Today’s assignment: Coding an undetectable malware

Inserito da 6 Agosto, 2008 (0) Commenti

Si tratta di :Exploits,News,Sicurezza

Today’s dynamic Internet threatscape is changing so rapidly, that the innovations and creativity applied by malwareMalware authors can easily render an information security course’s curricular on malware outdated pretty fast, or worse, provide the students with a false feeling of situational awareness about today’s malware that’s driving the entire cybercrime ecosystem at the end of the day. In fact, one can easily spot an outdated academic curricular on the basis of the malware it’s discussing, and whether or not the lecturer is even bothering to imply that antivirus software the way it is, and the way it’s been for the past couple of years, is only mitigating a certain percentage of the threat, next to eliminating it entirely and urging everyone to “keep their antivirus software up to date.”

George Ledin, a professor at Sonoma State University thinks that coding malware helps students better understand the enemy. What is Ledin trying to achieve anyway?

“Ledin insists that his students mean no harm, and can’t cause any because they work in the computer equivalent of biohazard suits: closed networks from which viruses can’t escape. Rather, he’s trying to teach students to think like hackers so they can devise antidotes. “Unlike biological viruses, computer viruses are written by a programmer. We want to get into the mindset: how do people learn how to do this?” says Ledin, who was born to Russian parents in Venezuela and trained as a biologist before coming to the United States and getting into computer science. “You can’t really have a defense plan if you don’t know what the other guy’s offense is,” says Lincoln Peters, a former Ledin student who now consults for a government defense agency.” “

To code an undetectable malware in an academic environment in order to scientifically prove that signatures based malware scanning wouldn’t detect the just coded malware, or to keeping providing a false feeling of security by the wrongly positioned antivirus software? That’s the question Sonoma State University’s George Ledin seems to asking, and he’s naturally receiving a lot of criticism from companies “making their living fighting viruses” reaching such heights as companies speculating on not hiring his students, now capable of coding malware. The companies however, forget one thing – how easy is in fact to “generate” an undetectable piece of malware using the hundreds of malware builders that they are aware of, ones that come very handy for internal benchmarking purposes for instance.

For the past couple of years, antivirus software has been a pure reactive security solution, namely compared to pro-activeThe Race to Zero approaches embraced by the vendors who are in catch-up mode with the malware authors, it was reacting to known threats. Two months ago, Eva Chen, Trend Micro’s CEO made some very bold, but pretty realistic statements on signatures based malware scanning, and how the entire industry was wrongly positioned for the past 20 years :

“In the antivirus business, we have been lying to customers for 20 years. People thought that virus protection protected them, but we can never block all viruses. Antivirus refresh used to be every 24 hours. People would usually get infected in that time and the industry would clean them up with a new pattern file. In the last 20 years, we have been misrepresenting ourselves. No-one is able to detect five and a half million viruses. Nowadays there are no mass virus outbreaks; [malware] is targeted. But, if there are no virus samples submitted, there’s no way to detect them.”

Precisely, so what Ledin is blamed for is in fact an outdated fact by itself starting from the basic nature of how antivirus software works. The very same outdated approach of proving a known fact will be taken by the upcoming “The Race to Zero” undetectable malware coding contest to be held at this year’s Defcon security conference. Moreover, in between vendors counting how much malware they are detecting, taking a peek at publicly obtainable statistics on detection rates for malware in the wild, you will see how dynamic “the best antivirus software” position is, since it literally changes every day. And theoretically, even “the best antivirus software” wouldn’t be able to detect the malware coded by Ledin’s students, or the one that someone requested to be coded for hire, a service that’s been getting increasingly popular these days due to its customerization approach.

Ironically, the IT underground is a step ahead of George Ledin, using distance learning approaches by including videoPinch tutorials on how to use malware kit, including practical examples of successful attacks and providing tips from personal experience while using it. Coding an undetectable malware in 2008 isn’t rocket-science, with do-it-yourself malware builders providing point’n’click features integration that used to be only available to a sophisticated malware author a couple of years ago. Then again, having an undetected malware, doesn’t mean that they’ll be able to successfully spread it and infect millions of users, so from a strategic perspective it’s all about the tactics and combination of tactics that would use in their campaign.

Before you judge Ledin’s vision, ask yourself the following – does coding malware ultimately improve the career competitiveness of his students in the long-term, or isn’t what he’s trying to prove a known fact already?

Written by Dancho Danchev

Source: http://blogs.zdnet.com/security/?p=1649

Categories : Exploits,News,Sicurezza Tags : , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Gruppo Banca Popolare di Vicenza – Servizio Bonus

Inserito da 16 Novembre, 2007 (0) Commenti

Si tratta di :Phishing e Truffe

Received: from user ([69.245.180.27]) by win2000.kanzlei.steuerberateruwegross.de with Microsoft SMTPSVC(5.0.2195.6713);
Thu, 15 Nov 2007 17:02:43 +0100
From: “Gruppo Banca Popolare di Vicenza”
Subject: *****SPAM***** Gruppo Banca Popolare di Vicenza – Servizio Bonus
Date: Thu, 15 Nov 2007 08:03:31 -0800
MIME-Version: 1.0
Content-Type: text/html;
charset=”Windows-1251″
Content-Transfer-Encoding: 7bit
X-Priority: 1
X-MSMail-Priority: High
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Bcc:
Return-Path: bonus@atime.it
Message-ID:
X-OriginalArrivalTime: 15 Nov 2007 16:02:43.0522 (UTC) FILETIME=[F4CA7A20:01C827A0]
X-Spam-Prev-Subject: Gruppo Banca Popolare di Vicenza – Servizio Bonus

Gentile Cliente,

Banca Popolare di Vicenza premia il suo conto un bonus per fedeltà.
Per ricevere bonus è necessario accedere servizi online
entro 48 ore da ricezione di questo e-mail.

Bonus Valore:25 Euro

Accedi servizi online per accreditare il bonus di fedeltà

RingraziandoLa per averci visitato, porgiamo i nostri migliori saluti.

Gruppo Banca Popolare di Vicenza
Servizio @time
SITO PHISHER:
http://0x3A.0x44.0x41.0x53/fileserver/www.atime.it/home.htm

URL CODIFICATA CORRISPONDENTE A INDIRIZZO IP 58.68.65.83

ISP DISHNET WIRELESS LTD INDIA
INDIA TAMIL NADU CHENNAI

Categories : Phishing e Truffe Tags : , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Phishing ai danni di Banca di Roma

Inserito da 14 Novembre, 2007 (0) Commenti

Si tratta di :Phishing e Truffe

ATTENZIONE TRUFFA !!

Return-Path: servizzio@bancadiroma.it

da notare il return-Path !!! ahahaha

server Utlizzato dai Truffatori 221.215.127.171

CHENGYANG ORGNIZATION DEPARTMENT-QINGDAO

situato nella regione dell SHANDONG città QINGDAO

X-OriginalArrivalTime: 13 Nov 2007 11:22:20.0085 (UTC) FILETIME=[746A3650:01C825E7]

Gentile Cliente,

Il codice segreto del suo conto on-line e stato inserito incorretto piu di tre volte.
Per proteggere suo conto abbiamo sospeso il acceso.
Per recuperare il acceso prego di entrare e completare la pagina di attivazione.

Se scegliete di ignorare la nostra richiesta, purtroppo non avremo altra scelta che bloccare temporaneamente il suo account.

Grazie ancora per aver scelto i servizi on-line di Banca di Roma.

Banca di Roma garantisce il corretto trattamento dei dati personali degli utenti ai sensi dell’art. 13 del D. Lgs 30 giugno 2003 n. 196 ‘Codice in materia di protezione dei dati personali’.




Considerazioni migliori.

 

altra e-mail truffa

From: “Banca Di Roma”
Subject: Conto Sospeso
Date: Mon, 12 Nov 2007 01:41:30 -0500
MIME-Version: 1.0
Content-Type: text/html;
charset=”Windows-1250″
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000

Gentile Cliente,

Il codice segreto del suo conto on-line e stato inserito incorretto piu di tre volte.

Per proteggere suo conto abbiamo sospeso il acceso.

Per recuperare il acceso prego di entrare e completare la pagina di attivazione.

Grazie ancora per aver scelto i servizi on-line di Banca di Roma.

I migliori saluti.

Servizio Clienti Banca di Roma

SITO TRUFFATORI :
http://www.sunkoo20.co.kr/rma.html
SU ISP KOREA TELECOM
IP 222.122.49.28

…………………..

altre email simili con oggetto Il codice segreto del suo conto on-line e stato inserito incorretto, Tentativi di entrare al vostro conto di Banca di Roma,

Categories : Phishing e Truffe Tags : , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,