- New Research Shows How To Block Stealthy Malware Attacks
The spread of malicious software, also known as malware or computer virus is a growing problem that can lead to crashed computer systems, stolen personal information, and billions of dollars in lost productivity each year. One of the most insidious types of malware is a "rootkit", which can effectively hide the presence of other spyware or virus user - allowing others to steal information from your computer without your knowledge. But now researchers at North Carolina State University have developed a new way to block rootkits and prevent them from taking over your computer systems.
To give an idea of the magnitude of the problem of computer malware, a recent report from security threats of the Internet showed an increase of 1,000 percent in the number of new malware signatures extracted from the malware programs in-the-wild found 2006 to 2008. Of these malware programs "are a stealthy rootkits" says Dr. Xuxian Jiang, assistant professor of computer science at NC State and co-author of the research. "Hackers can use rootkits to install and hide spyware or other programs. When the computer starts, everything seems normal, but, unfortunately, has been committed."
Rootkits typically work by hijacking a number of "hooks" or control data in a computer's operating system. "By taking control of these hooks, the rootkit can intercept and manipulate the data in the computer system at will," Jiang says, "essentially allowing the user to see only what you want the user to see." As a result, the rootkit can be invisible to the computer user and the antivirus software. Furthermore, the rootkit can install other malicious programs, as programs designed to steal personal information and also make them invisible.
In order to prevent a rootkit is hinted in an operating system, Jiang and the other researchers found that all the operating system hooks need to be protected. "The hard part is that an operating system can have tens of thousands of hooks - any of which could be exploited for rootkit" says Jiang, "What's worse, the hooks can propagate through a system Our research leads. a new way that can protect all the hooks in an efficient manner, by moving them to a central location and making them easier to handle and more difficult to overcome. "
Jiang explains that by placing all of the hooks in one place, researchers were able to take advantage of the simple protection of hardware-based memory, which is now commonplace, to prevent hooks from being hijacked. Essentially, they were able to put hardware in place to ensure that a rootkit can not change the hooks without the user's approval.
The research, "the fight against kernel rootkits with lightweight hook protection," will be presented at the 16th ACM Conference on Computer and Communications Security in Chicago, Nov. 12. The study's co-authors are Jiang, Dr. Peng Ning, associate professor of computer science at NC State, NC State Ph.D. student Zhi Wang and Weidong Cui of Microsoft Research.
- To Combat Identity Theft, Protect Computer, Experts Say
Having a combination of triple threat protection software on your computer greatly reduces the chances of identity theft, according to a study led by a criminologist at Michigan State University.
In a survey of more than 600 people, researchers found that users of computers that were running antivirus, anti-adware and anti-spyware software were 50 percent less likely to have their credit card information stolen.
The study appears in the research journal Deviant Behavior.
"When you think about antivirus software that protects you, you might think about it keep your files safe and not lose your music and photos," said Thomas Holt, MSU associate professor of criminal justice and the principal investigator. "The important thing we are finding is that it is not only to protect your files, but also protect you financially -. Upon reducing the chances of becoming a victim of identity theft"
Holt was co-investigator Michael Turner, associate professor at the University of North Carolina-Charlotte.
According to the study, nearly 15 percent of respondents said they had experienced computer-related identity theft in the last year. Males were more likely to be victims, Holt said.
"We're not sure what this could be a consequence," he said. "Is it that men are less careful about what they do online? Is it a difference in the way you shop online or transact business online?"
Those who engage in "computer-related diversion" - such as downloading pirated music or pornographic images - were more likely to be victims of identity theft, according to the study. This is a great risk to users because the pirated movies and music may contain malicious users and risking damage.
But the most practical for computer users was the combined factor antivirus protection, anti-spyware and anti-adware, each of which has a different function to maintain a secure computer, Holt said.
Antivirus software detects and removes malicious software such as viruses and worms that can damage a computer, delete data and spread to other computers. Anti-spyware and anti-adware, meanwhile, are designed to protect against software that installs itself without the user's knowledge or installed by the user and allows information gathered in secret on the use of Internet of a person, passwords, etc..
"You have a better chance of not getting the number of stolen credit card if you have all three forms of software protection," said Holt.
- New Spam Targeting Facebook Users Is Invisible to Most Virus Scans, Says Expert
Cyber-criminals are using fake e-mails to target Facebook users and deliver computer viruses being detected That Were only by one-third of the 42 Most Common anti-virus products as of 12 noon March 18, says a leading researcher at cyber-crime the University of Alabama at Birmingham (UAB).
Gary Warner, director of the UAB research in computer forensics, says his team in the UAB Spam Data Mine has been tracking the Facebook spam campaign for the past three days. While it is not in the data mine's list of the top 10 most prevalent malware Threats, Warner says the fake Facebook messages and related viruses are serious.
"The malware being delivered is called 'Bredolab.' It has been occasionally spread by spam since May of 2009, "Warner says. "The UAB Spam Data Mine has Observed at least eight versions of the Facebook Bredolab malware since March 16.
"What is troubling is the newer versions of the Bredolab Used In This latest attack campaign are not being detected by the Majority of anti-virus services - and That Means The Majority of users who unwittingly click on the bogus attachments linked to fake e- mails are going To Have Their computers infected, "Warner says.
In this new campaign, cyber-criminals are using Internet e-mail regularly services to deliver the false Facebook messages to the social media site's customers. The spam messages ask recipients to open an attachment in order to Obtain new Facebook login information. Clicking the attachment Exposes a user's computer to the Bredolab malware.
"Once a computer is infected with Bredolab, the cyber-criminals are Able to add any other malicious software They desire to the infected computer, password-stealing Including software, fake anti-virus software and spam-sending software," Warner says.
Warner warns That any legitimate company would never ask a customer to update his or her personal account information in an e-mail or through e-mail or attachments-embedded links.
"If there are one of Questions about your account profiles, visit the site in question through your Web browser and log in as you normally would," I says. "If an entity has an important message for you, you'll be Able to find it on its Web page.
Having a combination of triple threat protection software on your computer greatly reduces the chances of identity theft, according to a study led by a criminologist at Michigan State University.
In a survey of more than 600 people, researchers found that users of computers that were running antivirus, anti-adware and anti-spyware software were 50 percent less likely to have their credit card information stolen.
The study appears in the research journal Deviant Behavior.
"When you think about antivirus software that protects you, you might think about it keep your files safe and not lose your music and photos," said Thomas Holt, MSU associate professor of criminal justice and the principal investigator. "The important thing we are finding is that it is not only to protect your files, but also protect you financially -. Upon reducing the chances of becoming a victim of identity theft"
Holt was co-investigator Michael Turner, associate professor at the University of North Carolina-Charlotte.
According to the study, nearly 15 percent of respondents said they had experienced computer-related identity theft in the last year. Males were more likely to be victims, Holt said.
"We're not sure what this could be a consequence," he said. "Is it that men are less careful about what they do online? Is it a difference in the way you shop online or transact business online?"
Those who engage in "computer-related diversion" - such as downloading pirated music or pornographic images - were more likely to be victims of identity theft, according to the study. This is a great risk to users because the pirated movies and music may contain malicious users and risking damage.
But the most practical for computer users was the combined factor antivirus protection, anti-spyware and anti-adware, each of which has a different function to maintain a secure computer, Holt said.
Antivirus software detects and removes malicious software such as viruses and worms that can damage a computer, delete data and spread to other computers. Anti-spyware and anti-adware, meanwhile, are designed to protect against software that installs itself without the user's knowledge or installed by the user and allows information gathered in secret on the use of Internet of a person, passwords, etc..
"You have a better chance of not getting the number of stolen credit card if you have all three forms of software protection," said Holt.
- New Spam Targeting Facebook Users Is Invisible to Most Virus Scans, Says Expert
Cyber-criminals are using fake e-mails to target Facebook users and deliver computer viruses being detected That Were only by one-third of the 42 Most Common anti-virus products as of 12 noon March 18, says a leading researcher at cyber-crime the University of Alabama at Birmingham (UAB).
Gary Warner, director of the UAB research in computer forensics, says his team in the UAB Spam Data Mine has been tracking the Facebook spam campaign for the past three days. While it is not in the data mine's list of the top 10 most prevalent malware Threats, Warner says the fake Facebook messages and related viruses are serious.
"The malware being delivered is called 'Bredolab.' It has been occasionally spread by spam since May of 2009, "Warner says. "The UAB Spam Data Mine has Observed at least eight versions of the Facebook Bredolab malware since March 16.
"What is troubling is the newer versions of the Bredolab Used In This latest attack campaign are not being detected by the Majority of anti-virus services - and That Means The Majority of users who unwittingly click on the bogus attachments linked to fake e- mails are going To Have Their computers infected, "Warner says.
In this new campaign, cyber-criminals are using Internet e-mail regularly services to deliver the false Facebook messages to the social media site's customers. The spam messages ask recipients to open an attachment in order to Obtain new Facebook login information. Clicking the attachment Exposes a user's computer to the Bredolab malware.
"Once a computer is infected with Bredolab, the cyber-criminals are Able to add any other malicious software They desire to the infected computer, password-stealing Including software, fake anti-virus software and spam-sending software," Warner says.
Warner warns That any legitimate company would never ask a customer to update his or her personal account information in an e-mail or through e-mail or attachments-embedded links.
"If there are one of Questions about your account profiles, visit the site in question through your Web browser and log in as you normally would," I says. "If an entity has an important message for you, you'll be Able to find it on its Web page.
- Frankenstein Programmers Test a Cybersecurity Monster
In order to catch a thief, You have to think like one.
UT Dallas computer scientists are trying to stay one step ahead of cyber attackers by creating Their Own monster. Their monster can cloak itself as it steals and reconfigure information in a computer program.
In Part Because Of The Potentially destructive nature of Their technology, this software creators have named Frankenstein system, after the monster-creating scientist in Mary Shelley's novel author, Frankenstein, or The Modern Prometheus.
"Shelley's story is an example of a horror That can result from science, and similarly, we Intend our creation as a warning That we need better detections For These types of intrusions," said Dr. Kevin Hamlen, associate professor of computer science at UT Dallas who created the software, along with His doctoral student Vishwath Mohan. "Criminals may already know how to create This Kind of software, so we Examined the science behind the danger this Represents, in hopes of creating counter measures."
Frankenstein is not a computer virus is a program That Which can multiply and take over other machines. But, It Could Be Used in cyber warfare to Provide cover for a virus or another type of malware, or malicious software.
In order to avoid antivirus software, malware mutates every time Typically it copies itself onto another machine. Antivirus software figures out the pattern of change and Continues to scan for sequences of code That Are Known to be suspicious.
Frankenstein evade this scanning mechanism. It takes code from programs already on a computer and repurposes it, stringing it together to ACCOMPLISH the malware's malicious task with new instructions.
"We wanted to build something as it Propagates That Learns," Hamlen said. "Frankenstein takes from what is already there and reinvents itself."
"Just as Shelley's monster was stitched from body parts, our Frankenstein stitches Also software program from original parts, so no red flags are raised," I said. "It looks completely different, but its code is consistent with something normal."
Frankenstein said Hamlen Could be used to aid government Counter Terrorism Efforts by Providing cover for terrorist infiltration of computer networks. Hamlen is part of the Cyber Security Research and Education Center in the Erik Jonsson School of Engineering and Computer Science.
The UT Dallas research is the first published example Describing This Type of stealth technology, Hamlen said.
"As a proof-of-concept, we tested Frankenstein on some simpler algorithms are completely benign That," Hamlen said. "We did not create damage to anyone's systems."
The next step, Hamlen said, is to create more complex versions of the software.
Frankenstein was Described in a paper published online (https://www.usenix.org/conference/woot12/frankenstein-stitching-malware-benign-binaries) in conjunction with a presentation at a recent USENIX Workshop on Offensive Technologies.
The research was supported by the National Science Foundation and Air Force Office of Scientific Research.
- New Security Threat Against 'Smart Phone' Users, Researchers Show
Computer scientists at Rutgers University have shown how a familiar type of personal computer security threat can now attack new generations of smart mobile phones, with the potential to cause more serious consequences.
The researchers, who are presenting their findings at a mobile computing workshop this week in Maryland, demonstrated how such a software attack could cause a smart phone to eavesdrop on a meeting, track its owner's travels, or rapidly drain its battery to render the phone useless. These actions could happen without the owner being aware of what happened or what caused them.
"Smart phones are essentially becoming regular computers," said Vinod Ganapathy, assistant professor of computer science in Rutgers' School of Arts and Sciences. "They run the same class of operating systems as desktop and laptop computers, so they are just as vulnerable to attack by malicious software, or 'malware.'"
Smart phones are cellular telephones that also offer Internet accessibility, texting and e-mail capabilities and a variety of programs commonly called "apps," or applications.
Ganapathy and computer science professor Liviu Iftode worked with three students to study a nefarious type of malware known as "rootkits." Unlike viruses, rootkits attack the heart of a computer's software -- its operating system. They can only be detected from outside a corrupted operating system with a specialized tool known as a virtual machine monitor, which can examine every system operation and data structure.
Virtual machine monitors exist for desktop computers, but in current form, they demand more processing resources and energy than a portable phone can currently support.
Rootkit attacks on smart phones or upcoming tablet computers could be more devastating because smart phone owners tend to carry their phones with them all the time. This creates opportunities for potential attackers to eavesdrop, extract personal information from phone directories, or just pinpoint a user's whereabouts by querying the phone's Global Positioning System (GPS) receiver. Smart phones also have new ways for malware to enter the system, such as through a Bluetooth radio channel or via text message.
"What we're doing today is raising a warning flag," Iftode said. "We're showing that people with general computer proficiency can create rootkit malware for smart phones. The next step is to work on defenses."
In one test, the researchers showed how a rootkit could turn on a phone's microphone without the owner knowing it happened. In such a case, an attacker would send an invisible text message to the infected phone telling it to place a call and turn on the microphone, such as when the phone's owner is in a meeting and the attacker wants to eavesdrop.
In another test, they demonstrated a rootkit that responds to a text query for the phone's location as furnished by its GPS receiver. This would enable an attacker to track the owner's whereabouts. Finally, they showed a rootkit turning on power-hungry capabilities, such as the Bluetooth radio and GPS receiver to quickly drain the battery. An owner expecting remaining battery life would instead find the phone dead.
The researchers are careful to note that they did not assess how vulnerable specific types of smart phones are. They did their work on a phone used primarily by software developers versus commercial phone users. Working within a legitimate software development environment, they deliberately inserted rootkit malware into the phone to study its potential effects. They did not find a vulnerability that a real malware attacker would have to exploit.
The research team is presenting its findings at the International Workshop on Mobile Computing Systems and Applications (HotMobile 2010). Working with Ganapathy and Iftode were Jeffrey Bickford and Ryan O'Hare, who worked on the project as undergraduates, and Arati Baliga, who worked on it as a postdoctoral researcher. The research was supported by the National Science Foundation and the U.S. Army.
No comments:
Post a Comment