Category Archives: Malware

Saving Thunderbird

Posted on by

Thoughtful article by Glyn Moody.

Email is dying. Time and again I come across comments to the effect that people have given up on their email inbox, and simply junked their messages. Increasingly, people are turning to Twitter, Facebook and LinkedIn as their messaging medium. It’s not hard to see why. These are opt-in services: you get to choose who can contact you, unlike email.

This has led to the scourge of spam, which now represents 94% of all email, according to Google’s Postini subsidiary. A classic Tragedy of the Commons has resulted, whereby a few selfish individuals exploit and ultimately destroy a resource used by all. Sadly, it looks like the battle against spam is lost; even though services like Gmail offer extremely efficient filtering in my experience, it’s a poor substitute for a messaging service that can assume that you want to see everything that is sent to you, because only people of interest are allowed to contact you.

The more Facebook and Twitter spread, the more people will be turning to these opt-in networks for their communications; email, as a result, will dwindle in importance, turning into a kind of digital wasteland inhabited mostly by those too poor, uninformed or lazy to move on, and by spamming parasites who prey on them. I don’t imagine that Thunderbird wishes to become the software of choice for either…

This makes sense. As our communications ecosystem evolves, so too should the software. From now on we will need comms clients wwhich do everything — including email. I guess that’s where Tweetdeck et al are headed. Maybe that’s how Thunderbird should evolve?

Why Dave Winer switched to Mac in 2005

Posted on by

Salutary blog post by Dave W.

I switched because I was Mired In Malware.

I got a new EeePC 1000HE last week, and after just a few hours of use, it’s infected with a rootkit virus of some kind. Really clever. Spent three hours last night trying to eradicate it, but in the last three or four years, the malware guys have gotten a lot more clever.

Contemplating switching to the Hackintosh flavor of netbook.

Ran Ad-Aware, getting ready to run Spybot. Downloaded Combofix. I’m going to try to resurrect this baby. Also considering doing a fresh install of Windows but that sounds like more work that Leopard. And then you’re still using Windows.

Yep. I switched to Mac in 1999. Never had any trouble since. Touch wood.

JUST IN: This via Glyn Moody:

Appointments for cancer patients had to be rescheduled after a computer virus infected the networking systems at two Scottish hospitals last week.

The infection of laboratory PCs at the Stobhill and Gartnavel General hospitals meant the bookings of 12 patients attending the Beatson West of Scotland Cancer Care Centre in Glasgow were postponed, The Glasgow Herald reports. Systems were taken offline for two days to allow computer technicians to clean up the mess…

Now, I wonder which OS they were running.

The bad news

Posted on by

Tim Weber’s report from the Davos discussion.

The threat of cybercrime is rising sharply, experts have warned at the World Economic Forum in Davos.

They called for a new system to tackle well-organised gangs of cybercriminals.

Online theft costs $1 trillion a year, the number of attacks is rising sharply and too many people do not know how to protect themselves, they said.

The internet was vulnerable, they said, but as it was now part of society's central nervous system, attacks could threaten whole economies.

The past year had seen “more vulnerabilities, more cybercrime, more malicious software than ever before”, more than had been seen in the past five years combined, one of the experts reported.

But does that really put “the internet at risk?”, was the topic of session at the annual Davos meeting.

Google blacklists entire internet

Posted on by

From Observer.co.uk.

Google placed the internet on a blacklist today after a mistake caused every site in the search engine’s result pages to be marked as potentially harmful and dangerous.

The problem affected internet pages across the whole planet, and lasted for around 40 minutes before engineeers were able to fix it.

The glitch centred on Google's malware detector, which is designed to keep internet users from visiting sites Google believes may install malicious software when users browse them. Google blamed “human error” when an engineer tried to add one web address to the list of those deemed suspicious, and mistakenly added them all.

“We periodically receive updates to that list and received one such update to release on the site this morning. Unfortunately (and here’s the human error), the URL of ‘/’ was mistakenly checked in as a value to the file and ‘/’ expands to all URLs. Fortunately, our on-call site reliability team found the problem quickly and reverted the file,” Google said in its official blog.

The incident occurred at around 2.40pm.

Phew! I thought it was just me.

The economics of phishing

Posted on by

Conventional wisdom is that phishing represents easy money. In this paper we examine the economics that underly the phenomenon, and find a very different picture. Phishing is a classic example of tragedy of the commons, where there is open access to a resource that has limited ability to regenerate. Since each phisher independently seeks to maximize his return, the resource is over-grazed and yields far less than it is capable of. The situation stabilizes only when the average phisher is making only as much as he gives up in opportunity cost.

From “A Profitless Endeavor: Phishing as Tragedy of the Commons” by Cormac Herley and Dinei Florencio of Microsoft Research.

The worm turns

Posted on by

From this week’s Economist

BATTLEFIELD bandwidth is low at best, making networks sticky and e-mails tricky. American soldiers often rely on memory sticks to cart vital data between computers. Off-duty, they use the same devices to move around music and photos. The dangers of that have just become apparent with the news that the Pentagon has banned the use of all portable memory devices because of the spread of a bit of malicious software called agent.btz.

This is a “worm”, meaning that it replicates itself. If you have it on, say, the memory card of a digital camera it will infect any computer to which you upload photos. It will then infect any other portable memory plugged into that computer (the cyber-equivalent, one might say, of a sexually transmitted disease). On any computer hooked up to the internet, this variant tries to download more nasty stuff: in this case two programs that access the hard-drive. Was it a humdrum crime of trying to steal banking details? Or something more serious? The trail has gone cold.

In any case, the malicious software (malware in the jargon) penetrated at least one classified computer network. The problem was severe enough for Admiral Michael Mullen, the chairman of the joint chiefs of staff, to brief George Bush on it. Officials are saying little more than that…

The article goes on to say that at least one bank has blocked all the USB ports on its staff computers with glue, just to protect against this simple threat.

The benefits of assuming the worst

Posted on by

From Technology Review. What should banks and other ‘secure’ services do when dealing with customers who are incapable of keeping their machines free of malware?

“Our premise,” Ledingham says, “is that, rather than trying to clean up the machines, assume the machine is already infected and focus on protecting the transaction that goes on between the consumer and the enterprise website.”

The problem of malware on users’ computers is “the number-one problem that the financial institutions are wrestling with today,” says Forrester Research senior analyst Geoffrey Turner, an expert on online fraud. Financial institutions can take steps to secure the connections between their servers and their customers’ PCs, Turner says; they can even ensure the security of the customer’s Web browser. But they’re stumped, he says, when it comes to the customer’s operating system. Most successful attempts to steal computer users’ identities, Turner says, involve using malware to capture their credentials or conduct transactions behind the scenes without their knowledge. “The challenge is, how do you secure the end-user computer?” he says. “Should you even, as a bank, be trying to do that?”

Needless to say, his answer is “yes”. But then he runs SiteTrust, a tool recently released by a data-security company, Verdasys, which aims to protect users from fraud, even when their computers have been compromised.

Social malware

Posted on by

From Technology Review

Ever since Facebook opened its doors to third-party applications a year and a half ago, millions of users have employed miniature applications to play games, share movie and song recommendations, and even “zombie-bite” their friends. But as the popularity of third-party applications has grown, computer-security researchers have also begun worrying about ways that social-networking applications could be misused. The same thing that makes social networking such an effective way to distribute applications–deep access to a user’s networks of friends and acquaintances–could perhaps make it an ideal way to distribute malicious code…

Interesting article. I’ve been wondering about this ever since Facebook apps arrived.

Worm makes it into orbit

Posted on by

Now this is something you couldn’t make up…

NASA has confirmed that laptops brought aboard the ISS in July are infected with the Gammima.AG worm, adding quickly that the affected machines have no mission-critical duties and are used by the astronauts mainly to run nutritional programs and send e-mail. Officials suspect the worm thumbed a ride on a crew member’s thumb drive and found a fertile breeding ground on the laptops, which apparently have no anti-virus defenses (!). Luckily, the nature of this particular infection posed no serious threat in this environment — Gammima tries to steal the login information for a variety of online games, most popular in Far East, and attempts to send the data to a central server. NASA and its ISS partners are finally planning new security measures to prevent such occurrences — I say finally because NASA revealed it had let previous computer infections aboard the ISS slide by as “nuisances.”

Entropy reduction and its consequences

Posted on by

From Technology Review

In technical terms, a programming error reduced the amount of entropy used to create the cryptographic keys in a piece of code called the OpenSSL library, which is used by programs like the Apache Web server, the SSH remote access program, the IPsec Virtual Private Network (VPN), secure e-mail programs, some software used for anonymously accessing the Internet, and so on.

In plainer language: after a week of analysis, we now know that two changed lines of code have created profound security vulnerabilities in at least four different open-source operating systems, 25 different application programs, and millions of individual computer systems on the Internet. And even though the vulnerability was discovered on May 13 and a patch has been distributed, installing the patch doesn’t repair the damage to the compromised systems. What’s even more alarming is that some computers may be compromised even though they aren’t running the suspect code….