Citizenfour – The Edward Snowden documentary

November 28, 2014 – 6:34 PM

I was finally able to watch this today and I really enjoyed it. Very well presented and it firmly validated my initial opinion of Edward Snowden. Like him or hate him, every citizen needs to watch this to clearly understand his intent before finalizing your opinion.

Regin: Top-tier espionage tool enables stealthy surveillance

November 27, 2014 – 8:55 AM

In the world of malware threats, only a few rare examples can truly be considered groundbreaking and almost peerless. What we have seen in Regin is just such a class of malware.

Regin is an extremely complex piece of software that can be customized with a wide range of different capabilities which can be deployed depending on the target. It is built on a framework that is designed to sustain long-term intelligence-gathering operations by remaining under the radar. It goes to extraordinary lengths to conceal itself and its activities on compromised computers. Its stealth combines many of the most advanced techniques that we have ever seen in use.

The main purpose of Regin is intelligence gathering and it has been implicated in data collection operations against government organizations, infrastructure operators, businesses, academics, and private individuals. The level of sophistication and complexity of Regin suggests that the development of this threat could have taken well-resourced teams of developers many months or years to develop and maintain.

Regin is a multi-staged, modular threat, meaning that it has a number of components, each depending on others, to perform attack operations. This modular approach gives flexibility to the threat operators as they can load custom features tailored to individual targets when required. Some custom payloads are very advanced and exhibit a high degree of expertise in specialist sectors. The modular design also makes analysis of the threat difficult, as all components must be available in order to fully understand it. This modular approach has been seen in other sophisticated malware families such as Flamer and Weevil (The Mask), while the multi-stage loading architecture is similar to that seen in the Duqu/Stuxnet family of threats.

Regin is different to what are commonly referred to as “traditional” advanced persistent threats (APTs), both in its techniques and ultimate purpose. APTs typically seek specific information, usually intellectual property. Regin’s purpose is different. It is used for the collection of data and continuous monitoring of targeted organizations or individuals. This report provides a technical analysis of Regin based on a number of identified samples and components. This analysis illustrates Regin’s architecture and the many payloads at its disposal.

Source:
http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/regin-analysis.pdf

‘Less’ means more to malware authors targeting Linux users

November 24, 2014 – 5:40 PM

Using the “less” Linux command to view the contents of files downloaded from the Internet is a dangerous operation that can lead to remote code execution, according to a security researcher.

At first glance, less appears to be a harmless command that outputs a file’s content to a terminal window and allows the users to navigate forward and backward through it. Less does not allow file editing, which is a job for file editors like the widely used vi, but has the benefit of displaying data on the fly without needing to load an entire file into memory. This is useful when dealing with large files.

Less is frequently used to view text files, but on many Linux distributions, including Ubuntu and CentOS, it supports many more file types including archives, images and PDF. That’s because, on these systems, less is extended through a script called lesspipe that relies on different third-party tools to process files with various extensions.

The third-party tools that lesspipe, and therefore less, rely on have not been designed with malicious input in mind, said Google security engineer Michal Zalewski in a message Sunday to the Full Disclosure security mailing list.

When Zalewski ran a fuzzing program — a vulnerability testing tool that feeds malformed input to applications — against the cpio file archiving utility, one of the programs supported by lesspipe, it quickly identified a memory bug that can lead to arbitrary code execution.

“While it’s a single bug in cpio, I have no doubt that many of the other lesspipe programs are equally problematic or worse,” the researcher said.

Source:
http://www.pcadvisor.co.uk/news/security/3588479/less-means-more-to-malware-authors-targeting-linux-users/

Stop Trying to Clean Your Infected Computer! Just Nuke it and Reinstall Windows

November 22, 2014 – 8:00 AM

Some people spend hours — maybe even days — trying to clean an infected Windows system and ensuring it’s actually clean and safe afterward. It’s usually not a good idea to do this — just reinstall Windows and start over.

This may seem like a daunting task, especially if you don’t have good backups of your important files. But it’s worth it to quickly obliterate an infection and ensure your system is safe.

The key to securing your computer is ensuring it doesn’t get infected in the first place. That’s why people run antivirus applications that can check programs before they run, ideally preventing a piece of malware from running even once. If malicious software makes it through this protection, it has free rein over your system until it’s discovered and removed.

This is a problem for many different reasons. The malware can take this chance to burrow deeper into your system, hiding itself from being discovered by installing a rootkit that starts up during the boot process. It can infect various system files. It can use its access to transmit your personal data, credit card numbers, and passwords over the Internet.

Worse yet, malware can function as a Trojan horse, opening the floodgates to additional malware that it will download and install from the Internet. If you find your computer is actually infected by a piece of malware, you don’t know if that’s the only piece of malware that’s infected your computer.

Source:
http://www.howtogeek.com/202590/stop-trying-to-clean-your-infected-computer-just-nuke-it-and-reinstall-windows/

New Citadel Trojan Targets Your Password Managers

November 21, 2014 – 5:43 AM

Unless we are a human supercomputer, remembering password is not an easy task and that too, if you have a different password for every different site. But luckily to make the whole process easy, there is a growing market for password managers which provides an extra layer of protection. Wait! Wait! Seriously??

Security researchers have discovered a new variant of data-stealing Citadel Trojan program used by cybercriminals to slurp up users’ master passwords for a number of password management applications and other authentication programs, which will let you think twice before using one.

Citadel Trojan malware program has typically been used to steal online banking credentials and other financial information by masquerading itself as legitimate banking sites when victims open it in their local browser, which is also known as a man-in-the-browser attack.

The malware has previously targeted users’ credentials stored in the password management applications included in popular Web browsers, however, third-party password managers have typically not been targeted by the attackers.

But, researchers at IBM Trusteer noted that the configuration file of the notorious malware had been modified to activate a keylogger when users opened either Password Safe or KeePass, two open-source password managers. Designed to steal the “Master Password” that protects access to the database of the end-user’s passwords.

Source:
http://thehackernews.com/2014/11/new-citadel-trojan-targets-your.html