Spyware, Malware, Spam and Hatred

Procrustes Stretched

And you say, "Oh my God, am I here all alone?"
Dec 1, 2008
58,685
6,585
1,840
Positively 4th Street
Stop the Hatred: Give Spam A Chance.

All kidding and leaving spam aside, what is it people dislike about malware and spyware?

Do people understand what it is? Or are they just spooked by paranoia, and pretty good messaging in the advertisement of products?

What are you afraid of? Why do you use anti-malware and anti-spyware?

Are they the same or included in as anti-virus software and if so, why?

:eusa_eh:
 
German spies onna interweb...
:eek:
Researchers find German-made spyware across globe
Mar 13,`13 -- The discovery of a group of servers linked to an elusive espionage campaign is providing new details about a high-tech piece of spy software that some fear may be targeting dissidents living under oppressive regimes.
A Canadian research center said Wednesday that it had identified 25 different countries that host servers linked to FinFisher, a Trojan horse program which can dodge anti-virus protections to steal data, log keystrokes, eavesdrop on Skype calls, and turn microphones and webcams into live surveillance devices. Citizen Lab, based at the University of Toronto's Munk School of Global Affairs, said that Canada, Mexico, Bangladesh, Malaysia, Serbia, and Vietnam were among the host countries newly identified in Wednesday's report. That alone doesn't necessarily mean those countries' governments are using FinFisher, a program distributed by British company Gamma International, but it is an indication of the spyware's reach.

Morgan Marquis-Boire, the report's lead author, said his goal was "to show the proliferation of this type of active intrusion and surveillance." In telephone interview, he said that the world of government surveillance was changing and urged journalists, aid workers, and activists to take note. "It's not just phone tapping," he said. "It's installing a backdoor on your computer to record your Skype conversations and go through your email." Advocacy group Privacy International described the report as evidence that Gamma had sold FinFisher to repressive regimes, calling it a "potential breach of UK export laws." Gamma did not comment on the report.

The company, based in the English town of Andover, has come under increasing scrutiny after a sales pitch for the spyware was recovered from an Egyptian state security building shortly after the toppling of dictator Hosni Mubarak in 2011. Reporting by Bloomberg News subsequently identified opposition activists from the Persian Gulf kingdom of Bahrain as targets of the company's surveillance software.

MORE
 
I'm using a little add on to my FireFox browser called "Ghostery".

It has blocked 3 trackers on this page alone: Alexa Traffic Rank, Google Analytics and Google Adsense. Other places it blocks 6 or more!

It does a good job of blocking Java and other pop ups too.
 
Stop the Hatred: Give Spam A Chance.

All kidding and leaving spam aside, what is it people dislike about malware and spyware?

Do people understand what it is? Or are they just spooked by paranoia, and pretty good messaging in the advertisement of products?

What are you afraid of? Why do you use anti-malware and anti-spyware?

Are they the same or included in as anti-virus software and if so, why?

:eusa_eh:

And here I thought you were changing your name......... :dunno:
 
Stop the Hatred: Give Spam A Chance.

All kidding and leaving spam aside, what is it people dislike about malware and spyware?

Do people understand what it is? Or are they just spooked by paranoia, and pretty good messaging in the advertisement of products?

What are you afraid of? Why do you use anti-malware and anti-spyware?

Are they the same or included in as anti-virus software and if so, why?

:eusa_eh:

since you don't use a condom your ass is mine

Keylogger
 
Stop the Hatred: Give Spam A Chance.

All kidding and leaving spam aside, what is it people dislike about malware and spyware?

Do people understand what it is? Or are they just spooked by paranoia, and pretty good messaging in the advertisement of products?

What are you afraid of? Why do you use anti-malware and anti-spyware?

Are they the same or included in as anti-virus software and if so, why?

:eusa_eh:

You have no idea what you are talking about, do you?
 
Around 32,000 computers at six organisations were affected by Wednesday's attack...
:eek:
Malware Blamed for Crashing S. Korean Computer Networks
March 20, 2013 — South Korean police and government agencies are attempting to determine who is responsible for a malicious act that caused widespread computer outages affecting television channels and banking services.
South Korea's communications commission (KCC) says a distributed denial of services (DDos) attack, a common way to overload computer servers making websites unreachable, was not the reason computers at broadcasters and banks became paralyzed. The manager of the commission's network information protection team, Lee Seung-won, says there are some initial clues as to what actually happened, based on a quick analysis of data collected from the computer systems at the affected institutions.

Lee says suspected malware was circulated through a software update application known as the patch management system, destroying the primary sector on hard drives containing the code needed for starting the operating system (the master boot record). At the YTN cable news channel, anchorman Ho Jun-seok told viewers the problem affected the work station from which he was trying to read his scripts. The newscaster says the computer in front of him, which had been working properly when the newscast started, now is paralyzed.

South Korea's Internet and Security Agency says there is no trace of an attack on the computer systems coming from outside the country. Workers at broadcasters YTN, KBS and MBC say their computers malfunctioned after midday Wednesday. South Korea's Financial Services Commission issued a statement saying Shinhan's Internet banking servers went down and that computers at Nonghyup and Jeju banks were hit by a virus that deleted files. The Commission adds that Woori Bank successfully fended off a suspected denial-of-service attack.

There are no reports of South Korean government or military computer networks experiencing any trouble. But South Korea's defense minister raised the alert level for the military's information operations condition after receiving word of the problems affecting civilian networks. North Korea is blamed for previous cyber attacks on South Korean web sites and computer networks, the largest taking place in 2009 and 2011. Last week, North Korea blamed the United States and its allies for launching a cyber attack against it. All of the web sites hosted in the country were inaccessible for two days.

Source

See also:

China IP address link to South Korea cyber-attack
20 March 2013 > A cyber-attack on South Korean banks and broadcasters came from an internet address in China, South Korean officials say, but the identity of those behind it cannot be confirmed.
The telecoms regulator said hackers used a Chinese address to plant a malicious code that hit networks at six organisations on Wednesday. Officials said they were continuing to investigate the origins of the attack. North Korea has been blamed for previous attacks in 2009 and 2011. "Unidentified hackers used a Chinese IP address to contact servers of the six affected organisations and plant the malware which attacked their computers," said Park Jae-moon of South Korea's communications regulator. "At this stage, we're still making our best efforts to trace the origin of attacks, keeping all kinds of possibilities open," he said.

Computer vaccines

Officials stressed that the IP address did not reveal who was behind the attack, as hackers can route their attacks through addresses in other countries to obscure their identities. But the discovery has strengthened speculation that North Korea was behind the attack, the BBC's Lucy Williamson reports from Seoul. Intelligence experts believe that North Korea routinely uses Chinese computer addresses to hide its cyber-attacks.

A taskforce is being formed to analyse the virus and stop further attacks, and free computer vaccines have been handed out to South Korean companies, our correspondent adds. Korea's Communications Commission (KCC) said that the attacks on all six organisations appeared to come from a single entity. The networks had been attacked by malicious codes, rather than distributed denial-of-service (DDoS) attacks as initially suspected.

'Persistent hacking'

Following Wednesday's attack, the KCC raised its cyber-attack alert levels to "caution," the third highest out of five levels, news agency Yonhap reported. Around 32,000 computers were affected by the incident, and some services at Shinhan bank, including internet banking and ATM machines, were disrupted. However, so far no damage had been detected in public institutions and infrastructure, the KCC was quoted as saying by Yonhap.

The incident comes with tensions between the two Koreas high. North Korea has stepped up rhetoric in recent days in response to fresh UN sanctions over its nuclear test in February and joint annual military drills between the US and South Korea, which it bitterly opposes. On 15 March, North Korea's KCNA news agency also accused the US and its allies of "intensive and persistent" hacking attacks on its internet servers.

BBC News - China IP address link to South Korea cyber-attack
 
What is needed is a computer program that will mirror attacks back to the source...
:cool:
What makes SKorea cyberattacks so hard to trace?
21 Mar.`13 — The attacks that knocked South Korean banks and media outlets offline this week appear to be the latest examples of international "cyberwar." But among the many ways that digital warfare differs from conventional combat: There's often no good way of knowing who's behind an attack.
South Korean authorities said Thursday that the attack, which shut down scores of cash machines and hampered business, had been traced to an "Internet Protocol" address in China. But that doesn't mean the attack was launched from there. The general assumption in South Korea is that the attack originated in North Korea. "IP" addresses are, roughly speaking, the phone numbers of the Internet. Each connected computer has a number that identifies it uniquely on the network, so the Chinese IP address implies that a computer in China was involved in the attack.

However, that computer could have been controlled from elsewhere, either because someone bought access to it, or because it's been infected with malicious software. To determine the location from which it's being controlled, investigators would need access to that computer, or to the records of the company hosting the computer. That's unlikely to be forthcoming from a Chinese company. "China is obviously a popular place to hide things," said Dan Holden, director of security research at Arbor Networks' Security Engineering & Response Team. Chinese authorities are difficult to work with and there's a language barrier, he said.

a78b2630a90ebd092c0f6a706700649e.jpg

South Korean computer researchers check the shutdown hardwares of Korean Broadcasting System (KBS) at Evidence Acquisition Lab of Cyber Terror Response Center at National Police Agency in Seoul, South Korea, Thursday, March 21, 2013. A Chinese Internet address was the source of a cyberattack on one company hit in a massive network shutdown that affected 32,000 computers at six banks and media companies in South Korea, initial findings indicated Thursday.

In addition, China is believed to be conducting its own campaign of cyber-espionage, which means that attacks launched from there are often simply attributed to the Chinese government, even if it isn't responsible for the aggression, Holden said. "If you are any nation state or even any attacker right now, why wouldn't you hide in China right now?" Holden asked rhetorically.

Apart from tracing the path an attack takes through the Internet, there's another way to figure out who's behind it: analysis of the software involved. Malicious software, or "malware," can provide clues to its creator. Some of those are obvious, like comments inserted into the written code. However, such comments can be easily faked to lead investigators astray. More subtle analysis can be fruitful, according to Christopher Novak, managing principal of the global investigative response team at Verizon Communications Inc. "In many cases, the malware that you see on the computer is very similar to a cold or an illness that a person gets ... The strain of the cold that I have and the strain of the cold that you have may be slightly different, but when we look at the DNA and makeup and see they're 99.9 percent the same, there's a pretty good chance one of us transmitted it to the other," Novak said. "When we analyze malware codes, we see the elements that are copied and reused, certain programming styles."

Such analysis can yield important clues, but rarely rock-solid attribution. The U.S. Department of Defense has said that a cyberattack can merit a violent response, but first you have to know who to target. "Digital attribution is extremely difficult and if you want to do it, it takes some serious effort," Holden said.

Source
 
Stop the Hatred: Give Spam A Chance.

All kidding and leaving spam aside, what is it people dislike about malware and spyware?

Do people understand what it is? Or are they just spooked by paranoia, and pretty good messaging in the advertisement of products?

What are you afraid of? Why do you use anti-malware and anti-spyware?

Are they the same or included in as anti-virus software and if so, why?

:eusa_eh:

You have no idea what you are talking about, do you?

Well now there is an understatement.
 
Oops!...
:eusa_eh:
S Korean hacking probe misidentified Chinese IP address
Sat, Mar 23, 2013 - South Korean investigators say they were wrong when they identified a Chinese Internet address as the origin of a cyberattack that paralyzed tens of thousands of computers at six South Korean companies this week. However, they still believe the attack originated from somewhere abroad.
Seoul’s Korea Communications Commission said yesterday that an internet protocol (IP) address linked to Wednesday’s attack actually belonged to a computer at one of the South Korean companies that were hit. Commission officials say the IP address was used only for the company’s internal network and was identical to a public Chinese address. Investigators say an analysis of malware and servers indicates the attack was likely orchestrated from abroad. They did not elaborate.

Meanwhile, Seoul said yesterday it is preparing for the possibility of more cyberattacks, while a new team of investigators try to determine if North Korea was behind the synchronized shutdown of computers at the six banks and media companies. Many in Seoul suspect hackers loyal to Pyongyang were responsible for the attack, but South Korean officials have yet to assign blame and say they have no proof yet of North Korea’s involvement. The investigation could take weeks.

South Korea has set up a team of computer security experts from the government, military and private sector to identify the hackers and is preparing to deal with more possible attacks, presidential spokesman Yoon Chang-jung told reporters yesterday. He did not elaborate on the possibility of more attacks, but said the prime minister would later hold a meeting to discuss ways to beef up cybersecurity at institutions overseeing infrastructure, such as roads and electricity. If the attack was in fact carried out by North Korea, it may be a warning to Seoul that Pyongyang is capable of breaching its computer networks with relative ease.

The cyberattack did not affect South Korea’s government, military or infrastructure, and there were no initial reports that customers’ bank records were compromised. However, it disabled cash machines and disrupted commerce in the tech-savvy, Internet-dependent country, renewing questions about South Korea’s Internet security and vulnerability to hackers. All three of the banks that were hit were back online and operating regularly yesterday. It could be next week before the media companies have fully recovered. Regulators said all six attacks appeared to come from “a single organization.”

S Korean hacking probe misidentified Chinese IP address - Taipei Times
 

New Topics

Forum List

Back
Top