Honest PC users aren't in need of yet another reason to rage against Digital Rights Management (DRM) schemes that often serve to setup hoops for law abiding citizens to jump through without stomping out software piracy, but just in case, here's another one. Ubisoft's Uplay client may contain a rootkit that could allow remote hackers to infiltrate your system and take control. Yikes!
Security firm Webroot is taking great interest in a new BIOS rootkit discovered by a Chinese company called Qihoo 360. It's called "Mebromi" and it's a particularly nasty piece of code that targets Award BIOSes, but that's not all. It also contains an MBR rootkit, a kernel mode rootkit, a PE file infector, and a Trojan downloader all rolled into one.
Users still clinging to Windows XP like that fast and gnarly Trans Am from yesteryear that's just too familiar to part with have yet another reason to consider a new ride. According to security firm Avast, XP is a fertile breeding ground for cyber infection, especially for rootkits, of which 74 percent of infections originated from in a recent six-month study cataloging over 630,000 samples.
The security gurus over at Kaspersky crunched some numbers and determined that cybercriminals are spending big bucks promoting the TDSS botnet, TDL-4. In just the first three months of 2011, TDL-4 has helped infect more than 4.5 million computers around the world, requiring an investment of around a quarter of a million dollars from cybercriminals, Kaspersky says.
Here's a scary thought - you may soon have to worry about security on your smartphone just as you do on your PC. Up to this point, cell phone security has almost been an afterthought, at least in the public's eye, but that's about to change. Two researchers from Trustwave -- Nicholas J. Percoco and Christian Papathanasiou - are scheduled to demo a rootkit running on an Android-based smartphone at the Defcon security conference in Las Vegas next month.
"We have developed a kernel-level Android rootkit in the form of a loadable kernel module. As a proof of concept, it is able to send an attacker a reverse TCP over 3G/WIFI shell upon receiving an incoming call from a 'trigger number'. This ultimately results in full root access on the Android device. This will be demonstrated (live)," the two researchers wrote.
As the security duo point out, "the implications of this are huge." With full rootkit access, attackers would be able to read all SMS messages on the phone, drive up long distance phone bills, and could even hunt down the owner's exact GPS location. The flexible rootkit can be installed over-the-air or alongside a rogue app, the researchers says.
Percoco and Papathanasiou didn't say exactly how they were able to bypass Android's security measures to install the rootkit in the first place, but did say why they zeroed in on Android.
"Android forms a perfect platform for further investigation due to its use of the Linux kernel and the existence of a very established body of knowledge regarding kernel-level rootkits in Linux," they wrote.
Alright, I'll admit it. I finally got hit with a virus.
Well, sort-of. I first thought that the strange "YOUR COMPUTER IS NOT PROTECTED" icon in my taskbar was some indication that my antivirus software of-choice had finally flipped out for good. Double-clicking on the icon brought up an obviously fake replica of Windows Security Essentials that, more annoyingly, wouldn't close no matter how many times I clicked on it. Over and over, my machine would be assaulted with "*.exe is not secure!" messages. My Internet sessions grinded to a halt no matter which browser I tried using. I started to fear for the safety of my World of Warcraft account.
As it turns out, I only got nailed with an annoying piece of malware. But after running through a number of analysis and removal techniques (which ultimately failed, as I had managed to disable the malware's process from starting up as-is using good ol' msconfig), I had amassed quite a list of rootkit removal programs, hardcore malware eliminators, and antivirus applications that were more surgeons in training than general practitioners.
I now share them with you.
Look, it's easy enough to install a common antivirus scanner on your system and call it a day. But you, like me, might forget to do so throughout the course of your PC building life. Or, worse, your system might become compromised in such a way as to render your analytical tools entirely useless. In that case, it's time to roll up your shirtsleeves and get crackin' with the digital equivalent of bleach for your mucked-up PC. Join me after the jump, and I'll share with you some of my favorite advanced freeware and open-source applications for virus and malware elimination!
Remember when cell phones were big, bulky, and functionally limited? How quickly they've evolved, and so too have the risks. Today's smartphones blur the line between cell phone and PC, and according to Liviu Iftode and Vinod Ganapathy, two computer science professors at Rutgers University in New Brunswick, New Jersey, smartphones are every bit as vulnerable to rootkits as desktop computers are.
"The motivation around our work is that smartphone operating systems are becoming just as complicated as desktop operating systems," Ganapathy said. "Our study has shown that rootkits are just as much a threat for smartphones as desktops."
What makes this particularly frightening is the difficulty in detecting rootkits. However, it's not yet time to hit the panic button. There currently are no known in-the-wild rootkits for mobile devices making the rounds, though it's entirely conceivable that could change.
"Our work is a call for defenses," Ganapathy added. "We should start working on defenses for such attacks before such attacks become widespread in the future."
Kaspersky on Monday announced it has been successful in patenting a hardware-based antivirus system designed primarily for fighting rootkits.
Patent No. 7,657,941 was registered earlier this month and describes a technology developed by Oleg Zaitsev, senior technology expert at Kaspersky Lab. The patent describes a device that is installed between a hard drive or SSD and the computing unit (CPU or RAM) and connected to a system bus. It can also be integrated into the disk controller. The hardware solution decides whether or not to allow or block writing data to disk.
"Antivirus solutions and malware are both types of software with similar rights," says Oleg Zaitsev, Technology Expert at Kaspersky Lab. "This is where a hardware-based antivirus solution has a distinct advantage over conventional AV solutions because it monitors all attempts to access a memory device while remaining inaccessible to malware. This is critical for fighting such sophisticated threats as rootkits and bootkits."
Kaspersky claims this solution is particularly effective since it's implemented on the hardware level and isn't dependent on the OS's configuration. It also "integrates seamlessly with other security solutions," Zaitsev added, and could find use in server software and specialized computers like ATMs.
You probably encounter more shortened URLs these days. These links, while convenient, are also a great way to hide a link to a malicious site. You can blame Twitter for their proliferation. With only 140 characters, tweeting a full link is impractical. Now AVG is stepping up to the plate to offer a method of protection.
AVG’s LinkScanner security product now fully supports shortened URLs. AVG says the LinkScanner system is more reliable than other methods because it tests links in real time. Whether or not it's the best, it is free.
The free malware scanner, Ad-Aware, has also added new features. The new enhancements are aimed at detecting and removing rootkits. A rootkit is a piece of malware that specializes in getting deep into the operating system to avoid detection. Ad-Aware uses heuristic detection to search for these nasty bits of software. It is also able to stop certain types of malware from restoring themselves after a reboot. Ad-Aware is a free download [warning, attempted upsell], and well worth having a look at.
The Conficker worm has been generating the big security headlines, but what The New York Times calls a "vast electronic spying operation" reveals an ongoing, very sophisticated cyberespionage campaign that may well represent an even more important threat than Conficker - especially to the Dalai Lama's Tibetan freedom movement.
Researchers at the University of Toronto Munk Center's Citizen Lab summarize GhostNet thus:
Documented evidence of a cyber espionage network— GhostNet—infecting at least 1,295 computers in 103 countries, of which close to 30% can be considered as high-value diplomatic, political, economic, and military targets.
Documented evidence of GhostNet penetration of computer systems containing sensitive and secret information at the private offces of the Dalai Lama and other Tibetan targets.
Documentation and reverse engineering of the modus operandi of the GhostNet system—including vectors, targeting, delivery mechanisms, data retrieval and control systems—reveals a covert, diffcult-to-detect and elaborate cyber-espionage system capable of taking full control of affected systems.
To find out more about how GhostNet works, join us after the jump.