Windows BITS Service Used to Reinfect Computers with Malware

Crooks found a way to reinfect computers with malware via the Windows BITS service, months after their initial malware was detected and deleted from the infected system.

BITS (Background Intelligent Transfer Service) is a Windows utility for transferring files between a client and a server. The utility works based on a series of cron jobs and is the service in charge of downloading and launching your Windows update packages, along with other periodic software updates.

According to US-based Dell subsidiary SecureWorks, crooks are using BITS to set up recurring malware download tasks, and then leveraging its autorun capabilities to install the malware.

Abusing BITS is nothing new since criminals used the service in the past, as early as 2006, when Russian crooks were peddling malicious code capable of using BITS to download and installing malware on infected systems.Initial malware infection took place back in March 2016In the particular case, SecureWorks staff were called to investigate a system that had no malware infections but was still issuing weird security alerts regarding suspicious network activities.

The SecureWorks team discovered that the initial malware infection took place on a Windows 7 PC on March 4, 2016, and that the original malware, a version of the DNSChanger malware calledZlob.Q, had added malicious entries to the BITS service.

These rogue BITS tasks would download malicious code on the system and then run it, eventually cleaning up after itself.

Since the user’s antivirus removed the initial malware, the BITS tasks remained, re-downloading malware at regular intervals. Because BITS is a trusted service, the antivirus didn’t flag these activities as malicious but still issued alerts for irregular activities.BITS tasks could be used in much more dangerous waysIn this case, SecureWorks reports that the BITS jobs downloaded and launched a DLL file that executed as a “notification program.”

BITS jobs have a maximum lifetime of 90 days, and if the malware coder had used them properly, they could have had a permanent foothold on the infected system.

SecureWorks staff presents a method of searching for malicious BITS tasks in their technical write-up, along with a list of domains from where this particular infection kept downloading malicious code.

To read more and the original story follow this link to Softpedia. 

New malware used to attack energy companies

The Trojan program is used for reconnaissance and distribution of additional malware, researchers from Symantec say

 

A new malware program is being used to do reconnaissance for targeted attacks against companies in the energy sector.

The program, dubbed Trojan.Laziok by researchers from antivirus vendor Symantec, was used in spear-phishing attacks earlier this year against companies from the petroleum, gas and helium industries.

The attacks targeted companies from many countries in the Middle East, but also from the U.S., India, the U.K., and others, according to malware researchers from Symantec.

The Trojan is spread via emails with malicious documents that exploit a Microsoft Office vulnerability for which a patch has existed since April 2012.

“If the user opens the email attachment, which is typically an Excel file, then the exploit code is executed,” the Symantec researchers said Monday in a blog post. “If the exploit succeeds, it drops Trojan.Laziok, kicking off the infection process.”

Trojan.Laziok is mainly used to determine if a compromised system is worth further attention from the attackers. It collects information like the computer’s name, RAM size, hard disk size, GPU and CPU type, as well as a list of installed software, including running antivirus programs.

The information is sent back to the attackers, who then decide if they want to deploy additional malware that can provide them with remote access to the infected system. For this second stage of attack they use customized versions of Backdoor.Cyberat and Trojan.Zbot, two well known malware threats.

“The group behind the attack does not seem to be particularly advanced, as they exploited an old vulnerability and used their attack to distribute well-known threats that are available in the underground market,” the Symantec researchers said. “However, many people still fail to apply patches for vulnerabilities that are several years old, leaving themselves open to attacks of this kind.”

For more information and the original story follow this link to Computerworld

Is CryptoLocker Ransomware arriving on Android?

The U.S. version of the Android malware purporting to be CrytoLocker.

CrytoLocker Ransomware, the malware that locked up PCs until you paid off $300 and the so-called Menace of the Year, may have jumped from Windows to Android.

ThreatPost reports that the Reveton cyber-crime gang is advertising an Android version of CryptoLocker. This program seems to have no way to actively infect an Android smartphone or tablet. To get it you have to actually download the APK file.

To trick you into doing this, the malware masquerades as a porn application. As you’d expect, this malware is designed to hide out on porn sites. If I’d said it once, I’ve said it a thousand times, never download Android apps from third-party sites of any sort and don’t, no matter what operating system you’re running, download programs from porn sites.

If you’re fool enough to do this anyway and get infected, any time you try to use your device, you’ll be shown a warning display that accuses you of viewing child pornography or equally ugly and illegal porn. It then goes on to say that you’ll face a jail term of five to 11 years, unless, of course, you make a payment of $300 via MoneyPak. This is a legitimate pre-paid debt card service.

At this time, it’s unclear if this malware, labeled Koler.A really is a port of CryptoLocker or simply a malware program using the infamous ransomware name in vain. From the limited experience security companies have had with this program it seems most likely it is not actually encrypting your files.

That said, getting rid of Koler.A is currently a major annoyance. Android anti-virus programs don’t have a fix for it yet. If you can move the program’s icon to the trash, however, that “seems” to get rid of the program. The trick is you only have five seconds to delete it before the ransomware screen takes over your display.

For more information and the original story follow the source link below.

Source: ZD Net

Microsoft offering users 100 GB free OneDrive Storage

Microsoft is offering OneDrive users 100 GB of free storage, according to an email I received recently. You don’t just get the free storage for being a user, rather you have to sign up for Bing Rewards and from there use Bing as your search engine while being signed in to your Bing account to earn points to receive the free storage.

A screen shot of the email is above but it reads:

To celebrate the launch of OneDrive, we’ve partnered with Bing to bring you a special offer. Simply join Bing Rewards by signing into Bing once and, after just a week of searching, you can earn enough credits to get 100 GB of additional OneDrive storage for a year. It has never been easier to get free storage. Act now. This limited time offer ends soon.

Five reasons Microsoft could become a top Android smartphone company

I thought this article brought up some good points and thought I would share it here.

1) Microsoft already makes major profits from Android.
How much? Thanks to its patent agreements, Microsoft may have made as much as $3.4 billion in 2013 from Android sales. If it wasn’t for its Android patents, the analyst firm Nomura thinks Microsoft’s entertainment and devices division (EDD), which covers Xbox, Windows Phone and Skype would actually lose $2-billion dollars a year!

With its forthcoming Nokia acquisition, Microsoft could make ten times that much from its own Android smartphones. Also, unlike its potential Android competitors, Microsoft won’t have to pay its own patent fees. That automatically makes each MS-Android phone more profitable for Microsoft than an equivalent device for say Samsung.

Thinking of the Android phone powerhouse, Samsung owns the Android smartphone market the way Microsoft controls the PC market. Microsoft is one of the few companies with the resources to go toe-to-toe with Samsung. All it needs is to commit to a mobile operating system that people wants.

2) Android already owns the market.
The smartphone OS that everyone wants is Android. IDC’s latest fourth-quarter ranking shows Android has more than 78 percent of the worldwide smartphone market.. Between Android and IOS, the powerful mobile OS pair has 95 percent of the market.

I don’t care how much you may like some Windows Phones, they’re not selling. It’s been over a year now Windows Phone 8 was introduced, and it’s still not making serious inroads on either Android or iOS.

3) MS-Android has unique advantages over its competitors.
Ask anyone who makes Android phones what their biggest marketing problem is and they’ll tell that’s it’s trying to get their devices to stand out from their competitors. So, they add bloatware, which customers usually hate, or they paint on their own custom interface, which really doesn’t look that different from anyone else’s front-end.

What’s a company to do? Well, if you’re Microsoft, it can offer customers, Outlook instead of Gmail; Office 365 over Google Docs; and OneDrive, formerly SkyDrive, in place of Google Drive. Get the idea?

Microsoft has real software-as-a-service (SaaS) and infrastructure-as-a-service (IaaS) alternatives to Google’s offerings. While I have no love for Microsoft’s applications, there are hundreds of millions of users who have been using Outlook and Office since they first used a computer. A lot of them would love to use the apps they’ve known since they were kids on a widely-supported platform such as Android.

4) Lower development costs.
I don’t know how much Microsoft is spending on building Windows Phone 9, but it’s got to be north of a hundred million. How much does it cost to build Android? Oh wait, Microsoft doesn’t have to spend a thin dime on creating Android! Google, and other open-source developers, are the ones picking up the tab to build the Android Open Source Project (AOSP).

5) More apps, more developers
Android also already has a huge number of developers and existing applications. In fact, the Google Play store already has a million apps. Windows Phone? It probably just crossed over 200,000 apps. The Android developers are out there, it won’t cost them much money or time to bring their apps to MS-Android.

Presto! For far less money, Microsoft cuts its internal development costs and opens its doors to tens of thousands of new developers and hundreds of thousands of new programs.

ZD Net

Skype Twitter Account Hacked, Group Posts Anti-Microsoft Sentiments

It looks like 2014 is off to a series of hacks, with our report earlier claiming that Snapchat was hacked, compromising some 4.6 million user names and phone numbers in the process, and now it looks like Microsoft’s Skype Twitter and Facebook accounts have been hacked by the Syrian Electronic Army, who have in the past successfully hacked Twitter, The Financial Times, and The Washington Post just to name a few. The group took the opportunity to tweet out some anti-Microsoft sentiments, and advised the followers to stop using Microsoft’s services due to monitoring, which we can only assume has to be related to the recent bout of accusations leveled at the NSA.

According to the tweet, “Don’t use Microsoft emails(hotmail,outlook), they are monitoring your accounts and selling the data to the governments. More details soon #SEA.” The tweets have since been deleted which we can only assume means that Microsoft has managed to regain control of their accounts. Thankfully unlike the Snapchat hack, this was only the hack of Microsoft’s Twitter and Facebook pages, meaning that as far as user information is concerned, it appears to be still intact. Microsoft has yet to respond to the hack.

Source: Ubergizmo

Java, Reader and Flash are most-exploited Windows programs

The ranking of insecure software according to the number of known exploit versions: A large number of vulnerabilities meant that Java, Adobe Reader and Flash were responsible for 66 percent of the exploit versions recorded between 2000 and 2013. Although other groups were also recorded, they are not presented in the ranking shown above.

From the year 2000 through today, Java, Adobe Reader and Flash were responsible for 66% of the vulnerabilities exploited by malware on Windows, according to a new study by the research group AV-Test Institute.  

The study reinforces the well-known rule that keeping applications software up to date is of critical importance for system security. The study does not indicate how many of the exploits were active when the vulnerabilities were unpatched, but such exploits are undoubtedly a small percentage of the total.

The long time span of the study may make it more of historical interest than practical value. Within the last five to ten years both Adobe and Microsoft have improved their software development processes lowering the overall number of vulnerabilities and the severity of those that get through. Current versions of Windows and both Microsoft and Adobe applications, are far more secure than in 2000, or even 2008.

The same is not as true of Java, which is the biggest current problem of the programs tracked by the study, in part because so many users still have old versions of Java installed on their systems.

Other user practices, such as running as a standard user rather than as Administrator, also limit the severity of application exploits. This was a difficult practice to employ with Windows XP, but in current versions of Windows it is far more practical to run as standard user.

Source: ZD Net

XP’s retirement will be hacker heaven

Hackers will bank bugs until after Microsoft retires Windows XP in April 2014; expect attacks, say security experts

Cyber criminals will bank their Windows XP zero-day vulnerabilities until after Microsoft stops patching the aged operating system next April, a security expert argued today.

Jason Fossen, a trainer for SANS since 1998 and an expert on Microsoft security, said it’s simply economics at work.

“The average price on the black market for a Windows XP exploit is $50,000 to $150,000, a relatively low price that reflects Microsoft’s response,” said Fossen. When a new vulnerability — dubbed a “zero-day” — is spotted in the wild, Microsoft investigates, pulls together a patch and releases it to XP users.

If the bug is critical and being widely used by hackers, Microsoft will go “out-of-cycle,” meaning it will issue a security update outside its usual monthly Patch Tuesday schedule.

But after April 8, 2014, Microsoft has said it will retire Windows XP and stop serving security updates. The only exceptions: Companies and other organizations, such as government agencies, that pay exorbitant fees for custom support, which provides critical security updates for an operating system that’s officially been declared dead.

Because Microsoft will stop patching XP, hackers will hold zero-days they uncover between now and April, then sell them to criminals or loose them themselves on unprotected PCs after the deadline.

“When someone discovers a very reliable, remotely executable XP vulnerability, and publishes it today, Microsoft will patch it in a few weeks,” said Fossen. “But if they sit on a vulnerability, the price for it could very well double.”

Minus any official patching from Microsoft, XP zero-days and their associated exploits could remain effective for months, maybe even years, depending on how well security software detects and quarantines such attacks.

If Fossen’s thesis is correct, there should be signs of bug banking, most notably a sharp reduction in the number of publicly-disclosed or used-in-the-wild XP vulnerabilities during the fourth quarter of 2013 and the first quarter of 2014.

“[Hackers] will be motivated to sit on them,” Fossen stressed.

There really aren’t precedents to back up Fossen’s speculation, he acknowledged, because the last time Microsoft pulled the plug on an edition was July 2010, when it retired Windows 2000. But according to metrics firm Net Applications, at the time Windows 2000 powered just four-tenths of one percent of all PCs.

Windows XP will have a much larger share when it’s retired next year: Based on XP’s current rate of decline, Computerworld has projected that the old OS will still run between 33% and 34% of the world’s personal computers at the end of April 2014.

That would be 80 times the share of Windows 2000 when it retired.

But even with Windows 2000’s minuscule share when it left support, there were reports that an edition-specific zero-day was created and sold.

“I heard rumors of a new zero-day being found and sold after the support period expired [for Windows 2000],” said HD Moore, creator of the popular Metasploit penetration testing toolkit and the chief security officer of security company Rapid7. “But there were few if any examples that ended up in the public eye.”

Moore agreed with Fossen that XP bugs would be more valuable after April 2014, but contended that all Windows vulnerabilities would jump in value.

“Something more common [three years ago] was backporting new security advisories into functional exploits on Windows 2000,” said Moore in an email. “Every time a server-side vulnerability was found in Windows XP or 2003 Server, quite a few folks looked at whether this would also work against Windows 2000. My guess is that the retirement of Windows XP will result in all Windows vulnerabilities being of slightly higher value, especially given the difference in exploit mitigations between XP and newer platforms.”

It’s far easier to exploit flaws in Windows XP than in newer editions, such as Windows 7 and Windows 8, noted Moore, because of the additional security measures that Microsoft’s baked into the newer operating systems.

Microsoft has said the same. In the second half of 2012, XP’s infection rate was 11.3 machines per 1,000 scanned by the company’s security software, more than double the 4.5 per 1,000 for Windows 7 SP1 32-bit and triple the 3.3 per 1,000 for Windows 7 SP1 64-bit.

“Windows XP vulnerabilities will be valuable as long as enterprises utilize that version of the operating system,” said Brian Gorenc, manager of HP Security Research’s Zero Day Initiative, the preeminent bug bounty program. But Gorenc also argued that any XP zero-days would be outweighed by higher-priority hacker work.

“Researchers are primarily focused on the critical applications being deployed on top of the operating system,” said Gorenc in an email reply to questions today. “Attackers and exploit kit authors seem to rely on the fact that the update process and tempo for applications are not as well defined as those for operating systems.”

Fossen, convinced that XP would be a big fat target after April 8, wondered whether Microsoft might find itself in a tough spot, and back away from the line in the sand it’s drawn for XP’s retirement.

“If hackers sit on zero-days, then after April use several of them in a short time, that could create a pain threshold [so severe] that people organize and demand patches,” said Fossen.

The consensus among analysts and security experts is that Microsoft will not back down from its decision to retire XP, come hell or high water, because it would not only set an unwelcome precedent but also remove any leverage the company and its partners have in convincing laggards to upgrade to a newer edition of Windows.

But a few have held out hope.

“Suppose we get to a date post the end of Extended support, and a security problem with XP suddenly causes massive problems on the Internet, such as a massive [denial-of-service] problem?” asked Michael Cherry, an analyst with Directions on Microsoft, in an interview last Decembe. “It is not just harming Windows XP users, it is bringing the entire Internet to its knees. At this time, there are still significant numbers of Windows XP in use, and the problem is definitely due to a problem in Windows XP. In this scenario, I believe Microsoft would have to do the right thing and issue a fix.”

Jason Miller, manager of research and development at VMware, had some of the same thoughts at the time. “What if XP turns out to be a huge virus hotbed after support ends? It would be a major blow to Microsoft’s security image,” Miller said.

Another option for Microsoft, said Fossen, would be to take advantage of a post-retirement disaster to do what it’s been doing for years, push customers to upgrade.

“They might also respond with a temporary deal on an upgrade to Windows 8,” said Fossen, by discounting the current $120 price for Windows 8 or the $200 for Windows 8 Pro. “Then they could say, ‘We’re aware of these vulnerabilities, but you should upgrade.'”

Source: Computerworld

Oculus Rift + Microsoft Kinect = full-on Virtual Reality?

The ledge I’m standing on has a strange existential duality. In the physical realm, it’s a thin strip of red, millimeters above the floor of a pristine white booth in a basement in Shoreditch, London where the 3D tinkerers and technologists (of everything from 3D film to 3D printing) at Inition keep their toys. In the digital realm, which, thanks to the Oculus Rift wrapped around my head, my senses have decided is the more real, the ledge is the only thing between me and a 300-foot plunge.

The voice from the other realm telling me to reach forward with my arms belongs to Inition founder Andy Millns. He’s concerned I’m going to bang my head (or perhaps his Oculus Rift) against the booth wall. That’s easy for him to say. My arms are otherwise engaged in an inept flailing in a simultaneous attempt to not fall off (inside the game, a fail state) or over (inside the booth, an ultra-fail state).

This isn’t Gizmag’s first play with an Oculus Rift. Back in February, Jonathan looked at a pre-launch version. Today, two things are different. Firstly, Inition’s Rift is the finished article (the current developer model, at any rate), and secondly, much more significantly, Inition has wired its Rift up to a Kinect, via a computer running the company’s in-house VR vertigo simulator, that is. To get across that ledge I can’t just push up on a thumbstick, or a W key. I physically have to walk. Or jump, as a previous tester (or perhaps victim) apparently attempted, having abandoned reality outright.

This is proper virtual reality, in other words, albeit it a compact form. The demo begins in a room which, unlike the ledge, I am not free to navigate. I can turn my head, of course, to examine a virtual chandelier, or to look out of a virtual window. As I’d come to hope, latency was all but imperceptible. As I’m impelled across the room by an external force (i.e. someone at Inition operating a keyboard), I come to face a door. The room, it turns out, was at the top of a skyscraper, built very close to another skyscraper which is inevitably though somewhat inexplicably connected by said ledge.

Now I’m free to move, and though, deep down, I’m perfectly content to observe proceedings from the doorway, it seems rude not to try to cross. The Kinect, looking down at me from above, can see the bright red ledge and map my progress across it: Inition’s demo simultaneously Augmented and Virtual Reality. Somehow, I manage to get to the other side without falling, and ready myself for the return journey (all 5 feet of it). But by now the effort of not falling off or falling over is overwhelming, and with one self-righting misstep, I plunge from the ledge and come crashing down to Earth without a thump, there to admire the virtual grass.

It’s great fun, and if I had difficulty, it may have been down to my unwillingness to let go of reality. As I lowered the Rift over my eyes, my brain clung on to the visual memory of the red ledge, conscious that even the minuscule difference in height could cause me to trip. I became convinced, rightly or wrongly, that where the Rift was telling me the ledge was didn’t match its actual location. Practice doubtless helps, but a safe playing environment will be essential for people to immerse themselves fully.

Coincidentally, that’s precisely the intention of Julian Williams, CEO of Wizdish. As part of Inition’s current AR vs VR event, part of the Digital Shoreditch festival, Williams is showing off his invention, which, accompanied by another Kinect sensor and Oculus Rift, lets people navigate a VR space by donning special shoes and sliding their feet over the slippery dish. Spotting an opportunity for more inept flailing, I gave it a whirl.

This time a Kinect was trained on my ankles. When detecting a walking motion (or something like it), the demo moved me forward in the direction I was looking. The VR itself was rudimentary, but the point here is that the Wizdish does a good job of allowing users to walk about in a virtual space without the worry of bumping into things. The combination of shoes and Wizdish does take some getting used to, but even the few minutes I spent skidding about the thing were sufficient to tell that using it would soon become second nature. The challenge future games makers face is to get the Kinect to determine which way the gamer is facing.

In one final effort to completely freak me out, Millns introduced me to Mark Lewis of Animazoo, makers of the IGS Glove. It’s an electronic glove which can track the motion of hands and fingers using inertial gyros without need of a camera (or Kinect sensor for that matter). Lewis invited me to place my hand on the “chopping block” in front of me. “You’re not afraid of electric shocks are you?” Millns quipped. He’s such a kidder. Still, I couldn’t help but think “oh dear” as I pulled another Rift over my eyes. At least this time I’d get to sit down.

“Nice statue,” I said, pointing vaguely ahead of me, forgetting that so far as Millns and Lewis were concerned, I was pointing at Julian Williams and his Wizdish at the other side of the room. It was then that I caught a glimpse of my hand, or its digital proxy. “You’ll notice a few fingers are already missing,” said Lewis. Thank you, yes, I had noticed that. What I was only just beginning to notice was the bloodied guillotine just above me.

It would be an exaggeration to say that my rational mind (what there is of it) had to overpower my instincts in order to place my hand under the guillotine, but this demo certainly has the power to disconcert. It’s not so much the drop of the blade as the anticipation of it, though Lewis gently touching my wrist to coincide with the incision of the blade was certainly effective. I had been expecting to lose another finger or two. Instead my whole hand had gone.

If the Oculus Rift demos by Inition and friends tell us anything, it’s that though the device may be well suited to standard video games, it has much greater potential for immersion when combined with a dedicated, safe environment (as with the vertigo demo) or when complemented by other technology like Kinect, the Wizdish and IGS Glove. If there were shortcomings in any of the demos, the limiting factor seemed to be the Kinect, not the Rift. And the Kinect, we’re told, has been greatly improved for Xbox One. Whether it will allow accurate tracking of body motion is perhaps doubtful, but it’s precisely this that the Rift is crying out for. Otherwise, barring a resolution bump or two, the Oculus Rift itself isn’t far away from perfection.

Source: Gizmag

Chart: Top U.S. Smartphone Operating Systems By Market Share

According to Nielsen, a leading global information and measurement company, Smartphone owners became the majority of mobile phone users for the first time this year, growing from 49 percent of mobile subscribers in Q1 2012, to 56 percent by Q3 2012. Mobile app usage also continued to grow. Among the top 10 mobile apps, Twitter was the fastest growing Android app, and the Facebook Messenger app grew the most among iPhone apps.

Google remained the top Web brand, with an average 172 million unique visitors each month between January and October 2012, followed by Facebook, which garnered an average of 153 million visits each month. Online video continued to grow in 2012, but YouTube remained the top online video source, averaging 132 million unique viewers during the year.

Source: Nielsen