Tag Archives: Micro

Former Soviet Bloc, Allies, Under Lurid Attack

Trend Micro researchers David Sancho and Nart Villeneuve have written up an interesting attack they’ve dubbed LURID on diplomatic missions, government ministries, space-related government agencies and other companies and research institutions in the former Soviet bloc and its allies. (Only China was not a Soviet bloc member or ally in the list, and it was the least affected by the attack.)

Although they don’t say, or speculate, about the attacker, it’s not hard to conclude who might be particularly interested in what the attacks are able to dig up:

Although our research didn’t reveal precisely which data was being targeted, we were able to determine that, in some cases, the attackers attempted to steal specific documents and spreadsheets.

Russia had 1,063 IP addresses hit in the attacks; Kazakhstan, 325; Ukraine, 102; Vietnam, 93; Uzbekistan; 88; Belarus, 67; India, 66; Kyrgyzstan, 49; Mongolia, 42; and China, 39.

The campaign has been going for at least a year, and has infected some 1,465 computers in 61 countries with more than 300 targeted attacks.

Dark Reading quotes Jamz Yaneza, a research director at Trend Micro, as saying it’s probably a case of industrial espionage. But who by? ”This seems to be a notable attack in that respect: It doesn’t target Western countries or states. It seems to be the reverse this time,” Yaneza says.

Other tidbits from the Dark Reading report: Definitely not out of Russia, according to Yaneza. David Perry, global director of education at Trend Micro, says could be out of China or U.S., but no evidence of either. So it could be either hacktivists or industrial espionage. Yaneza says attackers stole Word files and spreadsheets, not financial information. “A lot of the targets seemed to be government-based,” he says.

My tuppennies’ worth? Seems unlikely to be hactivists, at least the type we think of. This was a concerted campaign, specifically aimed to get certain documents. Much more likely to be either industrial espionage or pure espionage. Which means we might have reached the stage where groups of hackers are conducting these attacks because a market exists for the product retrieved. Or had we already gotten there, and just not known it?

Either way, Russia and its former allies are now in the crosshairs.

More reading:

Massive malware attacks uncovered in former USSR | thinq_

Cyberspy attacks targeting Russians traced back to UK and US • The Register

Strip CAPTCHA Spam

TROJ_CAPTCHAR.A screenshot

Whatever useful stuff the good guys come up with, the bad guys ain’t far behind. A few months back I wrote about researchers at Carnegie Mellon coming up with a way to use CAPTCHA tools to help decipher words in text by the Internet Archive. The basic idea is that the effort to prevent spammers and others automating their intrusion into websites (signing up for stuff, comment spam etc) should not be wasted.

Now a sleazeball has found a way to do the same thing: get folk to decipher CAPTCHA texts through a small program, delivered by Trojan, that offers striptease in exchange for guessing the texts correctly (Trend Micro, via via Seth Godin):

A nifty little program which Trend Micro detects as TROJ_CAPTCHAR.A disguises itself as a strip-tease game, wherein a scantily-clad “Melissa” agrees to take off a little bit of her clothing. However, for her to strut her stuff, users must identify the letters hidden within a CAPTCHA. Input the letters correctly, press “go” and “Melissa” reveals more of herself.

However, the “answers” are then sent to a remote server, where a malicious user eagerly awaits them. The “strip-tease” game is actually a ploy by ingenious malware authors to identify and match ambiguous CAPTCHA images from legitimate sites, using the unsuspecting user as the decoder of the said image.

As Trend Micro points out, the CAPTCHAs in this case are from Yahoo! Web site, suggesting that a spammer is building up Yahoo! accounts.

CAPTCHA Wish Your Girlfriend Was Hot Like Me? – TrendLabs | Malware Blog – by Trend Micro

Technorati Tags: , , ,

Helping the World, Ripple by Ripple

Ripple-logoGod, I love simple ideas. This is great one (tip of hat to Lifehack) because it’s already working. By doing your search through Melbourne-based ripple, and looking at an ad, you direct the cents your eyeballs earn to charity. A few hours after launch the difference is already being felt:

In our first 48 hours we received enough visitors to provide:

* 2 people with access to clean water and sanitation FOR LIFE! and;
* Seven years of education to 2 children in East Timor; and
* Maintain more than $334,800 in micro-finance loans for a day. That’s around 800 loans to allow people in the Phillipines and elsewhere to start their own business; and
* Set up 15 market gardens in Cambodia to provide nutritious food to a village

I’ve done a more extensive write-up at tenminut.es.

The Charting Of An Urban Myth? Or A Double Bluff?

Here’s a cautionary tale from Vmyths, the virus myths website, on how urban legends are born.

Vmyths says that Reuters News Agency filed a report from Singapore last week quoting anti-virus manufacturer Trend Micro (makers of PC-cillin) as saying computer virus attacks cost global businesses an estimated $55 billion in damages in 2003. That’s a lot of damage. Two spokesmen at Trend Micro have since called Vmyths to “correct” the report. One said it was “wrong.”  Another said Trend Micro “cannot gauge a damage value — because they simply don’t collect the required data”.

Vmyths says the report was later pulled, but without any explanation. I’m not so sure. I can still see it on Reuters’ own website, Forbes, Yahoo, The Hindustan Times, ZDNet, MSNBC, ComputerWorld, The New York Times, etc etc. And the story still sits in Reuters’ official database, Factiva (co-owned by Dow Jones, the company I work for.) I’ve sought word from Trend Micro (I wasn’t able to reach anyone in Taiwan, Singapore or Tokyo by phone and emails have gone unanswered for 10 hours; I guess Chinese New Year has already started. Perhaps the U.S. will be more responsive). Emails to the author of the Reuters report have gone unanswered so far.

As Vmyths points out, it’s great that Trend Micro has tried to set the record straight.  But if the story was wrong, why is it still out there on the web, and, in particular, on Reuters’ own sites? And why hasn’t Trend Micro put something up on its website pointing out the report is wrong? Has Trend Micro done everything it can to get things right? Was the report wrong, or the original data?

This episode highlights how, in the age of the Internet, an apparently erroneous story can spread so rapidly and extensively, from even such an authoritative source as Reuters, and how hard it is to correct errors once the Net gets hold of them. In the pre-WWW world (and speaking as a former Reuters journalist) it was relatively simple process to correct something: overwrite it from the proprietary Reuters screen with a corrected version, withdraw the story, or, in the case of subscribers taking a Reuters feed (newspapers, radio stations and what-have-you), sending a note correcting the story. Proprietary databases could be corrected. So long as the story wasn’t already in print, you were usually safe. Nowadays it’s not so easy.

Vmyths is right: Expect to see the $55 billion figure pop up all over the place. (Of course, until we know for sure, it’s possible that the real myth that comes out of this could be that the story was wrong, when in fact it was right.) Ow, I’m getting a headache.