The Register reports that malware creators are already using Mr. Obama’s popularity to distribute the Papras Trojan using spam, social engineering and Google Ads.
Users usually receive an email from what seems a legitimate news sources such as CNN and BBC, inviting users to see the speech of Barack Obama on their website. The content of the email is the following:
Barack Obama Elected 44th President of United States
Barack Obama, unknown to most Americans just four years ago, will become the 44th president and the first African-American president of the United States.
Watch His amazing speech at November 5!
Proceed to the election results news page>>
2008 American Government Official Website
This site delivers information about current U.S. Foreign policy and about American life and culture.
Newsweek reports that the computer systems of M. Obama and M. McCain were both hacked by unknown attackers during their campaigns. Very little information is available, but according to Newsweek, the FBI and the Secret Services claimed that several files from the Obama servers had been compromised by a “foreign entity” in midsummer. The same happened to the McCain campaign.
According to the FBI, documents were stole by foreign powers (probably Russia or China) in order to gather information for future negotiations.
But the former director of technology for the 2004 presidential campaign of Rep. Dennis Kucinich expressed skepticism about the claims. Henry Poole from CivicActions, a firm that offers Internet campaign consulting services, said “It’s unlikely that either campaign would have stored sensitive data on the same servers that were being used for public campaigning purposes“.
It is unclear if anyone got compromised at all. If so, why would the FBI and Secret Services report such events? Hopefully there is more to come on this…
Russian criminals who are selling a fake anti-virus, “Antivirus XP 2008/2009” among others, have made more than 150 000$ in a week, according to the Sydney Morning Herald. If you ever seen those annoying popups warning you that you might be infected with one or more viruses, then you probably came across this scam.
“For most people they might just be browsing the web and suddenly they don’t know why this thing will pop up in their face, telling them they’ve got 309 infections on their computer, it will change their desktop wallpaper, change their screen saver to fake ‘blue screens of death’,” said Joe Stewart, from SecureWorks said.
The software is sold for 49.95 $US and will “detect” various viruses and Trojans on the computer. Stewart shows that Antivirus XP still has some basic anti-malware functionality, but as he explains, it’s mostly in case the authors are brought to court “they might try to claim the program is not truly fraudulent – after all, it can clean computers of at least a few malicious programs“. Only 17 minor threats can be removed, far from the 102,563 viruses the anti-virus claims to clean. And don’t expect a refund for the software.
The entity behind this fraudware is called Bakasoftware, a Russian company that pays affiliates to sell its anti-virus to users. Affiliates can earn between 58% and 90% of the sale price. Criminals are therefore using everyway to trick users into installing the software, including scaring the user into believing that he is infected, even using botnets to push the program into the users’ computers.
“Since it is not hacking people’s computers and only runs the affiliate program, Bakasoftware does not have to worry about being shut down by police“, Stewart said.
Account Balance (USD)
Table 1.0 – Top earners in the Bakasoftware Affiliate Program
Screenshots took from the administrative panel of bakasoftware.com which was hacked by NeoN:
By the time of this writing, http://www.bakasoftware.com/ was not accessible. Another interesting fact, if the Russian language is installed on your computer, there’s a good chance you won’t be considered as a target because of Russian legislation. Apparently the creators have been sued anyway.
Many other fraudware are available, always proposing anti-malware software. Their ads are oven seen on torrents, warez and cracks/serials sites. What’s particularly dangerous is that they can come with other legitimate software or by drive-by downloads. Once they are installed in your computer, they get annoying very fast and can trick you into buying fraudware. Popups can appear that you are infected. Other types of fraudware are those “boost your computer” software.
P.S “baka” means “stupid” in Japanese. A totally appropriate title for the operators of this company.
According to the latest Security Intelligence Report from Microsoft, malicious software installations on computers increased 38% in the U.S for 2008. Also, the number of “High Severity” vulnerabilities detected increased by 13% in the second half of 2007, putting the total of “High Severity” vulnerabilities to 48%.
Downloaders and droppers, accounting for 30% of all malicious software, with around 7 millions computers infected in the United States alone.
And of course, no good Microsoft document would be complete by stating that Vista in more awesome than XP, and therefore the report states that if you own Windows XP SP3, you’re likely to be infected 9 times on 1000 infections, while this number drops to 4 times on 1000 infections for Vista.
“For browser-based attacks on Windows XP-based machines, Microsoft vulnerabilities accounted for 42 percent of the total. On Windows Vista-based machines, however, the proportion of vulnerabilities attacked in Microsoft software was much smaller, accounting for just 6 percent of the total.”
Taken from the report:
Former Yugoslav Republic of Macedonia
United Arab Emirates
Bosnia and Herzegovina
Table 1.0 – Countries with the Highest Infection Rates
Since the 70s, when Deng Xiaoping was the head of China, the People’s Liberation Army tried to modernize itself and cut its size in order to become more efficient. Still, China is still behind when it comes to military even if its defense budget is the second largest after the United States on the planet, with US$57 billion in 2008. According to an article published in Culture Mandala, China could boost its cyber warfare capabilities in order to compensate for their technological backwardness.
It started as soon as in 2003, when it deployed its first cyber warfare units, the “zixunhua budui“. Since, many attacks have been attributed to China, such as Operation Titan Rain in 2003. China hopes that by using asymmetrical warfare, such as information warfare and cyber warfare, it might level other modern armies.
Michael Vickers, Senior Vice President for Strategic Studies at the Center for Strategic and Budgetary Assessments declared that “a Chinese attack on Taiwan could entail special operations and cyber attacks on U.S. regional bases in Japan and South Korea, and might even include cyber attacks on the U.S. homeland that target the U.S. financial, economic, energy, and communications infrastructure“. In the same document, we can read:
“One way to assess this risk is to ask whether a cyber attack by China launched a few days in advance of a clash could prevent U.S. carrier battle groups from deploying to the Taiwan Straits. Launching the attacks too early would create the risk of discovery and countermeasures.“
It is clear to me that a nation with a technologically late compared to modern armies have all the advantage to develop asymmetrical warfare. We can assess its effectiveness in Afghanistan and Iraq. And cyber warfare is a perfect way to destabilize modern armies used to technology in their daily operations. But this is far from being easy for both sides, as talented individuals and highly skills hackers are needed to develop this kind of warfare. Terrorists and groups are unlikely to develop a high quality cyber warfare force, although they still can be efficient. China, on the other hand, can and is smart to do it. After all, if a force can disable communications the enemy’s communications networks, such as GPS, emails and phone networks, it can makes a strong army useless. Like a strong man or woman, if the brain can contact the muscle through the nervous system, the body is powerless…
BBC News reports that a trojan, labeled Sinowal, has been crawling across the Internet. The Trojan is notorious for stealing bank account details. Sean Brady of RSA‘s security division reports that “more than 270,000 banking accounts and 240,000 credit and debit cards have been compromised from financial institutions in countries including the US, UK, Australia and Poland.” According to Sophos researchers, 14 computers per seconds were infected by Sinowal in 2008.
The Trojan is also known as Torpig and Mebroot and has now been discovered 2 years ago, in 2006, which means it has been collecting information for now 2 years. It uses the drive-by download method to download itself, which means it download and install itself without the user’s knowledge. In the case of this particular Trojan, this is done mainly thought malicious links and HTML injection attacks.
The Trojan installs itself on the master boot record and his polymorphic, making it hard to detect and to remove. RSA suspects that the Sinowal had strong ties to a cybercriminal gang known as the Russian Business Network.