REGIN : Groundbreaking MALWARE Threat

An advanced piece of malware, known as ‘Regin’, has been used in systematic spying campaigns against a range of international targets including government agencies and businesses since at least 2008 vide IT security firms Symantec and Kaspersky Lab reports both released on 24th Nov 2014.This ppt brings you an overview of the threat in brief.The piece of malware is unique in the sense that it's structure displays a degree of technical competence rarely seen.Stuxnet looks a decent past....with this complexity

Regin from anupriti

LATEST ISSUES & TRENDS IN CYBER SECURITY &THREATS :IETE Diamond Jubilee National Seminar

 1.  Copy of the presentation that I gave at Ajay Kumar Garg Engineering College on the occasion of IETE Diamond Jubilee National Seminar.The Institution of Electronics and Telecommunication Engineers (IETE) is India's leading recognized professional society devoted to the advancement of science, technology, electronics, telecommunication and information technology. Founded in 1953, it serves more than 69,000 members through 59 centers/ sub centers primarily located in India (3 abroad) . The Institution provides leadership in scientific and technical areas of direct importance to the national development and economy.Association of Indian Universities (AIU) has recognized AMIETE. Government of India has recognised IETE as a Scientific and Industrial Research Organization (SIRO) and also notified as an educational Institution of national eminence. The objectives of IETE focus on advancing electro-technology. The IETE conducts and sponsors technical meetings, conferences, symposia, and exhibitions all over India, publishes technical journals and provides continuing education as well as career advancement opportunities to its members.

   Cyber Security threats and Latest Trends by Anupam Tiwari

Lure of a FREE PEN DRIVE : MALWARE'd

1.   If you are one of those guys who are regular to attend workshops, seminars, product launches , lectures...you must have got varying opportunities of getting hold of freebies in form of bags,brochures and PEN DRIVES....yess m sure the last one is a pure lure and most of the times everi one of us falls for it...be it a small capacity or a large capacity...the hand does not think twice before picking it up....but does any one of us realise that it may be these pen drives who become the first source of uploading some malware or a virus in your PC or laptop...the moment it is plugged in .....the machine is compromised.....unless the autorun is disabled...which in most of the cases is not.....

2.  The concept of zero day exploits has made it more dangerous....coz even if the user decides to run a antivirus scan...it will be shown free of any kind of virus or malware...the result is a silent compromise of the machine...however updated it remains in respect of OS or browsers or any application....the silent action in the background defies every lock of the user.Now all this is not based on some kind of imagination...there have been real life cases of which the one which made lots of noise is the IBM-AusCERT conference on the Gold Coast, Queensland, in which the free pendrives were infected by not one, but two pieces of malware.The details available at this link http://nakedsecurity.sophos.com/2010/05/21/ibm-distributes-usb-malware-cocktail-auscert-security-conference/

(CLICK ON THE IMAGE TO ENLARGE)

3.   In what must have been a highly embarrassing admission, IBM Australia sent an email to all AusCERT attendees warning them of the security screw-up...as shown in the screen shot above...besides this the famous stuxnet example was via pendrives lure....so if this is happening at such high levels of interactions,can the workshops u and me attend be left behind!!!!no way....so whats the way out?....best way is to buy one from a genuine store...(not sure how clean will that be?)...or still better refrain your self from picking one free pendrive.

FLAME on way to commit SUICIDE ?

1.    Further to my post on FLAME earlier which made a point wise summary based on my various reads across the web,here is something more interesting.....

2.    The creators of Flame have sent a 'suicide' command that removes it from infected computers ie  it has gotten orders to vanish, leaving no trace.As was mentioned in the post earlier that Flame may delete itself from systems that have been fully exploited without leaving any trace has come true soon......

3.   More on the subject at the link ahead and Thanks THN

 http://thehackernews.com/2012/06/flame-spy-virus-going-to-suicide.html

FLAME : The new'EST Threat bigger then STUXNET

1.         Off late there has been the much talked FLAME Virus in the IT Sec community.Few clean shots about FLAME in a point wise crisp format :

 -          Flame was first detected back in 2010 by Kaspersky Labs completely by accident.

-           Flame is terribly complex for a piece of malware. 20 times bigger than Stuxnet.

-           Its about 20MB package and is still being analyzed.

-           The Stuxnet  attack that damaged Iranian nuclear facilities last year is barebones by 

comparison.

-           Kaspersky assumes it was built by government scientists, but no one knows which government.

-           Flame gathers a huge amount of data from infected systems, but it has been hard to sort out where it is all going.

-           Dozens of control servers have been located, but the domains associated with them are registered with fake identities.

-           Flame steals hard drive contents, screenshots, and keystrokes.

-           Can also use the system microphone and Bluetooth radio to suck in more data.

-           To save on bandwidth, Flame may delete itself from systems that have been fully exploited. This is part of what made the infection hard to detect.

-          

-           Has incredible abilities to monitor in-boxes, take screen grabs, even record audio of conversations happening near the computer.

-           The entire virus had been pieced together like a LEGO creation, one part building on another. Things could actually be added onto the spyware after it was already on an infected computer, giving the developer enormous freedom to tinker at will.

-           One specific example is with a Bluetooth module, which allowed the spyware to be spread to other devices.

-           The two most popular ways are to send you an e-mail with an attachment, and a Web-based or drive by download that gets you to a malware website.

-           Another favourite way to get you is through social media websites. Attackers are so savvy that they now troll your "friends" list and generate an e-mail that looks like it's coming from you, so what friend wouldn't click on it, right?

-           Microsoft has revealed that the virus gained a foothold by spoofing one of its own security certificates.

-           The computer virus is on the loose in Iran and other parts of the Middle East, infecting PCs and stealing sensitive data.

-           Flame is basically a backdoor and a Trojan with worm-like features.

-           Consider this: It took several months to analyze the 500K code of Stuxnet. It will probably take year to fully understand the 20MB of code of Flame.

2.Thanks http://news.cnet.com

SOME MORE ON DUQU

Some more good info and FAQs on DUQU.....AT
http://www.secureworks.com/research/threats/duqu/

DUQU : FROM THE GEN STUXNET????

1.  Do u remember the gr8 STUXNET...who hit the cyber theatres about a year back?....i call it gr8 since that was the first piece of trojan which the experts called with words like marvelous,the world's first 'open source weapon'.....the code which shocked the experts...though it was meant to target Siemens industrial software and equipment running Microsoft Windows....but the percentage affected was enough to do the early damage and show the trailor of what  can come ahead....now comes another in the offering which Researchers from Symantec say is likely written by the same authors and based on the same code.This is known as DUQU.....also coming to be known as “Son of Stuxnet” and a “precursor to a future Stuxnet-like attack.”

2. But another analyses by security researchers from Dell suggest Duqu and Stuxnet may not be closely related after all. That’s not to say Duqu isn’t serious, as attacks have been reported in Sudan and Iran. But Duqu may be an entirely new breed, with an ultimate objective that is still unknown.“Both Duqu and Stuxnet are highly complex programs with multiple components,” Dell says. “All of the similarities from a software point of view are in the ‘injection’ component implemented by the kernel driver. The ultimate payloads of Duqu and Stuxnet are significantly different and unrelated. 

3. The security vendor Bitdefender has also cast doubt on the supposed Duqu/Stuxnet link in its Malwarecity blog. “We believe that the team behind the Duqu incident are not related to the ones that released Stuxnet in 2010, for a number of reasons,” BitDefender’s Bogdan Botezatu writes. While a rootkit driver used in Duqu is similar to one identified in Stuxnet, that doesn’t mean it’s based on the Stuxnet source code.

4. Now till date,DUQU was reportedly seen infecting machines in and around IRAN......but now the Symantec version reported is that a server machine in aamchi Mumbai is effected by this new VIRUS!!!!!!!Indian authorities seized computer equipment from a data center in Mumbai as part of an investigation into the Duqu malicious software that some security experts warned could be the next big cyber threat. Two workers at a web-hosting company called Web Werks told Reuters that officials from India's Department of Information Technology last week took several hard drives and other components from a server that security firm Symantec Corp told them was communicating with computers infected with Duqu. 

5. So DUQU is here in INDIA.......and I m sure with the high percentage of pirated software users in India....we r the most vulnerable to such kinds of threat.....be updated...buy genuine....keep taking updates to avoid being EXPLOITED by EXPLOITS..................

6. Thanks http://arstechnica.com 

Stuxnet : Some more good info

1.     Recently,after i mentioned Stuxnet on Meliorate...I found some more good info and FAQs at http://www.newscientist.com/........must read....

Stuxnet : A Milestone in Malicious Code History

1. Stuxnet,the internet worm,intent of which was thought to effect Iran's nuclear programme has now taken a U Turn towards HINDUSTAN....

2. American cyber warfare expert Jeffrey Carr has assured the GoI,that China the originator of this worm which has terrorised the world since Mid 2010. Ascribing the break down of ISRO's INSAT 4B satellite a few months ago ,Carr said it is China which gained from the satellite failure. Although he re affirms that the conclusions are not definite.Invariably the effected systems are loaded with a Siemens software which have been specifically targetted to which Siemens has released a detection and removal tool.Siemens recommends installing the Microsoft patch for vulnerabilities and disallowing the use of third-party USB sticks.It is further contemplated that incorrect remotion of the worm could cause irrepairable damage.

3. Jeffrey Carr says "The satellite in question (INSAT 4B) suffered the power `glitch' in an unexplained fashion and it's failure served another state's advantage -- in this case China," he said.The connecting link between INSAT 4B and Stuxnet is that the Siemens software is used in ISRO's Liquid Propulsion Systems Centre ie S7-400 PLC and SIMATIC WinCC.Something about Stuxnet...these attack Windows systems using four zero-day attacks and targets systems using Siemens' WinCC/PCS 7 SCADA software. It is initially spread using infected USB flash drives. Once inside the system it uses the default passwords to command the software.Few intretsing things about this :

- Half a megabyte in size 

- Written in different programming languages (including C and C++) 

- Digitally signed with two authentic certificates which were stolen from two certification authorities (JMicron and Realtek) which helped it remain undetected for a relatively long period of time. - Capabable to upgrade via peer to peer.

- Eric Byres, an expert in maintaining & troubleshooting Siemens systems, expects that writing the code would have taken many man-months.

4. Stuxnet is a threat aiming a specific industrial control system such as a gas pipeline,satellite systems & power plants. The ultimate goal of Stuxnet is to sabotage the facility by reprogramming programmable logic controllers (PLCs) to operate as the attackers intend them to, most likely out of their working and identified boundaries.This worm represents the first of many milestones in malicious code history ,it is the first to exploit four 0-day vulnerabilities, compromise two digital certificates, and inject code into industrial control systems and hide the code from the operator. Whether Stuxnet will usher in a new generation of malicious code attacks towards real-world infrastructure,overshadowing the vast majority of current attacks affecting more virtual or individual assets—or if it is a once- in-a-decade occurrence remains to be seen.Stuxnet is of such great complexity requiring significant resources to develop—that few attackers will be capable of producing a similar threat, to such an extent that we would not expect masses of threats of similar in sophistication to suddenly appear. However, Stuxnet has highlighted direct-attack attempts on critical infrastructure are possible and not just theory or movie plotlines.The real-world implications of Stuxnet are beyond any threat we have seen in the past. 

5. When is India actually going to work for itself rather then performing across the globe...y is the world telling us that we are effected here...even in the case of SHADOWS IN THE CLOUD...we were told by the Shadow server foundation that our institutes have been compromised inspite of the fact that we have all it takes to take the IT world by storm...but we are all working for ourselves...and not for own country...cream is flowing out and getting outsorced..IT IS ACTUALLY SAD THAT THE WORLD KNOWS INDIA'S POTENTIAL BUT THE INDIANS DONT KNOW THIER OWN.....