Is Epic Turla Exploiting Windows XP?
Kaspersky Lab has discovered an espionage network that successfully attacked government institutions, intelligence agencies and European companies.
The firm has dubbed the spy operation Epic Turla, and said that it is in no doubt about its capabilities.
“Over the last 10 months, Kaspersky Lab researchers have analyzed a massive cyber-espionage operation which we call ‘Epic Turla’,” it said.
“The attackers behind Epic Turla have infected several hundred computers in more than 45 countries, including government institutions, embassies, military, education, research and pharmaceutical companies.”
Kaspersky said that Epic Turla used two zero-day exploits that affected Adobe and Microsoft software, along with some backdoor and social engineering tricks.
In particular, Kaspersky said a vulnerability in Windows XP and Windows 2003 – CVE-2013-5065 – termed a “privilege escalation vulnerability” is being used. “The CVE-2013-5065 exploit allows the backdoor to achieve administrator privileges on the system and run unrestricted. This exploit only works on unpatched Microsoft Windows XP systems.”
The use of this Windows XP flaw underlines the risk that the unsupported Windows XP OS poses. Kaspersky went on to explain that, once inside, attackers install their own rootkits and other malware tools and begin their surveillance.
“Once the attackers obtain the necessary credentials without the victim noticing, they deploy the rootkit and other extreme persistence mechanisms,” it said. “The attacks are still ongoing as of July 2014, actively targeting users in Europe and the Middle East.”
The attacks are just the latest in a long line of incidents that businesses need to be aware of as cyber attacks continue at an alarming rate.
In June the security firm Crowdstrike alerted the industry to Putter Panda, a cute-sounding but nasty piece of malware. That firm pointed an accusatory finger at China and charged it with espionage on the US and Europe.
Crowdstrike CEO George Kurtz said at the time, “China’s decade-long economic espionage campaign is massive and unrelenting. Through widespread espionage campaigns, Chinese threat actors are targeting companies and governments in every part of the globe.” Chinese authorities disputed this.
The report comes in the same week Hold Security reported uncovering a huge trove of 1.2 billion web passwords and login details that have been gathered by Russian cyber criminals.
OpenSuse Goes Rolling
OpenSuse, the free Linux distribution forked from Suse Linux Professional and the basis for Suse Linux Enterprise, is switching to a rolling release model.
The development change will see daily builds released to keep the distribution at the cutting edge of development.
Announced by the Opensuse Project on Wednesday, the rolling release model for the development version of Opensuse, which is called Factory, will shorten the stabilisation process for releases and eliminate the need for pre-release or “milestone” builds, the project said.
Opensuse board chairman Richard Brown said that the project team was hopeful that the move would lead to more users of the software and more contributors to the code, which would have a knock-on effect on quality.
“With a daily fresh Factory distribution making it easier for those who want to preview and test, we hope to see more users and contributors, leading to faster fixes and even higher quality. Factory is critical as it provides the base technology for Opensuse and Suse Linux Enterprise, which is used by tens of thousands of organisations around the world,” he said.
The new development model balances responsibility among packagers, testers and end users while putting more emphasis on automated quality assurance. As a result, Opensuse Factory is no longer just the development branch of Opensuse but becomes a reliable, always-ready working distribution, according to the project.
The move also means that Opensuse is following a similar development model to Fedora, the cutting-edge Linux distribution sponsored by Red Hat that Red Hat Enterprise Linux (RHEL) is based upon.
More information on Opensuse Factory can be found on the project’s online portal. However, at the time of writing this was still showing a notice warning that the Factory repository is not guaranteed to be fully stable, and advising users to download the current release build.
An Opensuse spokesperson told stated that this is because the Factory build is primarily for developers and those keen to see the latest developments, and is not recommended for production environments.
Is Malware Wreaking Havoc On XP?
One of the top three malware programs affecting businesses in the second quarter is a worm that takes advantage of the large number of companies still using Windows XP, Trend Micro has warned.
The worm, dubbed DOWNAD, also known as Conficker, can infect an entire network via a malicious URL, spam email, or removable drive. Windows XP is particularly susceptible to this threat because it is known to exploit the MS08-067 Server service vulnerability in order to execute arbitrary code.
DOWNAD also has its own domain generation algorithm (DGA) that allows it to create randomly-generated URLs. It then connects to these created URLs to download files to the system. Trend Micro said that around 175 IP addresses are found to be related to the DOWNAD worm and that these IP addresses use various ports and are randomly generated via the DGA capability of DOWNAD.
“During our monitoring of the spam landscape, we observed that in Q2, more than 40 percent of malware related spam mails are delivered by machines infected by DOWNAD worm,” said Trend Micro anti-spam research engineer Maria Manly in a blog post.
“A number of machines are still infected by this threat and leveraged to send the spammed messages to further increase the number of infected systems. And with Microsoft ending the support for Windows XP this year, we can expect that systems with this OS can be infected by threats like DOWNAD.”
The security company warned that spam campaigns delivering FAREIT, MYTOB, and LOVGATE payloads in email attachments are attributed to DOWNAD infected machines. FAREIT is a malware family of information stealers that download variants of the Zeus Trojan, while MYTOB is an old family of worms known for sending a copy of itself in spam attachments.
The other top sources of spam with malware are the CUTWAIL botnet, together with Gameover ZeuS (GoZ). Manly said CUTWAIL was actually previously used to download GoZ malware but now a malware called UPATRE employs GoZ malware or variants of ZBOT which have peer-to-peer functionality.
“In the last few weeks we have reported various spam runs that abused Dropbox links to host malware like UPATRE,” Manly said. “We also spotted a spammed message in the guise of voice mail that contains a Cryptolocker variant. The latest we have seen is a spam campaign with links that leveraged CUBBY, a file storage service, this time carrying a banking malware detected as TSPY_BANKER.WSTA.”
According to Manly, cybercriminals and threat actors are probably abusing file storage platforms to mask their malicious activities and go undetected in the system and network.
“As spam with malware attachment continues to proliferate, so is spam with links carrying malicious files. The continuous abuse of file hosting services to spread malware appears to have become a favoured infection vector of cyber criminals most likely because this makes it more effective given that the URLs are legitimate thereby increasing the chance of bypassing anti-spam filters,” she added.
Can Malwarebytes Protect XP?
Malwarebytes has launched anti-exploit services to protect Windows users from hacking attacks on vulnerabilities in popular targets including Microsoft Office, Adobe software products and Java, a service which even offers protection for Windows XP users.
Consumer, Premium and Corporate versions of the service are available, and are designed to pre-emptively stop hackers from infecting Windows machines with malware.
“An exploit will typically first corrupt the memory of an application process, take control, then execute code,” said Malwarebytes director of special projects Pedro Bustamante.
“From the shell code it executes a payload that tells the exploit what to do and that in turn usually downloads malware from the internet and executes it. The final stage is usually where antivirus kicks in, when it’s being downloaded from the internet, and starts doing things like behavioural analysis to see if it’s malicious.
“We don’t care about that, what we do comes before then. We just look for exploit-like behaviour and block anything that looks like it at the shellcode or payload stages. We come into play before the malware even appears on the scene.”
The Consumer version of the anti-exploit service is free and offers basic browser and Java protection.
The Premium version costs $37.00 per user and adds Office and Adobe protection services as well as the ability to add custom shields to other internet-facing applications, like Messenger or Netflix.
The Corporate version costs$40.00 person user and offers complete anti-exploit protection and comes with Malwarebytes’ Anti-malware service and a toolkit for IT managers.
Bustamante explained that the technology is designed to help businesses and general web users defend against the new wave of exploit-based cyber attacks.
“Traditional security can’t deal with exploits. Every day we see people getting infected, even if they have the latest up-to-date antivirus readers, because of exploits,” he said. “This is why we care about the applications you run – Firefox, Chrome, Internet Explorer, Java, Acrobat [and Microsoft] Word, Excel [and] Powerpoint.”
Bustamante added that the service is doubly important for Windows XP users since Microsoft officially ceased support for the OS in April.
“We’re still seeing over 25 percent of our users running XP. For them this product is even more important,” he said.
“We see new zero-days if not every week, every month, and for XP users who are not getting any more patches from Microsoft this product will be essential.
“Every month Microsoft will be releasing security patches for newer versions of Windows. Every time Microsoft does this it’ll be a treasure map for hackers to find exploits on Windows XP.
“It’ll show them exactly where the vulnerabilities are, so every month will see an influx of new exploits targeting Windows XP.”
Dell Unveils Laptop/Tablet Hybrid
Dell unveiled a new 11.6-in. screen rugged laptop that has literally has a twist — the screen can rotate 180 degrees to turn the device into a tablet.
At first, the Latitude 12 looks like a laptop. But within the display panel, the screen rotates 180 degrees and the laptop turns into a tablet once placed on the keyboard.
The new Latitude 12 laptop is part of a new Rugged Extreme line of laptops, which also includes the Rugged Extreme 14. The new laptops are robust and can withstand six-foot drops and remain protected from extreme weather conditions.
The laptops have hard covers that add a layer of protection, but also make the products heavy. The Latitude 12 Rugged Extreme weighs 2.72 kilograms with a four-cell battery, while the 14-in. counterpart weighs 3.54 kilograms with a six-cell battery and no optical drive.
The laptops can also withstand solar radiation, “explosive atmosphere” and weather ranging from -20 degrees to 145 degrees Fahrenheit (-29 degrees to 63 degrees Celsius), according to specifications provided by Dell. The products are targeted at field workers like emergency responders and the military, and will compete against Toughbook rugged laptops from Panasonic.
The Latitude 12 rugged laptop has a starting price of $3,649, while the Latitude 14 begins at $3,499. The laptops will ship next month.
The hybrid design in Latitude 12 has been borrowed from the company’s XPS 12 Ultrabook Touch, which has a 12.5-inch screen that can similarly flip to turn the laptop into a tablet. The resistive touch screens on both laptops can show images at a resolution of 1366 x 768 pixels.
The laptops will have storage options of up to 512GB solid-state drives. Users can configure the laptop with Intel’s latest fourth-generation Core processorscode-named Haswell. The laptops will come with either Windows 8.1 or 7, or Ubuntu Linux operating systems.
Other features include support for up to 16GB of DRAM, Wi-Fi and Gigabit Ethernet through a connector. The laptop also has USB 3.0, USB 2.0, VGA and HDMI ports. Mobile broadband and docking are available as options.
nVidia Goes For Raspberry Pi
nVidia has unveiled what it claims is “the world’s first mobile supercomputer”, a development kit powered by a Tegra K1 chip.
Dubbed the Jetson TK1, the kit is built for embedded systems to aid the development of computers attempting to simulate human recognition of physical objects, such as robots and self-driving cars.
Speaking at the GPU Technology Conference (GTC) on Tuesday, Nvidia co-founder and CEO Jen Hsun Huang described it as “the world’s tiniest little supercomputer”, noting that it’s capable of running anything the Geforce GTX Titan Z graphics card can run, but at a slower pace.
With a total performance of 326 GFLOPS, the Jetson TK1 should be more powerful than the Raspberry Pi board, which delivers just 24 GFLOPS, but will retail for much more, costing $192 in the US – a number that matches the number of cores in the Tegra K1 processor that Nvidia launched at CES in Las Vegas in January.
Described by the company as a “super chip” that can bridge the gap between mobile computing and supercomputing, the Nvidia Tegra K1, which replaces the Tegra 4, is based on the firm’s Kepler GPU architecture.
The firm boasted at CES that the chip will be capable of bringing next-generation PC gaming to mobile devices, and Nvidia claimed that it will be able to match the PS4 and Xbox One consoles’ graphics performance.
Designed from the ground up for CUDA, which now has more than 100,000 developers, the Jetson TK1 Developer Kit includes the programming tools required by software developers to develop and deploy compute-intensive systems quickly, Nvidia claimed.
“The Jetson TK1 also comes with this new SDK called Vision Works. Stacked onto CUDA, it comes with a whole bunch of primitives whether it’s recognising corners or detecting edges, or it could be classifying objects. Parameters are loaded into this Vision Works primitives system and all of a sudden it recognises objects,” Huang said.
“On top of it, there’s simple pipe lines we’ve created for you in sample code so that it helps you get started on what a structure for motion algorithm, object detection, object tracking algorithms would look like and on top of that you could develop your own application.”
Nvidia also expects the Jetson TK1 to be able to operate in the sub-10 Watt market for applications that previously consumed 100 Watts or more.
Is Samsung Ditching Android?
March 13, 2014 by admin
Filed under Around The Net
Comments Off on Is Samsung Ditching Android?
Samsung appears to have delivered a huge snuff to Android OS maker Google. Samsung’s new smartwatch Gear 2 and Gear 2 Neo, the sequels to the poorly reviewed original Galaxy Gear are going to ship without Android.
Instead, the new Gears run Tizen, another open source operating system that Samsung, Intel, and others are working on. It is starting to look like Samsung wants to distance itself from its reliance on Google for software and services.
Samsung’s official reason is that Tizen has better battery life and performance. The new Gears can get up to an extra two days of battery life by running Tizen, even though they have the same size battery. The Galaxy Gear barely made it through a day on one charge.
To be fair Android isn’t optimized to run on wearable devices like smart watches, but Samsung didn’t want to wait around for Google to catch up. It was clearly concerned about beating Apple to market. So far Apple has not shown up.
Is China Mobile Good For Apple?
January 29, 2014 by admin
Filed under Smartphones
Comments Off on Is China Mobile Good For Apple?
The tame Apple Press has enthusiastically been running storied about how well Apple is doing in China. Reuters for example has been saying that the one million pre-orders that Jobs’ Mob has just collected is a triumph for Tim Cook’s negotiating ability. Getting a deal out of China Mobile was something the sainted Steve Jobs could not manage.
However saner heads are urging caution, While it is true that launching its iPhone on China Mobile vast network on Friday, opening the door to the world’s largest carrier’s 763 million subscribers and giving its China sales a short-term jolt, it is not likely to last. For a start the deal could start a war which China Mobile would not want. Some analysts predicting a costly subsidy war as rival carriers compete to lure customers. If China Mobile does not make its targets on sales for these phones, they are going to increase the subsidies.
China Mobile’s iPhone sales are expected to reach 12 million in its 2014 fiscal year, but its subsidies will leap 57 percent to $7 billion. In addition, the prices are still really high for the Chinese market. For the basic 16GB iPhone 5S, with no subscriber contract, China Mobile is charging $870.
China Unicom and China Telecom slashed their iPhone prices by as much as $210 following the announcement that a deal had been struck between Apple and China Mobile. The pair have also offered a range of cut-price deals on contracts. But there are also some problems with the pre-orders. Reuters checks showed that there were multiple registrations using fake ID numbers which means that people are buying up hoping to make a swift buck on resales.
All this is the least of Apple’s Chinese worries. The outfit has fallen out of favour with consumers who are increasingly opting for domestic products. Those who want an iPhone do not need to pay excessively to get one through China mobile either. In China, you can buy handsets typically smuggled from Hong Kong and then sign up for a China Mobile contract. This is a swings and roundabouts for Apple. If people buy from China Mobile, they will not buy from Hong Kong so it will lose sales there. If they don’t then the China Mobile contract is rubbish.
ZTE Attempts To Double Marketshare
January 27, 2014 by admin
Filed under Smartphones
Comments Off on ZTE Attempts To Double Marketshare
China’s ZTE Corp, the world’s seventh-largest smartphone maker, wants to nearly double its U.S. market share in the next three years by increasing spending on marketing.
ZTE, which trails nearby rival Huawei Technologies Co Ltd in selling both smartphones and telecoms equipment, wants more share of the fat profit margins promised by sales of high-end phones in the United States.
But the company needs to first work on its image. Its mainstay telecom equipment business was essentially shut out of the U.S. and other markets after government officials flagged security concerns about Chinese-made equipment.
ZTE targets a U.S. market share of 10 percent by 2017 from 6 percent in 2013, Lv Qianhao, global marketing director of mobile devices, told Reuters at a company event on Thursday.
That would place it a distant third behind Apple Inc with 41 percent and Samsung Electronics Co Ltd with 26 percent, according to September-November data from researcher comScore.
To that end, ZTE will increase its U.S. marketing budget by at least 120 percent this year from last, Lv said without elaborating. Like other Chinese handset makers, ZTE is grappling with low brand awareness in the world’s second-largest smartphone market and perceptions of inferior quality.
Samsung Electronics, which earns around two-thirds of its operating profit from its mobile division, spent $597 million on marketing in the United States in 2012, according to researcher AdAge.
Last year, ZTE signed a deal with the Houston Rockets basketball team and released a Rockets-branded phone.
“We want young U.S. consumers to participate in our marketing activities, so we will have more NBA (National Basketball Association) stores and channels that sell our products,” Lv said.
Globally, ZTE aims to ship around 60 million smartphones this year compared with about 40 million smartphones last year, said Senior Vice President Zhang Renjun.
The company sees much of that growth in developed markets – including Russia and China- which accounted for 68 percent of mobile device revenue last year compared with 35 percent in 2007, said Lv.
ZTE’s mobile device business sells feature phones as well as smartphones. It was the fifth-biggest mobile phone vendor in July-September, according to researcher Gartner, though it fell out of the top five smartphone sellers list in the same period.
ZTE expects to have swung to a profit for last year having booked its first-ever loss as a public company in 2012.
It based its turnaround on cutting costs, signing fewer low-margin contracts, and winning contracts to build fourth generation telecommunication networks.
The company expects global investment in 4G to reach $100 billion this year, Zhang said.
OpenSuse Hacked
The openSUSE Forums were hijacked today by a Pakistani hacker who goes by handle H4x0r HuSsY. Apparently the hacker exploited the vulnerability in vBulletin 4.2.1 software which SUSE uses to host the forum. The problem is that the hack revealed that the openSUSE Forums were based on proprietary forum software.
The openSUSE team has denied that the users’ passwords were compromised by the hack.
“The credentials for your openSUSE login are not saved in our application databases as we use a single-sign-on system (Access Manager from NetIQ) for all our services. This is a completely separate system and it has not been compromised by this crack,” the team said.
What the cracker reported as compromised passwords where indeed random automatically set strings that are in no way connected to your the passwords.
While it was good that none of the user data was compromised open sourcers are scratching their collective heads and wondering if the attack would have happened if the outfit had been eating its own dogfood and used some nice open source technologies.