Category: Security

Categories
Security

Check if you’re a digital pirate

With all of the SOPA talk this month, I figured an article on piracy was deserving. Being able to pinpoint users of pirated software is becoming easier and more accurate. For example, check out YouHaveDownloaded.com, a website that lists the torrents you may have downloaded in a certain time span. While the website is not perfect, for those who have static IP addresses, it can get pretty close and provide you a list.

In one article on CNET, it was mentioned that “someone in the home of French President Nicholas Sarkozy, a strong proponent of anti-piracy legislation, has been using BitTorrent to download pirated versions of music and movies.”

If the Stop Online Piracy Act passes in the United States, I’m sure technology to track torrents and other illegal downloads will improve. Consequently, imagine the privacy concerns I have for Internet users. This proof-of-concept website is scary enough!

Categories
Security

Malware in a barcode

Quick Response codes, also known as QR codes, are two dimensional barcodes originally invented by the automotive industry to keep track of parts during manufacturing. However, these barcodes can hold any type of information and were quickly adapted to all types of different industries. Most smartphones now have applications that can quickly read and process QR codes. You simply point your camera at the barcode and take a picture.

The QR code generated above contains a link to this domain. While QR codes themselves do not contain malware, imagine a barcode that takes you to a malicious website. One that uses an exploit in your smartphone to install unauthorized applications. The possibilities are endless and as this technology becomes more popular, there becomes greater motivation to find ways to exploit it. John Vezina put it best when he said, “I could, if I wished, print out dozens of QR codes and peel and stick them to bus stops, power line poles, or anywhere the things can stick to.”

Categories
Security

Mysterious case of the executable hijack

I got a message from my friend Paul today asking for help with an infection. He was using the latest version of Firefox at the time and was positive he did not click on any odd links or downloaded anything malicious. Naturally, I advised him to run Malwarebytes Anti-Malware and had him send me the log. One specific entry popped out at me.

Memory Processes Infected:
c:UsersPaulAppDataLocalojx.exe (Trojan.ExeShell.Gen) -> 3508 -> No action taken.

I picked up the phone and called Bruce Harrison, our VP of Research, and asked for an explanation. The result had shocked me. I was told that this was an executable hijack that is used with FakeAlert, a Trojan we see almost daily in our research center.

What exactly does that mean? Well, when the infection is able to penetrate your computer, it hijacks all executables to run the malicious file instead of their intended targets. For example, you try to open Skype and the malicious file starts instead.

It does this in two ways. First, it modifies each shortcut itself to point to the malware. Secondly, it modifies the .exe shell in the registry so that once again instead of starting the correct executable, it starts the malicious file.

Luckily, Malwarebytes Anti-Malware was able to patch Paul up, but we both wanted to know how this had happened. Bruce advised us to check the installed Java version. It was in fact outdated by several versions. I advised Paul to update to the latest version and he now has a healthy computer!

Categories
Security

Duqu: new zero day malware targets businesses

Since the media has made a huge hype about this, I thought I’d clear up to my readers what Duqu is and how it affects you.

Duqu, also commonly referred to as the ‘son of Stuxnet’, is a Remote Access Trojan that uses a zero-day vulnerability in Microsoft Word to infect a machine. Once dropped on the system, Duqu’s primary task is to stealthily gather data, including logging keystrokes, making it a prime tool for cyberwarfare. However, Duqu is unique in that it was likely developed over several years and its primary method of distribution is through e-mail.

Specifically, Duqu is more likely used to target higher profile targets, such as large companies, from which it can steal data. Microsoft said they “see low customer impact at this time,” which makes sense if Duqu was indeed a targeted attack.

Here are a few tips for those who suspect they are vulnerable:

  1. While Microsoft has not issued a full patch just yet, it is important to know that a workaround exists. Simply click on the Suggested Actions menu.
  2. Scan all e-mail attachments you try to open with both anti-virus and anti-malware software. This should automatically be done if you have licensed versions of both products.
  3. The e-mails can be forged to look like they came from somebody else in the company. If you weren’t expecting an e-mail or the attachment looks fishy, err on the side of caution and ask if the attachment is indeed legitimate.

Note that these types of attacks are common and it is good practice to always follow the steps above.

Safe surfing!

Categories
Security

How many security researchers does it take to rob a bank?

Thought I’d share something that made me laugh today.

Moran Cerf talks about his work as a hacker who breaks into banks digitally. He reports these exploits to the bank and they pay him. Listen to his story as he attempts to break into a bank physically and everything goes wrong.

With this story, Moran won the 2010 Moth GrandSLAM story-telling competition.

I don’t think you’ll see me robbing banks anytime soon.