May 21, 2012

Posts Comments

You are here: Home / Archives for Malware

Duqu in the wild, not the drivers you were looking for.

October 19, 2011 By Leave a Comment
Duqu not Dooku

Duqu not Dooku, Image Credit Tracheotomy Bob

The Duqu Remote Access Trojan (RAT) that hit the wild in Europe this week is not a character in the latest Star Wars movie. While it sounds like a George Lucas inspired character duqu comes from the ~DQ prefix that researchers noticed this previously unknown malware was adding to files it creates when it was discovered. I am sure Dairy Queen is happy with their choice. Joking aside this virus is no laughing matter. It seems to have been written by the authors of or with the benefit of the Stuxnet source code. Stuxnet is the virus that was believed to have setback the Iranian nuclear program last year. It’s smaller and appears to be designed to spy on infected computers with a combination of a key stroke logger, a data siphon and remove itself after eluding detection for 36 days.

A new breed of threat

One disconcerting aspect of this particular Trojan is that one of the drivers in a variant used a signed certificate of a known organization in Taiwan. That means that a windows machine will treat that driver as a legitimate driver, just like one you’d download to access a new hardware device on your Windows PC. Luckily the certificate has been revoked. This particular malware mask’s it’s presence on the infected machine quite well providing a challenge to detect.

What can you do to protect yourself?

All of the best practices that apply to information security will help you avoid Duqu. This includes:

  1. Keeping your critical components up to date.
  2. Cautious web surfing and Email habits.
  3. Avoid public charging kiosks.
  4. Avoid flash drives from unknown sources.
Did you already get infected? You might want to visit the post virus opportunity center.

Can we prevent this?

Seeing as the machines that were infected with this Trojan were hit when it was “Zero-Day” it is prudent to consider what other means may have prevented the infection. If it ends up that this virus communicates with hosts in remote countries that a security solution I recently proposed would prevent the infection from transferring or downloading any information rendering it useless.

More information

If you found this article helpful or interesting please share it with your friends.

Popularity: 4% [?]

Filed Under: Business/Productivity, IT Professionals, News, Security, Technology Tagged With: , , , , , ,

Why you should avoid Public Charging Kiosks

August 29, 2011 By Leave a Comment

Universal Serial Bus or USB was a extremely valuable development in the technology world. USB made consolidation of how we connect our smart phones, cameras, memory sticks and personal computers. It also created a very easy way to charge mobile devices. Like any prolific technology this high availability is not without it’s pitfalls, perhaps most significantly in the world of information security.

In January of this year I shared some insights on USB device security while covering a USB Human Interface Device (HID) security issue. While companies have made headway including a reduction in “Autorun” infections issues related to USB capable devices have been subjected to a number of additional threats. It is these threats that encouraged this update to arm you with knowledge so you can better protect yourself.

Juice Jacking

While it sounds like a way criminals might steal electricity it is actually how criminals can use charging kiosks to install malware on your portable devices. A charging kiosk is a public resource for charging your USB capable devices such as your Android Phone or iPhone. Imagine plugging into one of these kiosks and getting your smart phone or portable device infected with malware. Once infected your mobile device can then propagate said malware to your PC, Mac or any other computer you might connect it to in the future. Then using an autorun vulnerability that malware can then infect any flash drive inserted into the computer. See how this cycle can quickly spiral out of control? We can break this cycle easily:

Don’t plug your phone into any public USB outlet or charging kiosk, carry your own charger and use an electrical outlet.

Your own personal charger is your protection (pictured below, left), they convert the Alternating Current (AC) to DC suitable for charging a USB device. You can also just use your own laptop and a USB cable to accomplish this.

AC to USB Chargers - Photo by Joe Hackman

Use these!

Public USB Charging = Bad

Not these!

A survey…

In advance of this post I posted a survey via Facebook and our own blog to see if our readers and friends were using public charging stations. I’m proud to report that 70% of respondents had not used them and only 30% had. Hopefully after reading this you won’t use them, it’s just not worth the risk.

Additional related content:

  • #infosec hashtag search on Twitter (get the latest real time information)
  • The #Infosec Weekly (A summary online publication of recent content shared by Information Security related Twitter Accounts)
  • Security Investigator Brian Krebs piece on a charging kiosk located at the Defcon hacker conference. (partial inspiration for this post, also a great resource if you want to learn the ins and outs of information security)
  • Managed Solutions on Facebook (We share lots of information security related information on our page, like us to get these updates.)

Popularity: 7% [?]

Filed Under: Business/Productivity, Security, Technology Tagged With: , , , , , , , ,

Adware Firm Pays $3 Million In Settlement

November 25, 2006 By Leave a Comment

Reuters reported on 11/3/2006 that Internet Advertising firm Zango, Inc. agreed to pay $3 million to the U.S. government to settle allegations that it’s pop-up ad software was secretly installed on millions of unsuspecting users personal computers.

This is a huge blow to the perpetrators of a crime that has up to this point been quite difficult to prosecute. While difficult to estimate there is no doubt that the impact of adware world-wide is in the billions of dollars. This resulting from lost productivity, expenses to remove the programs and system resources. Considering all the fiscal expenses, the biggest victim is the privacy of internet users. Adware often tracks users web habits and funnels users to websites selling products or services that are related to those habits. In some cases, such as the Zango case, popups deploy on the affected users PC’s forcing them to close the windows manually and making it difficult for them to efficiently use their computer.

This is some of the best news in the fight against Adware in recent history. Hopefully the government will continue to prosecute the perpetrators of these crimes and expand their capabilities to tackle some of the tougher issues like SPAM, Viruses and Malware. For now this is a good start.

Popularity: 1% [?]

Filed Under: News Tagged With: , , , , , , ,

Is Your Email Secure?

March 1, 2004 By Leave a Comment

There has recently been a rise in the frequency and quality of many internet scams, including “phishing” scams. Phishing scams typically involve “casting out” a mass email spam that appears to be reputable companies requesting information from their clients. The idea being that a few people will fall for the scam, allowing the scammers to use the identity of the individuals who “took the bait” to obtain resources illegally using the victims credit card numbers, bank accounts, etc. There are a tremendous amount of articles on the web about these scams, and plenty of resources to help with the specific issues, the focus of this article is not to address the specific scams but instead to talk about email security issues and common misconceptions. A list of resources will be provided at the end of the article for interested parties who desire more information.

One of the most common misconceptions in the world of email, is that email is a secure means of communication. In most cases this is not true. The typical email setup affords a user very little privacy or security. A good rule of thumb is, don’t type or send anything via email that you wouldn’t want made public, because it could quite easily end up just that. To address this problem, there are alternative ways to transmit your message text and attachments securely. These technologies involve encrypting the contents of the message and any attachments and only allowing the message to be decrypted by the legitimate recipient. Businesses may also opt to utilize systems that allow for the sharing of files in a repository that includes authentication and encrypts all the data using secure protocols. These systems are ideal solutions for companies that have users and clients in multiple locations. A real world example of a system like this is one where clients upload their confidential files using a login and password provided by the vendor to the repository. Then the vendor receives an alert with a link to the file that they can then download via a secure connection from that repository. The data in turn never travels on the unsecured network without being encrypted, protecting its contents from potential snoops that may be operating in its path.

In closing, if we as businesses and individuals educate ourselves and take precautions to secure our private information. We will keep our data private, and discourage all the would be snoops from using the data against us or for their own gain.

Resource Links:
Internet Fraud Watch – Information Center
US Secret Service – Financial Crimes Division
Social Security Online – Identity Theft And Your Social Security Number
Reducing the Risk of Identity Theft
Internet ScamBusters

Related Posts Plugin for WordPress, Blogger...

Popularity: 1% [?]

Filed Under: Security Tagged With: , , , , , ,