Windshift: Malware Recycled

A recently published deck (PDF) by Abu Dhabi-based DarkMatter’s Taha Karim draws an interesting conclusion: that an Indian cybersecurity group called Appin, active a few years ago, was either targeted by an advanced APT group (and its tools stolen), or its tools stolen by a rogue employee, or that its tools were sold to a …

Continue reading ‘Windshift: Malware Recycled’ »

Phishy Facebook Emails

Facebook phishes are getting better. Compare this one: and this: Notice how the key bit, supposedly defining that it’s a legit email, is successfully and convincingly faked: The only difference that stands out is the domain: facebookembody.com. Although Google classified it as spam they didn’t warn that it would go to a website that contains …

Continue reading ‘Phishy Facebook Emails’ »

Southeast Asia’s Viral Infection

Southeast Asia is fast developing a reputation as the most dangerous place on the Internet. It’s not a reputation the region can afford to have. By one count Thailand has risen to be the country with the most number of malware infections, by one account, and by another to be the second, all in the …

Continue reading ‘Southeast Asia’s Viral Infection’ »

The New Attack: Penetrate and Tailor

In its latest security report Cisco identifies a trend I hadn’t heard of before with malware writers: Closer inspection of those computers they’ve successfully penetrated to see whether there’s something interesting there, and then if there is targeting that company (or organisation) with a more tailored follow-up attack: Attackers can—and do— segregate infected computers into …

Continue reading ‘The New Attack: Penetrate and Tailor’ »

Taking Shady RAT to the Next Level

I know I’ve drawn attention to this before, but the timeline of McAfee’s Operation Shady RAT by Dmitri Alperovitch raises questions again about WikiLeaks’ original data. Alperovitch points out that their data goes back to mid-2006: We have collected logs that reveal the full extent of the victim population since mid-2006 when the log collection began. Note …

Continue reading ‘Taking Shady RAT to the Next Level’ »

Stuck on Stuxnet

By Jeremy Wagstaff (this is my weekly Loose Wire Service column for newspaper syndication) We’ve reached one of those moments that I like: When we’ll look back at the time before and wonder how we were so naive about everything. In this case, we’ll think about when we thought computer viruses were just things that …

Continue reading ‘Stuck on Stuxnet’ »

The Hazards of Recommending

Think twice before you agree to recommend someone on LinkedIn. They may be a logic bomber. You may have already read about the fired Fannie Mae sysadmin who allegedly placed a virus in the mortgage giant’s software. The virus was a bad one: it was set to execute at 9 a.m. Jan. 31, first disabling …

Continue reading ‘The Hazards of Recommending’ »

Malware Inside the Credit Card Machine

(Update, July 2009: A BusinessWeek article puts the company’s side; maybe I was a little too harsh on them in this post.) This gives you an idea of how bad malware is getting, and how much we’re underestimating it: a U.S.. company that processes credit card transactions has just revealed that malware inside its computers …

Continue reading ‘Malware Inside the Credit Card Machine’ »

KL’s Airport Gets Infected

If there’s one place you hope you won’t get infected by a computer virus, it’s an airport. It’s not just that the virus may fiddle with your departure times; it’s the wider possibility that the virus may have infected more sensitive parts of the airport: ticketing, say, or—heaven forbid—flight control. Kuala Lumpur International Airport—Malaysia’s main …

Continue reading ‘KL’s Airport Gets Infected’ »

Nightmare on Spyware Street

A case in Connecticut has exposed the legal dangers of not protecting your computer against spyware, as well as our vulnerability at the hands of incompetent law-enforcement officers. Teacher Julie Amero found herself in a nightmare after spyware on her school computer popped up pornographic images in front of students. Instead of realising this was …

Continue reading ‘Nightmare on Spyware Street’ »