Tag Archives: malware
The news of the latest zero-day (or previously unknown and unpatched) exploit for Microsoft’s browser, Internet Explorer 8, being fixed is still fresh. But another has been announced. This one, however, has not been fixed. Even worse, Microsoft’s known about it for 7 months and not only hasn’t come up with a solution, they haven’t said anything except that though the hole remains wide open, they do not know of any attacks using it. The flaw was made known by the Zero Day Initiative, a site devoted to the responsible and timely announcement of security flaws by the industry. This particular vulnerability allows an attacker to run malicious code against your machine when you visit an infected website with IE8. The easiest way to protect yourself is to set your browsers security settings at the highest level, to block the operations of Active X and Active Scripting. A list of upcoming, unannounced zero day exploits may be found here.
When hackers boast of their exploits, they often claim that they had only the good of the victim at heart – no matter what kind of mischief they’ve been up to. They usually innocently say that they are exposing how they accomplished whatever remarkable invasion or feat merely to help improve security of a site or system by exposing its flaws. The team that invented the Stuxnet virus has never publicly claimed that (or anything else for that matter), but they could if they so desired. Because that is apparently exactly what’s happened. And not only that, the clever people who deployed the virus to make the world safer may well have put all of us at greater risk than ever before. The story of the Stuxnet virus may be the perfect application of the Law of Unintended Consequences to cyberwar. Like Murphy’s Law, this axiomatic principle points out how human efforts often have unforeseen effects that are quite perversely the opposite of what was desired. Of course, since nobody associated with the creation of the virus has ever spoken out, no one knows who exactly is behind it or what their exact plans were. However, in the history computer viruses, Stuxnet holds a unique place – for it is the first virus that is a true weapon. Weaponized code Stuxnet was not designed to steal cash or information but to create real-world sabotage. It was malware specifically engineered to destroy … Continue reading
The Internet these days is often compared to the Wild West. It, too, is a wide open frontier with endless possibilities, loose rules, limited government controls and not a few rustlers and bandits lurking along its trails. But unlike other frontiers, the Net seems to steadily becoming more dangerous, not less. And there are now armies on the move. Hackers aren’t just computer whiz kids, online scam artists, or even criminal networks any more. Hacking has become a weapon of war. Stunning accusations in a recent report by Mandiant, a US online security firm, provide insights of just how persistent threats from government hackers working for certain enemy states have grown. The company has been investigating security breaches at hundreds of organizations around the world since 2004. Their tracking of threats has allowed them to identify more than 20 hacking groups within China. The largest of these, which they called APT1, for “Advanced Persistent Threat” has conducted vast hauls of information from hundreds of organizations since 2006. Madiant’s detective work on over 150 corporate victims for over 7 years paid off. They were able to identify APT1 as a unit of the People’s Liberation Army of China with a code designation of Unit 61398, precisely located its facilities in the middle of Shanghai, and even named three key developers. They watched APT1 compromise 141 companies in 20 industries, and studied in detail APT1’s sophisticated methodology – in one case, as … Continue reading