Tag Archives: Linux

28th August updates – AVIEN Resources

Updates to Cryptocurrency/Crypto-mining News and Resources

Bleeping Computer: Atlas Quantum Cryptocurrency Investment Platform Suffers Data Breach – “Atlas Quantum said the hacker (or hackers) did not steal any funds from users’ accounts.”

Updates to Internet of (not necessarily necessary) Things

[Many of the Things that crop up on this page are indeed necessary. But that doesn’t mean that connecting them to the Internet of Things (or even the Internet of Everything) is necessary, or even desirable, given how often that connectivity widens the attack surface.]

Security Boulevard: Here’s how anyone with $20 can hire an IoT botnet to blast out a week-long DDoS attack – “This is borne out by Akamai Technologies’ Summer 2018 Internet Security/Web Attack Report.

Updates to Meltdown/Spectre and other chip-related resources

The Register: Linux 4.19 lets you declare your trust in AMD, IBM and Intel – “Wave the the CPU trust flag if you’re feeling safe enough….When random number generation is insufficiently random, encryption based on such numbers can be broken with less effort.”

Updates to Specific Ransomware Families and Types

Security Boulevard: Here’s how anyone with $20 can hire an IoT botnet to blast out a week-long DDoS attack – “This is borne out by Akamai Technologies’ Summer 2018 Internet Security/Web Attack Report.

Updates to Tech support scams resource page

Link to Chainmailcheck article below.

Updates to Chain Mail Check

William Tsing for Malwarebytes: Green card scams: preying on the desperate – Green card scams are far from new. Though in fact this site does actually indicate in the small print that its usefulness to someone wanting to improve their chances of getting a green card via the diversity visa lottery is going to be very limited indeed. But Tsing makes the interesting point that the scam site looks more authentic than the real site because it provides more information, and compares it to “what we see with legitimate tech support and tech support scammers. An official entity does a poor job communicating with its constituency, and that creates a vacuum that scammers are all too eager to fill.” Seems an entirely valid point.

I talked about the issue of inadequate tech support in an article for ESET – Tech support scams and the call of the void – The importance of providing the best possible after-sales service to customers. That article was sparked off by a useful article on the Security Boulevard site by Christopher Burgess on When Scammers Fill the Tech Support Void.

Updates to Mac Virus

Tomáš Foltýn for ESET: Why now could be a good time to fortify your Android defenses
“Stop us if you’ve heard this before: avoid installing apps from outside Google Play. But what if you’re itching to battle it out in Fortnite?”

Follow-up article- interview with Lukáš Štefanko, who says I hope other app developers don’t follow Epic‘s example – “After Epic Games shunned Google Play, debates about threats faced by Android users have taken on a whole new tenor. Joining us to add his voice to the mix is ESET Malware Researcher Lukáš Štefanko”

My own view is slightly (but only slightly) different, as discussed in my MacVirus article: Fortnite and Android: an Epic disagreement

David Harley

Advertisements

FLocker: Android Ransomware meets IoT

An article for Trend Micro by Echo Duan illustrates one of the complications of having an operating system that works on and connects all kinds of otherwise disparate objects: FLocker Mobile Ransomware Crosses to Smart TV.

Of course, embedded versions of operating systems such as other versions of Linux, Windows and so on, are not in themselves novel. FLocker, however, seems to lock smart TVs as well as Android phones, as long as they’re not located in one of a number of Eastern European countries. It claims to be levying a fine on behalf of a law enforcement agency. Apparently another of these agencies that prefers its fines paid in iTunes gift cards. As Zeljka Zorz points out for Help Net Security, this doesn’t say much for the credibility of the criminals, but if your device and data have become unavailable to you, knowing that they’re criminals and not the police doesn’t help much.

While the malware locks the screen, Trend tells us that the C&C server collects ‘data such as device information, phone number, contacts, real time location, and other information. These data are encrypted with a hardcoded AES key and encoded in base64.’

Unsurprisingly, Trend’s advice is to contact the device vendor for help with a locked TV, but the article also advises that victims might also be able to remove the malware if they can enable ADB debugging. How practical this would be for the average TV user, I don’t know.

Back in November 2015 Candid Wueest wrote for Symantec on How my TV got infected with ransomware and what you can learn from it, subtitled “A look at some of the possible ways your new smart TV could be the subject of cyberattacks.” Clearly, this particular aspect of the IoT issue has moved beyond proof of concept.

If cited this before, but it’s worth doing again. Camilo Gutierrez, one of my colleagues at ESET (security researcher at the Latin America office) notes that:

… if the necessary precautions are not taken by manufacturers and users, there is nothing to prevent an attacker from seizing control of a device’s functionality and demanding money to return control. Perhaps this is not a threat we expect to see much of in the near future, but we shouldn’t lose sight of it if we are to avoid serious problems later.

Just as I was about to post this, I noticed additional commentary by David Bisson for Graham Cluley’s blog. He notes that there’s an interesting resemblance between FLocker’s interface and the earlier ‘police’ ransomware he calls Cyber.Police.

David Harley

Linux malware found in screensaver


http://linux.slashdot.org/article.pl?sid=09/12/09/2215253

I hate to say I told you so…actually, that’s not true. In this case, it was sadly obvious that it would happen, but the general attitude of the whole OS/Free Software crowd is still to claim the earth is flat when it comes to Malware.
Interested readers might like to Google my EICAR paper from 2002 called “The Emperor’s New Clothes: Linux and the myth of a virus free operating system”.

There I discussed that the very thing that makes the OSS model work is also its greatest weakness, there’s little control, little QA, and 99% of the time proletariat downloading a package won’t check it (nor would most be competent to), so it’s very easy to insert malware. It’s very likely there is a lot more malware out there lurking in small fringe packages such as the one mentioned in the OMGUbuntu article.
The fact is that with the rise ofthe netbook, Linux becomes a more desirable platform to attack, and at the moment, it’s way too easy. After all, who needs anti-malware software on Linux?

NOD32 beta test versions

As we all know, there is, never has been, and never could be any Mac or Linux malware. If it did, no Mac or Linux user would fall for it, and if they did it would be their own fault. Microsoft-loving antivirus companies are simply looking for excuses to line their pockets.

(Guys, this is called irony! )

There you go. Now I’ve said it for you, there’s no need to clutter this page and my mailbox with fanboi comments and hatemail.

However, in case you’re gullible enough to believe that ESET, like other security companies, really believes that Mac and Linux users sometimes need anti-malware protection, we have now public beta test versions of our scanner available for OS X and for Linux desktop.

http://beta.eset.com/linux
http://beta.eset.com/macosx 

Declaration of interest: yes, I do currently work for ESET. And I am that gullible.

David Harley FBCS CITP CISSP
Chief Operations Officer, AVIEN
Director of Malware Intelligence, ESET

Also blogging at:
http://www.eset.com/threat-center/blog
http://dharley.wordpress.com/
http://blogs.securiteam.com
http://blog.isc2.org/

 

Now We Are 60-something

One of the joys of being over 60 (along with being able to travel free on buses I don’t have time to wait for, being written off as a bloodsucking pensioner by Gordon Ramsay, and humiliations like being offered seats on trains by heavily pregnant women unsure as to whether I’m likely to survive until Earl’s Court), is being patronised by people who haven’t been alive for as long as I’ve been working in IT.

Actually, 50-year-olds don’t have it much better: a publisher in the UK called Babani has a range of books on IT-related subjects like the Internet Guide for the Older Generation “Especially written for the Over 50s…It is written in plain English and avoids technical jargon wherever possible.” Perhaps it was written by the child in a cellphone shop in Reading who offered to show me how to change the battery in the mobile phone I was in the process of buying, since “even he” found it a bit challenging. Perhaps I shouldn’t have hit him with my work Blackberry: it hasn’t worked quite so well since.

Anyway, thanks to Corrine for directing my attention to this gem, telling me all about a “New PC developed specifically for the over 60’s” which apparently has just six clickable buttons (that sounds good, because it’ll give me a few fingers left over to count the hours till nurse brings my tea and biscuits), is based on Linux (this isn’t Grannyx, at last, is it?) and seventeen video tutorials introduced by Valerie Singleton.

Val was apparently born in 1937, which makes her even older than I am, and used to be one of the presenters of a BBC programme called Blue Peter, but has, it seems, recently moved on to talking down to those of us who’ve now attained our second childhood.

She explained to the BBC news that she doesn’t think that people understand computers.

“I’ve been using a computer for quite some time and I don’t understand everything,” she said.

“Every time I learn a new thing to do on my computer I have to write it down so that I can remember it.”

So I guess using a text editor or word processor isn’t one of the things she’s learned to do yet. Unless she had a senior moment and lost that particular piece of paper.

Hmm. Looking round my own office, maybe I shouldn’t be the first to cast that particular stone.

David Harley