The Null Device

Apparently 2% of internet traffic now consists of denial-of-service attacks, mostly launched by botnets of hijacked Windows PCs operated remotely by organised crime. By comparison, email comprises 1 to 1.5% of internet traffic (though a majority of that is reportedly spam).

¶ crime internet malware spam [no comments]

Someone is sending pro-Tibet groups documents infected with keylogging malware, configured to send back keystrokes to a server in China. The documents are sent from addresses forged to resemble human rights groups, and purport to be details of Chinese massacres in Tibet and similar information.

The exploit silently drops and runs a file called C:\Program Files\Update\winkey.exe. This is a keylogger that collects and sends everything typed on the affected machine to a server running at xsz.8800.org. And 8800.org is a Chinese DNS-bouncer system that, while not rogue by itself, has been used over and over again in various targeted attacks.

The exploit inside the PDF file was crafted to evade detection by most antivirus products at the time it was sent.

Somebody is trying to use pro-Tibet themed emails to infect computers of the members of pro-Tibet groups to spy on their actions.

(via Schneier) ¶ china cyberwar deception espionage malware security skulduggery tibet [2 comments]

Details have emerged of how the Bavarian police intercept Skype calls and encrypted internet traffic. Apparently they use specially written malware, from a company named Digitask. The malware needs to be installed on the suspect's computer (which can be done in a number of ways; if they can't get a black-bag team in, they can send an email carrying the trojan. Looks like Bavaria's safe from criminals who use Windows then.

(via /.) ¶ crime germany law enforcement malware security skype voip [no comments]

Computer criminals have found a new way of distributing bank-account-stealing trojans: by scattering USB flash drives in car parks. Some percentage of the population (perhaps the same that opens email attachments) would pick up these shiny flash disks, take them home and insert them into their Windows PCs, not having disabled autorunning beforehand.

Sooner or later, the default Windows configuration will refuse to autorun content on a strange flash drive, and this won't work. Unless, of course, the criminals have special USB units manufactured containing an active processor which uses DMA to probe and interfere with the host PC's memory. They could possibly use the same facilities they use to make fake ATM front panels to manufacture them. The units could even contain an empty, perfectly innocent flash drive to deflect suspicion; after all, there's no limit to how many devices something on the end of a USB connector can appear to be.

¶ crime malware tech windows [2 comments]

The latest advance in Windows worms is a worm which takes over people's instant-messaging accounts and chats to their friends, attempting to talk them into downloading it; in short, an automated form of social engineering:

According to IMlogic, the worm, dubbed IM.Myspace04.AIM, has arrived in instant messages that state: "lol thats cool" and included a URL to a malicious file "clarissa17.pif." When unsuspecting users have responded, perhaps asking if the attachment contained a virus, the worm has replied: "lol no its not its a virus", IMlogic said.

I wonder whether this will lead to an arms race in worm conversational abilities. Perhaps the next one will trawl message logs and pick out phrases/words used by that contact (or use them to change its own writing style)?

(via /.) ¶ ai crime im malware risks security turing test [no comments]

Scare meme of the day: if bird flu, al-Qaeda weaponised ebola or a meteor strike don't get us, alien computer viruses exploiting Seti@Home to take over Earth's computer systems just might. Assuming, of course, that the aliens understand enough about our puny earthling computer architectures, operating systems and library vulnerabilities to write a useful exploit and encode it the right way in a radio signal.

(via bOING bOING) ¶ aliens malware risks security [no comments]

Another reason to avoid "Copy Controlled"/"Copy Protected" CDs: some of them (at least the ones from Sony BMG) install rootkits on your Windows PC; ones which, if an attempt is made to remove them, disable your CD-ROM drive. Someone at Sony BMG should go to jail for this, though probably won't.

(via substitute) ¶ copy protection crime malware security sony bmg [no comments]

The latest malware won't merely spew ads at you or use your Windows PC as a zombie to send spam: it will encrypt your files and demand a ransom for the key:

Stewart managed to unlock the infected computer files without paying the extortion, but he worries that improved versions might be more difficult to overcome. Internet attacks commonly become more effective as they evolve over time as hackers learn to avoid the mistakes of earlier infections.

"The problem is getting away with it -- you've got to send the money somewhere," Stewart said. "If it involves some sort of monetary transaction, it's far easier to trace than an e-mail account."

(via schneier) ¶ malware spam windows [no comments]

Thanks to the technological miracle of Microsoft DRM, Windows Media files can contain adware, viruses and spyware, and it appears that an anti-P2P company named Overpeer have been launching such trojan WMAs into the KaZaA network. More details here:

But since the license dialog box acts just like an Internet Explorer window, it can display whatever is on the page it points to--whether a legitimate call for license information or a series of pop-up ads.

Not only did we get bombarded with unwanted ads, but one of the ad windows in a video file tried to install adware onto our test PC surreptitiously, while another added items to our browser's Favorites list and attempted to change our home page. And a window from the original music file asked to download a file called lyrics.zip, which contained the installer for 180search Assistant, commonly categorized as an adware program.

And if the asphead agencies can do it, so can the Bulgarian Mafia and their ilk. Expect to see spam-zombie-trojan-infected WMAs appearing on a file-sharing network near you. The moral of this story, kids, is use MP3 don't pirate music. (via bOING bOING)

¶ drm malware windows windows media [no comments]

An economic-rationalist arguments for why writing computer viruses should be punishable by death; it basically comes down to society getting more economic benefits from executing worm writers than from killing murderers. It reminds me a bit of the argument in K.W. Jeter's Noir about why copyright violation had to become punishable by death, and worse. (via Techdirt)

¶ a modest proposal capital punishment malware viruses [no comments]

The rather eye-opening dissection of an online greeting-card spam; an email telling the user to go to a web site to see an electronic greeting card, and the website in question, which uses Internet Explorer security holes to overwrite your Windows Media Player and install a keylogger apparently programmed to look for online banking sites (and undetectable by current spyware detectors). Nasty; and another reason to not use IE (or, preferably, Windows). (via Slashdot)

¶ crime malware security spam windows [2 comments]

The PCs at a certain hostel in Byron Bay appear to be fuzzy with adware; every few minutes, a program named "Save!" throws up a pop-under ad for some product. Not sure whether they installed it themselves or whether it snuck in with a "funny screensaver" or porn downloader or something.

"Save!", which claims to be associated with some outfit named "WhenU", strenuously disclaims acting as spyware, logging websites, passwords or anything like that. Though, of course, any piece of conspicuous spyware would say that as well. Just in case, I've taken to entering passwords by cutting and pasting words from other pages, deleting bits of them and adding the odd keystroke or two. It is probably theoretically possible to write a piece of spyware that keeps track of pastes, cursor positions, &c. into a password entry box, but in practice it may be quite difficult.

I wonder whether the alleged yuppification of Byron Bay has extended to there being wireless internet anywhere.

¶ byron bay malware security windows [2 comments]

Quelle surprise: Those "Copy Controlled" CDs EMI have been foisting on the public aren't proving very popular. Apparently, they don't play in some car stereos, and the top-s3krit Windows software that auto-installs when you try to play the CD may do things to your registry without your consent. EMI, of course, won't tell you what it does because it's a secret and if people find out how it works, then the terrorists pirates will have won. I've heard of people successfully ripping them on Windows and/or Linux, though they may have been mislabelled clear CDs (given that no software automatically started).

I wonder how long until recorded music comes with a shrink-wrap license prohibiting you from circumventing copy-denial mechanisms or making unencrypted MP3s of it, and indemnifying the company for any changes made to your system software?

(I can't see EMI's security-through-obscurity scheme holding up for very long, especially since it doesn't rely on "trusted client" PCs or anything. Soon enough, some guy without a girlfriend will break it and upload the details to a server somewhere. Yes, he may go to jail for it, but that hasn't stopped virus writers.)

¶ copyfight copy protection drm emi malware [9 comments]

Another part of the Windows web browsing experience us Linux users miss out on: Malignant toolbar installs itself into Internet Exploiter, redirects home page/web searches to xupiter.com (owned by a shadowy Hungarian company, apparently) or the sites of businesses who paid them for placement (and who are, I would guess, unlikely to be highly ethical), and downloads pop-up gambling games behind your back. The toolbar resists attempts at uninstallation, and the programmers keep changing its code to keep one step ahead of anti-spyware tools.

Healan said some installations probably occurred when people clicked "OK" in a pop-up box without really knowing what they had agreed to, or when they meant to close the pop-up window.

¶ malware windows [no comments]

First there was spyware, and now there's diversionware; hidden add-ons to free Windows utilities/toys, which intercept the user's web requests to shopping web sites and substitute in the software maker's affiliate ID, even if someone else's ID was used. And this is completely legal, because users agree to it in the click-through licence agreements.

I suppose that's a key cultural distinction between UNIX and Windows. In the UNIX world, "free software" implies Richard Stallman's ideology. In the Windows world, "free software" implies layers of parasitic spyware and diversionware working behind the user's back. (via Techdirt)

¶ crime free software malware windows [no comments]

Extreme marketing in the new millennium: Here come the banner ads which install spyware, disable firewall software; the rogue pop-up ad in question uses a Shockwave applet and an Internet Explorer bug to surreptitiously download and install the software onto the user's PC. Needless to say, it only affects the 99.999% of users who use Windows; Maccies and Penguinheads can look smug.

¶ malware spam trojans windows [1 comment]

Viral marketing: Windows email worm links to porn sites, sends itself to victim's contacts. (CNN)

¶ malware spam windows worms [no comments]