joomla templates Shafeekk.com

Last week we update you about Duqu when Symantec said it had found a mysterious computer virus that contained code similar to Stuxnet, a piece of malware believed to have wreaked havoc on Iran's nuclear program.

Two workers at a web-hosting company called Web Werks told Reuters that officials from India's Department of Information Technology last week took several hard drives and other components from a server that security firm Symantec Corp told them was communicating with computers infected with Duqu.

The equipment seized from Web Werks, a privately held company in Mumbai with about 200 employees, might hold valuable data to help investigators determine who built Duqu and how it can be used. But putting the pieces together is a long and difficult process, experts said. "This one is challenging," said Marty Edwards, director of the US Department of Homeland Security's Industrial Control Systems Cyber Emergency Response Team. "It's a very complex piece of software."

The Duqu trojan is composed of several malicious files that work together for a malicious purpose.Duqu appears to be more narrowly targeted than Stuxnet as researchers estimate the new trojan virus has infected at most dozens of machines so far. By comparison, Stuxnet spread much more quickly, popping up on thousands of computer systems.

Security firms including Dell Inc's SecureWorks, Intel Corp's McAfee, Kaspersky Lab and Symantec say they found Duqu victims in Europe, Iran, Sudan and the United States. They declined to provide their identities.

Duqu so named because it creates files with "DQ" in the prefix -- was designed to steal secrets from the computers it infects, researchers said, such as design documents from makers of highly sophisticated valves, motors, pipes and switches.

Duqu and Stuxnet both use a kernel driver to decrypt and load encrypted DLL (Dynamic Load Library) files. The kernel drivers serve as an "injection" engine to load these DLLs into a specific process. This technique is not unique to either Duqu or Stuxnet and has been observed in other unrelated threats.

"We are a little bit behind in the game," said Don Jackson, a director of the Dell SecureWorks Counter Threat Unit. "Knowing what these guys are doing, they are probably a step ahead."
[Source]

Indian researchers from MalCon have created a malware that utlizes Microsoft Kinect to secretly capture pictures and upload to a picasa account.

A 15year old Indian security researcher 'Shantanu Gawde' from MalCon Research has created a malware that utilizes the Microsoft xbox kinect controller.

Kinect for Xbox 360, or simply Kinect, is a motion sensing input device by Microsoft for the Xbox 360 video game console. With over 10 million devices sold till date, the kinect holds the Guiness book for world record for the fastest selling consumer electronics device - and is exactly the reason why the malware is a concern.

In recent months, there have been a number of innovative kinect hacks that make use of the kinect using both Open source drivers and the Kinect SDK. The malware, code-named 'gawde' after its creators name, works on Windows 7 to secretly capture pictures of the victim / surroundings from a connected Kinect device and uploads them to a picasa account.

Rajshekhar Murthy, Director at ISAC, (Information Sharing and Anaysis Center), a scientifc non-profit body that holds the International Malware Conference, MalCon said. "We believe that in coming years, a lot of windows based applications will be developed for Kinect and the device will gain further immense popularity and acceptance- and from a perpective of an attacker, such a popular device can be an exciting target for visual and audio intelligence. At MalCon research labs, we promote proactive security research and the malware utilizing Kinect is only a proof of concept. "

The kienct malware 'gawde' goes a step ahead and even uses voice recognition to execute a program based on keyword, without the knowledge of the victim. The malware PoC will be demonstrated at the upcoming MalCon 2011 in Mumbai, India.

These are the kinds of things dreams are made of, a 14 year old hacker on Call of Duty was just recruited by Microsoft. You heard me right, Microsoft.
This is exactly what Sony should have done with George Hotz – given him a job as a security specialist, instead of suing him in court and getting its PlayStation Network and other Sony websites hacked day in and out.

Microsoft is reported to be working with the 14-year-old Irish hacker who managed to stir up a little trouble with his Call of Duty: Modern Warfare 2 phishing scam alert. According to the managing director of Microsoft of Ireland, the company is helping the hacker “develop his talent for legitimate purposes.”

Congrats to that young hacker, whose name was not disclosed. While the new prospect for the Dublin kid is not meant to be an example for other hackers to follow, companies do have to realize that there are many talented people among hackers. Why make an enemy when you can have them on your side?


Update: Statement from Microsoft denying the entire thing:
The comments attributed to Microsoft Ireland's Managing Director Mr. Paul Rellis, when speaking at a business event last week, are inaccurate. He never said anything close to what is being reported in some Irish media. Mr. Rellis was commenting on various developers and hobbyists using drivers that allow other devices to display the raw data output from Kinect for Xbox 360 sensors. Microsoft can also confirm that the company has not offered to mentor a 14-year-old from Tallaght who purportedly was related to a phishing scheme.

McAfee previewed its DeepSAFE hardware-assisted security technology for proactively detecting and preventing stealthy advanced persistent threats (APTs) and malware. The technology, which was co-developed with Intel, sits below the OS, providing the ability to fundamentally change the security game, according to the companies.

According to McAfee Labs, more than 1,200 new rootkits per day are detected - equating to 50 per hour every single day. The DeepSAFE technology, which was demonstrated at the Intel Developer Forum in San Francisco, was able to detect and stop a zero-day Agony rootkit from infecting a system in real time. This technology is expected to launch in products later in 2011.

Key attributes of McAfee DeepSAFE:

• Builds the foundation for next-generation hardware-assisted security operating beyond the operating system
• Provides a trusted view of system events below the operating system
• Exposes many attacks that are undetectable today
• New vantage point to block sophisticated stealth techniques and APTs
• Provides real time CPU event monitoring with minimal performance impact
• Combines the power of hardware and flexibility of software to deliver a new foundation for security.

"Intel and McAfee are working on joint technologies to better protect every segment across the compute continuum from PCs to devices," said Renée James, senior vice president and general manager of the Software and Services Group at Intel and the Chairman of McAfee. "By combining the features of existing Intel hardware and innovations in security software, Intel and McAfee are driving innovation in the security industry by providing a new way to protect computing devices. We are truly excited to introduce this technology upon which we will deliver new solutions."
[Source]