TOP BLOG ADS BY GOOGLE

Wednesday, January 16, 2013

'Red October' malware spies on governments worldwide



It might have taken five years to discover, but a government-snooping spying campaign dubbed Red October has been exposed by Kaspersky Lab.



Kaspersky Lab has discovered yet another worldwide spying campaign that targets governmental bodies, political groups and research institutions.
On par with the memorable Flame malware, Kaspersky and a number of Cyber Emergency Response Teams (CERTs) discovered the malware -- known as Rocra or Red October -- which mostly targets institutions based in Eastern Europe, former USSR members and countries in Central Asia.
Kaspersky says that Red October has been gathering data and intelligence from "mobile devices, computer systems and network equipment" and is currently still active. Data is gathered and sent to multiple command-and-control servers which the security firm says rivals the complex nature of Flame.
The malware is sent via a spear-phishing email which, according to the firm, targets carefully-selected victims with an organization. Containing at least three different exploits in Microsoft Excel and Word, the infected files, once downloaded, drops a trojan on to the machine which then scans the local network to detect if any other devices are vulnerable to the same security flaw.
By dropping modules that can complete a number of "tasks," usually as .dll libraries, an infected machine obeys commands sent by the command center and then immediately discards the evidence. Separated in to "persistent" and "one-time" tasks, the malware is able to spy and steal in a number of ways, including:
  • Waiting for a Microsoft Office or PDF document and executing a malicious payload embedded in that document;
  • Creating one-way covert channels of communication,
  • Recording keystrokes, making screenshots,
  • Retrieve e-mail messages and attachments;
  • Collect general software and hardware environment information,
  • Extracting browsing history from Chrome, Firefox, Internet Explorer, Opera, and saving passwords,
  • Extracting Windows account hashes;
  • Extract Outlook account information,
  • Performing network scans, dump configuration data from Cisco devices if available.
Some .exe tasks remain on the system while waiting for the correct environment, for example, waiting for a phone to connect. Microsoft's Windows Phone, the iPhone and Nokia models are all said to be vulnerable.
Designed to steal encrypted files and even those that have been deleted from a victim's computer, the malware -- named as a hat-tip to the novel "The Hunt for Red October" -- has several key features which suggests it may be state-sponsored, although there is no official word on this yet.
Among the features, there is a "resurrection module" within the malware which keeps the infection hidden, disguised as a plugin for a program such as Microsoft Office, which can then reincarnate the infection after removal.
In addition, Red October does not simply focus on standard machines, but is also able to infect and steal data from mobile devices, hijacking information from external storage drives, accessing FTP servers and thieving information from email databases.
In order to control the network of infection, Kaspersky says that over 60 domain names and several different servers, hosted in various countries, are employed. In order to keep the main command center secret, the C&C infrastructure works as a huge network of proxies.
Kaspersky believes that the cyberattackers have been active for a minimum of five years, based on domain name registration dates and PE timestamps, and the firm "strongly believes" that the origins of the malware are Russian.
This high-profile network may suggest that state sponsorship could be involved. As Kaspersky Labs notes:
The information stolen by the attackers is obviously of the highest level and includes geopolitical data which can be used by nation states. Such information could be traded in the underground and sold to the highest bidder, which can be of course, anywhere.
Any information harvested, including stolen credentials or confidential data, is stored for later use. For example, if an attacker needs to guess a password in another location, it is possible that harvested data could provide clues -- creating an espionage network full of intelligence that hackers can refer to in need. After at least five years of activity, the Russian security firm believes that at least 5 terabytes of confidential information could have been stolen.
"During the past five years, the attackers collected information from hundreds of high profile victims although it's unknown how the information was used. It is possible that the information was sold on the black market, or used directly," Kaspersky said.
The majority of infections are based in Russia, although Kazakhstan, Azerbaijan, the U.S. and Italy have all reported cases. The exploits appear to have Chinese origins, whereas the malware modules may have a Russian background.
Red October was first brought to Kaspersky's attention in October 2012 after a tip of of an anonymous source. A full report on the spying campaign is due to be published this week.

روسی محقیقین نے سائبر حملے کے ایک ا یسے بڑے پروگرام کا پتہ چلایا ہے، جس کے بارے میں باور کیا جا رہا ہے کہ وہ سنہ دو ہزار سے خفیہ فائلیں چرا رہا تھا۔
کیسپرسکی ریسرچ لیبارٹری نے بی بی سی کو بتایا ہے کہ سائبر حملے کا یہ پروگرام خصوصی طور پر سفارت خانوں، جوہری تحقیقاتی اداروں، گیس اور تیل کے اداروں کی خفیہ معلومات حاصل کرنے کے لیے ڈیزائن کیا گیا تھا۔
ماہرین کے مطابق یہ بہت ہی حساس قسم کا سائبر حملہ تھا جس کا مقصد خفیہ معلومات کی فائیلیں چرانا تھا، یہاں تک کہ وہ ایسی فائلیں بھی نکا ل لیتا تھا جنھیں ڈیلیٹ کیا جاچکا ہو۔
اس بارے میں سرے یونیورسٹی کے ایک پروفیسر ایلن ووڈ ورڈ کا کہنا ہے کہ حملہ آور پروگرام کی ڈایزائینگ اس طرح سے کی گئی تھی کہ یہ کمپیوٹر میں موجود تمام پروگراموں کی فائیلوں میں داخل ہو سکتا تھا، چاہے وہ فائل ورلڈ پر وگرام میں ہو، پی ڈی ایف فائل ہو، یا کمپیوٹر کے کسی اور خانے میں رکھی ہو۔
کیسپرسکی ریسرچ لیبارٹری کے ایک بیان کہا گیا ہے کہ سائبر حملے کا اصل ہدف مشرقی یورپ کے ملک اور سابق سوویت یونین کی وسطی ایشا کی ریاستیں تھیں، تاہم کسی اور ملک کی خفیہ فائلوں کے بارے میں بھی کچھ نہیں کہا جا سکتا کیونکہ اس کی رسائی مغربی یورپی ممالک اور شمالی امریکہ تک تھی۔
کمپنی کے چیف کا لوک نے بتایا کہ اس حملے کا ا نکشاف گزشتہ برس اکتوبر میں ہوا تھا اُسی مناسبت سے اس سائبر پروگرام کو’ریڈ اکتوبر‘ کا نام دیا گیا ہےآ اُن کا کہنا تھا کہ جیسے ہی ہمیں پتہ چلا ہمیں فوراً ہی اندازہ ہوگیا کہ یہ حملہ بہت بڑے پیمانے پر کیا جا رہا ہے جس میں کچھ بڑی بڑی تنظیموں کی اہم خفیہ معلومات حاصل کی جا رہی ہے۔
اس کا مقصد ملک گیر سیاسی نوعیت کی انٹیلیجنس، کلاسیفائید کمپیوٹر نظام اور نجی ٹیلی فونز میں موجود ڈیٹا حاصل کرنا تھا۔
جاسوس سائبر پروگرام کی جزیات کے بارے میں کالوک کا کہنا تھا کہ یہ اس قدر حساس نوعیت کا پروگرام ہے کہ یہ یو ایس بی میں سے وہ فائلیں بھی پڑھ لیتا ہے جو ڈیلیٹ کی جا چکی ہوتی ہیں، مگر جیسے کسی کمپوٹر میں یو ایس بی لگائی جاتی ہے یہ پروگرام ان فائیلوں کو واپس لانے کی کوشش کرتا ہے۔
اس پروگرام کی سب سے بڑی خصوصیت یہ ہے کہ یہ خود کو چھپا لینے کی صلاحیت بھی رکھتا ہے۔ پروفیسر ایلن ووڈ ورڈ کہتے ہیں’ کمپیوٹر کو اگر اس پروگرام کے بارے میں پتہ چل جائے تو یہ فوراً چھپایا یا غائب کیا جا سکتا ہے اور جب کمپیوٹر یہ سمجھے کہ اب خطرہ ٹل گیا ہے تو فوراً ایک عدد ای میل بھیج کر پروگرام کو واپس بلا لیں اور کام پھر سے شروع کر لیں۔

Sunday, January 13, 2013

Smart Phone's future

It can talk to your car, your refrigerator, water your plants and help you stay fit and healthy.


LAS VEGAS: That was the message delivered by dozens of firms at the International Consumer Electronics Show, where terms like "appification" were tossed around freely.

The hundreds of thousands of "apps" developed for mobile platforms such as Apple s iOS, Google s Android and Microsoft s Windows Phone and showcased at the Las Vegas tech gathering are quickly taking a lot of functions that people or different devices used to do.

Nowhere was this more evident in the "connected home" zone of the world s biggest technology show. 

Samsung, the South Korean tech giant, showed a connected refrigerator which can stream music from a smartphone, while US appliance maker Dacor unveiled what it called the "first Android oven," with a panel to check emails and the Web.

US appliance maker Whirlpool showed its lineup of smart appliances which can send a user a text message when the laundry is done. Whirlpool s refrigerator can also stream music through an app, enabling a host to set a playlist for each course of a dinner party, for example.

"You don t need to be friend on Facebook with your fridge, but it makes its use easier," quipped Warwick Stirling, Whirlpool s senior director of energy and sustainability.

South Korea s LG offered an integrated solution: one smartphone app which can remotely turn on a robotic vacuum or washing machine, or monitor something cooking in the oven.

An LG refrigerator, equipped with a touchscreen panel, can deliver a shopping list to your smartphone wirelessly, provided that the database is created in the appliance.

"You can control your life with a smartphone," said LG s Lisa Hutchenson.

French-based firm Parrot and Korea s Moneual each showed off an app to allow smartphone users to keep their home plants watered, using a sensor which transmits information on temperature, light and humidity and alerts people when the plants are thirsty.

The home thermostat, locks and lighting can be controlled with an app developed by Ingersoll Rand.

"The phone can be your remote control for your house," said Matt McGovren, marketing manager for the maker of home equipment.

"Everything will be connected, even things not generally associated with smartphones, like locks."

In the car, drivers can mimic their key fob functions to control their car, track, locate and monitor their vehicles with an app from Delphi Automotive, shown at CES.

And Ford and General Motors announced at CES that they will be launching efforts to help app developers create programs which be used in vehicles, some of which already can play streaming movies or music from mobile devices.

"Up to now, radio was the only entertainment in the car," said Thomas Sonnenrein, of the German equipment maker Bosch.
"Today we have a system shared with the Internet, the smartphone and the car" which "creates a lot of value."

The health segment is exploding with apps which can monitor heart rate, blood sugar, distance traveled by runners and many other things seen in the CES fitness tech zone.

The integration of the television and smartphone was a major focus at CES, with numerous smart TVs sharing with mobile phones and tablets. Not to mention the simple use of the device as a remote TV control.

Shawn DuBravac, chief economist at the Consumer Electronics Association, told the CES opening session that 65 percent of time spend on smartphones now is "non communication activities" such as apps for health, entertainment or other activities.

"We have moved away not only from telephony but from communications being the primary part of these devices," he said.

"So it is not just a communications devices, it is a hardware hub around which people build services the smartphone is becoming the viewfinder for your digital life."

Saturday, January 12, 2013

Driverless car concept gains traction at CES



LAS VEGAS: Automakers and technology firms are jumping on the bandwagon of the driverless car, which remains a concept as well as a platform for new technologies to improve safety on the road.
At the Consumer Electronics Show in Las Vegas this week, Toyota and Audi showed off their ideas for autonomous vehicles, in the wake of the push by Google on its driverless car. And others may follow suit.
Toyota drew considerable attention with its electronically gussied-up Lexus sedan, equipped with a host of sensors and cameras that can detect what is around the vehicle.
"It has the ability to drive itself, but we won't allow it," said Jim Pisz, corporate manager at Toyota North America. Pisz said the technology is similar to Google's with the use of electronics, but that "the Google focus is on software mapping, that's what they're really good at. Toyota focuses on safety programs and more integrated programs."
The Japanese automaker maintains that its 2013 Lexus LS, also being shown at the expo, already has "the world's most advanced pre-collision safety system" but its driverless cars are only being used in closed research centers, unlike Google's publicized road tours.
The growing use of advanced electronics for auto safety, communications and entertainment has prompted a record eight automakers to attend the Las Vegas show, along with dozens of firms working on related products and services.
"Electronics are vital to our cars. Today's cars are rolling computers," Audi executive Wolfgang Duerheimer told reporters at CES. The German automaker's Ulrich Hofmann told AFP that the new technology "helps the driver in situations where it's boring to drive, and leaves you to drive when it is fun."
At the Las Vegas tech confab, Audi showed its concept for a driverless vehicle in a simulator. Hofmann said an autonomous car could be developed within five to eight years but noted that "there are a lot of regulatory and legal issues."
Ford Motor Co. researcher Pim van der Jagt said the US auto giant halted its program on driverless cars several years ago. The concert "seemed so far out, it didn't make sense having big teams working on it," he said, but added that "now, with the interest in the Google car, politicians are starting to speak about it" and Ford has resumed its program.
Nevertheless, "a full autonomous car is far out, and may even never exist," van der Jagt said. Audi engineers say they can envision an on-off switch which could be used in traffic jams on highways, where vehicles could join a sort of motorcade traveling at identical speeds, freeing a driver for a few moments.
In September, California Governor Jerry Brown signed a bill clearing the way for self-driving cars to jockey with human-operated vehicles to test the technology on the state's roads. The state of Nevada in May issued a license plate giving Google's self-driving car the green light to travel along public roads there.
The growing talk of autonomous cars has sparked fresh interest in how the tech sector -- which has been under fire for fueling "distracted driving" -- can improve auto safety and the driving experience. "Everybody gets distracted at some point," said Steven Wenger of Mobileye, a company that makes equipment for crash avoidance for major automakers and as a consumer aftermarket device.
"Three seconds could save a person's life. We want people to be aware of these technologies which can help avoid accidents."