Tag: malware

How China deploys Android malware at its borders

Saturday, 6 July, 2019

The Chinese authorities are are conducting a huge campaign of surveillance and oppression against the Muslim population of the Xinjiang region and foreigners crossing certain border checkpoints are being forced to install a piece of Android malware on their phones that gives all of their text messages as well as other data to the regime. Vice has the story. Snippet:

“The Android malware, which is installed by a border guard when they physically seize the phone, also scans the tourist or traveller’s device for a specific set of files, according to multiple expert analyses of the software. The files authorities are looking for include Islamic extremist content, but also innocuous Islamic material, academic books on Islam by leading researchers, and even music from a Japanese metal band.”

One of the most repulsive supporters of the awful Beijing regime is Martin Jacques, author of When China Rules the World: The End of the Western World and the Birth of a New Global Order. It was published in August 2016 but the resistance in Hong Kong has exposed the shabbiness of his world view.


WannaCry glossary in Plain English

Monday, 22 May, 2017 0 Comments

StrategyPage examines what it calls “An Endless Mystery Called WannaCry” and rounds off the piece with a useful glossary of basic hacker terms “in plain English” that begins with “Backdoor” and ends with “ZDE” (Zero Day Exploit). Three examples:

EternalBlue – A bit of malware developed by the NSA that exploits a ZDE in Microsoft local network software. EternalBlue was stolen and distributed by Wikileaks.

Spear fishing– a fishing operation where targets are carefully chosen and researched before putting together the attack. Despite having software and user rules in place to block spear fishing attacks there are so many email accounts to attack and you only have to get one victim to respond to a bogus email with a ‘vital attachment’ that must be ‘opened immediately’.

Social Engineering– Exploiting human nature to get malware onto a system. This is what fishing and spear fishing attacks depend on.

Update: Keith Collins has a superb article in Quartz titled Inside the digital heist that terrorized the world—and only made $100k. Bottom line:

“All told, the three bitcoin wallets used in the attack have received just under 300 payments totaling 48.86359565 bitcoins as of Saturday evening, the equivalent of about $101,000 USD. That’s a small take for an attack that infected nearly 300,000 systems, made medical care inaccessible, shut down factories, and ultimately may have created billions of dollars in losses.”

There’s something very fishy about the WannaCry fishing.


Don’t pay the ransom!

Monday, 15 May, 2017 0 Comments

“The general advice is not to pay the ransom. By sending your money to cybercriminals you’ll only confirm that ransomware works, and there’s no guarantee you’ll get the decryption key you need in return.” That’s the guidance offered by the No More Ransom website, and in these days of the WannaCry malware threat, we need to pay attention.

No More Ransom is an initiative by the National High Tech Crime Unit of the Dutch police, Europol’s Cybercrime Centre, Kaspersky Lab and Intel Security. The goal is to help victims of ransomware recover their data without having to pay the criminals. The project also aims to educate users about how ransomware works and what can be done to prevent infection.

Note: “The Wcry ransom note contains a compassionate message towards those who can’t afford to pay up. The malware’s operators claim they would unlock the files for free — after a six-month period!” Security Intelligence.

WannaCry


The war of the Mirai and XiongMai

Saturday, 22 October, 2016 0 Comments

It sounds like something from Star Trek: The war of the Mirai and the XiongMai. But it’s neither Hollywood nor science fiction. It’s real. Yesterday, users of Twitter, Amazon, Tumblr, Reddit, Spotify and Netflix experienced problems because Dyn, an internet infrastructure company that provides critical services to these sites, sustained a massive, malicious attack. Spearheading it was Mirai, malware that had hijacked digital video recorders and cameras made by XiongMai Technologies, a Chinese hi-tech company. Mirai trawls the web for cheap devices protected by just their factory-default usernames and passwords and then conscripts them for attacks that launch wave upon wave of junk traffic at targets until they can no longer serve legitimate users.

Only a week ago, US-CERT, which is part of the Department of Homeland Security, issued a warning titled “Heightened DDoS Threat Posed by Mirai and Other Botnets.” It pointed the finger at the vulnerability of the Internet of Things (IoT), “an emerging network of devices (e.g., printers, routers, video cameras, smart TVs) that connect to one another via the Internet, often automatically sending and receiving data.” According to US-CERT, “IoT devices have been used to create large-scale botnets — networks of devices infected with self-propagating malware — that can execute crippling distributed denial-of-service (DDoS) attacks. IoT devices are particularly susceptible to malware, so protecting these devices and connected hardware is critical to protect systems and networks.”

The solution? Security expert Brian Krebs is calling for a major, global effort to recall and remove vulnerable systems from the internet. “In my humble opinion, this global cleanup effort should be funded mainly by the companies that are dumping these cheap, poorly-secured hardware devices onto the market in an apparent bid to own the market. Well, they should be made to own the cleanup efforts as well.”

Malware  code