Tag Archive | Malware

With the Rise of Coding, Comes the Rise of Malware

I’m sure you might have read recent articles about how coding is going to be the ultimate skill in the coming years. Seems like this might as well be true, so it’s being pushed with the various online schools being developed (the list is getting exhaustive). With this huge rise of training comes a huge rise of smarter hackers and malware writers.

What is it about malware that seems so attractive? Money, fun, damage, etc.? We can get a glimpse of reality when we see the statistics on antivirus vendor websites, some say a million new samples are added weekly. Many of these issues arise out of the violence of society or the outward shame that is inflicted upon other people through the art of cyberbullying, hacking, and other threatening tasks.

What’s more is that when we study these aspects, we get a sense that most malware is targeting our wallets, stealing our identities. We need better protection. This is a call to someone who can make better, user friendly operating systems. If you know how to code or are training, please make sure to use it for good. You could in fact become a lot more rich making top security software than becoming a hacker – stealing and risking it all.

What’s better for you? Helping or hurting? Good wallet or prison time? Make your choice. Better humanity through an act of good will. Get out there and code for the good! Make a difference! BE THE DIFFERENCE!

Don’t be afraid to try new things. Set impossible goals. Shoot yourself into the future of technology and skyscrape the world over with your amazing new security software.

Something’s gotta give! And if something doesn’t happen soon, our threatening internet culture could begin to control us and steal our money. We’ll have a very unfair world by then. What if we impose CISPA? That’ll make a lot of people happy but also a lot of people mad.

What more can be helped for our cybersecurity problem? Feel free to comment and leave your suggestions.

Advertisements

Microsoft Humbled: Hit by Cyberattack as well

We reported on all the recent cyberattacks lately, but didn’t catch this, so here’s an addendum to yesterday’s story:

As reported by Facebook and Apple, Microsoft can confirm that we also recently experienced a similar security intrusion.

Consistent with our security response practices, we chose not to make a statement during the initial information gathering process. During our investigation, we found a small number of computers, including some in our Mac business unit, that were infected by malicious software using techniques similar to those documented by other organizations. We have no evidence of customer data being affected and our investigation is ongoing.

Posted on MSRC’s Technet Blog

Kelihos Botnet Appears Again with New Variant

Kelihos appears again with a new variant as many researchers have discovered. The variant enables it to remain dormant on the machine with sinkholing techniques, and other rootkit-style operations. It hides domains, and does many other things to conceal itself, as researchers have discovered.

This is the third attempt for the Kelihos botnet. When it got shutdown back in 2011 by a collaborative effort between Kaspersky Lab and Microsoft, it was figured that it was a P2P botnet, which made it more difficult to shutdown completely all operations for the botnet. At least its main servers were cut off, but it didn’t stop the malware from spreading since tons of blackhats still had the malcode on their own server/computer.

Researchers at Deep End Research and FireEye have new samples that have been analyzing, and after some impressive research, it was found that the Kelihos network is back on the rise.

“Since automated analysis systems are configured to execute a sample within a specified time frame, by executing a sleep call with a long timeout, Nap can prevent an automated analysis system from capturing its malicious behavior. Besides making a call to the function SleepEx(), the code also makes a call to the undocumented API NtDelayExecution() for performing sleep,” Abhishek Singh and Ali Islam of FireEye wrote in an analysis.

Experts are trying to discover the new roots, and another takedown may be in order. This is insanity.

Security Concerns This Winter – Android Malware, Facebook Problems, Anonymous, among other things

We’ve discussed over the past couple of weeks some of the things that happened in 2012, and things we’re focused on coming into the new year. There is a surge in a lot of security concern over several different issues, including Android malware, Anonymous, cyberwar, among other things. Here is a comprised list of the top concerns this Winter that we’ll be investigating on a continual basis.

  1. Identity Theft – this can be a problem for most people that get viruses and other malware on their computer. It can also be a problem on social networks. It is best to have a good antivirus and keep your social networking information safe. You don’t have to enter everything in your profile. Leave some fields blank so it is more trivial for the unsuspecting stalker. Sadly, you cannot know who’s viewed your profile, which makes it more difficult to discover stalkers. Hmm…hint Facebook.
  2. Spear-Phishing – plain and clear, spear-phishing is similar to identity theft. This is done by email-spoofing, which the attacker is masking him-or-herself as a legitimate company with legitimate looking emails. However, these emails are only subject to make you click and to either steal your information, or distribute malware, or even both. Normally, this is a big problem over the holidays, but now it’s starting to become widespread no matter the time of year.
  3. Human Error and the Failure to Update – Vulnerabilities – It is true that humans forget a lot of things. One of the biggest security risks we have always faced is that users fail to update their browser plugins and programs on their computer. However, through the use of this vulnerability, attackers exploit and send malware your way. Using a vulnerability scanner can help you keep managed of this atrocity.
  4. Browser Hijackers and Junkware – we still continue to see the problem of browser hijackers and junkware being distributed in installers for legitimate programs. What’s sad is, the royalties are so high for software developers to add in the install code for junkware, that the developers don’t know how bad the issue is. From Babylon Toolbar to Claro Search…these toolbars and homepage hijackers are unnecessary and technically need to be done away with. Good thing our security community has the ability to remove this crap with our special tools.
  5. Malware growth on Other Platforms – it’s no surprise that malware problems are lighting up on the iOS now, as well as Linux. It sure will start to become a problem this year. Even more on Windows 8 and Android than any other device.
  6. Android Malware Growth – This has become one of the biggest problems right now in the computing world is the steady high growth of malware on the Android platform. It will continue to be a problem, sadly.
  7. Anonymous Cyberattacks, and Government Cyberwar – we will still see cybercrime and cyberwar problems continue this year.

Stay in tune with this blog for further updates.

Will 2013 Be a Challenging Year for Computer Security?

Much of the attention in 2013 in computer security will be mainly focused on industrial control systems (ICS), Android, and the all new Windows 8 OS. With the dealings of malware like Stuxnet and other government threats, to the normal hackers and attackers on consumer devices – it will be a challenge in both business and consumer markets.

Supervisory software runs on dedicated workstations and programmable hardware devices, and this is called a control system. They’re used to monitor and control many different operations, such as power grids, trains, airplanes, water distribution systems, military installations, and many more. Many times, control systems are used in critical infrastructures, especially systems for big populations that depend on electricity, clean water, transportation, etc.

Many worries that we’d be watching in 2013 that other security authorities are watching as well include the rise of more government malware. Especially, when it comes to control systems, which are believed to be widely targeted and surveyed.

For other problems to be faced include intense rises of mobile malware, particularly in the Android marketplace. The problem is that Android malware is becoming more widespread. It looks like hackers are retrying some old methods of Windows operating system exploitation on Android devices. This can prove to become a big problem to watch out for.

The big issue with Android attacks also seems to point at privilege escalation attacks, which like to work through malicious apps installed by the user to gain root access and take control of the device. With hundreds of millions of Android devices already infected since its birth, the size of botnets have gotten to be big, and there may still be a lot of devices infected.

Also, keep in mind that when you use a smartphone, you’re leaking a lot of information. This is mainly through App usage, which most of them collect a bit of data from your phone. It isn’t exactly personally-identifiable information, however, it’s enough to make some people nervous.

Android is very open, and you can download apps from almost anywhere for Android. This is much like Windows OS has been. But, that’s a whole different long story.

Windows 8 will be a challenge for security, because researchers, hackers, security experts, etc. want to get in on testing just how secure it is.

Read more about threats in 2013

Hackers and Virus-makers Retrying Their Luck on Android and Windows Phones

When you look at the scope of Android malware (malicious software/viruses), and then think about Windows Phone malware, it’s as if hackers and virus-makers (“cybercriminals”) are retrying their own luck. What is meant by this? Years ago when malware started gaining big time (probably around 2000), these cybercriminals tried a number of ways to hack the Windows API/kernel, causing innumerable issues for Windows users. Now, today’s market looks like it’s being done all over again.

During the 2000s era, it seemed like we had quite a few different types of malware. Here are those types explained in today’s market for smartphone malware:

  • Dialer: a trojan app/program that automatically dials premium rate numbers and attempts to rack up charges on the user’s phone bill. This can be highly costly, so removing it immediately is the best option.
  • Trojan: a common name for any type of app/program that is designed to look like it does one thing, but it’s code does something else untrustworthy. Many options trojans pick would be the stealing of personal data off of the device, or changing the settings of a device to make it behave a different way.
  • Virus: a self-replicating piece of code, infects other files, or just damages files on devices.
  • Spyware: another trojan app/program, which decides to attempt the stealing of personal data on the user’s device.
  • Adware: another trojan app/program designed to show ads to the user, sometimes flooding their screen. Commonly, these ads are personalized for the user, by getting a scope of the type of apps they have.
  • Rootkit: a piece of trojan code, designed to get administrator privileges on the device, and then take control (and manipulate) of the system.

As you can see, some of those issues are as prevalent on mobile devices as they were on Windows operating systems in the 2000s era.

To further protect your mobile device from anyone of the threats described, please consider purchasing Kaspersky Mobile Security: Buy Kaspersky Mobile Security and protect your Android smartphone for 1 Year – only $19.95 Click Here

Serious Java Vulnerabilities Have Many Things in Common (mini-whitepaper)

If you’ve seen many of our posts here, you’d know that we report about Java vulnerabilities. As often as they come, they must have something in common, right? Indeed.

Let’s discover the vulnerabilities of CVE-2012-4681 and CVE-2012-5076, what’s similar and what we can learn about these two serious vulnerabilities. These use a Java reflection mechanism that breaks applet security restrictions, and allow a malicious payload. In other words, they bypass security and execute malicious code.

Now, Java reflection is used in programs commonly, usually those requiring the examination of runtime behavior of applications running in Java Virtual Machine. It is very convenient for Java developers (despite saving time) to write Java programs, but it also opens up more opportunities for exploits.

Now, to open up for the technical part, which you can skip if you don’t understand Java or it would give you a headache. 🙂

== TECHNICAL START ==

Java reflection has many functions and they are:

  1. GET class
  2. GET all members and methods in class include private ones
  3. Invoke methods

Java’s big vulnerability in dealing with reflection is that it allows hidden fields. Obviously, this isn’t a true flaw (meaning the Java developers don’t see a problem), but it would help to change this attribute to avoid further problems.

Now, CVE-2012-4681 used Java reflection to induce a hidden field that was called statement.acc. It implemented, also, the “setfield” function, which changes the value of the ACC file (found in the hidden field).  To break the code, “Java.beans.statement” would be implemented.

So, in Java, we’d see:

SetField(Statement.class, "acc", localStatement, localAccessControlContext);

Then, as we analyze CVE-2012-5062, we see the big offender, “util. GenericContructor”, which is used to create an object from a restricted class. We would implement it like “sun.invoke.anon.AnonymousClassLoader”, and then call its function “loadclass” – that would deliver the malicious payload. Here is a breakdown of how the payload would work:

  1. GET the method “loadclass” and then invoke.
  2. GET the method “r” in payload and then invoke.
  3. Using “Class.forName” to load a target class
  4. Using “getDeclaredFields”, which would enumerate all fields (not including hidden ones).
  5. Using “setAccessible” to expose hidden/private fields.
== TECHNICAL END ==

Obviously, it’s time, researchers, to keep an eye on Java reflection vulnerabilities.

%d bloggers like this: