In June 2006, three Russian programmers, founders of the malware organization called “The Dream Coders Team (DCT), started testing a collection of PHP scripts and exploit code to automate the compromise of computers that visit malicious websites.
A year later, the MPack kit has become an increasingly popular tool, allowing data thieves and BOT masters to take control of victims’ systems and steal personal information. It is sold on the open market for under $1,000 by DCT. The price includes a year of free tech support and vulnerability updates. Add-on modules can also be purchased as well. Although selling Malware isn’t new, the aspect of providing technical support is unprecedented. It is reported that DCT even has a Marketing Director to promote their product. Tim Eades, of Sana Security, explained to the BBC that hackers are capitalizing on rising demand: “It’s the classic verticalization of a market as it starts to mature.”
In a CNET interview, Yuval Ben-Itzhak, chief technical officer of security company Finjan, stated how dangerous the MPack kit is. “Without any computer science skill or any security background, you can install this package on any Web server and start to infect people with malicious code,” said Ben-Itzhak in the interview. MPack kit owners are provided with an administrative interface to launch their attacks, usually by the same drive-by exploits utilized by Storm. Further, the interface keeps the statistics on both viewers of an infected web page and the successful attacks it carried on. MPack works very similar to STORM in which the a Trojan horse is installed on computers owned by regular users across the world.
Once installed, the MPack client can then either perform phone-home malware operations which steals data from the infected system and posts it to a central location or utilize the system to serve as a BOT in a zombie army and conduct DOS attacks or other functions. It is believed that the number of computers infected with MPack numbers in the hundreds of thousands. The malware is distributed by infected websites.
When a user visits one of the sites, the browser is redirected to an MPack server which then downloads the malware to the non-suspecting computer. When Yuval Ben-Itzhak was asked in the interview if he felt sorry for the people whose machines are infected by MPack he said, “Well, I fell that we are just a factory producing ammunition to create more infections…”
There is some terminology and concepts that every student wishing to get into IT should have in their vocabulary. These are terms that probably haven’t made a school’s curriculum as of yet. One of them is the virtual server, a concept that I have written about a number of times in this blog. Here’s another one, Cloud Computing, a concept that has carried a great deal of steam over the past year or so.
The concept of cloud computing is designed around an architecture whose natural state is a shared pool outside the enterprise allowing users to access technology-enabled services “in the cloud”[2] without knowledge of, expertise with, or control over the technology infrastructure that supports them[3].
The services are accessible anywhere in the world, with The Cloud appearing as a single point of access for all the computing needs of consumers. Rather than a company hosting their own email server, Google hosts the mail servers on their servers through Google mail, which has gone after the business market lately.
The company gets to employ their own domainname, but don’t have to worry about supporting their email. Google boasts that one of the big advantages of using their cloud computing service for email is that because Google mail deals hundreds of millions of emails every day, (by the way, it is estimated that around 183 billion emails are sent each day worldwide) that they can respond to new viruses faster due to the sheer volume of emails they have to analyze versus an organization that hosts their own email server and may only deal with a few thousand emails a day.
Cloud computing is proving very popular for application vendors whose applications are server based. Rather than using up a server for another application, organizations are demanding that the vendor host the application and allow them to access it over the Internet.
The primary concerns over Cloud Computing are security and redundancy. How do you know for certain if your cloud computing provider is backing up your files? How do you know that their internal security is as good as yours? How do you know if their datacenter has a backup Internet pipeline and power generator? These are issues that must be addressed before a sizeable number of organizations’ critical IT functions such as email will utilize cloud computing.
One of my first postings was concerning virtual server technology and its industry leader, VMware. I am an avid user and supporter of VMware’s product and use it extensively in my employer’s network. Like many veterans in the field, I feel that virtualization is where the future is headed in IT.
Since that posting, VMware has been the victim of a roller coaster ride. The stock price last year shot up from its IPO in the upper 20’s to 125 a share only months later. Industry journals and magazines were continuing a steady stream of positive articles on the new virtual giant.
Since then, things haven’t been as rosy for the ten year old firm. While nearly all stocks have fallen, VMware’s stock price plummeted to $38. Its parent company, EMC, fired its CEO who led the company since its inception. These symptoms stem from the fact that a giant killer has its sights set on them, Microsoft. The software giant released its own hypervisor (the industry term for a virtual server manager) in July. Like the Internet Browser in the 80’s, Microsoft realizes that it nearly missed the boat on the virtualization market. Like most its first generation products, its hypervisor is not near the product that VMware has.
VMware’s Vmotion provides a degree of high availability for its virtual server that can’t be matched by any of its competitors. VMware also runs more efficiently and has a lower I/O rate than Microsoft. Can you sense a “But” coming. Here is the “But”. Microsoft has their hypervisor priced at only $28 when appended to the purchase of Windows Server 2008. VMware’s basic ESX hypervisor is priced at $495 per dual-core processor. $2,995 for its full package that includes Vmotion.
Though their product is superior, it is obvious that the company will not be able to sustain its pricing model in a growing competitive market. History also shows that Microsoft usually unveils a fully competitive product by its third generation so VMware is most likely on the clock. Microsoft has killed some mighty competitors in the past such as Netscape and Novel. The question that virtual advocates are asking is what will be VMware’s next move that will allow them to escape the same fate.
Thanks to Orin Optiglot for permission to use this Photo.
I was reading CSO magazine the other day (Corporate Security Officer) and came across a fascinating new security product for executives who transport highly confidential company documents. A pharmaceutical issued a high security briefcase for its research executives. The briefcase has two security modes. The “Loss Proof” function alerts the executive with an alarm signal when he is more than five meters away from the case. This is to not only discourage someone from lifting the case, but prevents the owner from leaving the case incidentally unattended.
The “Robbery Proof” mode is designed so that if the owner is accosted and forced to give up the case, the case will wait until the briefcase is more than 100 meters away and then send a 30,000 volt shock throughout the case as well as sound an ear shattering alarm. Click here to check out a similar case.
Thanks to tifotter for permission to use this Photo.
YouTube enthusiasts were denied access to their daily dose of online videos earlier this year when the site went down for two hours back in February. The culprit was not due to any type of hardware failure, but due to the direct efforts of the Pakistani government. Pakistan, like a number of countries, such as China, Thailand and Turkey to name a few—regularly attempt to monitor internet traffic by their citizens and block designated sites, especially YouTube.
Pakistan Telecom, and the country’s main ISP PCCW, blocked access by hijacking YouTube web address. Anyone based in the country who then attempted to visit the video sharing site was redirected to an unknown alternative site. Unfortunately, the hijack didn’t stop there, and was leaked to the wider Internet.
This meant that ISPs around the world started blocking access too, which resulted in the site being unobtainable by users in Germany, China, USA, Russia, the UK, and Australia. The problem lasted for approximately two hours, before YouTube engineers issued a statement concerning the problem, and PCCW stopped the blockage.
The event has proven to be more than just an embarrassing mishap for the Pakistani government, but has brought up concerns as to the vulnerability of the Internet. Is it now possible for a country to bring down designated website traffic world wide?
Thanks to Nick Cueva for permission to use this Photo.
There isn’t a profitable business segment today that isn’t competitive and that even includes the SPAMMING industry. Two of the biggest Spamming organizations, Nugache and Storm are currently going at each other head to head to dominate the SPAM/malware market. Yes, there is a market for SPAM and malware. Surprised? These organizations are not owned and operated by legitimate business people. No in is yet sure who is behind Storm but many IT security experts feel that Nugache is linked to the Russian Mob, aka the Russian Business Network.
Both of these organizations distribute SPAM through Zombie networks and both have been involved in highly criminal activities. Zombie networks are composed of PC’s across the globe, which have been compromised by some type of Trojan Horse which allows the Zombie controllers to then use them to send SPAM, conduct phishing attacks or other types of illegal activities. Each of these organizations control hundreds of thousands of computers. Take Storm for example. Some IT security experts have estimated that the Storm Zombie network, called the Storm Botnet, runs anywhere from one to fifty million computer systems. Even the most conservative estimates place the size somewhere around 150,000 to one million. The Storm Botnet in 2007 accounted for 8% of all malware on Microsoft Windows computers.
This year, Storm has an extremely viable competitor, Nugache. Although its zombie technology is not as sophisticated as Storm’s (for instance, Storm is somehow able to send SPAM in the native language of the receiver while Nugache cannot) Nugache has a big thing going for it right now, price. In an attempt to unseat Storm from its botnet dominance, Nugache has initiated a price war. Nugache will send one million emails for only $100. For $800 you can send 10 million emails.
It is because of the ridiculously meager amount of money that is required to SPAM a million people that SPAMMING is very profitable, even if the response rate to SPAM is only .01%. It is the sophistication of these controllable zombie networks that worry IT security professionals. Many fear that the current war for control of the malware market is only the beginning of this illegal destructive industry.
One of the security weaknesses experienced with laptops and other portable computer devices for many years is the simplicity in which their drives could be compromised if the device is stolen. This was especially true before Windows XP and Windows 2000 when a thief could simply install a second operating system on the laptop, logon to the new operating system and gain admin rights to all the data on the drive.
Windows XP and Windows 2000 introduced EFS, Encryption File System, which allowed users to encrypt files of their choosing. Because the encryption was centered on an encryption key based upon the original operating system, an intruder couldn’t access that file simply by accessing it through another operating system. However, this required the user to individually encrypt every file or folder in order to protect all of their data. Needless to say, the majority of users failed to do this.
Microsoft has introduced a new technology called BitLocker with Windows2008 and premium flavors of Windows Vista. BitLocker encrypts the entire drive, including the Windows system files necessary for startup and logon, which could give an intruder the ability to discover passwords and logon information. What’s more, BitLocker utilizes a feature called Integrity checking which analyzes the early boot components and helps to ensure that data decryption is performed only if those components appear unmolested and that the encrypted drive is located in the original computer. This prevents thieves from stealing your hard drive and putting it into another computer to access the data.
It will also make it much easier for organizations to recycle old computers as they will not have to worry about erasing data on machines being decommissioned as the drives will be inaccessible. BitLocker is a great new addition to the Windows operating system and should be implemented by any organization or individual that works with sensitive data.
Thanks to Jamie Hladky for permission to use this Photo.
You have to learn how to crawl before you learn how to walk, but once you learn a foundation of IT skills in Ashworth University’s information technology programs and anchor yourself in the IT labor force, here are the ten hottest tech skill sets you should aim to learn in the next five years according to Tech Republic.
Voice over IP - sales of pure IP PBX systems for the first quarter of 2007 increased 76% over the first quarter of the previous year
Unified Communications - the convergence of different communications technologies, such as e-mail, voicemail, text messaging, and fax
Hybrid Networks – Networks are no longer all Windows or all Linux, they are a hodgepodge of different systems and IT pros need to learn more than one of them.
Wireless Technologies – everything’s going wireless it seems.
Remote User Support – with more employees working off-site today, help support personnel must provide remote support to anywhere.
Mobile User Support – more and more organizations are providing blackberries and other smart portable devices for their employees that must be supported.
Software-as-a-Service – or SaaS as it is referred to in technical articles. With the popularity of Web 2.0, the trend is to now provide software applications over the Internet rather than installing them on each and every computer.
Virtualization – With the dominance of VMWare and the soon to be released 2008 Virtual Application from Microsoft, virtualization is THE buzzword today along with its countless benefits.
IPv6 – Although this standard has not grown in popularity as of yet, mostly because the wide usage of NAT has allowed us to not run out of IP addresses on the Internet as fast as predicted, this standard is going to come about within the next five years.
Security - A skill set that will probably always be in the top 10.
It’s standard practice that if you have an always-on Internet connection, then you should have a firewall, implemented in either hardware, such as a router, or in software. But even if you are using a dial-up connection, you really need a software firewall to protect you from intrusions. You would be surprised at the number of attempts to get into your PC a good software firewall will block on a PC using dial-up. A firewall will also notify you of attempts to go out to an Internet website. You can then allow or disallow the outbound traffic. You would want legitimate programs such as Windows to access the company’s website for update purposes, but you’re safer to block any programs that you don’t recognize from doing so. Be sure to check for correct spelling. Say you have Symantec’s anti virus program on your PC and have set it up for automatic virus signature updates. Your firewall will ask you whether you want to grant the program permission to go outbound. But some malware could identify itself as Symantek. Should you allow it to access the Internet, you could be in for an unpleasant surprise.
Yes, it’s unfortunate that there are so many nasty things that can happen to your computer. And thwarting such attempts can cost you time and money, but you really need to do this. At minimum you need a firewall, an anti-virus program, and an anti-spyware utility. You’ll also need to update the anti-virus and anti-spyware programs’ signature files at least once a week, as well as scanning with each at least once a week, more frequently if you are online daily.then you should have a firewall, implemented in either hardware, such as a router, or in software. But even if you are using a dial-up connection, you really need a software firewall to protect you from intrusions. You would be surprised at the number of attempts to get into your PC a good software firewall will block on a PC using dial-up. A firewall will also notify you of attempts to go out to an Internet website. You can then allow or disallow the outbound traffic. You would want legitimate programs such as Windows to access the company’s website for update purposes, but you’re safer to block any programs that you don’t recognize from doing so. Be sure to check for correct spelling.
Say you have Symantec’s anti virus program on your PC and have set it up for automatic virus signature updates. Your firewall will ask you whether you want to grant the program permission to go outbound. But some malware could identify itself as Symantek. Should you allow it to access the Internet, you could be in for an unpleasant surprise.
Yes, it’s unfortunate that there are so many nasty things that can happen to your computer. And thwarting such attempts can cost you time and money, but you really need to do this. At minimum you need a firewall, an anti-virus program, and an anti-spyware utility. You’ll also need to update the anti-virus and anti-spyware programs’ signature files at least once a week, as well as scanning with each at least once a week, more frequently if you are online daily.
The threat of “cyber-terrorism” still strikes many as abstract, a symbolic fear first represented in seminal works such as William Gibson’s Neuromancer, followed by an explosion into pop-culture fantasy through the Wachowski Brothers’, “The Matrix.” While these dark visions of man’s accelerated move towards techno-slavery have certainly colored our perspectives, the reality of cyber-terrorism has existed since the 1950’s, when state secrets were first buried in dense programming language instead of manila folders labeled “top secret.”
Behind the curtain, the borderless battlefield is virtual and the threats are as imposing as those posed by nuclear weapons. After all, launch codes are just that—codes that are developed, stored, distributed, and controlled within cyberspace. The following podcast interview features Bruce Hoffman, a cyber-terrorism expert who outlines the precise nature and ominous implications posed by this threat. Mr. Hoffman also presents us with an in-depth report on how the U.S. government has redirected its’ counterterrorism strategies. Do you see a future where the Internet is under government control? Let’s think inside the box and brainstorm on the possibilities. Thanks.
Ryan Rode
Interactive Services Manager
Ashworth University
Subscribe to Feed
