Week 6. Are Malware Threats or Tools?



When hearing the term virus, spyware, malware, adware you may think of hackers or crackers.  Think again!  To the public eyes, government agencies such as CIA are just as bad as those hackers that you are thinking of.  Their goals may be different, but the act is the same.  WikiLeaks, for the last few months, exposed some evidence of malware, backdoors, spyware, and trojans that the CIA has used.  Here are just a few from the website.

Dark Matter - A firmware malware that targets Apple Mac and iPhones.  Once infected, the malware cannot be removed even when the OS is reinstalled.  The purpose for this malware is unknown.
Hive - malware that targets servers and provides  HTTPs interface to the outside.  It is used by the remote machine for extracting information and remote command.

Weeping Angel - an audio recording program.  Once infected the host, it uses the microphone to record audio and either send it out or store the data to be retrieved later.

Archimedes - a computer program that can redirect the web data from the infected computer to a different server.   In a sense, I believe it uses a technic called man-in-the-middle attack.  Although it is claimed that the program is used within the Local Area Network (LAN), it may not do just that in my opinion.  

AfterMidnight - a computer malware or a web server to be more precise.  Once get on the target machine it opens a HTTPS port listening for instruction from outside.  In a sense, this malware more or less acts as a scheduled worker.  At a scheduled time, it listens to command and execute the request sent from another location.

Athena - a Windows XP and later malware that allows remote control of configuration, operation, and task on the infected computer.

Elsa - A location tracking program that obtains and logs information about WiFi access points as well as geographical location of the device.  It is installed on the target machine either by the user or exploits.

Just like a gun, knife, or bow, malware, rootkit, backdoors are just tools.  When we use them to cause harm, they become weapons.  Otherwise, they are merely just tools.  How do you know when they are used as tools and when are they used as weapons?  You don't!  
  
Trust no one!

Source:
https://wikileaks.org/vault7

Comments

Post a Comment

Popular posts from this blog

Week 10 - STRIDE: Elevation of Privilege

Image
Elevation of Privilege, in a nutshell, is the act of gaining access to information, data, or code that otherwise not allowed under the current user’s privilege.   Every user account has a set of access right assigned to fit the account holder’s function.   Traditionally, user privileges are divided into groups like administrative, operation, and view only.   Each user is assigned to one or more groups and has the privileges assigned to the groups.   In a more sophisticated system, users in the same groups can have different access rights.   There are two types of privilege elevations, vertical privilege elevation, and horizontal privilege elevation.    Vertical privilege elevation is when a user gains the privileges of another user whose access right is higher than himself or herself.   An example of this is the sudo command in Debian Linux systems.   Normal user can perform superuser operation when added to the sudo list....
Read more

Week 7 - STRIDE: Repudiation

Image
In 2000, couple individuals at Signal Lake were sued for $25 million by a man named Suni Munshani.   He alleged that Signal Lake’s officers promised him a large amount of asset.     Munshani provided an email that purportedly sent from the dependents as the proof for his allegation.   The court ordered security professional to investigate and concluded that the plaintiff altered one of the emails the dependent sent to him.   Although this does not relate to repudiation, it brings an important aspect of non-repudiation.   (memecrunch.com) Repudiation, in short, is the denial of any wrongdoing , which is the very first thing anyone would do when they get caught doing something illegal.   Professional hackers learn to cover their track very well.   Likewise, security professionals learn to track.   For the email tampering case I mentioned, the defendant would not win the lawsuit if old emails weren’t available for invest...
Read more

Week 8. Secure Your Credit Cards

In the past few years, online shopping had increased tremendously.  With the growth of online purchase, the risk of credit card theft also grows proportionally.  To protect consumers, major credit card issuers and those involved in the credit card transaction have worked hard to maintain satisfactory security level.   Credit card issuers, today, provides free services that used to come with a membership fee.  One beneficial service is text, email or phone call notification on credit card transaction.  The feature can be activated in card holder's account settings.  Once activated and set to a desired notification preference, the card holder receives notification of the transaction made to the credit card.  The card holder can also receive notification of suspected transactions.  The mechanism works by studying how and where the credit card is being used.  When the card is used outside of the norm, the transaction will be stopped, and the no...
Read more