Tag Archives: Viruses

Added to the Ransomware Resources page

A technically not-very-sound article from the BBC on The computer virus that blackmails you. It would be nice if a ‘technology reporter’ knew better than to describe all malware as ‘a virus’. Still, I suppose anything that raises awareness of the problem is at least partially helpful. And while it’s not always the case that files can only be recovered from a backup version, it’s good to reinforce the idea that backups are a Good Thing.

Added to the Ransomware resources page.

David Harley

Attack of the Mutant Zombie Flesh Eating Chickens From Mars

Yesterday there was widespread reportage of one of those periodic stories that make media types drool; and make security experts cringe in despair.

However, this ‘summer slow day news story’ was so widely (mis)reported, that it does bear commenting on. The story in question was titled (by the BBC) as “First Human Infected with Computer Virus“. This of course conjures up the idea of a person getting sick, by means of malicious computer code (a claim that is, and will remain for a significant amount of time, well within the realm of science fiction).

What actually happened is much more mundane. It appears that the ‘researcher’ placed a piece of replicating code onto an RFID chip, and used that to infect the reader control system which then (at least in theory) could then pass the code back to other similar RFID devices. So far, so boring. We know that it is possible to have storage devices contain code (malicious or not) and pass that code between themselves via other systems. The difference in this case is that the researcher then injected the ‘infected’ (rather bizzarely he refers to this as ‘corrupted’ making me doubt that it was even a virus) chip into his hand, and claimed that this made him infected.

The news stories all got caught up with the fact that this gave him special Jedi powers enabling him to open doors with a simple wave of his hands (ok, maybe they didn’t exactly say that, but hand waving was involved), or…horror of all horrors….activate his mobile phone. Surely a deadly device if one had ever been made. So; we already know that RFID chips can open doors (after all, that’s a valid use for many of them) and they can carry code. The ONLY difference is that this ‘researcher’ inserted the chip into his flesh. To claim that this makes him ‘infected by a computer virus’ is a bit like saying that if I dropped the same chip into a cup of coffee, a steaming fresh cow pat, or even a mutant zombie flesh eating chicken from Mars, those would also be ‘infected’.

As Graham Cluley pointed out, the only interest that this story might have generated otherwise would be in a security research into vulnerabilities of RFID readers. You need a vulnerable reader to get affected by the code, and then you need to be able to read the other RFID tags/chips with that reader to ‘infect’ them. There’s a valid point in that RFID exploits could be used to compromise security and or privacy – but that’s not new knowledge, we’ve known that for many years.

As Chris Boyd (@paperghost on Twitter) nicely summed up “In conclusion then, “man infected with computer virus” is basically “device for opening doors works as intended”.”

Andrew Lee
AVIEN CEO / CTO K7 Computing

Another Anniversary

As I’ve pointed out elsewhere, it’s been something of a year of anniversaries. And as Mikko Hypponen has pointed out at http://www.f-secure.com/weblog/archives/00001846.html, around this time ten years ago we were preparing for global chaos as the Millennium Bug bit.

Well, actually, it largely passed me by. The institution I worked for decided that Y2K had no security implications, and in fact wasn’t really an IT issue, so they handed it over to the library to manage, though the IT department still did all the actual work, as far as I remember. In the event, I believe one piece of lab equipment misfunctioned when everything was switched on again after an enforced break over the New Year: not, as I remember, in any critical way, but it was ten years ago.

In fact, my principle memories are of going to bed early on New Year’s Eve and being awoken by a thunderous firework display over East London, and of fielding an awful lot of questions about those Y2K viruses that never turned up. And of being rapped over the knuckles after the event for hinting in an article for an in-house publication that there had ever been any risk of an unforeseen event. It’s always reassuring to work for people who know everything about everything.

David Harley FBCS CITP CISSP
Chief Operations Officer, AVIEN
Director of Malware Intelligence, ESET

Also blogging at:
http://www.eset.com/threat-center/blog
http://dharley.wordpress.com/
http://blogs.securiteam.com
http://blog.isc2.org/

Mac Whacks Back

It sometimes seems like I’ve spent the last twenty years trying to persuade Mac users that using a system named after a fruit doesn’t mean that there are no snakes in Eden or that angels will protect you from all harm.

Not, perhaps, completely in vain, but apparently many of the old Mac evangelist mindsets continue to prevail, irrespective of the true nature of the threatscape. (Macs don’t get viruses, Trojans don’t matter, there are no Mac vulnerabilities and if there were they’d be fixed immediately, social engineering is irrelevant, Microsoft Bad/Apple Good, blah….) There is a polite but nonetheless naive article that more than hints at this mindset here:

http://www.makemineamac.info/2009/10/dont-bug-me-why-macs-are-still-virus.html

Thanks, however, to Kurt Wismer for reassuring me that Mac security is not just my own personal crusade:

http://anti-virus-rants.blogspot.com/2009/12/why-mac-fanatics-still-believe-theyre.html

I have a feeling I’m not done with this issue. And just to be clear: for most of those 20 years I was working for customers, not for vendors…

David Harley FBCS CITP CISSP
Chief Operations Officer, AVIEN
Director of Malware Intelligence, ESET

Also blogging at:
http://www.eset.com/threat-center/blog
http://dharley.wordpress.com/
http://blogs.securiteam.com
http://blog.isc2.org/

Rootkits

I missed this when it was originally published, but it’s an interesting interview (if you can get around Joanna’s rather childish bias against the AV industry) about rootkit technology, and the escalating fight to secure operating systems. I totally agree on many points, including the idea of separating function as far as possible (having a separate VM only ever used for banking is a good idea). It’s a long article, and covers some basics too, but it’s worth persevering through the 9 pages.

http://www.tomshardware.com/reviews/joanna-rutkowska-rootkit,2356.html

Andrew Lee CISSP
AVIEN CEO