Something new to worry about

Malware Aimed at Social Networks May Steal Your Reality
PC World (10/13/10) Darlene Storm

Researchers at Ben Gurion University, the Massachusetts Institute of Technology, and Deutsche Telekom Laboratories collaborated on “Stealing Reality,” a paper that predicts a new generation of malware based on social-networking data.

The researchers say the malware will target and extract information about relationships and record patterns of behavior in real-world social networks, a technique that will be more dangerous and harder to detect than traditional malware. A malware behavioral pattern attack can harvest a victim’s “rich identity” profile, which could be more valuable than the demographic information such as gender and age, according to the researchers.

“A Stealing Reality type of malware attack, which is targeted at learning the social communication patterns, could ‘piggyback’ on the user-generated messages, or imitate their natural patterns, thus not drawing attention to itself while still achieving its target goals,” the researchers write.

Such attacks could be particularly problematic because “the victim of a ‘behavioral pattern’ theft cannot easily change his or her behavior and life patterns.”

Finally some GOOD news on the malware front

NC State Research Shows Way to Block Stealthy Malware Attacks
NCSU News (11/03/09) Shipman, Matt

North Carolina State University (NCSU) researchers have developed a way to block rootkits and prevent them from contaminating computer systems. Rootkits often work by hijacking a number of hooks, or control data, in a computer’s operating system.

“By taking control of these hooks, the rootkit can intercept and manipulate the computer system’s data at will,” says NCSU professor Xuxian Jiang. To prevent a rootkit from taking over an operating system, Jiang’s research team determined that all of an operating system’s hooks had to be protected.

“The challenging part is that an operating system may have tens of thousands of hooks–any of which could potentially be exploited for a rootkit’s purposes,” Jiang says. “Our research leads to a new way that can protect all the hooks in an efficient way, by moving them to a centralized place and thus making them easier to manage and harder to subvert.”

By placing all of the hooks in one place, the researchers were able to leverage hardware-based memory protection to prevent the hooks from being hijacked. The research will be presented at the ACM Conference on Computer and Communications Security in Chicago on November 12.

…. and

New Honeypot Mimics the Web Vulnerabilities Attackers Want to Exploit
Dark Reading (10/29/09) Higgins, Kelly Jackson

Glastopf is a new open source Web server honeypot project that enables researchers to study Internet attacks by acting as Web servers with thousands of vulnerabilities that provoke cybercriminals into attacking. Glastopf creator Lukas Rist says the program dynamically emulates vulnerabilities that attackers are looking for, so the decoy is more realistic and can gather more detailed information.

“Many attackers are checking the vulnerability of the application before they inject malicious code,” Rist says. “My project is the first Web application honeypot with a working vulnerability emulator able to respond properly to attacker requests.”

Rist built Glastopf through the Google Summer of Code program, in which student developers write code for open source projects. Glastopf uses a combination of known signatures of vulnerabilities and records the keywords an attacker uses when visiting the honeypot to ensure they are indexed in search engines, which attackers regularly use to find new targets. The project has a central database to collect Web attack data from the honeypot sensors, which are installed by participants who want to share their data with the database.

“The project will contribute real-world data and statistics about attacks against Web apps–an area where we do not have good collection tools yet,” says Rist’s project mentor Thorsten Holz. He says Glastopf tricks an attacker by returning content that is often found on vulnerable versions of Web applications, such as characteristic version numbers or similar information.

More good news about malware

Thieves Winning Online War, Maybe Even in Your Computer
New York Times (12/06/08) P. A1; Markoff, John

Malware continues to overcome security professionals’ efforts to defend against it. “Right now the bad guys are improving more quickly than the good guys,” says SRI International’s Patrick Lincoln.

As businesses and individuals become increasingly involved in online communities, cybercriminals are given more opportunities to infect machines and commit crimes. The Organization for Security and Cooperation in Europe estimates that credit card thefts, bank fraud, and other online scams rob computer users of $100 billion annually. In late October, the RSA FraudAction Research Lab discovered a cache of 500,000 credit-card numbers and bank account log-ins that were stolen by a network of zombie computers run by an online gang.

“Modern worms are stealthier and they are professionally written,” says British Telecom chief security technology officer Bruce Schneier. “The criminals have gone upmarket, and they’re organized and international because there is real money to be made.”

Meanwhile, malicious programs are becoming increasingly sophisticated, with some programs searching for the most recent documents on the assumption that they are the most valuable and others stealing log-in and password information for consumer finances.

Microsoft researchers recently discovered malware that runs Windows Update after it infects a machine to ensure the machine is protected from other pieces of malware. Purdue University computer scientist Eugene Spafford is concerned that companies will cut back on computer security to save money.

“In many respects, we are probably worse off than we were 20 years ago,” he says, “because all of the money has been devoted to patching the current problem rather than investing in the redesign of our infrastructure.”

amen to that last paragraph.  Go Mr. Obama, Go!