog today: $250,000 for Rustock botnet information
This reward offer stems from Microsoft’s recognition that the Rustock botnet is responsible for a number of criminal activities and serves to underscore our commitment to tracking down those behind it.

"While the primary goal for our legal and technical operation has been to stop and disrupt the threat that Rustock has posed for everyone affected by it, we also believe the Rustock bot-herders should be held accountable for their actions.
Why has Microsoft put so much effort into this particular botnet?

In part because of the serious damage it has done. By Microsoft's estimation, the botnet had capacity for sending 30 billion spams. A day.

Bear in mind, too, that this is after Rustock was taken down through a huge international effort that marshaled industry and academic researchers, legal teams, and governments to do so.

So, what does all this mean?

My own take is that they may never capture the folks responsible, and a lot of infected machines are still out there, mostly unbeknownst to their owners, no doubt, so there's still a lot of work to be done.

My belief is that the botnet will take many years to die completely, because most of the people who're running infected machines aren't running antivirus software, and if they haven't noticed their machines are infected by now, they probably never will.

Thus, they're unlikely to install some and remove the botnet from their PC.

In which case, it'll only die when the infected PCs themselves go to the scrapyard.

In the mean time, at least the technological solutions in place should make it very hard for the infected machines to come back to life and spew more spam.

More information on the $250,000 Rustock award.

07/08/2011

U.S. Official: Pre-infected Computer Technology Entering the Country

For those of us knee-deep in the antivirus and anti-malware arenas, I'm sad to say this isn't a surprise, but that doesn't mean it doesn't make me mad.

In hearings with the House Oversight and Government Reform Committee, Greg Schaffer, a Department of Homeland Security Acting Deputy Undersecretary (National Protection and Programs) was grilled on what going on and what's being done about it.

One Representative, Jason Chaffetz (R-Utah) said,
...the issue of software infrastructure (and) hardware built overseas with items embedded in them already by the time they get to the United States... poses, obviously, security and intellectual property risks.

"A, is this happening, Mr. Schaffer? And, B, what are we going to do to fight back against this...

"Are you aware of any component software (or) hardware coming to the United States of America that already have security risks embedded into those components?
The answer:
I am aware that there have been instances where that has happened.
The good stuff starts around 52:00.



What do we do about it as consumers?

Clearly, this is a case where you can't expect the a government--not just the U.S., but all governments of the world--to ever be able to police this. Ever.

It's categorically impossible.

The onus is on y-o-u.

What you can and should do is protect your PC and the information as best you can. Hardware firewalls and routers can be great, but they're only part of the picture.

A software firewall and modern, up-to-date antivirus software are another huge part of it. Nothing is perfect, and no antivirus software will catch every piece of malware under the sun; however, the best antivirus software does at least give you a fighting chance.

Whether it's digital picture frames, USB-based battery chargers, or hardware routers, there are definitely several well-documented cases of hardware entering the U.S. and other countries with different types of viruses or other malware.

Here's an MSN link with a bit more info on the pre-infected computer technology.

[Alert] Free "Smiley" hats & Free Vans shoes a Scam

So far over 300,000 people have been duped into "liking" a facebook page that claims to offer the first 750,000 people who like the page free "Smiley" hats and Vans brand shoes.

Here's what the junk Smiley Hat scam looks like in your facebook account:
...and here's what the fake Vans shoes scam looks like:
Sophos, an antivirus software company specializing in business-oriented antivirus software, appears to be one of the first to break the news of this latest scam on their blog with the aptly named page: "Smiley Hats Vans Facebook Scams".

Graham Cluley, who wrote the piece for Sophos sums it up, saying,
...do you really believe that you are going to be sent a smiley hat?

"And who is this un-named company that is planning to ask 750,000 people for their name and postal address?

"Is it possible they are planning to do anything else with that information if you hand it over to them?


And what - seriously - are the chances that they are going to spend the money shipping that many hats to people who don't even know what brand it is that they are promoting.
Here's my $.02.

If it's legit, how are they planning to collect mailing addresses for that many people?

Think about it. Seven hundred fifty THOUSAND people.

Let's assume the mailing cost alone is $2/hat, we'll be optimistic.

You're talking about 1.5 *million* dollars just in mailing costs. Oh, and what brand is being promoted? Who's footing the bill for mailing the hats?

And we haven't even talked about the technology required to track that many addresses, link them to facebook accounts, and ensure everyone has been mailed one (but not several! hats) as it's going to take days--or even weeks--to get everyone to send in their addresses for the hats.

Oh, yah... and what about the cost of the hats themselves?

Even if they're $1 a piece to make, you're still talking about another $750,000 in costs. All with no mention of a brand behind it.

Methinks there's a rat in here somewhere.

As for Vans, Cluely says they're already disavowed the promotion for free shoes with this post to their official Vans Europe facebook page,


What should I do

If you've already liked either of these scams, do yourself--and your friends--a favor and at least "unlike" them. No reason to help the scammers get any further in their ploy to get your personal information.

Next, pay attention to your inbox. There's little question these scammers are looking to get at your email address to send you spam, phishing, and even spear-phishing emails.

Pay attention to what you click in your inbox. Think about what you're clicking on and who might have really sent that email to you.

And, let's remember: Facebook really is an incredible site with a whole world inside. The problem is, there is a whole world inside, good people and scammers alike.

Just because you're "surrounded" by friends in facebook, doesn't mean you get to check your street smarts at the [login] box.

The bottom line here: if it sounds too good to be true, it probably is.


Thanks and credit to Sophos and Graham Cluely for the find and the screenshots.