Respected security researcher Joanna Rutkowska promises to reveal new rootkit techniques for Vista, and ways to defeat it’s BitLocker drive encryption. On her blog she notes there will be a training session for “legitimate companies” during the Black Hat Briefings in Las Vegas, in late July.

As the training will be focused on Windows platform and Vista x64 specifically, we will also present some new kernel attacks against latest Vista x64 builds. These attacks, of course, work on the fly and do not require system reboot and are not afraid of the TPM/Bitlocker protection. (Although they could also be used to bypass Vista DRM protection, this subject will not be discussed during the training)

Understanding Stealth Malware [invisiblethings]

Increasingly the actual code, often JavaScript, used to attack PCs is hidden in Flash animations or scrambled so that anyone who examines the source of a page can’t easily identify it, said Jose Nazario, a senior software engineer at Arbor Networks, in a presentation at the CanSecWest security confab here.

“Their obfuscation tools are primitive but effective,” Nazario said. “They use obfuscation to avoid simple signatures,” he said, referring to security techniques based on signatures to detect malicious Web sites. Signatures are fingerprints of known attacks.

Web attacks have become commonplace. Tens of thousands of Web sites attempt to install malicious code, according to StopBadware.org. The sites, the bulk of which are compromised sites, often drop a Trojan horse or other pest onto a PC through a security hole in the Web browser.

View: Full Story @ News.com

Rootkits–malicious software that operates in a stealth fashion by hiding its files, processes and registry keys–have grown over the past five years from 27 components to 2,400, according to McAfee’s Rootkits Part 2: A Technical Primer (PDF).

“The trend is it used to be rootkit A was used, but now it’s different components in different rootkit malware,” said Dave Marcus, security researcher and communications manager for McAfee Avert Labs. “Now, there are more ways attackers can use these components to hide their malware.”

Attackers use rootkits to hide their malicious software, which can range from spyware to keylogger software that can steal sensitive information from users’ computers. The rootkits can then be used to create a hidden directory or folder designed to keep it out of view from a user’s operating system and security software.

View: Full Story @ News.com

During March, MessageLabs intercepted 716 e-mail messages that were part of 249 targeted attacks aimed at 216 of its customers, the Gloucester, England-based provider of hosted e-mail filtering services said in a research report. Of the attacks, almost 200 consisted of a single malicious e-mail designed to infiltrate an organization, MessageLabs said.

“These numbers represent a significant increase when compared to the same period last year when attack rates reached one or two per day,” MessageLabs said.

Security experts have said that limited-scale attacks are the most dangerous. Widespread worms, viruses or Trojan horses sent to millions of mailboxes are typically not a grave concern because they can be blocked. But targeted Trojan horses, especially those aimed at specific businesses, have become nightmares as they can fly under the radar.

View: Full Story @ news.com

A genuine crack for Windows Vista has just been released by pirate group Pantheon, which allows a pirated, non-activated installation of Vista (Home Basic/Premium and Ultimate) to be properly activated and made fully-operational.

Unlike cracks which have been floating around since Vista RTM was released in late November, this crack doesn’t simply get around product activation with beta activation files or timestop cracks - it actually makes use of the activation process. It seems that Microsoft has allowed large OEMs like ASUS to ship their products with a pre-installed version of Vista that doesn’t require product activation – apparently because end users would find it too inconvenient.

This version of Vista uses System-Locked Pre-Installation 2.0 (SLP 2.0). It allows the “Royalty OEMs” to embed specific licensing information into the operating system which Vista can activate without having to go back to Microsoft for verification. The licensing components include the OEM’s hardware-embedded BIOS ACPI_SLIC (which has been signed by Microsoft), an XML certificate file which corresponds to this ACPI_SLIC and a specific OEM product key.

View: Full Story @ apcmag.com

In October 2005, Windows expert Mark Russinovich broke the news about a truly underhanded copy-protection technology that had gone horribly wrong. Certain Sony Music CDs came with a program that silently loaded itself onto your PC when you inserted the disc into a CD-ROM drive. Extended Copy Protection (or XCP, as it was called) stymied attempts to rip the disc by injecting a rootkit into Windows — but had a nasty tendency to destabilize the computer it shoehorned itself into. It also wasn’t completely invisible: Russinovich’s own RootkitRevealer turned it up in short order. Before long, Sony had a whole omelette’s worth of egg on its face, and the word rootkit had entered the vocabulary of millions of PC users.

The concept of the rootkit isn’t a new one, and dates back to the days of Unix. An intruder could use a kit of common Unix tools, recompiled to allow an intruder to have administrative or root access without leaving traces behind. Rootkits, as we’ve come to know them today, are programs designed to conceal themselves from both the operating system and the user — usually by performing end-runs around common system APIs. It’s possible for a legitimate program to do this, but the term rootkit typically applies to something that does so with hostile intent as a prelude toward stealing information, such as bank account numbers or passwords, or causing other kinds of havoc.

View: Full Story Via: EETimes

Earlier today Slashdot pointed me to a CBC article citing unnamed sources at Microsoft decrying the state of “craplets” on PCs. Just what are craplets? It’s a cute nickname for all of the software an OEM installs on your new Windows PC before it arrives on your doorstep. Think: 2 or 3 ISP sign-up applications, instant messengers out the wazoo, and software for updating all of this software. And a lot more. Check out the CBC article for more basic details on what craplets are and why they make people, including Microsoft, angry.

Why do we get craplets on our machines? The answer, as you probably could already guess, is that OEMs make money from crapware (a collective term for all craplets). Companies like RealNetworks or JASC Software will pay to have their applications (say, PaintShop Pro) pre-installed on a PC. It’s even more lucrative, sources tell us, when these applications can be established as default handlers for as many file types as possible. It’s advertising, OEM-style.

This is also partially how Microsoft got into trouble back in the days of Netscape vs. IE. Telling OEMs what to do turned out not to be as kosher as Microsoft thought, and they got a hand upside the head for it. Microsoft now complains that this puts them in the position of not being able to do anything about crapware.

View: Full Story Via: ArsTechnia

Cell phone users, beware. The FBI can listen to everything you say, even when the cell phone is turned off.

A recent court ruling in a case against the Genovese crime family revealed that the FBI has the ability from a remote location to activate a cell phone and turn its microphone into a listening device that transmits to an FBI listening post, a method known as a “roving bug.” Experts say the only way to defeat it is to remove the cell phone battery.

“The FBI can access cell phones and modify them remotely without ever having to physically handle them,” James Atkinson, a counterintelligence security consultant, told ABC News. “Any recently manufactured cell phone has a built-in tracking device, which can allow eavesdroppers to pinpoint someone’s location to within just a few feet,” he added.

View: Full Story Via: ABC News Blogs

Computer security experts say 2006 saw an unprecedented spike in junk e-mail and sophisticated online attacks from increasingly organized cyber crooks. These attacks were made possible, in part, by a huge increase in the number of security holes identified in widely used software products.

“The bulk of the fraud attacks we’re seeing now are coming in Monday through Friday, in the 9-5 U.S.-workday timeframe,” said Vincent Weafer, director of security response at Symantec. “We now have groups of attackers who are motivated by profit and willing to spend the time and effort to learn how to conduct these attacks on a regular basis. For a great many online criminals these days, this is their day job: They’re working full time now.”

Criminals are also getting more sophisticated in evading anti-fraud efforts. This year saw the advent and wide deployment of Web-browser based “toolbars” and other technologies designed to detect when users have visited a known or suspected phishing Web site. In response, many online scam artists place phishing Web sites targeting multiple banks and e-commerce companies on the same Web servers, then route traffic to those servers through home computers that they have commandeered with bot programs.

View: Full Story Via: The Washinton Post

As it does every year, Panda Software is publishing its annual list of those malicious codes which, although they may not have caused serious epidemics, have stood out in one way or another:

- The most moralistic. This award goes to the spyware Zcodec which, among other actions, monitors whether users access certain web pages with pornographic content. This may simply be a way of determining whether the user is a frequent visitor to these types of pages in order to send personalized advertising. On the other hand, perhaps the author of the spyware just has voyeuristic tendencies.

- The worst job applicant. The Eliles.A worm sends out CVs all over the place. It even sends them out to users’ cell phones. It would seem that it has little confidence in its own job prospects.

View: Full Story Via: Panda Software