On Wednesday, April 1, the latest variant of the Conficker (also known as Downadup and Kido) work will download new instructions. The sophistication of this worm and its botnet have many concerned, although the amount of legitimate concern is a matter of debate.

If you’re concerned, then here are the eight most important things to know about Conficker, updated on Monday morning:

1. Researchers have discovered what they’re calling a signature for Conficker, and developed a scanner based upon the technology.

2. The overwhelming majority of systems infected with Conficker were infected through a vulnerability in the Windows RPC facilities. This vulnerability was patched in October. If you installed that patch before Conficker came out (late December ‘08) then you were protected and still are. If you haven’t installed the update then it’s essential that you do so. Windows Vista is technically vulnerable in this way, but the exploit is almost impossible to execute on it. Conficker is basically an XP problem.

3. Conficker can also spread through network shares, including those that have weak passwords; the worm executes a “dictionary attack” in which a list of common passwords (think “password”, “asdf”, etc) are used to gain access to the share. So if you find new executables on such drives they may be infected. Treat them as you would a program that got e-mailed to you unsolicited, and we hope that means you’ll avoid it and report it to a network admin if you have one. A good anti-malware program will detect it at this stage.

4. It follows from this advice that you are also better off by using complex and unobvious passwords, especially those that use both numerals and letters and especially if they include punctuation.

5. Conficker can also spread by putting itself on removable drives like USB drives. When it does so it sets the Autorun on those drives to run itself. So if you insert such a drive you could, at the least, get a standard Windows Autoplay menu offering Conficker among its options. Sometimes it will disguise itself as the Windows option for opening Windows Explorer for the inserted drive. Once again, a good anti-malware program will detect it at this stage.

6. Anti-malware software isn’t perfect but it has a very high rate of success. Conficker is about as high-profile as malware gets; all the companies have it and understand it well, and so if you have anti-virus software and keep it up to date it’s hard for you to get attacked.

7. Conficker can interfere with the ability of Windows and anti-malware programs to update themselves. Ensure that they are doing so by checking the last update date/time of your anti-malware software and by checking Windows Update manually. Leave no critical updates uninstalled.

8. Free Conficker/Downadup Cleaning Tools:

• McAfee Stinger
• ESet EConfickerRemover
• Symantec W32.Downadup Removal Tool
• F-Secure F-Downadup, FSMRT, more tools
• BitDefender single PC and network removal tools
• Kaspersky KKiller
• Trend Micro

If you use one of these tools to remove Conficker immediately install the MS08-067 patch afterwards.

• BitDefender
• Symantec

Source

Originally posted 2009-04-12 11:31:05.

Popularity: 1% [?]

Researchers at security firm Finjan have discovered details of a new type of banking Trojan horse that doesn’t just steal your bank log-in credentials but actually steals money from your account while you are logged in and displays a fake balance.

The bank Trojan, dubbed URLZone, has features designed to thwart fraud detection systems which are triggered by unusual transactions, Yuval Ben-Itzhak, chief technology officer at Finjan, said in an interview Tuesday. For instance, the software is programmed to calculate on-the-fly how much money to steal from an account based on how much money is available.

It exploits a hole in Firefox, Internet Explorer 6, IE7, IE8, and Opera, and it is different from previously reported banking Trojans, said Ben-Itzhak. The Trojan runs an executable only on Windows systems, he said. The executable can come via a number of avenues, including malicious JavaScript or an Adobe PDF, he added.

The specific Trojan Finjan researchers analyzed targeted customers of unnamed German banks, according to the latest Finjan report. It was linked back to a command-and-control server in Ukraine that was used to send instructions to the Trojan software sitting inside infected PCs. Finjan has notified German law enforcement, Ben-Itzhak said.

“It’s a next generation bank Trojan,” he said. “This is part of a new trend of more sophisticated Trojans designed to evade antifraud systems.”

Finjan researchers were able to trace the communications from the code on an infected machine back to the command-and-control server, which was left unsecured, according to Ben-Itzhak. On that server, they saw the LuckySploit administration console and were able to see exactly what types of rules the Trojan was written to follow and statistics on victims.

About 90,000 computers visited the sites housing the malware and 6,400 of them were infected, a 7.5 percent success rate, he said. Of those whose computers installed the Trojan, a few hundred had money stolen from their bank accounts, he said.

During the span of 22 days in mid-August, the criminals behind the Trojan stole the euro equivalent of nearly $438,000.

Here’s how the Trojan works:

Potential victims get their computers infected either by opening an e-mail and clicking on a link to a Web site created to distribute malware or by visiting a site that has been compromised and malware hidden on it.

In this case the malware, a toolkit called LuckySploit, exploits a known security hole in the browser, and installs the Trojan on the computer. When the Trojan notices the computer user visiting the site of a targeted bank it springs into action.

While the computer user goes about his or her business on the site, the Trojan looks at the available balance and figures out how much money to steal. The Trojan is given a minimum and a maximum range that is below the amount that triggers antifraud systems and to leave a certain percentage in the account, Ben-Itzhak said.

After performing the calculation, the Trojan then makes the transaction, communicating with the bank site through the browser without the computer user knowing.

“The Trojan is sending requests to the bank and getting replies that your browser doesn’t display,” Ben-Itzhak said. “You are looking at your account and you don’t see any of it.”

A Finjan blog post describes it like this:

URLZone is a Trojan Kit that allows the attacker with the use of the ‘URLZone Builder’ to create a configuration file. This file contains precise orders to the bot, enabling the attacker to target any bank he wants…The URLZone successfully managed to bypass the German banks’ protection using ‘One Time Password.’ This is a technique used to enable the user to get a new password every time he logs into his account. Its goal is to make the theft of usernames and passwords worthless. In order to be successful, the malware must execute itself on the browser to change the parameters and fool the the user to approve a fraudulent money transaction from his account…So far the malware behavior is similar to many other Trojans. However, URLZone uses the delivered configuration file to manipulate the user.

The Trojan has the money sent to the bank account of a money mule, someone who has an account set up to receive the funds. Money mules are typically people recruited online as “independent contractors” or “financial managers” whose sole purpose is to wire the money placed into their account to someone else, typically out of the country, in exchange for a commission. Because their accounts are used only once or twice, they often do not realize the ruse immediately, Ben-Itzhak said.

Meanwhile, the Trojan hides the theft by erasing it from the report of account activity displayed to the computer user and shows a fake balance–what the amount would be if not for the theft. The victim will not notice something is wrong until a different, uncompromised computer is used to access the account, an ATM is used, or a transaction is denied because of insufficient funds.

The Trojan also keeps a log of the victim’s bank account log in credentials, takes screenshots, and snoops on the user’s other Web accounts, such as PayPal, Facebook, and Gmail, according to the Finjan report.

This is the first Trojan Finjan has come across that hijacks a victim’s browser session, steals the money while the victim is doing online banking, and then covers its tracks by modifying information displayed to the victim, all in real time, Ben-Itzhak said.

People should keep their antivirus, operating system, browser and other software up to date to protect against this type of attack, he said.

Source

Originally posted 2009-10-05 10:39:36.

Popularity: 1% [?]

In New Delhi in the early 1970s, my family traveled by scooter in the classic, death-defying Indian fashion. My father would drive, with me, a toddler, standing in front gripping the handlebars and my mother seated pillion, my infant sister in her arms. My father was a civil engineer and my mother a nurse, and in India at that time, cars for a young family were far out of reach.

More than 30 years later, I recently listened to Ratan Tata, chairman of one of India’s largest companies, describe a family just like mine as the inspiration for the Nano, the ultra-cheap “people’s car” that Tata Motors officially launches today. “What sparked it off was riding in a car and looking at them and saying, ’surely there’s a safer way that these people can be transported,’” Tata recalls.

That incident was the beginning of a six-year quest by Tata Motors, India’s largest automaker, to develop a car for the common man costing less than Rs 100,000 (about $2,000), roughly the same price as a motorcycle. Many thought Tata was bound to fail, that a car so cheap wouldn’t be much of a car at all. The Maruti 800, India’s best-selling sub-compact, costs almost twice as much. The chairman of Suzuki Motor, Osaka Suzuki, once said: “Tata will not be able to make a one-lakh car.” (Lakh is an Indian word for 100,000.)

The company has proven the doubters wrong. The Nano is going on sale at Tata’s 470 outlets in India; the base model does indeed carry a sticker price of Rs 100,000. Now, with global car sales in the worst slump in decades — Tata Motors itself is experiencing financial difficulties — the battered automotive industry is looking to the debut of the world’s cheapest car for clues to a future that could revolve around smaller, more fuel-efficient and more cheaply produced vehicles.

In an exclusive March 5 interview with TIME, Tata downplayed the tough market conditions and the impact that sagging consumer demand could have on Nano sales. Although car loans are harder to come by in India due to the credit crisis, the country’s economy is still growing. “If I had conceived a million-dollar supercar today, I think you’d have every reason to question whether that’s the right product at the right time in the planet that we are living in today,” Tata says. The Nano, he argues, is the right car for this difficult time. “What has happened in the changing economic situation globally reinforces, if nothing else, the fact that a low-cost car has a place.”

Tata Motors engineers developed the Nano by redesigning every component to minimize cost and weight, while trying to maintain performance and comfort. To see how well they accomplished their mission, I was offered the chance to drive a Nano on a test track at Tata Motors’ main plant in the western Indian city of Pune.

The first thing you notice is that the dashboard holds just two gauges: speedometer and fuel level. This is the basic model, and it’s stripped down to the bare essentials. But driving the car is surprisingly easy. The gearshift is smooth, the car accelerates adequately and you never feel cramped or low to the ground. The Nano doesn’t feel like a cheap, lightweight car that’s going to tip over with the first sudden turn.

Outside the Tata Motors facility, our photographer got to drive a fully equipped, bright yellow Nano along the highways, cobbled avenues and side streets of Pune. This car had air conditioning, worth the extra money in India (optional-equipment costs had not been released at the time this was written), but running the aircon sapped some of the power of the tiny, two-cylinder engine. Other drawbacks of the car: The storage space is hard to access because the hatchback doesn’t open, the brakes aren’t progressive, and the car we drove pulled slightly to the left even though there were just 40 km on its odometer.

Those quibbles are unlikely to make a difference to potential buyers. The Nano’s target customers are people riding two-wheelers, and for most of them, this is the only car they could hope to buy. Even without spending anything on marketing so far, Tata executives expect demand to far exceed their initial annual production capacity of 45,000 Nanos. Tata Motors had planned to build about 250,000 cars a year, but the company was forced to shut down its original Nano factory last fall after protests by people displaced by its construction turned violent. That disruption forced Tata Motors to relocate its main Nano production line and delayed the launch. Because plants in Pune and Pantnagar are now producing the car in reduced numbers, the company is bracing for long waiting lists and disappointed customers.

The lower volume means the Nano will do little for Tata Motors’ revenue and profits, at least initially. Vaishali Jajoo, a senior automotive research analyst at Angel Broking, an investment firm in Mumbai, says that even at projected output of about 250,000 cars a year, she expects the Nano will add just 3% to annual sales. Because the profit margin on Nano sales is small, “It will take at least four to five years to break even” by recouping development costs, Jajoo says. Fully equipped Nanos have higher margins, but the company has not yet decided how many of those it will produce. A company spokesman declined to comment on analyst reports regarding the Nano’s launch, calling them “speculative.”

Initially, the Nano will be sold only in India. The company plans to begin selling a European version in 2011. It has no plans yet to export the Nano to the U.S., although that has not been ruled out.

The Nano’s slow start comes at a time when Tata Motors is struggling financially due to slumping demand. The company in the quarter ending Dec. 31 reported a $58.5 million loss, its first loss in seven years. Loans for Tata Motor’s $2.3 billion purchase of loss-making luxury car brands Jaguar and Land Rover from Ford Motor are coming due. “That’s a major cash-flow crunch for them,” Jajoo says. Jaguar and Land Rover sales have tanked. The company is pursuing several options to meet its obligations, including getting a bailout from the British government.

The Nano certainly won’t solve Tata Motors’ immediate problems. But Tata says he hopes the groundbreaking vehicle will in the long run help redefine not only how much cars cost, but also how they are made. The future of the car industry, he says, lies in design and marketing — not manufacturing, which involves high costs and increasingly can be farmed out to other companies. If the Nano really takes off, Tata Motors may try “distributed manufacturing” — selling Nano kits to be assembled and sold by independent dealers. This, says Tata, would be a step toward fully outsourced manufacturing. “What I tried to describe on the Nano is an attempt to look at that as a business model,” Tata says. A new way of doing business may be something the beleaguered auto industry needs even more than a cheap new car.

Source

Originally posted 2009-03-23 11:01:19.

Popularity: 1% [?]