Month: June 2011

TDL-4 is endowed with an array of improvements over TDL-3 and previous versions of the rootkit, which is also known as Alureon or just TDL. As previously reported, it is now able to infect 64-bit versions of Windows by bypassing the OS’s kernel mode code signing policy, which was designed to allow drivers to be installed only when they have been digitally signed by a trusted source.

“The changes in TDL-4 affected practically all components of the malware and its activity on the web to some extent or other,” the Kaspersky researchers wrote in their report.

Like the Popureb trojan and the Torpig botnet (aka Sinowal and Anserin), it also infects the master boot record of a compromised PC’s hard drive, ensuring that malware is running even before Windows is loaded.

In the event there is a takedown of the 60 or more command and control servers used to maintain the TDSS botnet (hard but not impossible given the recent eradications of the Rustock and Coreflood botnets), the infected TDSS machines can receive instructions using a custom built Kad client.

The Kaspersky researchers were able to analyze the number of TDL-4 infections by exploiting a flaw that exposed three MySQL databases located in Moldova, Lithuania, and the US. Remarkably, the data revealed no Russian users, most likely because the affiliate programs that pay from $20 to $200 for every 1,000 TDSS infections don’t provide rewards for installations on computers based in Russia.

http://www.theregister.co.uk/2011/06/29/tdss_alureon_advances/

According to Microsoft, Legal Intercept is designed to silently record communications on VoIP networks such as Skype.

“Data associated with a request to establish a communication is modified to cause the communication to be established via a path that includes a recording agent.” The data as modified is then passed to a protocol entity that uses the data to establish a communication session,” the description notes.

“With new Voice over Internet Protocol (VoIP) and other communication technology, the POTS model for recording communications does not work,” Microsoft noted in the patent application.

Michael Froomkin, a professor of law at the University Of Miami School Of Law, said that from the patent description it sounds as if the technology would allow Microsoft to do is make Skype CALEA capable. CALEA (Communications Assistance for Law Enforcement Act) requires telecommunications carriers and makers of communications equipment to enable their equipment so it can be used for surveillance purposes by federal law enforcement agencies. “First, making a communication technology FBI-friendly means also making it dictator-friendly, and in the long run this is not good for movements like the Arab Spring,” he said.

http://www.computerworld.com/s/article/9218002/Microsoft_patents_spy_tech_for_Skype?source=CTWNLE_nlt_dailyam_2011-06-29

Many of the victims are in industries that are strategically important to China, and/or are engaged in business with China. But these charges can be hard to prove, and China has “plausible deniability” on its side.

The world’s corporations are under attack, and Mark says they need to take strict measures to protect their “crown jewels” of intellectual property. They need to take the same steps that the Pentagon takes to protect its secrets:

Mark says secrecy plays right into the hands of the attackers, and corporations need to speak out and become part of the solution to stopping these attacks.

http://www.kplu.org/post/cyber-attacks-are-escalating