Space, the final frontier for Malware

By now, we are all aware that malware respects no boundaries. A reminder of this comes from NASA. They confirmed that laptops used on the International Space Station have been infected with a worm.

The malware in question here is W32.TGammina.AG. This is a worm that steals passwords for various online games. The worm spreads by copying itself onto removable media devices e.g. USB sticks. A ‘number’ of laptops were found to have been infected, so the worm clearly did manage to be effective. The laptops were not being used for mission critical purposes, but nevertheless, it is both worrying and embarrassing.

We have noted upon and cautioned, about the presence of worms and USB storage devices. It is a hark-back to the early days, prior to the ubiquitous presence of the internet, when malware was transmitted via physical means, most notably floppy-disks. There is an interesting juxtaposition here:  we see one of the most high-profile examples of technology being afflicted by one of the oldest infection methods in the book.

August 27, 2008 | Filed Under Security | Leave a Comment 

Beware of the ‘antivirus’

As we approach this time of year, many security vendors refresh their products.  We are in the process of finishing the BETA of our Norton Antivirus 2009 and Norton Internet Security 2009 products and getting ready to release them to market. Many of our fellow competitors have launched, or are, launching their new products. So, in turn this starts to get people thinking about ‘new’ security products.

The last few days have seen reports of ‘malvertizements’ that ultimately lead to fraudulent products. Newsweek.com is one of several high-profile websites suspected of running rogue banner ads that try and trick visitors into installing fraudulent anti-malware programmes. This opens up an interesting dimension. People implicitly expect and trust that the web sites owners have checked into the people who have placed ads on their sites. The web site owners do, but incidents like this point out that they are not infallible and need to do more.

The trick of the bad guys pretending to be an anti-malware utility or antivirus product has been around for a some time. However, in recent weeks we have seen a number of examples of this resurface.  Symantec’s security response blog has written about this.

What we have observed is a combination of attack elements being used in concert. First a spam email, with an Olympic led fake new story. The user is encouraged to click on a link, the link in turns asks the user to ‘get_flash_update.exe ’ or get_flash_codec.exe. These files then host a number of variants, one of which is a fake antivirus product: ‘Antivirus XP 2008’. A cursory glance would lead you to believe that it looks legitimate: it is far from that.  Once it is installed, ‘Antivirus XP 2008’ basically gives false reports on the security of a system, claiming it has multiple threats running. The software interrupts the user constantly by popup messages, balloon reminders and such, asking the user to register to remediate the threats. The victim’s desktop background is changed to show a virus warning message. The goal of this threat is to get the victim to pay for what they think is a fully-functional legitimate security product, which of course it isn’t.

Now, you will think this blog to be pretty self serving – guilty as charged! With many new (legitimate) antivirus products making their way onto the market, you need to be mindful. If you see something about some new product from someone you have not heard of, then do your homework: ensure they really are who they say they are.

August 20, 2008 | Filed Under Security, Spam, Uncategorized | Leave a Comment 

Netflix in need of a fix

At the time of writing this, the US online video service, Netflix is still attempting to recover from an outage. This is now the third day, that the company has been affected. They cannot send confirmations back to customers to have returned DVDs to them, nor process orders for new rentals. Ouch!

There have been no details, that I can see, as to what has caused the problems.  In a curious turn of events however, the streaming video service is up and online and still being able to service customers. Is this a case of the companies online business showing its worth versus the off-line business? Well maybe not, we have to remember the off-line (no pun intended) business is down, is due to ‘IT system’ issues. 

This is yet another reminder of just how dependent companies are on their systems. The implications are significant. The loss of revenue and hence, one would assume, profit. The inconvenience to the customer of not being able to get the films they wanted. All this ends up in a significant hit to the brand image – this can be seen in comments left on the company Blog site. A timely reminder to all of us, to ensure that we have a plan in place ‘just in case’. I am off to run a backup of my laptop!

August 15, 2008 | Filed Under Backup and restore, Customer service | Leave a Comment 

A new front opens up in Georgia: Cyberspace

It would appear that the conflict between Georgia and Russia is not confined to the ‘real’ world. There are reports that another front has opened up: Cyberspace.

It would appear that a significant Distributed Denial of Service attack has been visited upon various Georgian Government sites and other Georgian internet servers.  A variety of Government sites have been targeted, the Ministry of Foreign Affairs, the Ministry of Defense, and the country’s president, Mikhail Saakashvili, have been blocked completely, or traffic to and from those sites’ servers have been redirected to servers actually located in Russia and Turkey.

The speculation is that infamous Russian Business Network (RBN)is behind these attacks. The RBN is a notorious malware and criminal hosting network, albeit there actual involvement is yet to be proven.

There is a trend here. Going back to April 2007, we witnessed a DDoS on Estonia that took out parts of the internet infrastructure for some days.  The attacks coincided with a dispute between Estonia and Russian nationalists about the relocation of WWII era monuments.

I am sure that as part of any countries preparations for War now, include plans and preparations as to how they can protect and defend their internet infrastructure.

August 11, 2008 | Filed Under Events, Security | Leave a Comment 

Be alert to the ‘CNN Alert’!

Many of you may have received a SPAM email with the subject line, “CNN Alerts: My Custom Alert”.   This turned up in  my personal email folder. It was a very authentic looking email.  I thought it clever as, whilst I do not use the CNN site on a regular basis, I have used it now and again.  The interesting thing about this SPAM was that it did have a link to a legitimate CNN story about the discovery of the World’s smallest snake. Clicking on this would have given the email that feel of credibility.  The malicious link still exists in the e-mail but you must click the FULL STORY link to get there. 

The ‘FULL STORY’ link leads to a botnet of compromised machines which host a page prompting the user to download an updated version of Video ActiveX Object. If agreed to, you’ll download ‘adobe_flash.exe’ which is detected by us here at Symantec as ‘Downloader’.

August 11, 2008 | Filed Under Security, Spam | Leave a Comment 

On your marks!

The Beijing Olympics start tomorrow. The World’s biggest sporting event of all time, I am sure that it will not disappoint. 

In winning the Olympics, Beijing outlined that it would harness the power of IT, innovate around it, to bring the Games to new audiences. We will see a convergence of IT and Media on a scale not seen before. Many of the big Media companies and franchises have extensive plans to bring the games to the ‘net in a big way. I know that many network administrators are bracing themselves for the impact of ‘streaming’ video of Games – if they allow it on your corporate network.  It will be interesting to see (or maybe not) what the strain will be on your ISP as well. 

Where you have a mass audience connected to the ‘net, then in the shadows the’ bad guys’ will be lurking. In the Symantec State of Spam report for August, we are already seeing Spammers peddling their wares on the back of the Olympics. Symantec Security Response have already written up a blog on an attempted Phishing attack, purporting to sell tickets for the games. The creators of the site went to great lengths to make it convincing, even using an SSL connection, believe it or not. 

So, get on your marks, get set, and it is ‘Go’ for no doubt many Olympic related Spams, Phishing attempts, links to web sites that will be showing funny/curious videos of events of the games etc. So, I say, “Citius, Altius Fortius”, to all of my colleagues in the IT Security industry, to keep you all safe and for you to enjoy the Games.

August 7, 2008 | Filed Under Events, Identity theft, Security, Spam, Uncategorized | Leave a Comment 

Cuil? Cool? Kool?

So, we now have a new search engine called ‘Cuil’ and pronounced ‘Cool’. Well a catchy name never tripped up a good product, but an obscure spelling could. That being said, the arrival of Cuil was welcomed in most parts.  The company goes onto explain why it is different from what is out there already:”The search engine goes beyond today’s search techniques of link analysis and traffic ranking to analyse the context of each page and the concepts behind each query”. So, there you have it, a kind of deeper more relevant search.

So what did Google make of it? They seemed quite ‘cool’ about it, however, in a blog entry they did outline that they still felt they had the biggest web index out there. Now, the people behind Cuil do have a good pedigree in this area, being ex Google and IBM people. So, they know what it takes to build a successful search engine. The arrival of Cuil brings with it many questions. The most prosaic of which being, how will they make money (there is no advertising for the moment). They will be on a steep learning curve and the story today of an embarrassing snafu is testament to this.  As to how they will handle the security side of operating a search engine, we will also have to wait and see what they come up with.

August 5, 2008 | Filed Under Technology, Uncategorized | Leave a Comment