Posts Tagged ‘Internet.Viruses’

Heartbleed bug hits web security


Several major technology firms have urged users to change all their passwords in the wake of the Heartbleed bug security breach.

The bug was first reported on Monday after going undetected for more than 2 years.

It bypasses the OpenSSL cryptographic library, which is used online to digitally scramble sensitive information as it passes between computer servers.

It is best known as the padlock icon that appears in the corner of web browser windows to show the page you are using online is secure when data moves back and forth.

The Heartbleed bug is a flaw in this system that can give anyone access to the data behind that encryption, including passwords and credit card details, without leaving any trace.

Read more on this story at MSN UK


Bank Trojan Uses New Tricks to Hijack Account Info

There’s a new piece of malware making the rounds, one that could get more dangerous with time. It’s a Trojan called “OddJob,” and eastern European cybercriminals are using it to steal from online bank accounts. But according to Amit Klein, chief technology officer at security firm Trusteer, the way it’s hijacking account information is different than most other malware.

OddJob is designed to steal session ID tokens, which allows hackers to hijack a user’s online banking session in real-time rather than logging into the account at a later time. The tokens are issued by a bank to identify a user’s session, and by stealing the tokens and embedding them into their own browsers, hackers gain unfettered access to the victim’s account, even while the unknowing victim is still active.

“The malware essentially allows the fraudster to share the session with the victim so that any activity the victim can see, the fraudster can see as well,” Klein said.

After the user logs out, OddJob keeps the hacker logged in.

“The fraudster has a keen interest in the session not being terminated. So in order to avoid that, the malware has the ability to detect logout attempts and to discard them,” Klein added.

Klein also said he thinks OddJob is a work in progress and will only get more sophisticated in time.

Please don’t hesitate to contact us if you require any support


Microsoft: virus-infected computers should be quarantined

Virus-infected computers should be blocked from the internet and kept in quarantine until they are given a “health certificate”, a top Microsoft security researcher suggested on Thursday.

Under the proposed security regime, put forward by the technology giant’s trustworthy computing team, an individual’s internet connection would be “throttled” to prevent the virus spreading to other computers. But security experts today warned that cutting people off from the internet could be a drastic step too far – and that the question of who would issue and verify the “health certificate” was troubling.

Millions of computers around the world running versions of Microsoft’s Windows operating system are infected by viruses without their user’s knowledge and used to generate billions of spam emails and attacks against websites, such as that used against a British law company earlier this month.

The infected computers are often marshalled by virus writers into “botnets” which are hired out for criminal use. Microsoft, internet service providers, banks and web companies have fought long but so far unsuccessful battles against botnets. Earlier this year Microsoft took its fight to the US courts after a group of infected computers sent more than 650m spam emails to its Hotmail accounts. The spread of computer viruses has, however, continued unabated.

The new proposal, Microsoft claimed, is built on the lessons of public health. Scott Charney, corporate vice president of Microsoft’s trustworthy computing team, wrote on the company’s blog: “Just as when an individual who is not vaccinated puts others’ health at risk, computers that are not protected or have been compromised with a bot put others at risk and pose a greater threat to society.”

But Ram Herkanaidu, a global researcher at computer security firm Kaspersky Lab, told the Guardian that cutting people off from the internet was a wrongheaded solution. He said: “This would be a bad idea in practice. Just say your machine was infected – if you could not access the internet, how would you be able to update your anti-virus and also apply any software patches required? Technically, though, an ISP could give limited access to a safe area so that they could get the relevant updates but this would be done by individual ISPs themselves.”

Charney countered that “In the physical world, international, national, and local health organisations identify, track and control the spread of disease which can include, where necessary, quarantining people to avoid the infection of others. Simply put, we need to improve and maintain the health of consumer devices connected to the internet in order to avoid greater societal risk.”

Many of the infected computers are in the far east in countries such as South Korea and China, where pirated versions of Windows are common, though the US still accounts for a substantial number of machines in botnets.

US and European ISPs have periodically considered blocking virus-infected machines from internet access and diverting users to cleanup pages. But they have shied away from it on the basis that it would be costly, while bringing them little direct benefit, as most infected machines would be on other networks.

Presenting his suggestion to the International Security Solutions Europe conference in Berlin, Germany, Charney said computers should be required to have a clean “health certificate” before being allowed to connect to the internet. If a fix is available, the computer would be prompted to download a solution or to update its anti-virus settings.

“If the problem is more serious – say, the machine is spewing out malicious packets [of data], or if the user refuses to produce a health certificate in the first instance, other remedies such as throttling the bandwidth of the potentially infected device, might be appropriate,” Charney said, adding that the spread of computer viruses had continued unrelenting despite the best efforts of software companies.

He conceded that abolishing an individual’s internet connection “could well have damaging consequences”, proposing that machines have an emergency function whereby users could perform certain activities – much like mobile phones and the emergency services safeguard.

Herkanaidu said that there were flaws in the approach. “Stopping an infected machine from accessing the internet so that it cannot be used in for malicious purposes like sending out spam on the face of it seems sensible,” he said. “However, it does raise a lot of important questions like: who would issue the proposed health certificates? What would be the criteria? How often should it be updated? But, more importantly, would it work? At Kaspersky we see over 30,000 new pieces of malware everyday – it’s difficult to see how we could have a general scheme that would be able to cope with this.”

Alan Bentley, a senior vice president at business computer security firm Lumension, welcomed the idea in principle, but had reservations on how it would work in practice for corporations using Microsoft machines and software. “Suggesting that infected PCs should be quarantined until a clean-up job is complete is an interesting proposal,” Bentley told the Guardian. “However, the health check seems to be simply repeating a process which most people try to adhere to now.

“Most consumers and businesses run anti-virus [software]. But a lot of them don’t even know their computers are infected. So the important question to ask here is: who would be responsible for turning off their internet and how would that be legal? This is a great philosophical idea, but totally impractical when using anti-virus software.”

Need Help with a virus or not sure if you have one? Contact us today…