Is Epic Turla Exploiting Windows XP?
Kaspersky Lab has discovered an espionage network that successfully attacked government institutions, intelligence agencies and European companies.
The firm has dubbed the spy operation Epic Turla, and said that it is in no doubt about its capabilities.
“Over the last 10 months, Kaspersky Lab researchers have analyzed a massive cyber-espionage operation which we call ‘Epic Turla’,” it said.
“The attackers behind Epic Turla have infected several hundred computers in more than 45 countries, including government institutions, embassies, military, education, research and pharmaceutical companies.”
Kaspersky said that Epic Turla used two zero-day exploits that affected Adobe and Microsoft software, along with some backdoor and social engineering tricks.
In particular, Kaspersky said a vulnerability in Windows XP and Windows 2003 – CVE-2013-5065 – termed a “privilege escalation vulnerability” is being used. “The CVE-2013-5065 exploit allows the backdoor to achieve administrator privileges on the system and run unrestricted. This exploit only works on unpatched Microsoft Windows XP systems.”
The use of this Windows XP flaw underlines the risk that the unsupported Windows XP OS poses. Kaspersky went on to explain that, once inside, attackers install their own rootkits and other malware tools and begin their surveillance.
“Once the attackers obtain the necessary credentials without the victim noticing, they deploy the rootkit and other extreme persistence mechanisms,” it said. “The attacks are still ongoing as of July 2014, actively targeting users in Europe and the Middle East.”
The attacks are just the latest in a long line of incidents that businesses need to be aware of as cyber attacks continue at an alarming rate.
In June the security firm Crowdstrike alerted the industry to Putter Panda, a cute-sounding but nasty piece of malware. That firm pointed an accusatory finger at China and charged it with espionage on the US and Europe.
Crowdstrike CEO George Kurtz said at the time, “China’s decade-long economic espionage campaign is massive and unrelenting. Through widespread espionage campaigns, Chinese threat actors are targeting companies and governments in every part of the globe.” Chinese authorities disputed this.
The report comes in the same week Hold Security reported uncovering a huge trove of 1.2 billion web passwords and login details that have been gathered by Russian cyber criminals.
Is Malware Wreaking Havoc On XP?
One of the top three malware programs affecting businesses in the second quarter is a worm that takes advantage of the large number of companies still using Windows XP, Trend Micro has warned.
The worm, dubbed DOWNAD, also known as Conficker, can infect an entire network via a malicious URL, spam email, or removable drive. Windows XP is particularly susceptible to this threat because it is known to exploit the MS08-067 Server service vulnerability in order to execute arbitrary code.
DOWNAD also has its own domain generation algorithm (DGA) that allows it to create randomly-generated URLs. It then connects to these created URLs to download files to the system. Trend Micro said that around 175 IP addresses are found to be related to the DOWNAD worm and that these IP addresses use various ports and are randomly generated via the DGA capability of DOWNAD.
“During our monitoring of the spam landscape, we observed that in Q2, more than 40 percent of malware related spam mails are delivered by machines infected by DOWNAD worm,” said Trend Micro anti-spam research engineer Maria Manly in a blog post.
“A number of machines are still infected by this threat and leveraged to send the spammed messages to further increase the number of infected systems. And with Microsoft ending the support for Windows XP this year, we can expect that systems with this OS can be infected by threats like DOWNAD.”
The security company warned that spam campaigns delivering FAREIT, MYTOB, and LOVGATE payloads in email attachments are attributed to DOWNAD infected machines. FAREIT is a malware family of information stealers that download variants of the Zeus Trojan, while MYTOB is an old family of worms known for sending a copy of itself in spam attachments.
The other top sources of spam with malware are the CUTWAIL botnet, together with Gameover ZeuS (GoZ). Manly said CUTWAIL was actually previously used to download GoZ malware but now a malware called UPATRE employs GoZ malware or variants of ZBOT which have peer-to-peer functionality.
“In the last few weeks we have reported various spam runs that abused Dropbox links to host malware like UPATRE,” Manly said. “We also spotted a spammed message in the guise of voice mail that contains a Cryptolocker variant. The latest we have seen is a spam campaign with links that leveraged CUBBY, a file storage service, this time carrying a banking malware detected as TSPY_BANKER.WSTA.”
According to Manly, cybercriminals and threat actors are probably abusing file storage platforms to mask their malicious activities and go undetected in the system and network.
“As spam with malware attachment continues to proliferate, so is spam with links carrying malicious files. The continuous abuse of file hosting services to spread malware appears to have become a favoured infection vector of cyber criminals most likely because this makes it more effective given that the URLs are legitimate thereby increasing the chance of bypassing anti-spam filters,” she added.
Did Stuxnet Infect A Russian Nuclear Plant?
Comments Off on Did Stuxnet Infect A Russian Nuclear Plant?
Kaspersky has claimed that the infamous Stuxnet computer worm “badly infected” the internal network of an unnamed Russian nuclear plant after it caused chaos in Iran’s nuclear facilities.
Speaking at a keynote presentation given at the Canberra Press Club 2013, Kaspersky CEO Eugene Kaspersky said a staffer at the unnamed nuclear plant informed him of the infection.
“[The staffer said] their nuclear plant network which was disconnected from the internet was badly infected by Stuxnet,” Kaspersky said.
“So unfortunately these people who were responsible for offensive technologies, they recognise cyber weapons as an opportunity.”
Stuxnet was discovered to have spread throughout industrial software and equipment in 2010 and is believed to have been created by the United States and Israel to attack Iran’s nuclear facilities. According to Kaspersky’s source, the malware was carried into the Russian nuclear plant and installed on a physically separated “air-gapped” network.
Kaspersky also made a rather outlandish joke during his speech, saying that all data is subject to theft. “All the data is stolen,” Kaspersky said. “At least twice.”
“If the claim of the Russian nuclear plant infection is true, then it’s easy to imagine how this “collateral damage” could have turned into a very serious incident indeed, with obvious diplomatic repercussions,” said security expert Graham Cluley.
“There is no way to independently verify the claim, of course. But it is a fact that Stuxnet managed to infect many computer systems outside of its intended target in Iran,” Cluley added. “Indeed, the very fact that it spread out of control, was what lead to its discovery by security firms.”
Earlier this year, Symantec claimed that the Stuxnet computer worm could date back further than 2010 and was more widespread than originally believed.
Symantec’s report called “The Missing Link” found a build of the Stuxnet attack tool, dubbed Stuxnet 0.5, which it said dated back to 2005 and used different techniques to sabotage industrial facilities.
SanDisk Debuts Wireless Flash Drive
August 5, 2013 by admin
Filed under Around The Net
Comments Off on SanDisk Debuts Wireless Flash Drive
SanDisk on Monday announced a line of wireless flash drives that can hold up to 64GB of data.
The new drives include the Connect Wireless Flash Drive — a thumb drive — and the Connect Wireless Media Drive, a larger, but still pocket-sized storage device. The Connect Wireless Flash Drive comes in 16GB and 32GB capacities; the Connect Wireless Media Drive comes in 32GB and 64GB capacities.
The Connect Wireless Flash drive is 3.07-in. x 1.04-in. x 0.54-in. The Connect Wireless Media Drive is 2.6-in. x 2.6-in. x 0.52-in.
The Connect Wireless drive family allows users to not only store but share and stream files across multiple mobile devices. They offer up to eight simultaneous device connections and three media streams, and support separate streams of 720p video content at 2MB/sec to three or five devices concurrently (for the Flash Drive and Media Drive, respectively).
According to a SanDisk spokesman, video streaming performance isn’t affected by multiple streams because device limits are set at a point that supports the streams without degradation. Devices can connect to the drives up to 150 feet away.
The Connect Wireless drives work with all iOS and Android devices, and Kindle Fire tablets, as well as PC and Mac computers. The drives are compatible with Windows 8, Windows 7, Windows Vista, Windows XP and Mac OS 10.6 or higher
Movies, music, photos and documents can be loaded onto the wireless drives by simply dragging and dropping the files, which can then be accessed via the SanDisk Connect apps. Those apps are available for download from the App Store, Google Play Store and the Amazon Appstore for Android.
The drives contain an internal router, so no external router or Internet connection is needed to stream media. In order to use the drives, mobile device users simply download SanDisk’s Connect App.
The drives run on lithium-ion batteries. A single charge provides up to four hours of wireless streaming, with streaming data protected by Wi-Fi Password Protection (WPA2).
“With the new SanDisk Connect product line, we’re raising the bar on what consumers can expect from personal storage,” said Dinesh Bahal, vice president for product marketing for SanDisk.
The SanDisk Connect Wireless Flash Drive is available in 16GB or 32GB capacities for $49.99 and $59.99, respectively. In the U.S., it is available for preorder on Amazon.com, Newegg.com and Micro Center, with availability at Best Buy starting in August. It will also be available for preorder on Amazon.com in Germany and UK.
The SanDisk Connect Wireless Media Drive has a retail price of $79.99 for 32GB or $99.99 for 64GB storage capacity. It is available for preorder in the U.S. on Amazon.com, with availability in Germany and UK in the fourth quarter of 2013.
Collaborating Viruses Showing Up
Two computer viruses are collaborating to defeat clean-up operations. Microsoft researcher Hyun Choi has found that the pair of viruses foil removal by regularly downloading updated versions of their malware partner.
It is the first time that such a defense plan has been noticed before. Choi said that the Vobfus and Beebone viruses, were regularly found together. Vobfus was the first to arrive on a machine, he said, and used different tactics to infect victims. Vobfus could be installed via booby-trapped links on websites, travel via network links to other machines or lurk on USB drives and infect machines they are plugged into.
Once installed, Vobfus downloaded Beebone which enrolled the machine into a botnet. After this the two start to work together to regularly download new versions of each other. If Vobfus was detected and remediated, it could have downloaded an undetected Beebone which can in turn download an undetected variant of Vobfus.
Vobfus become a persistent problem since 2009 when it first appeared.
Windows 7 Infection Rate Soaring
Windows 7′s malware infection rate soared by as much as 182% this year, Microsoft said on Tuesday.
But even with that dramatic increase, Windows 7 remained two to three times less likely to fall to hacker attack than the aged Windows XP.
Data from Microsoft’s newest twice-yearly security report showed that in the second quarter of 2012, Windows 7 was between 33% and 182% more likely to be infected by malware than in the second quarter of 2011.
The infection rate for Windows RTM, or “release to manufacturing,” the original version launched in Oct. 2009, was 33% higher this year for the 32-bit edition (x86), 59% higher for the 64-bit (x64) OS.
Windows 7 Service Pack 1 (SP1) — the upgrade that shipped in Feb. 2011 — saw even larger infection increases: 172% for x86, 182% for x64.
Microsoft blamed several factors for the boost in successful malware attacks, including less savvy users.
“This may be caused in part by increasing acceptance and usage of the newest consumer version of Windows,” said Microsoft in its latest Security Intelligence Report. “Early adopters are often technology enthusiasts who have a higher level of technical expertise than the mainstream computing population. As the Windows 7 install base has grown, new users are likely to possess a lower degree of security awareness than the early adopters and be less aware of safe online practices.”
Adobe Gives Up On Windows XP
Adobe said today that the current CS6 version of Photoshop will be the last one to support the operating system.
Adobe Product Manager Tom Hogarty said in a blog post that the Photoshop team would like to provide advanced notice that Photoshop CS6 (13.0) will be the last major version of Photoshop to support Windows XP. He said that modern performance-sensitive software requires modern hardware graphics interfaces that Windows XP lacks, in particular a way to tap into the power of GPUs. By only working on newer operating systems and hardware Adobe can bring in significantly better performance.
Photoshop CS6 already demonstrates that relying on a modern operating system, graphics cards/GPUs and graphics drivers can lead to substantial improvements in 3D, Blur Gallery and Lighting Effect features not available to Windows XP customers, he said.
Adobe hopes that by providing this information early it will help you understand our current decisions around operating system support and where we we’re headed with future releases of Photoshop. It is hard to see how any serious user of Adobe products could be using an XP machine anyway. The move away from XP started with CS 5 which only ran on Vista.
Android Apps To Run On Windows
Software firm Bluestacks is on a mission to close the gap between Microsoft’s Windows and Google’s Android OS with its App Player application, which was released in beta earlier this week.
App Player is an emulator that allows Android applications to run on Windows 7, Vista and XP OSes. Users can install the software in Windows and then run around 450,000 Android applications, including Angry Birds and Fruit Ninja, the company said in a statement.
Beyond PCs, the App Player could also allow Windows tablets such as Hewlett-Packard’s Slate 2 and Dell’s Latitude ST to run Android applications. Bluestacks made headlines at last year’s Computex trade show in Taipei when Advanced Micro Devices showed off an x86 tablet with Android running on top of the Windows 7 software stack. Android applications are mostly written for the ARM instruction set, but the x86 tablet was able to switch between Android and Windows without any problems.
The emulator has new Layercake technology, which exploits hardware accelerators to improve the performance of Android games in Windows. The layer was not included in the previous Bluestacks alpha version. Android applications typically use hardware accelerators found in ARM’s Mali, Nvidia’s Tegra or Imagination Technologies’ PowerVR graphics cores, but Layercake is able to take advantage of hardware accelerators from companies like AMD found in x86 chips.
Source…
Microsoft To Discontinue Vista SP1 Support By July
Comments Off on Microsoft To Discontinue Vista SP1 Support By July
Microsoft reminded users on Monday that it intends to stop supporting Windows Vista Service Pack 1 on July 12.
“From that date onward, Microsoft will no longer provide support or free security updates for Windows Vista Service Pack 1 (SP1),” the company stated in a blog entry on its TechNet website.
The company recommended users upgrade to Vista Service Pack 2 or Windows 7 to receive continued support and patches. Vista SP2 also includes operating system updates such as a new version of Windows Search, and drivers to support new hardware.
Users can install Vista SP2 using Windows Update, or by manually downloading the 32-bit edition or 64-bit edition of the service pack.
Users must have Windows Vista SP1 installed prior to applying SP2. Further instructions on installing SP2 are available on Microsoft’s website.