CloudOnomics

by

By Ian Moyse Moore’s Law back in 1965 predicted silicon power would double every two years. But what its creator, Gordon E. Moore, couldn’t have predicted was the dramatic economies of scale the cloud would eventually bring to all of our lives. For one, it’s helped lead to a drop in price for essentials like computing power and storage by making them more accessible. But also, it’s enabled conveniences no one ever would have imagined four or so decades ago. Today we’re able to use a mobile device with massive power and local storage to locate and download from virtually […]

Continue Reading »

Mebromi: the first BIOS rootkit in the wild

by

By Marco Giuliani In the past few weeks a Chinese security company called Qihoo 360 blogged about a new BIOS rootkit hitting Chinese computers. This turned to be a very interesting discovery as it appears to be the first real malware targeting system BIOS since a well-known proof of concept called IceLord in 2007. The malware is called Mebromi and contains a bit of everything: a BIOS rootkit specifically targeting Award BIOS, a MBR rootkit, a kernel mode rootkit, a PE file infector and a Trojan downloader. At this time, Mebromi is not designed to infect 64-bit operating system and it is not […]

Continue Reading »

Morto Worm Annoyances Outstrip Functionality

by

The past couple of days have been very busy for a lot of people, following the announcement by Microsoft that they had discovered a new network worm called Morto. After reading the refreshingly thorough writeup about Morto from both Microsoft and our partner Sophos, we were surprised to find that a few of our customers had been infected — and cleaned up — beginning with some poor schlub in South Africa as early as July 23rd, but the worm kicked into high gear last Thursday and began to propagate rapidly. But, as much as the technical details in these posts […]

Continue Reading »

Trojans Employ Misdirection Instead of Obfuscation

by

An unusual family of Trojans, apparently of Chinese origin, engages in rootkit-like behavior which seems designed not to hide the presence of the malware on an infected system, but to misdirect or confuse a technical person who might be using system analysis tools on an infected computer. The Trojans all originated from a server operated by a free Web host in China, and each sample we tested sent profiling data about the infected system to a command-and-control server located on yet another free Web host, also located in China. It appears to have capabilities to receive instructions to download other […]

Continue Reading »

Black Hat Redux: Botnet Takedown Mistakes to Avoid

by

I’ve worked in the security industry for nearly five years, and it was apparent early on that the most successful people in this field bring to their work a passion and a commitment to protecting not only one’s customers, but to providing a certain level of information about security threats to the world at-large, so even your non-customers can help or protect themselves. It can be hard to know where to stop once you get on a roll. Malware infections frequently lead to unexplored, interesting backwaters on the Internet. And, sometimes, those backwaters are where the criminals run those operations. […]

Continue Reading »

Targeted Malware Infects Windows-based Cash Registers

by

A serious, targeted threat from customized malware that steals credit card magnetic strip track data could literally bankrupt your business. That’s the message two security researchers from Trustwave gave at their talk during the Defcon computer security conference Saturday. The researchers, Jibran Ilyas and Nicholas Percoco of Trustwave Spider Labs, respond to calls for help when businesses find malware in critical systems. When banks field reports of credit card fraud, they try to find the earliest common location or business where all the victims used their card. When they do, the bank calls the business, who then call in the […]

Continue Reading »

TDL3 and ZeroAccess: More of the Same?

by

By Marco Giuliani In our previous technical analysis of the ZeroAccess rootkit, we highlighted how it acts as a framework by infecting the machine — setting up its own private space in the disk, first through a dedicated file system on the disk, and more recently by using a hidden and locked directory. This is where the rootkit stores the modules it downloads from the command and control servers. Until now, the plugins we’ve monitored have been ad-clickers and search engine hijackers. We have also noted how the ZeroAccess rootkit acts very similar to the TDL3 rootkit, either by infecting […]

Continue Reading »

Two Days in Vegas: Black Hat in Brief

by

The Black Hat briefings, held Wednesday and Thursday this week, once again brought together some of the best and brightest in the security industry to share knowledge about novel attacks and better defenses against old and new attacks. And, once again, there were some eye opening moments at the conference. Right from the beginning, it was clear the scope of the conference had shifted from the previous year. Conference founder Jeff Moss described a new, more rigorous committee-driven process that Black Hat had begun to employ to scrutinize and vet talk proposals. Talks this year would be more technical, go […]

Continue Reading »

New Tool Released: Kiss (or Kick) ZeroAccess Goodbye

by

There are fewer types of malware infections more frustrating and annoying than a rootkit with backdoor capabilities. Over the past couple of years, we’ve seen the emergence of this new, tough-to-fight infectious code, and its transformation from nuisance to severe threat. With the hard work and perseverance of Threat Research Analyst and master reverse-engineer Marco Giuliani, we’re proud to release the latest build of a tool we’ve used internally to clean the infections from the notable ZeroAccess rootkit off of victims’ computers. AntiZeroAccess exploits many of the vulnerabilities that Marco discovered in the rootkit to cleanly remove the rootkit code […]

Continue Reading »

This Week: Black Hat Coverage

by

As I do every year, I’ve deliberately traveled to the most inhospitable climate zone in the continental US — that is, the city of Las Vegas — to attend the elite technical conference known as the Black Hat Briefings. Black Hat is not just a technical conference, but a kind of calling for its attendees, which brings together experts in computer security, privacy, and attacks with high level officials in government and industry. In this rarefied environment, the security industry and its benefactors share information, tools, and techniques that help the entire industry coordinate their work against the interests of […]

Continue Reading »