Bugs & Viruses Archive

Google and Microsoft disclose new CPU flaw

Microsoft and Google are jointly disclosing a new CPU security vulnerability that's similar to the Meltdown and Spectre flaws that were revealed earlier this year. Labelled Speculative Store Bypass (variant 4), the latest vulnerability is a similar exploit to Spectre and exploits speculative execution "that modern CPUs use. Browsers like Safari, Edge, and Chrome were all patched for Meltdown earlier this year, and Intel says these mitigations are also applicable to variant 4 and available for consumers to use today."

However, unlike Meltdown (and more similar to Spectre) this new vulnerability will also include firmware updates for CPUs that could affect performance. Intel has already delivered microcode updates for Speculative Store Bypass in beta form to OEMs, and the company expects them to be more broadly available in the coming weeks. The firmware updates will set the Speculative Store Bypass protection to off-by-default, ensuring that most people won’t see negative performance impacts.

This cat ain't going back in no bag anytime soon.

SiliVaccine: inside North Korea’s anti-virus

In an exclusive piece of research, Check Point Researchers have carried out a revealing investigation into North Korea's home-grown anti-virus software, SiliVaccine. One of several interesting factors is that a key component of SiliVaccine's code is a 10-year-old copy of one of Trend Micro's, a Japanese company, software components.

It also contained a piece of malware, so not much different from western anti-virus.

Everything is broken

Once upon a time, a friend of mine accidentally took over thousands of computers. He had found a vulnerability in a piece of software and started playing with it. In the process, he figured out how to get total administration access over a network. He put it in a script, and ran it to see what would happen, then went to bed for about four hours. Next morning on the way to work he checked on it, and discovered he was now lord and master of about 50,000 computers. After nearly vomiting in fear he killed the whole thing and deleted all the files associated with it. In the end he said he threw the hard drive into a bonfire. I can't tell you who he is because he doesn't want to go to Federal prison, which is what could have happened if he'd told anyone that could do anything about the bug he'd found. Did that bug get fixed? Probably eventually, but not by my friend. This story isn't extraordinary at all. Spend much time in the hacker and security scene, you'll hear stories like this and worse.

It's hard to explain to regular people how much technology barely works, how much the infrastructure of our lives is held together by the IT equivalent of baling wire.

Computers, and computing, are broken.

It's from 2014, but drop everything you're doing right now and read this. Go on. Don't put it off. Read it.

Forbes forces readers to turn off ad blockers, serves malware

For the past few weeks, Forbes.com has been forcing visitors to disable ad blockers if they want to read its content. Visitors to the site with Adblock or uBlock enabled are told they must disable it if they wish to see any Forbes content. Thanks to Forbes' interstitial ad and quote of the day, Google caching doesn't capture data properly, either.

What sets Forbes apart, in this case, is that it didn't just force visitors to disable ad blocking - it actively served them malware as soon as they did. Details were captured by security researcher Brian Baskin, who screenshotted the process.

There are no words for this level of stupidity.

Is Your New PC Secure?

You might assume your new PC is secure, but is it? In the U.S., the Federal Trade Commission just charged seven rent-to-own computer companies and a software design firm with computer spying. Some 420,000 rent-to-own computers allegedly secretly collected personal information, took pictures of users in their homes, and tracked their locations. Meanwhile Microsoft found that PCs from China had malware embedded before reaching consumers. The virus "could allow a hacker to switch on a microphone or Webcam, record keystrokes and access users' login credentials and online bank accounts." And, an FBI investigation found that counterfeit routers purchased by various US government agencies also were pre-loaded with malicious software. Do you assume your new PC is secure, or if not, what steps do you take to secure it?

Printers Open to Remote Attacks?

Columbia University researchers claim millions of HP printers could be open to remote attack via unsecured Remote Firmware Updates. Cybercriminals could steal personal information or attack otherwise secure networks. HP agrees there is a theoretical security problem but says no customer has ever reported unauthorized printer access. The company denies some of the claims and is still investigating others.

AT&T Says Customers Agreed to Carrier IQ Software

AT&T has told the U.S. Congress that its customers agreed to host Carrier IQ tracking software on their cellphones in their contracts. You might recall that, after the scandal over warrentless surveillance broke in 2006, AT&T quietly changed their contract for internet service to say that it -- not its customers -- owns all the customers' internet records. Those concerned about privacy might consider whether AT&T merits their trust.

Download.com Bundling Adware with OSS Downloads

In a recent site update, CNET Download.com listings have begun redirecting product download links for popular freeware and opensource applications to their own "downloader and installer" utility which bundles a number of adware components alongside the requested application and changes the users' homepage and default search engine to Microsoft Bing. Freeware authors are sending CNet cease and desist orders demanding virgin download links, something affected open source developers may or may not be able to do due to FOSS license terms.

Mobile Malware Skyrockets, Led by Android

"What happens when anyone can develop and publish an application to the Android Market? A 472% increase in Android malware samples since July 2011." A study by The Global Threat Center over at Juniper Networks details mobile attacks that are increasing both in numbers and sophistication. This contrasts to the iPhone, more secure in part due to Apple's proprietary hold over the platform through its review process.

AV Vendors Detect On Average 19% Of Malware Attacks

Traditional AV vendors continue to lag behind online criminals when it comes to detecting and protecting against new and quickly evolving threats on the Internet, according to a report by Cyveillance. Testing shows that even the most popular AV signature-based solutions detect on average less than 19% of malware threats. That detection rate increases only to 61.7% after 30 days. Even after 30 days, many AV vendors cannot detect known attacks.

Market Share and Malware Attention

AVG has launched free security software for Mac OS X, which includes tools for Safari and Firefox. AVG's CEO JR Smith, says, "Mac users have traditionally been less vulnerable to attacks because of their lower market share, but that is quickly changing." That's the age-old question of to what extent the scourge of malware on Windows is a symptom of Microsoft's sloppy security decisions vs. due to Windows' popularity and the fact that malware authors can get "more bang for their buck" targeting the most popular platform.

Linux IRC Server Gets Trojan, Press Harps On Linux Security

Recently, the Linux version of UnrealIRCd was discovered to have had a Trojan worm its way into the source code. Even more embarrassing for the developers of Unreal is that the Trojan's been holding open the backdoor in the source code since November of 2009-- not very recently. And, of course, bloggers and press in general are taking the opportunity of another breach in Linux security to point out doomsday devices that don't really exist.

New Windows Attacks Outsmart Anti-virus

According to The Register, "Researchers say they've devised a way to bypass protections built in to dozens of the most popular desktop anti-virus products, including those offered by McAfee, Trend Micro, AVG, and BitDefender. The method, developed by software security researchers at matousec.com, works by exploiting the driver hooks the anti-virus programs bury deep inside the Windows operating system. In essence, it works by sending them a sample of benign code that passes their security checks and then, before it's executed, swaps it out with a malicious payload."