These are quick first looks and trend and threats


Read More >>
Written by the security and AV professionals from team K7, meant for the general audience
Read More >>
These are usually articles that go into internals of a virus or deal with security issues
Read More >>
Senior managers speak on areas of interest to them, inside and outside the industry
Read More >>

Posts Tagged ‘Andrew Lee’

K7 Sponsors AVAR

Monday, November 15th, 2010

K7 is proud to be sponsoring the international AVAR conference, this prestigious event is now in it’s 13th year, and brings together top speakers from all over the world. You will be able to hear two speakers from K7 this year, first Samir Mody, who will be discussing the problems of dealing with custom malware packers, and later K7 CTO who will be presenting a paper on malware prevalence and its importance in testing.

Drop in and say hi, see you in Bali!

Old style Email Worm spreading rapidly

Saturday, September 11th, 2010

In something of a blast from the past, an email borne worm has been sighted spreading around the internet.

Although we’ve not seen too many actual attacks from this, it’s been widely reported in the media, perhaps as it’s quite a novelty these days to see a worm spreading in this way.

It spreads itself as an executable in email, but disguises itself as a PDF file, when executed it attempts to download some other malicious files on the victim machine, and drops some files in an attempt to let the worm spread via autorun.

K7 Total Security detects this worm as  ”Emailworm (0019e4ae1)” (yeah, it’s that uninteresting!)

Full information is here:

http://viruslab.k7computing.com/index.php?option=com_k7virus&view=showvirus&Itemid=1&id=818

If you’re interested in more, Dan Goodin has written a short piece about the worm on The Register http://www.theregister.co.uk/2010/09/10/email_worm_spreading/

Andrew Lee
CTO K7 Computing

 

 

Indian Security researcher freed on bail

Wednesday, September 1st, 2010

Some good news via the EFF (Electronic Frontier Foundation), an Indian security researcher accused of stealing an electronic voting machine has been released on bail. Prasad had used the machine, which was given to him by an anonymous source, to show how the systems can be tampered.

Report here:
https://www.eff.org/deeplinks/2010/08/security-researcher-released-bail

Andrew Lee
CTO K7 Computing

Did Malware cause an Air Disaster?

Saturday, August 28th, 2010

A recent report on an air crash that happened in Spain prompted several articles that seemed to imply that a computer infected with Malware contributed to, or caused the disaster – most of these reports arose after the publication of this article (translated from Spanish via Google Translate): http://translate.google.com/translate?js=y&prev=_t&hl=en&ie=UTF-8&layout=1&eotf=1&u=http://www.elpais.com/articulo/espana/ordenador/Spanair/anotaba/fallos/aviones/tenia/virus/elpepuesp/20100820elpepinac_11/Tes&sl=es&tl=en

Subsequently, the news got even more sensationalised and less accurate, for example in this Gizmodo article (http://gizmodo.com/5618287/malware-blamed-for-disastrous-plane-crash)  that seems to lay most of the blame on a malware infection and fails to mention any of the more serious problems leading to the disaster.

Such sensational news is of course interesting to security professionals, particularly those of us working in the Anti-malware industry, and has prompted a lot of debate and investigation behind the scenes.

So what’s the real story? Did malware crash a plane? No, not even close. The reality is much more mundane, though still has worrying aspects (that I’ll discuss shortly).

One of the best articles (that shows that some journalists still go and look up the original sources) was this piece by Ed Bott (http://www.zdnet.com/blog/bott/fact-check-malware-did-not-bring-down-a-passenger-jet/2354). He carefully points out that the malware in question was on a ground based maintenance system (a long way from the aircraft when it crashed), that the MD-80 aircraft that crashed (not an Airbus A320 as some incorrect reports stated) is not a computerised aircraft (and therefore couldn’t be infected with malware anyway), and that the mechanics were actually still entering their maintenance report on the infected system at the time of the crash.

Another well reasoned article (though it does have some inaccuracies – the TOWS system was never infected) was this by Bow Sineath (http://www.secureworks.com/research/blog/index.php/2010/08/23/malware-and-the-failure-of-aircraft-systems/). This points out that the correct take off configuration for the aircraft was not in place because of a failure of the Take of Warning System (TOWS) that tells the pilots that the flaps are correctly deployed (and other important parts of the takeoff configuration are in place) And, this brings us to the real cause of the accident. The pilots had not checked that they had deployed the flaps correctly – this is essential to a correct take-off configuration.

Anyone who flies regularly will have seen the way that the flaps extend from the wings of aircraft on take-off and landing; this is to provide the necessary lift to let the aircraft gain the air on takeoff (and keep it from falling too rapidly on descent). Without the flaps extended, the aircraft could not gain enough lift to take off correctly and therefore crashed, with the resultant tragic loss of life. This is very much a human error story, with an added coincidence of an incorrectly maintained computer system. Much more significant than any malware infection was the separate and unrelated (to the malware infection) failure of the TOWS alerting system. Bow’s article above explains that this is a known problem with MD-80 aircraft, and the fact that the failure had occurred three times before should have raised an alert – this is where the malware comes in – the maintenance system was working slowly, because of the Trojan infection, and this meant that the mechanics didn’t enter the reports in a timely manner, so the necessary alerts weren’t given. It does not excuse, nor explain the pilots’ failure to correctly and completely follow their paper checklist. The failure of the TOWS system meant that the pilots (who did not correctly follow take-off procedures) were not alerted when they did not deploy the correct takeoff configuration, and this most serious error led to the aircraft’s demise. All the configuration systems on aircraft are backed up by manually followed paper checklists, unfortunately, routine is not easy for humans, and it seems that the pilots just made a lapse in following their checklist (which is what the TOWS system is there to alert them to), and it sadly happened at a time when the backup system (an audible alert) wasn’t functioning correctly.

So, did malware cause the air disaster? No, not at all; but as is often the case, some parts of the media don’t like the facts to get in the way of a good story. Malware is frequently sensationalised, and “Pilot error causes Plane Crash” isn’t as exciting a headline as “Malware Blamed for Disastrous Plane Crash”, although the results are just as tragic.

No one can deny that as the world becomes more and more reliant on computers, that malware will continue to be a big problem, or that computers used in critical systems such as control of aircraft, life support, nuclear reactors etc are particularly likely to give rise to disastrous situations if they get infected. However, the reality is that by far and away the greatest proportion of malware is written for criminal gain, such as credit card fraud and is targeted at systems that are widely used (such as Windows or Macs), because that is where the gains are to be made.

Far from worrying whether malware might bring down your plane on your next flight, you should rather ensure that your own computer system isn’t leaking critical information like your banking details or your personal data. The best way to do that is to ensure you keep it well maintained with the latest security patches from vendors like Microsoft and Adobe, and that you run robust and updated anti-virus, such as K7 TotalSecurity, and if you’re using online banking or sites that require you to enter your financial information, consider using a secured browser like K7 SecureWeb.

Andrew Lee
CTO K7 Computing.

Blog Relaunch!

Tuesday, August 24th, 2010

Dear readers,

As you may have noticed, there have been many changes around here in terms of the new K7 website and even some new products in the shape of K7SecureWeb.

All this activity and a few internal changes have meant that this blog has been a bit underused in recent weeks. The good news is that we’re now re-launching the blog, and while I’ll be the main writer here; keeping you updated with the goings on here at K7, and on Security issues in general; we will also be having contributions from other team members. This will include contributions from our Virus Lab experts, our development and technical teams and our cloud computing division.

Just to introduce myself, I’m the Chief Technology Officer here at K7 – and you can see a bit more about me here http://corp.k7computing.com/About-Us/K7-Management-Team.php. I can also be found blogging over at http://avien.net/blog and I’ll be speaking at various events including Virus Bulletin 2010 in Vancouver, Virus Bulletin’s new Seminar series in London, and the AVAR conference in Bali.

I hope to be posting regular and interesting content here, and would love to hear your feedback, which you can leave on the comments section. I’ll try to answer all genuine comments as I can, but please be aware that I won’t be answering any support questions here, so please direct those to our wonderful support staff, who will be only too happy to help out.

Andrew Lee
CTO K7 Computing