3 replies to this topic

[ShyWriter]

.
Inside the "PlugX" malware with SophosLabs - a fascinating journey into a malware factory..

by Paul Ducklin on May 20, 2013



Join SophosLabs Principal Researcher Gabor Szappanos (Szappi) as he takes you on a fascinating journey into the PlugX malware factory.

This is a malware family that keeps evolving as the criminals in charge of it churn out new variants.

Just like legitimate software, malware has major version upgrades and point releases.

In this paper, Szappi looks at the recently-released Version 6.0 of the PlugX malware framework.

You'll enjoy Szappi's paper because it's not so technical as to get bogged down in researcher-only jargon, yet not so high-level as to skip over the details that help you to understand how virus writers think.

Szappi writes clearly and logically, taking apart and explaining the numerous and deliberately-distinct phases in the malware's infection mechanism. (More...)

Read the complete article/paper at: http://nakedsecurity.sophos.com/2013/05/20/inside-the-plugx-malware-with-sophoslabs-a-fascinating-journey-into-a-malware-factory/

Steve

[Franz]

Sure. It may be all very explainable but the whole problem lies somewhere else. As Bruce Schneier has said: "The whole concept of security awareness training demonstrates how the computer industry has failed". This internet was once designed by university people to discuss results of their work with peers and no one had any bad intentions. Maybe it is time to redesign the system. It is ridiculous that passwords, e.g., are not simply refused if not safe (Bruce Schneier again). The Malware Forum password i received was complicated and I could not choose my own (thumbs up). Why is that not the case, e.g., with Yahoo, Farcebook, etc. and even with the MS Outlook mailprogram. It is simply asking for trouble. Someone can even get a mail account without having any security program on the Kompooter. Now I am asking you. Something has gone drastically wrong.

[AdvancedSetup]

If it was as locked down though as you or some others would have and was done so from the start then it would still probably almost still be in its infancy and available only via command line as it used to be because if its too complex or too locked down and hard to use then most users simply don't want to use something like that. Its wide openness is what many were attracted to and as soon as they came up with a graphical interface it really took off even faster.

You now have espionage from Governments around the World and highly advanced computer techs that passwords mean little as exploits are often located and used to bypass provided security. The reality is that it is not "secure" and putting your business or personal data online does carry the risk of being stolen sooner or later. Even what is covered under US laws is often twisted by our own legal system as to who and why it can be accessed legally even though what one would have considered "common sense" does not apply to laws. Legal technicalities are what rule, good or bad.

They want to put all your medical records online in a national database for health yet its been seen and proven over and over that there are no real "secure" online locations. Sooner or later someone with enough knowledge, manpower, or trickery can overcome the security of any known systems. There are certainly many other implications of this but since this is not a political discussion I won't go there.

There is no easy answer but a draconian lock down is not it either.

[Franz]

Legal technicalities are what rule. Exactly. I would even say that lawyers + judges rule.
Maybe the internet should be split. One section for "fun" and another one redesigned with access only under strictly enforced and checked rules. After all, I am not allowed to drive a car without brakes and in many countries the cars must be inspected every year or every second year. No freedom there. It is silly that someone can do online banking without having any security whatsoever. All this, however, may be wishful and highly naive thinking. But something has to give. I read recently that the costs of security and criminal "rewards" amounts to $100 billion a year worldwide. Not peanuts. I also recall that some universities in the US are testing another setup of the internet. So who knows.