How to move your /boot partition onto removable media.

Part of every traveler's threat model today should include the following scenario:

When you're trying to fly into or out of an airport en route to someplace else, it is entirely possible that the airport's security staff will take you aside for a more thorough search and questioning while your stuff is taken someplace out of your control and analyzed. We know that there are malware packages available today that boobytrap the boot device of laptop computers to install various forms of surveillance malware which run the next time you start your machine up and compromise the OS even though …

Read more...

Malware which makes use of (even more) unexpected covert channels (than usual).

Late last year, known and respected information security researcher Dragos Ruiu began tweeting about something he called #badBIOS - a malware agent of some kind that he says jacks the BIOS of a machine and sets itself up as a hypervisor-cum-backdoor beneath the operating system. He's gathered got some evidence that instances of the beastie communicate via near-ultrasound by directly manipulating the soundcard without interacting with the OS' drivers. Whether or not he's actually right, some of the NSA's older existing tools aside - it was surprising how fast corroborating details started popping up around the Net.

In December of 2013 …

Read more...

What hath the fabulists wrought?

It’s long been said that science fiction predicts, or at least inspires some of the things which we take for granted every day. While the exact origins of the genre could be debated until the cows come home (and they most certainly are in some circles), it was some time during the 17th century c.e. during the Age of Reason in which people really began to write stories in which the advances of the time were their inspiration. Great voyages by sailing ship and fanciful aircraft were taken to regions of the globe which had only been seen …

Read more...

European ATMs struck by hacksploitation movie plot.

When manufacturers of ATMs started using Windows to run them, you just knew that no good would come of it.

Eastern European banks discovered this the hard way when the security companies Sophos and SpiderLabs discovered strains of malware tailored for automated teller machines that record the second data track of banking cards inserted into the reader slot along with the PIN entered by the machine's user. That's really all you need to make a copy of the card and loot the account. As if that's not enough, the malware also makes it possible for anyone carrying a specially encoded …

Read more...

Conflicker information and links - distribute widely!

As you have probably heard on the news a new beastie has been making its rounds on the Net, infiltrating Windows machines and awaiting the coming of the first of April - April Fool's Day. Unfortunately, like Y2k and the Michaelangelo virus, there is an incredible amount of misinformation out there making this worm out to be The End of the Net As We Know It - to hear some of the chatterbots talking heads, the milk in your fridge could curdle and your cat will marry your dog if your workstation gets infected. To be fair, nobody's sure of what Conflicker …

Read more...

Fribet: A RAT that chews holes in SQL servers.

Since the country of China stepped up its activities in Tibet hundreds of pro-Tibet websites have been springing up all across the Net. Predictably, some subset of those sites are being compromised by pro-Communist China crackers, which is a popular political maneuver (of questionable effectiveness). Not content to merely deface these sites, some of them are being infected with a malware agent called Fribet, which attacks vulnerabilities in the user's web browser to silently install itself. Fribet not only sets up a backdoor into the system that allows it to be remotely controlled but it is capable of attacking other …

Read more...

A whirlwind recap of the links that piled up in my blogfodder folder.

Medical doctors at Massachusetts General Hospital have discovered that hydrogen sulfide gas can cause the metabolic processes of mammalian cells to drop drastically, thus approximating a state of suspended animation. By breathing a low concentration of the gas the heart rates of experimental animals plummeted rapidly without a corresponding drop in blood pressure or the need for refrigeration; moreover, the state appears to be reversible. This means that the organism requires less oxygen in the depressed state, which means that cells remain viable much longer. The surgical applications should be obvious.

The Internet Storm Center reported not too long ago …

Read more...

MBR infecting rootkits: All the old things are new again.

It seems as if malware evolves just as fast as biological diseases anymore. Earlier this year, it was made public that batches of flu vaccine were probably ineffective against this year's upper respiratory plague that I've complained about more than enough lately (my apologies to house Laurelinde, though - Lyssa and I will bring over something tasty soon for you). Around the same time, a new strain of rootkit called Mebroot hit the Net that infects the Master Boot Record of boxen it's installed into. It compromises the machine below the level of the operating system because executable code referenced by …

Read more...

The Storm Worm botnet learns some new tricks - like phishing.

Scarcely one year after the initial appearance of the Storm Worm and its resulting botnet, some heretofore untapped functionality's been pushed out in one update or another in just the past couple of days: Not only is the botnet sending out phishing-related spam but the phishing sites are hosted on the infected machines themselves. The information security community is speculating that it may now be possible for the controller of the botnet to partition it and assign different tasks to different segments of the infected net.population. As if that weren't problem enough, the domains that the phishing sites use …

Read more...

Ransomware: Pay us $35us or be forever locked out of your box!

Ransomware, malware that forces the user of an infected machine to pay a sum of money to Someone Out There in exchange for regaining access to their data isn't exactly the most common thing going around but it seems to be catching on, and I can't think of a reason why it would slow down. Earlier strains found in the wild did things like finding and encrypting all Excel spreadsheets on a machine and demanding that the user wire money someplace in exchange for the utility that would decrypt them, but now the stakes are a bit higher on both …

Read more...