Viruses, Hackers, The White Hats The Black Hats and the Grey Hats.

Hot:

I waz hAcKeD earlier this month and I didn’t like it – loosing the Sony VGN Media Centres MBR (about half an hour after the I fixed the KOVTR hack and put the site back online.) However it was a wake up call. How are the router rules holding up? Is the DMZ still open for all those weird games ports to the boys machines and do their PS-3’s have any unauthorized UNP link back to any of my machines, or do their laptops have any Netbios packets roaming the internal networks. Yep, networks, we run a homogenous one way network that forks several divergent paths for each device. All traffic can only go one way….

The Networked Home – Foxtel ??? Huh? Who ? Where..?

Hehehe, just keep sub-netting different routers down the 192 and 10.0 address space without responding to any are you there protocols (coz I’m a very friendly little ACK that needs a response…..) and eventually, everyone upstream is invisible to everyone downstream. Place an Ethernet share drive in the middle that everyone can see – but only using IP numbers with everyone having write access to only their shares.

Multi-home and plonk a full table capable Cisco at the front end.

Set-up the boys browsers to go through a foreign country proxy. Use only pseudo address space that isn’t based on any recognizable internet RFC and suddenly, if no-one inside downloads any nasties, then you have a secure network. But what a pain in the arse to set-up, and maintain.

The Sony’s won’t acknowledge advanced encryption layers whereas the HP will. Interesting…. But probably because the Sony’s really want you to use their inbuilt (linksys) wireless.

Dlink is not compatible with Billion which doesn’t talk nicely to Linksys VOIP and of course the Cisco almost laughs out loud when told to talk nicely to the wireless toy routers. ( I swear I hear the damn thing chuckling away… …. You call that a router…. Hahaha…. Hahaha….) To top it all off, there are umpteen million 2.4-5 Ghz 802.11 routers in the area all using SSID 6.

So of course trying to use wireless access between 7:30 pm and 10:00 pm used to be a total waste of time with every wireless device, Dell, Sony’s, Nokias and iPhones all retraining constantly. Directional D-Link antennas have helped considerably,,,,,, but I shouldn’t have to use a 12 dB $230.00 antennae in my bedroom to be able to get a constant data stream to my Nokia or my partners Dell.

Ok, we started talking about Virri/Viruses.

Most of the Laptops in the house have IOLO loaded as its easy for non technical people to use. We have a three license install and last month the iolo license expired…. But no-one told me.

(I don’t use it but it’s on my partners Dell.)

I noticed one night, the pop up messages that she was clicking ignore one after the other.

and…

So I asked her if those pesky pop-ups were annoying her.

“No, I just click the little X and they disappear.”

So you do realise that you cant clean your PC now? I suggested.

Yes but I still have PC Tools for the virus service so I didn’t worry, I don’t use this machine much.

I suggested a quick detour to the payment page and we effected the upgrade to the license, after all there were three laptops depending on IOLO! (Hers and the boys….)

So tonight, we were lying there in bed with me writing appeal documentation (I’ll tell you all about it another day) and herself cruising the expensive 100 year old antique jewelry pages….. (oh ohhh….) on the big screen at the end of the bed via Logitech keyboard with inbuilt dial mouse.

She opened IOLO to execute a disc defrag and drew my attention to the screen….

“I thought we just upgraded system Mechanic….” She said.

I looked up….. System Mechanic had opened a screen – unasked and took her to the “Why not add some more time to your subscription page ?

This was less than two weeks after we upgraded for a year.

Plus she hadn’t yet even received her “Free Upgrade to version 9.

I recalled an email exchange that I had had recently with young A.C.

Re: http://www.patentlyapple.com/patently-apple/2009/10/apple-prepares-to-rock-the-market-with-hardware-subsidizing-program.html

Apple filed a patent for software to cripple performance of their phones and iPods in order to demand your attention of an ad. I’ve heard some pretty amazing and interesting ways to get ads to people, and most of them have had some kind of positive benefit to the consumer, even if small.

In Apple’s (actually Steve Jobs attached his name to this patent so it went all the way to the top) own words:

“Apple can further determine whether a user pays attention to the advertisement…”, It goes on to say that it will check to make sure you saw an ad and make you do something (like click OK or acknowledge, or Like it on Facebook, they weren’t too clear on what the limits where but the next bit was scary). ”If the response is inappropriate or nonexistent, the system will go into lock down mode in some form or other until the user complies. In the case of an iPod, the sound could be disconnected rendering it useless until compliance is met. For the iPhone, no calls will be able to be made or received.”

So, there is the potential to force you to click OK, “Like” something on iFace, send an SMS to a particular number, or maybe transfer funds via PayPal.

AC’s take on it?

Disruptive: highly.

Good: doubtful.

Which of course to me seems almost like some of the click-thru scams running on the net now.

Dancho Danchev’s Blog describes many of these recent hacking incursions as simple money makers by the black hat extortionists who invade your computer/phone, install some Malware and then demand payment to regain control of your computer.

One of the most expensive of these is the Copyright alert scheme.

Requiring $400.00 to unlock your computer before proceeding (after it searches for and finds actual Torrents on your computer……)

Summary:

Software that turns into NAGWARE like IOLO System Mechanic only used to nag you once it was close to expiration or expired. Now it accesses the net (at the users cost) without the users permission and pulls up Nagware for NEXT Years subscription, making the same offer of free upgrade, which wasn’t forthcoming with the last upgrade…..
Steven Jobs wants to get your attention to his advertisement so he wants to lock your phone or computing device until you acknowledge his advert (which of course he receives a click payment for….).
Mr. Sugar Mountain, (Facebook) wants your personal details so he can sell them to third parties without your permission.
The hackers want to charge you $400 per Torrent infraction on your computer (or they lock your computer so you cant use it.)

Conclusion:

The colours between the Black Hats and White Hats are rapidly becoming an indistinguishable murky muddy grey.

Spock says: Fascinating.

References:

(Virii vs Viruses Wikipedia 7 hours ago …. )

Dancho Danchev’s Blog – Mind Streams of Information Security Knowledge

http://ddanchev.blogspot.com/2010/04/dns-infrastructure-of-money-mule.html

Microsoft Malware Protection Center (Located in Melbourne Australia)

Threat Research & Response Blog

P.S.

Ya gotta love those Microsoft guys, they claim that their cleaning stats show that Windows 7 are infected less than any other previous MS platform.

If we look at just the 64 bit version of operating systems it would seem that the lower the install base, the lower the hacking incidence numbers.

Wonder if the numbers were pro-rated before they announced this miraculous win over the hacker community. No, it doesn’t appear so.

However the above graph gives us pretty good idea of the installed base of MS OPsys versions globally as a percentage.

Hat-tip to: Jamie Sunderland on the Link list who brought home to roost the lack of ISM bandwidth allocation in Australia.

He summarised his commentary :

Once 2.4Ghz and 5Ghz are full to the point of cross interference making them useless, where to next? Back to wires? Or ultra-high frequency ultra short-range wireless?

related post