Malware

Posts tagged “Malware”

Inside the Business of Malware

“Malware is big business. Malware writers and attackers are just the most visible parts of the ecosystem; there are many invisible moving parts behind the scenes that are rarely seen or described. Now, a complete picture of the business model and inner workings of the malware industrial complex is emerging.”

From Threat Post

Iran says Stuxnet claims need investigating

“”The acting head of Iran’s Atomic Energy Organization said reports of major damage to the Bushehr plant were a malicious campaign by countries hostile to Tehran’s nuclear program, but that they should be looked into in any case.

Many analysts believe Stuxnet was a cyber attack by the United States and Israel aimed at disabling Iran’s nuclear equipment and slowing down a program they believe is aimed at making nuclear weapons, something Tehran denies.”

From Reuters

Obama needs to address our cyber-warfare gap with China

“In 2008, monks in the Office of the High Dalai Lama had a strange feeling someone was reading their e-mail.

Discretely, the monks started making inquiries with Western security experts. They wound up at the doorstep of Information Warfare Monitor, a group of researchers based at the University of Toronto and led by a political scientist named Ronald J. Deibert.

Named one of Esquire’s “best and the brightest” a year earlier, Deibert was known as a passionate champion of online political freedom. He jumped at the chance to investigate security lapses threatening one of the highest-profile religious leaders on the planet.

Information Warfare Monitor investigators found the Dalai Lama’s network (and, ultimately, those of more than 100 countries) had been infected with malware — malicious software that covertly infiltrates a computer system.”

From The Washington Examiner

Researchers’ Android Trojan Can “Hear” Credit Card Numbers

“Smartphones running Android try to prevent the sort of viruses and Trojans that plague PCs by carefully walling off which of the phones’ features and data applications can access. But one team of researchers has demonstrated that a clever piece of malware can listen through the walls–literally.

Six researchers at Indiana University and the City University of Hong Kong have created a proof-of-concept program called Soundminer that’s capable of using a phone’s mic to listen out for credit card numbers. When a user either speaks or types their credit card’s digits into the phone, Soundminer parses the audio file, interprets the numbers, and sends them to another app that passes them on to a remote server.”

From Forbes

We need help with the strange disappearance of Dancho Danchev

“Zero Day blogger and malware researcher Dancho Danchev (right) has gone missing since August last year and we have some troubling information that suggests he may have been harmed in his native Bulgaria.

Dancho, who was relentless in his pursuit of cyber-criminals, last blogged here on August 18. His personal blog has not been updated since September 11, 2010.

At ZDNet, we made multiple attempts to contact him, to no avail. Telephone numbers are going to Bulgarian language voicemails and our attempts to reach him via a snail mail address also came up empty.”

From ZDNet

“SMS of Death” Could Crash Many Mobile Phones

“The phones in many people’s pockets today are miniature personal computers, and they are just as vulnerable as PCs to viruses, malware, and other security problems. But research presented at a conference in Germany last week shows that phones don’t even have to be smart to be vulnerable to hackers.

Using only Short Message Service (SMS) communications—messages that can be sent between mobile phones—a pair of security researchers were able to force low-end phones to shut down abruptly and knock them off a cellular network. As well as text messages, the SMS protocol can be used to transmit small programs, called “binaries,” that run on a phone. Network operators use these files to, for example, change the settings on a device remotely. The researchers used the same approach to attack phones. They performed their tricks on handsets made by Nokia, LG, Samsung, Motorola, Sony Ericsson, and Micromax, a popular Indian cell-phone manufacturer.”

From Technology Review

Trouble in cybercity: what Canada can do

“We have seen the future of the Internet, and it isn’t very pretty.

When WikiLeaks founder Julian Assange announced the release of sensitive U.S. government documents, he also sparked a vigilante war reminiscent of the Wild West. Just before the release, the WikiLeaks site was shut down briefly by denial-of-service attacks. In return, ‘hacktivist’ groups attacked U.S. government sites, as well as those of Amazon, PayPal and MasterCard that had distanced themselves from WikiLeaks.”

From The Globe and Mail

2010 and Beyond

From cyber attacks on Google, to the Distributed Denial of Service attacks on Wikileaks, Nart Villeneuve has put together an extensive review of the prominent cyber crime incidents of 2010. This year, Villeneuve was one of the lead researchers on the malicious Shadow Network and the Facebook botnet “Koobface”, both research projects of the Citizen Lab’s Information Warfare Monitor. Describing trends of politically and economically motivated cyber attacks, Villeneuve provides his expert analysis.

Read Villeneuve’s 2010 Cyber Crime Review here

‘SMS of Death’ Attacks Can Crash the Simplest of Phones

“Malicious text messages can crash many types of mobile phones, including devices by Samsung, Sony Ericsson, Motorola and LG, according to a presentation given at the Chaos Communication Congress hacking conference this week in Berlin.

Nicknamed ‘SMS of Death,’ the attacks were outlined by Collin Mulliner, a security researcher at the Technical University in Berlin and his colleague, Nico Golde.”

From Threat Post

New Data Stealing Trojan For Android Has Botnet Capabilities

“Security researchers say they have discovered a new Trojan horse program that targets mobile phones running Google’s Android operating system that may be the first to attempt to create a so-called ‘botnet’ of infected mobile devices.

The new malware, dubbed ‘Geinimi’ raises the bar on mobile malware, according to a post on the blog of mobile phone security firm Lookout Security. The malware, which has not been detected outside of China, is being packaged with repackaged versions of popular Android applications and pushed through unregulated, third party application exchanges, Lookout said.”

From Threat Post