12.14.14

Meet Sandworm

Meet Sandworm

The conflict between Russia and Ukraine which develops quickly into a widespread cyber conflict is also related to NATO and Western countries.

The two countries have significant cyber resources and until now have only exchanged digital tussles, however the situation may develop quickly into a *real* cyber war.

Modern Russia has a rich history of using cyberattacks as an effective tool for punishing “rogue” states and an auxiliary arm to ground assaults.

In 2007, in response to disagreement with Estonia on the location of a war memorial, the small country has suffered cyberattacks which lasted around 10 days, which paralyzed its entire business sector.

In 2008, as a move ahead of a ground invasion, Russia allegedly operated a sophisticated cyber-attack against Georgia, which paralyzed the country’s communications infrastructure.

Apart from cyber capabilities as part of intelligence and espionage branches of the country, it is estimate that many times Russia has used the services of sophisticated cybercriminal organizations such as the Russian Business Network, a criminal organization that specializes in identity theft and digital attacks, which employs some of the most talented hackers in the world, as well as dubious hacker group called CyberBerkut.

But this is just the beginning of Russia’s digital espionage on its neighbors and the west.

Recently, it has been discovered that at least since 2009, Russia has operated a sophisticated espionage system called “Sandworm”.

The system used a security flaw in different Windows versions, which allowed spying on various factors such as NATO, the European Union, the Ukrainian government, security corporates and communication corporates.

The purpose of the worm was to obtain various documents dealing with Russia and Ukraine, as well as security keys that allow the virus to continue spreading to other computers.

The worm has been called “Sandworm” because the code it was assembled from contained various rich references to the classic sci-fi book “Dune“.

It seems NATO and its allies are taking seriously this cyber threat, as it began to conduct the largest cyber war exercise that ever took place.

Hundreds of security experts from thirty different countries gathered in Estonia to practice protection and response to a large-scale cyber-attack, which requires response and coordination from various countries associated with the alliance.


11.03.14

Friends sent you a video on Facebook? Be careful, it could be a virus!

At least tens of thousands users have already become victims to a new virus on Facebook, masquerading as messages from friends and downloads malicious code onto computers worldwide.

tsahi4

 

“Watch the video by clicking on the picture which belongs to you. ..46” – that is the message received by many surfers. The statement included the recipient’s profile picture and a link labeled ‘YouTube Video’ and Facebook post that looks like it is integrated by the video portal.

tsahi5

 

But in practice, just like many similar cases in the past, the video does not really exist and only causes users to download malware (malicious software) that allows its distributors to gain remote access to computers and Facebook accounts and spread the messages on.

 

“I got this from four of my friends” said one of the customers.

 

What the malware does is kidnaps the contact list and sends chat-like message to all friends with a random number at the end of the message. The purpose of changing the number at the end of the message is probably to avoid spam detection mechanism and to prevent Facebook anti-bot service from noticing that this is the same message that is automatically sent to a large amount of people in a short time.

 

Clicking on the link leads to video-like status on Facebook. But clicking on the video will not play it, instead will lead to a request to install plugin on the browser. The hackers even bothered to adjust the plugin for different browsers, so when we tested the malware on Chrome browser, it tried to install Chrome extension named ‘Video AdPlusing’, which according to Google download statistics has already reached more than 10,000 visits. However, with Internet Explorer browser, we were referred to download a program called ‘iLivid’ that looks like Adobe Flash. Once downloaded, both programs infect the computer, allowing them to obtain the passwords to Web services and display advertisements whose revenues go directly to the hackers account…

tsahi6

 

It is interesting to note that clicking on the link from Android device doesn’t lead to the same video page. Instead it downloads application called ‘APUS’, which came out just last week and has already reached more than 10 million downloads. It looks like this is a real application of Chinese society that replaces the Android interface. Yet, it seems the Chinese company used very bad measures to force and increase the amount of downloads…

For those who have already fallen into this trap, your best bet is to go and delete the plugin or software installed on his computer (either by installing anti-virus or by manually removing the malware)

Stay vigilant. Use a program such as Premium Internet Security from Total Defense to shield your online activity.