Comments Off on ‘Stegano’ Malvertising Exposes Millions To Hacking
Since October, millions of internet users have been exposed to malicious code embedded in the pixels from tainted banner ads designed to install Trojans and spyware, according to security firm ESET.
The attack campaign, called Stegano, has been spreading from malicious ads in a “number of reputable news websites,” ESET said in a Tuesday blog post. It’s been preying on Internet Explorer users by scanning for vulnerabilities in Adobe Flash and then exploiting them.
The attack is designed to infect victims with malware that can steal email password credentials through its keylogging and screenshot grabbing features, among others.
The attack is also hard to detect. To infect their victims, the hackers were essentially poisoning the pixels used in the tainted banner ads, ESET said in a separate post.
The hackers concealed their malicious coding in the parameters controlling the pixels’ transparency on the banner ad. This allowed their attack to go unnoticed by the legitimate advertising networks.
Hackers have used similar so-called malvertising tactics to secretly serve malicious coding over legitimate online advertising networks. It’s an attack method that has proven to be a successful at quickly spreading malware to potentially millions.
The makers behind the Stegano attack were also careful to create safeguards to prevent detection, ESET said. For instance, the banner ads will alternate between serving a malicious version or a clean version, depending on the settings run on the victim’s computer. It will also check for any security products or virtualization software on the machine before proceeding with the attack.
ESET declined to name the news websites that were found unknowingly displaying the malicious ads, but cautioned that the attack was widespread, and could have been hosted through other popular sites as well.
“Based on the presented evidence, researchers estimate that 200,000 to 250,000 systems were infected globally in the first 100 days of the CryptoLocker threat,” Dell announced in a Secureworks post.
The firm worked out that if the Cryptolocker ransomware threat actors had sold its 1,216 total Bitcoins (BTC) that they collected from September this year, immediately upon receiving them, they would have earned nearly $380,000.
“If they elected to hold these ransoms, they would be worth nearly $980,000 as of this publication based on the current weighted price of $804/BTC,” Dell said.
Cryptolocker is unique when compared against your average ransomware. Instead of using a custom cryptographic implementation like many other malware families, Cryptolocker uses third-party certified cryptography offered by Microsoft’s CryptoAPI.
“By using a sound implementation and following best practices, the malware authors have created a robust program that is difficult to circumvent,” Dell said.
Conventionally, ransomware prevents victims from using their computers normally and uses social engineering to convince them that failing to follow the malware authors’ instructions will lead to real-world consequences. These consequences, such as owing a fine or facing arrest and prosecution, are presented as being the result of a fabricated indiscretion such as pirating music or downloading illegal pornography.
“Victims of traditional forms of ransomware could ignore the demands and use security software to unlock the system and remove the offending malware,” Dell explained. “Cryptolocker changes this dynamic by aggressively encrypting files on the victim’s system and returning control of the files to the victim only after the ransom is paid.”
Dell said that the earliest samples of Cryptolocker appear to have been released on 5 September this year. However, details about its initial distribution phase are unclear.
“It appears the samples were downloaded from a compromised website located in the United States, either by a version of Cryptolocker that has not been analysed as of this publication, or by a custom downloader created by the same authors,” Dell added.
Dell seems to think that early versions of Cryptolocker were distributed through spam emails targeting business professionals as opposed to home internet users, with the lure often being a ‘consumer complaint’ against the email recipient or their organisation.
Attached to these emails would be a ZIP archive with a random alphabetical filename containing 13 to 17 characters, containing a single executable with the same filename as the ZIP archive but with an EXE extension, so keep your eye out for emails that fit this description.
The company said the new SM3267 integrated controller is expected to deliver up to 160MB/s read, and 60MB/s write speeds through a single channel; that would be a 30% to 50% performance improvement over today’s USB 3.0 flash drive technology.
Even though the USB 3.0 specification has the capability to support 4.8Gbps throughput speeds, the speed of a USB 3.0-enabled flash drive is dictated by the speed of the accessing flash devices in the drive. Today, most consumer-USB 3.0 flash drives support about 100MB/s read speeds.
We are pleased to announce that SM3267 has received design-ins from most of our current USB controller customers, including many top-tier OEMs, and we expect SM3267-based USB 3.0 flash drives will be commercially available starting in the fourth quarter of 2013,” Wallace Kou, CEO of Silicon Motion, said in a statement.
The new integrated chip will also be able to run at lower voltages, from 5 volts to 1.2 volts, enabling a 25% to 30% lower USB flash drive device temperature compared with other USB 3.0 flash controller products in the market, Silicon Motion said.
The new IC will support the vast majority of NAND flash technology, including new triple-level cell (TLC), multi-level cell (MLC), high speed Toggle, and ONFI DDR NAND manufactured by Samsung, Toshiba, SanDisk, SK Hynix, Micron and Intel.
The new chip has already passed both USB-IF compliance testing and WHCK (Windows Hardware Certification Kit) tests for Windows 7 and Windows 8.
The new IC is available in a Chip-on-Board (COB) and in a 48-pin QFN green package.
Comments Off on RIM, Microsoft Sign Patent Licensing Deal
Research In Motion’s shares jumped on Tuesday after it inked a patent licensing deal with Microsoft Corp to use one of the technology company’s file storage systems.
Microsoft said the patent being licensed by RIM greatly expands the size of files that flash memory devices can handle and increases the speed at which those files can be accessed. The technology also provides the ability to seamlessly transfer data between a variety of different devices.
“This is potentially money out of RIM’s coffers for the right to use the ex-FAT patent in its technology. But what it does for investors and others is provide a glimpse into what the BlackBerry 10 devices can do,” said Kevin Restivo, a mobile device analyst at global research firm IDC.
RIM has seen its once dominant position in the smartphone market slip away to Apple Inc, Samsung and other competitors, and the company’s fate may depend on the success of its new line of devices, the BlackBerry 10, which is set to hit the market early in 2013.
RIM hopes the BlackBerry 10 will help it regain market share that has been ceded to snazzier devices such as Apple’s iPhone and others that run on Google Inc’s Android operating system.
“I think there is some anticipation and speculation around the devices that RIM will launch as a result of the announcement today,” Restivo said.
Qualcomm has announced a slew of Krait-based Snapdragon system-on-chips (SoC) processors to fit in its S1 and S4 performance classes.
Qualcomm’s Snapdragon range of SoC chips have proven to be extremely popular in smartphones and tablets, however the firm is facing a growing challenge from Texas Instruments and Nvidia. Coming little over a week after Nvidia revealed its quad-core Tegra 3 processor, Qualcomm has announced eight Snapdragon S4 processors and four Snapdragon S1 processors.
Since Qualcomm showed off the Krait architecture in February with three chips, the firm has not extended its headline S4 range of processors. Now it has added eight SKUs, with models including the MSM8660A, MSM8260A, MSM8630, MSM8230, MSM8627, MSM8227, APQ8060A and APQ8030. Qualcomm was cagey about when devices sporting these chips will appear, only mentioning an early 2012 timeframe.
Perhaps more important for Qualcomm’s sales figures are its entry level Snapdragon S1 chips. The four new chips in this category are the MSM7225A, MSM7625A, MSM7227A and MSM7627A models, with the firm claiming that they have been optimised for those OEM customers that are making the transition from 2G to 3G devices.
Cisco announced improvements to its video product line Thursday to make it easier for businesses to create and share video, including a free app coming soon for iPhone and iPad devices.
The free app will make Cisco’s existing Show and Share software available for iPad and iPhone in late October through the Apple App Store, Cisco officials stated via a Webcast earlier this week.
Show and Share is Cisco’s video-sharing software, which allows users to search and watch videos as well as record and upload their own videos. That software has been available on other hardware, but until now not for the iPhone and iPad.
Also, Cisco said it is integrating its existing Show and Share with its Media Experience Engines 3500 and itsTelePresence Content Server, although it didn’t yet name the products that will provide the integration. Also, a new software release of the 3500 allows it to support Flash, H.264 and Windows Media formats.
An existing software tool called Pulse Video Analytics will soon allow searches of video content by keyword or speaker in the Cisco Show and Share product.
AT&T Wireless and Samsung Mobile jointly announced the thin and lightweight Infuse 4G smartphone during a press conference Thursday in New York.
The phone is 8.99 millimeters (0.35 inches) thick, making it just a fraction thinner than Apple’s iPhone 4, and has a 4.5-inch Super AMOLED display, one of Samsung’s most advanced, stated Jeff Bradley, senior vice president for devices at AT&T Wireless.
The device weighs 4.7 ounces and is powered by a single-core ARM processor running at 1.2GHz. It runs Google’s Android 2.2 OS and will become available in the U.S. on May 15, priced at $199 with a two-year wireless contract. It runs on AT&T’s HSPA+ (Evolved High-Speed Packet Access) network, which AT&T considers a 4G service.
The display shows more pixels than Samsung’s earlier AMOLED smartphone screens offered on the AT&T network, Bradley said. Infuse also includes an 8-megapixel camera with auto-focus and flash.
iSuppli is reporting that global chip revenue should increase to $325.2 due to supply and demand. Two months ago iSuppli originally forecasted a 5.8 percent increase to $320.1 billion. Apparently, DRAM chips will be impacted the most with a price increase due to supply issues as a result of the recent earthquake in Japan. iSuppli had originally forecasted sales of DRAM chips to shrink by four percent this year instead of seeing a drop of 10.6 percent.
Comments Off on Flash Finally Comes To Motorola Xoom
Motorola announced on Twitter that the Android software update for the Xoom tablet is being pushed out in phases starting March 11, which includes enhancements to support the upcoming Adobe Flash Player 10.2.
Launched on February 24, the Xoom was pushed out to the market with some seemingly rushed, half done features, just so it arrived on the market before a new iPad. Despite certain hardware advantages over the original and new iPad, the Xoom flaunted 4G radios, SD card memory expansion and Flash support. However, none of these features were actually operational when the device launched. Read More….
The DDos hostilities began in the morning and lasted for a couple of hours. The estimates on the DDos attack was thought to be “multiple Gigabits per second and tens of millions of packets per second”, according to sources, WordPress is working with their providers to prevent such acts from ever taking place again.WordPress the attack is over, though in Chicago, Dallas and San Antonio. The good news is that the site is back up. However, while the attack was in progress sources say it was on of the “largest” the organization has ever seen. Even centersThe attack unfortunately hit main three data. Read More…..