TrendLabs | Malware Blog - by Trend Micro - 2 new articles

 

Here are the latest updates for security-news@awsoda.net "TrendLabs | Malware Blog - by Trend Micro" - 2 new articles Storm: Now on Video! SCADA Watch: Violating the 'Air Gap' Principle More Recent Articles Search TrendLabs | Malware Blog - by Trend Micro Storm: Now on Video! Looks like the Storm gang (or at least the Russian/Ukrainian criminals behind it) is expanding its business. Is it because of the “arrival” of Kraken, which, following the footsteps of MayDay and Mega-D, is challenging the said gang for the “Biggest Zombie Network” title? Whatever the case, only days after re-professing its love to unsuspecting users via blog pages, the Storm malware is at it again, this time posing as a video codec. TrendLabs researchers discovered several sites that offer, what looks like, a YouTube-look-alike streaming video. The infection vector and messaging is actually still the same, that is, users are most likely to access this site via links on specially crafted, love-themed blogs. What is interesting this time is that on the said site, users are required to download the so-called Storm Codec in order to view the said video. Yes, you read that right: the codec is called Storm Codec. Below is a screenshot: Is that blatant enough? Of course, the said “codec” is actually a NUWAR/Storm variant, which Trend Micro already detects as WORM_NUWAR.JQ since April 2. If the social engineering tactic of using video codecs is familiar, it’s because it is — ZLOB Trojans became infamous because of it, after all (see some detailed analysis here). Thus, the Storm gang’s attempt to venture into the said codec “business” has our researchers speculating whether they are now in cahoots with the ZLOB authors, or that they are trying to take over ZLOB’s niche, much like they did with STRATION when the two first started battling it out late 2006. Or maybe the gang is just trying to reaffirm to their competition that they’re still the one to beat. In the end though, it’s still the unsuspecting users who become collateral damage of all this brouhaha. Users are thus advised to be wary when visiting Web sites or blogs, especially those that require installation or execution of files. Video files — especially those posted online — almost always do not require video codecs anymore, lest they lose the much coveted site traffic to other sites (YouTube, anyone?). Come to think of it, if someone really loves a person that much, he or she won’t have that person go all through the trouble of finding the appropriate codec, right? ShareThis • Email to a friend • Article Search • Related • View comments • Track comments • • SCADA Watch: Violating the 'Air Gap' Principle As readers of this blog may recall, I’ve written about SCADA issues in the past, but one issue that I’ve consistently tried to emphasize is that critical control systems should never, ever interact nor interconnect with Internet systems in any way, shape, or form. There’s a good reason for this, and it’s always been referred to as the “Air Gap” Principle. But as I also noted previously, companies make business decisions that favor cost savings over systems security on a regular basis. Recent news reports from Australia indicate that Energy Australia will be deploying “smart” metering device which use WiFi communications to collect consumer energy consumption statistics. Now, this is not to single out this particular company, but the opportunity presents itself for commentary. There are energy companies in the United States and elsewhere which are making similar business decisions regarding their service infrastructure, and it is somewhat troubling. According to an article in itWorldCanada, “…The system will transmit power usage and maintenance data from two million digital smart meters across the states of New South Wales and Queensland to a central database over a Wi-Fi and fiber-optic network.” Notwithstanding the business issues involved, or second-guessing Energy Australia’s assessment of the cost-benefit analysis of this decision, it nonetheless raise some serious security questions with regards to the possibility of denial-of-service attacks, or complete compromise of an associated system (it does happen, and has been documented on several occasions) . The “Air Gap” principle exists for a reason — real security segmentation. Without proper segmentation, you basically begin to add risk — the security posture of unauthorized access or other cyber shenanigans - enormously. I cannot stress this issue enough. When you cut corners in the name of cost savings, you will inevitably be victimized by the fickle finger of fate, as the saying goes. I’m a little unnerved to realize that the systems which deliver my electricity, gas, water, and other basic services are making some very risky decisions when it comes to their infrastructure. You should probably be worried too. Maybe a little bit. Maybe a lot. “Fergie”, a.k.a. Paul Ferguson Internet Security Intelligence Advanced Threats Research ShareThis • Email to a friend • Article Search • Related • View comments • Track comments • • More Recent Articles More IRS Malware: As U.S. Tax Deadline Looms, Cyber Criminals Ramp Up The Malware-Gossip Duo HP Proliant USB Keys Come with Malware Surprise 'New' MSN Social Networking Site? Phish of the Millennium! Click here to safely unsubscribe now from "TrendLabs | Malware Blog - by Trend Micro" or change subscription settings   Unsubscribe from all current and future newsletters powered by FeedBlitz Your requested content delivery powered by FeedBlitz, LLC, 9 Thoreau Way, Sudbury, MA 01776, USA. +1.978.776.9498   Subscribe to: Post Comments (Atom) Subscribe via email Enter your email address: Delivered by FeedBurner GO to Feeds Trend Micro Homeland Security US-CERT Juniper Networks AWSODA SYSTEMS Blog Archive ►  2012 (71) 02/12 - 02/19 (8) 02/05 - 02/12 (11) 01/29 - 02/05 (10) 01/22 - 01/29 (12) 01/15 - 01/22 (9) 01/08 - 01/15 (12) 01/01 - 01/08 (9) ►  2011 (706) 12/25 - 01/01 (3) 12/18 - 12/25 (12) 12/11 - 12/18 (14) 12/04 - 12/11 (10) 11/27 - 12/04 (10) 11/20 - 11/27 (3) 11/13 - 11/20 (10) 11/06 - 11/13 (15) 10/30 - 11/06 (10) 10/23 - 10/30 (11) 10/16 - 10/23 (11) 10/09 - 10/16 (8) 10/02 - 10/09 (14) 09/25 - 10/02 (7) 09/18 - 09/25 (14) 09/11 - 09/18 (11) 09/04 - 09/11 (10) 08/28 - 09/04 (11) 08/21 - 08/28 (11) 08/14 - 08/21 (9) 08/07 - 08/14 (12) 07/31 - 08/07 (14) 07/24 - 07/31 (9) 07/17 - 07/24 (11) 07/10 - 07/17 (13) 07/03 - 07/10 (10) 06/26 - 07/03 (9) 06/19 - 06/26 (12) 06/12 - 06/19 (13) 06/05 - 06/12 (18) 05/29 - 06/05 (10) 05/22 - 05/29 (14) 05/15 - 05/22 (11) 05/08 - 05/15 (12) 05/01 - 05/08 (10) 04/24 - 05/01 (13) 04/17 - 04/24 (17) 04/10 - 04/17 (25) 04/03 - 04/10 (18) 03/27 - 04/03 (18) 03/20 - 03/27 (21) 03/13 - 03/20 (21) 03/06 - 03/13 (23) 02/27 - 03/06 (20) 02/20 - 02/27 (15) 02/13 - 02/20 (15) 02/06 - 02/13 (25) 01/30 - 02/06 (23) 01/23 - 01/30 (19) 01/16 - 01/23 (15) 01/09 - 01/16 (18) 01/02 - 01/09 (18) ►  2010 (1039) 12/26 - 01/02 (10) 12/19 - 12/26 (16) 12/12 - 12/19 (19) 12/05 - 12/12 (18) 11/28 - 12/05 (23) 11/21 - 11/28 (13) 11/14 - 11/21 (20) 11/07 - 11/14 (19) 10/31 - 11/07 (22) 10/24 - 10/31 (22) 10/17 - 10/24 (20) 10/10 - 10/17 (16) 10/03 - 10/10 (14) 09/26 - 10/03 (13) 09/19 - 09/26 (15) 09/12 - 09/19 (24) 09/05 - 09/12 (20) 08/29 - 09/05 (20) 08/22 - 08/29 (22) 08/15 - 08/22 (16) 08/08 - 08/15 (24) 08/01 - 08/08 (21) 07/25 - 08/01 (20) 07/18 - 07/25 (21) 07/11 - 07/18 (19) 07/04 - 07/11 (18) 06/27 - 07/04 (17) 06/20 - 06/27 (17) 06/13 - 06/20 (19) 06/06 - 06/13 (26) 05/30 - 06/06 (17) 05/23 - 05/30 (18) 05/16 - 05/23 (16) 05/09 - 05/16 (24) 05/02 - 05/09 (18) 04/25 - 05/02 (21) 04/18 - 04/25 (21) 04/11 - 04/18 (27) 04/04 - 04/11 (19) 03/28 - 04/04 (24) 03/21 - 03/28 (23) 03/14 - 03/21 (17) 03/07 - 03/14 (28) 02/28 - 03/07 (26) 02/21 - 02/28 (18) 02/14 - 02/21 (18) 02/07 - 02/14 (30) 01/31 - 02/07 (24) 01/24 - 01/31 (19) 01/17 - 01/24 (20) 01/10 - 01/17 (28) 01/03 - 01/10 (19) ►  2009 (1033) 12/27 - 01/03 (10) 12/20 - 12/27 (18) 12/13 - 12/20 (20) 12/06 - 12/13 (24) 11/29 - 12/06 (19) 11/22 - 11/29 (15) 11/15 - 11/22 (19) 11/08 - 11/15 (23) 11/01 - 11/08 (23) 10/25 - 11/01 (22) 10/18 - 10/25 (20) 10/11 - 10/18 (23) 10/04 - 10/11 (21) 09/27 - 10/04 (23) 09/20 - 09/27 (21) 09/13 - 09/20 (18) 09/06 - 09/13 (23) 08/30 - 09/06 (18) 08/23 - 08/30 (21) 08/16 - 08/23 (23) 08/09 - 08/16 (20) 08/02 - 08/09 (28) 07/26 - 08/02 (30) 07/19 - 07/26 (25) 07/12 - 07/19 (27) 07/05 - 07/12 (26) 06/28 - 07/05 (17) 06/21 - 06/28 (26) 06/14 - 06/21 (20) 06/07 - 06/14 (30) 05/31 - 06/07 (19) 05/24 - 05/31 (9) 04/12 - 04/19 (7) 04/05 - 04/12 (25) 03/29 - 04/05 (25) 03/22 - 03/29 (27) 03/15 - 03/22 (25) 03/08 - 03/15 (29) 03/01 - 03/08 (22) 02/22 - 03/01 (23) 02/15 - 02/22 (24) 02/08 - 02/15 (22) 02/01 - 02/08 (26) 01/25 - 02/01 (20) 01/18 - 01/25 (19) 01/11 - 01/18 (34) 01/04 - 01/11 (24) ▼  2008 (1133) 12/28 - 01/04 (19) 12/21 - 12/28 (19) 12/14 - 12/21 (27) 12/07 - 12/14 (39) 11/30 - 12/07 (25) 11/23 - 11/30 (16) 11/16 - 11/23 (20) 11/09 - 11/16 (27) 11/02 - 11/09 (37) 10/26 - 11/02 (29) 10/19 - 10/26 (29) 10/12 - 10/19 (29) 10/05 - 10/12 (25) 09/28 - 10/05 (18) 09/21 - 09/28 (28) 09/14 - 09/21 (23) 09/07 - 09/14 (29) 08/31 - 09/07 (22) 08/24 - 08/31 (18) 08/17 - 08/24 (23) 08/10 - 08/17 (33) 08/03 - 08/10 (23) 07/27 - 08/03 (33) 07/20 - 07/27 (25) 07/13 - 07/20 (27) 07/06 - 07/13 (30) 06/29 - 07/06 (23) 06/22 - 06/29 (21) 06/15 - 06/22 (25) 06/08 - 06/15 (30) 06/01 - 06/08 (36) 05/25 - 06/01 (24) 05/18 - 05/25 (21) 05/11 - 05/18 (25) 05/04 - 05/11 (25) 04/27 - 05/04 (20) 04/20 - 04/27 (22) 04/13 - 04/20 (38) 04/06 - 04/13 (35) 03/30 - 04/06 (28) 03/23 - 03/30 (16) 03/16 - 03/23 (17) 03/09 - 03/16 (23) 03/02 - 03/09 (14) 02/24 - 03/02 (10) 02/17 - 02/24 (7)