Tech highlights from November 2009
Proper use of English could get a virus past security
Hackers could evade most existing antivirus protection by hiding malicious code within ordinary text, according to security researchers.
One of the most common ways of hijacking other people’s computers is to use “code-injection” attacks, in which malicious computer code is delivered to and then run on victims’ machines. Current security measures work on the assumption that the code used has a different structure to plain text such as English prose.
Now a team of researchers has highlighted a potential future theatre in the virus-security arms race by working out how to hide malware within English-language sentences.
Hackers call the part of a code-injection attack that is used to gain control of a vulnerable computer “shell code”. Because this is usually written in machine code, Mason and colleagues dubbed their technique “English shell code”.
They presented their research (PDF) at the ACM Conference on Computer and Communications Security in Chicago earlier this month, being careful to leave out some of their methodology to avoid helping malicious hackers. –New Scientist
Hacker to be sent to face trial in US despite relatives’ suicide fear
LONDON: A British computer hacker who has Asperger’s syndrome is at serious risk of suicide, relatives say, after a last-ditch attempt to prevent his extradition to the US was rejected.
In a letter the Home Secretary, Alan Johnson, ordered Gary McKinnon’s removal to the US on charges of breaching American military and NASA computers, despite claims by his lawyers that extradition would make the 43-year-old’s death ”virtually certain”.
The decision, described by lawyers as callous, has prompted fresh fears about Mr McKinnon’s wellbeing. Thursday’s letter rejected new expert medical evidence that Mr McKinnon’s health had deteriorated dramatically since he lost his case in the High Court in July, and meant that extradition would
violate his right to life. –Guardian News & Media
Please follow computer engineer @Brian_Howes on Twitter who fights illegal extradtion for All to the DEATH.
Vendor rages after iPhone hacker given job
The code was rubbish too, says Sophos.
A security firm has expressed incredulity at the news that the Australian prank hacker who wrote a program targeting Apple iPhone users has been given a job by an application developer.
The writer of the Ikee worm, Ashley Towns, sprang to prominence only two weeks ago after his creation was found to be changing the desktop wallpaper on some ‘jailbroken’ or unlocked iPhones to display a picture of 1980’s British pop-star Rick Astley. Now, fellow-Australian software company mogeneration is reported to have offered Towns a paid job after hearing of his efforts.
“Yey, I got the job. I’m now an iPhone application developer,” says the 21-year old’s Twitter feed, adopting a nonchalant attitude that has seriously annoyed more than one security company. Currently, only one is willing to go on the record.
“What disheartens me is that Towns has shown no regret for what he did. He admitted specifically infecting 100 iPhones himself, letting his worm loose in the process. Now his utterly irresponsible behaviour appears to have been rewarded,” said Graham Cluley of software outfit Sophos, in an emailed press statement. –Techworld
John E. Dunn/@dourscot on Twitter
Shadowserver to Take Over as Mega-D Botnet Herder
An effort is underway to clean up tens of thousands of computers infected with malicious software known for churning out thousands of spam messages per hour. The infected computers are part of a botnet called Ozdok or Mega-D, which at one time was sending out around 4 percent of the world’s spam messages.
Last week, security vendor FireEye launched a drive to dismantle the botnet. The infected computers receive instructions and information for new spam campaigns through command-and-control servers. FireEye contacted network providers which hosted those servers, and most were shut down.
That meant that the people controlling the hacked PCs, known as botnet herders, couldn’t contact most of their bots anymore. Spam from Mega-D almost stopped entirely. FireEye also cut off a second redundancy mechanism the herders programmed into Mega-D…FireEye has now handed control of those bots over to Shadowserver, a volunteer-run organization that tracks botnets.
Shadowserver has taken over the administration of a “sinkhole,” or a computer running custom software that acts as a command-and-control server that the Mega-D bots will call on, said Andre’ M. DiMino, Shadowserver’s co-founder.– Networkworld
Until next time — Stay safe Online!
No Comments