Wednesday, November 21, 2012

Trojan Communicates Through Google Docs

Many trojans and other malware use IRC chat to communicate with the command and control.  Botnets are infamous for using this feature to communicate with their botmaster in this manner.   However, according to Symantec, the Trojan Backdoor.Makadocs hides in Rich Text Format (RTF) and Microsoft Word documents and injects malicious code via Trojan.Dropper. The Trojan uses the Google Docs service’s Viewer feature to communicate with its command-and-control (C&C) server.

"Google docs has a function called viewer that retrieves the resources of another URL and displays it," said Takashi Katsuki of Symantec. "Basically, this functionality allows a user to view a variety of file types in the browser. In violation of Google's policies, Backdoor.Makadocs uses this function to access its C&C server." He added that "it is possible that the malware author has implemented this functionality in an attempt to prevent the direct connection to the C&C from being discovered. The connection to the Google docs server is encrypted using HTTPS, thereby making it difficult to be blocked locally. It is possible for Google to prevent this connection by using a firewall."

Malware authors already use Twitter and Facebook for C&C in addition to IRC Chat.  Now Google Docs is another participant.

Tuesday, November 6, 2012

Cyberwar? Iran Wants "indigenous cyber defense model"

According to Iran's state affiliated Fars News Agency, a senior Iranian military commander said Monday that Iran needs a new strategy to protect its infrastructure from computer attacks.

"Cyber threats against Iran's national security infrastructure have found a special place and share in enemies' hostile strategy,” the Deputy Chief of Staff of the Iranian Armed Forces for Basij and Defense Culture said. “Given the country's current conditions it is necessary to consider (developing) an indigenous cyber defense model as our important priority."

According to the Irani official, the US and Israel own a major share of infrastructural companies and hi-tech firms to the very same end. "Thus, Iran is necessitated to design a new model for cyber defense."  Iran claims that the Stuxnet worm is an American and Israeli effort dating back to 2006, designed to set back Iranian nuclear enrichment.  

Saturday, November 3, 2012

Twenty Five Percent of Android Apps Present Security Risks

Do people really pay attention to the laundry list of permissions presented to the user when installing Android apps?  Why would a wallpaper or a board game need access to a user's GPS data or call history?  Bit9 examined the security permissions of more than 400,000 Android applications.  Its CTO stated that “a significant percentage of Google Play apps have access to potentially sensitive and confidential information.” “When a seemingly basic app such as a wallpaper requests access to GPS data, this raises a red flag. Likewise, more than a quarter of the apps can access email and contacts unbeknown to the phone user, which is of great concern when these devices are used in the workplace.”

Other findings included:
  • 42 percent of applications access GPS location data, and these include wallpapers, games and utilities
  • 31 percent access phone calls or phone numbers
  • 26 percent access personal data, such as contacts and email
  • 9 percent use permissions that can cost the user money 
To explain its findings, Bit9 created this chart (you may also see Bit9's article here):

Thursday, November 1, 2012

U.S. Banks Under Cyber Attack

The U.S. Secretary of Homeland Security said as follows:
"Right now, financial institutions are actively under attack. We know that. I'm not giving you any classified information."  "I will say this has involved some of our nation's largest institutions. We've also had our stock exchanges attacked over the last [few] years, so we know ... there are vulnerabilities. We're working with them on that."
When asked whether the cyber attackers had stolen money, Napolitano answered in the affirmative, but declined to provide further details, according to The Hill.  She added "one of the possible areas of attack, of course, is attacks on our nation's control systems – the control systems that operate our utilities, our water plants, our pipelines, our financial institutions. If you think that a critical systems attack that takes down a utility even for a few hours is not serious, just look at what is happening now that Mother Nature has taken out those utilities. The urgency and the immediacy of the cyber problem; the cyber attacks that we are undergoing and continuing to undergo can not be overestimated."   Given this current economic and technology environment, businesses should enlist the assistance of computer security experts to identify and correct vulnerabilities in their systems.