FBI Trojan in the wild
Apr 21, 2009 Security News
ComputerWorld reports that:
The FBI used spyware to catch a Massachusetts man who tried to extort money from Verizon Communications Inc. and Comcast Corp. by cutting 18 cables carrying voice and data in 2005, documents obtained under the Freedom of Information Act by Wired.com revealed yesterday.
Just how did they catch him?
The documents obtained by Wired.com said that the FBI obtained a warrant to use a program called Computer and Internet Protocol Address Verifier (CIPAV) to identify Kelly’s computer as the one that accessed the extortion Web sites.
And what is CIPAV? As the article goes on to say, not much is publicly known about it. According to another ComputerWorld article it collects:
- IP address
- Media Access Control address for the network card
- List of open TCP and UDP ports
- List of running programs
- Operating system’s type, version and serial number (in Windows, the serial number is the 25-digit alphanumeric product activation key)
- Default browser and its version
- Default language of the operating system
- Currently logged-in user (username) and registered company name (The latter is optional in Windows.)
- Last visited URL
I am not very happy to have the pre-eminent law enforcement agency in the country, who has had numerous allegations of warrant-less wiretapping made against them, to be using methods right out of the Ukranian Bot Herder’s Handbook.
All Mac Botnet Discovered
Apr 17, 2009 Security News
Maybe now all those Apple fanboys and fangirls will stop assuming their OS is so secure (real geeks use Linux!):
Malware hunters at Symantec have discovered a direct link between a malicious file embedded in pirated copies of Apple’s iWork 09 software and what appears to be the first Mac OS X botnet launching denial-of-service attacks.
You can read the rest here
US Electricity Grid Supposedly Penetrated By Spies
Apr 8, 2009 Security News
This just in from the WSJ:
Cyberspies have penetrated the U.S. electrical grid and left behind software programs that could be used to disrupt the system, according to current and former national-security officials.
The spies came from China, Russia and other countries, these officials said, and were believed to be on a mission to navigate the U.S. electrical system and its controls. The intruders haven’t sought to damage the power grid or other key infrastructure, but officials warned they could try during a crisis or war.
“The Chinese have attempted to map our infrastructure, such as the electrical grid,” said a senior intelligence official. “So have the Russians.”
Hmmm…and why are the power grid control systems connected AT ANY POINT to the Internet? Is this for real? Are these maintainers really that stupid? NO SYSTEM connected to the Internet can ever be called truly secure.
Conficker Eye Chart
Apr 3, 2009 Security News
Here is a smart, if not perfect, way to easily check if your Windows machine may be infected with Conficker.
Conficker (aka Downadup, Kido) is known to block access to over 100 anti-virus and security websites.
If you are blocked from loading the remote images in the first row of the top table above (AV/security sites) but not blocked from loading the remote images in the second row (websites of alternative operating systems) then your Windows PC may be infected by Conficker (or some other malicious software).
If you can see all six images in both rows of the top table, you are either not infected by Conficker, or you may be using a proxy server, in which case you will not be able to use this test to make an accurate determination, since Conficker will be unable to block you from viewing the AV/security site
Go and try it here.
