These are quick first looks and trend and threats


Read More >>
Written by the security and AV professionals from team K7, meant for the general audience
Read More >>
These are usually articles that go into internals of a virus or deal with security issues
Read More >>
Senior managers speak on areas of interest to them, inside and outside the industry
Read More >>

Posts Tagged ‘malware’

K7 Sponsors AVAR

Monday, November 15th, 2010

K7 is proud to be sponsoring the international AVAR conference, this prestigious event is now in it’s 13th year, and brings together top speakers from all over the world. You will be able to hear two speakers from K7 this year, first Samir Mody, who will be discussing the problems of dealing with custom malware packers, and later K7 CTO who will be presenting a paper on malware prevalence and its importance in testing.

Drop in and say hi, see you in Bali!

Why a malcode conference is a bad idea

Tuesday, August 31st, 2010

There seems to be an idea, fostered almost entirely by non malware experts, that writing malicious software is a necessary part of defending against it. This is a nonsense, long debunked by serious researchers, and yet it not only continues to rear its ugly head, but, as InfoWorld reports (http://mobile.infoworld.com/device/article.php?CALL_URL=www.infoworld.com/t/malware/network-security-no-good-can-come-malware-convention-609), has now spawned a conference.

The MalCode conference, to be held in Pune, India (maybe because India seems to have no legislation against such software?) is supposedly there to provide a platform for security researchers to meet malware writers and learn from them.

This, apart from being wildly optimistic that any actual learning will take place (unless it is potential malcoders learning to write more malcode), is a breathtakingly ignorant statement.

Let’s just think about this for a second – malware is very often extremely buggy, often failing to run, it might only run on a single platform, and if using an exploit to spread, relies fully on those platforms that expose the vulnerability.
Most malware uses pretty much similar techniques to spread and run, and in reality the most ‘difficult’ part of analysis is in getting through the packing techniques that are used – and much of that can be automated.

Antivirus software (or Anti-malware software to be more complete) on the other hand, is some of the most complex you can imagine.

  • It must work on a range of platforms, at a very low level where it must avoid interfering with or crashing other processes.
  • It must intercept every single file system call, and be able to search through the memory and network traffic of a machine.
  • It must be able to examine every piece of code that gets loaded, and in less time than it takes you to blink your eye, it must decide whether that code is (or is a possibly altered version of) one of millions of pieces of malware.

Not only that, it must do all of this without affecting the performance of the system, without causing interference to the user, and it must do it in such a way that if the code is legitimate (think of how many billions of pieces of code there are in the world) that code must be allowed to run, and if not, must be prevented from running.

Further, it is the only type of commercial software in the world that is updated so frequently; sometimes as often as every 5 minutes. These updates must not disrupt the system (though inevitably, they sometimes do, which is part of the reason we have technical support departments), must be as accurate as the rest of the software, and must work well with the rest of the system.

Far from being a group of people desperate to know how malware writers work, anti-malware researchers number some of the worlds most skilled reverse engineers, cryptographers, software analysts, software designers and programmers.

Not only that, but anyone who thinks that the several hundreds of thousands of new malware samples we see every day (often many of these are just auto-generated, slightly altered versions of the same things) are not enough of a ‘research platform’ for any self-respecting Anti-malware company, is truly delusional.

We have enough malware, we know how to detect it just fine, and the last thing we want is more being written, and certainly the last thing we need to waste time on is going to a conference with people who are part of the problem rather than part of the solution. Security researchers are not necessarily Anti-malware experts, and vice-versa, it’s good to remember that.

Our industry, in the last 25 years or so, has developed some of the most complex software on the planet, and has done so within a strict code of conduct – NO legitimate anti-virus researcher has ever needed to write a virus. Indeed, to openly do so would be grounds for dismissal and would make such a person unemployable within the wider industry. On the few occasions where malware writers have been inadvertently employed, as soon as the employer has found out about the malware writing, the employee has been dismissed.

Quite simply put, it is never necessary to write malicious software to be able to defend against it. Indeed, any developer working for K7 Computing who wrote such terribly poor code as exists in much malware wouldn’t last long at the company anyway. We employ, and need, highly skilled, hard working and dedicated developers, not sloppy kids with nothing better to do than write malware.

These are just a few reasons why this conference is such a bad idea, but there is one reason it is a good idea ; maybe it’s a great opportunity for law enforcement to go and round up the malware writers stupid enough to turn up, and put them out of our harm’s way.

Andrew Lee
CTO K7 Computing

Did Malware cause an Air Disaster?

Saturday, August 28th, 2010

A recent report on an air crash that happened in Spain prompted several articles that seemed to imply that a computer infected with Malware contributed to, or caused the disaster – most of these reports arose after the publication of this article (translated from Spanish via Google Translate): http://translate.google.com/translate?js=y&prev=_t&hl=en&ie=UTF-8&layout=1&eotf=1&u=http://www.elpais.com/articulo/espana/ordenador/Spanair/anotaba/fallos/aviones/tenia/virus/elpepuesp/20100820elpepinac_11/Tes&sl=es&tl=en

Subsequently, the news got even more sensationalised and less accurate, for example in this Gizmodo article (http://gizmodo.com/5618287/malware-blamed-for-disastrous-plane-crash)  that seems to lay most of the blame on a malware infection and fails to mention any of the more serious problems leading to the disaster.

Such sensational news is of course interesting to security professionals, particularly those of us working in the Anti-malware industry, and has prompted a lot of debate and investigation behind the scenes.

So what’s the real story? Did malware crash a plane? No, not even close. The reality is much more mundane, though still has worrying aspects (that I’ll discuss shortly).

One of the best articles (that shows that some journalists still go and look up the original sources) was this piece by Ed Bott (http://www.zdnet.com/blog/bott/fact-check-malware-did-not-bring-down-a-passenger-jet/2354). He carefully points out that the malware in question was on a ground based maintenance system (a long way from the aircraft when it crashed), that the MD-80 aircraft that crashed (not an Airbus A320 as some incorrect reports stated) is not a computerised aircraft (and therefore couldn’t be infected with malware anyway), and that the mechanics were actually still entering their maintenance report on the infected system at the time of the crash.

Another well reasoned article (though it does have some inaccuracies – the TOWS system was never infected) was this by Bow Sineath (http://www.secureworks.com/research/blog/index.php/2010/08/23/malware-and-the-failure-of-aircraft-systems/). This points out that the correct take off configuration for the aircraft was not in place because of a failure of the Take of Warning System (TOWS) that tells the pilots that the flaps are correctly deployed (and other important parts of the takeoff configuration are in place) And, this brings us to the real cause of the accident. The pilots had not checked that they had deployed the flaps correctly – this is essential to a correct take-off configuration.

Anyone who flies regularly will have seen the way that the flaps extend from the wings of aircraft on take-off and landing; this is to provide the necessary lift to let the aircraft gain the air on takeoff (and keep it from falling too rapidly on descent). Without the flaps extended, the aircraft could not gain enough lift to take off correctly and therefore crashed, with the resultant tragic loss of life. This is very much a human error story, with an added coincidence of an incorrectly maintained computer system. Much more significant than any malware infection was the separate and unrelated (to the malware infection) failure of the TOWS alerting system. Bow’s article above explains that this is a known problem with MD-80 aircraft, and the fact that the failure had occurred three times before should have raised an alert – this is where the malware comes in – the maintenance system was working slowly, because of the Trojan infection, and this meant that the mechanics didn’t enter the reports in a timely manner, so the necessary alerts weren’t given. It does not excuse, nor explain the pilots’ failure to correctly and completely follow their paper checklist. The failure of the TOWS system meant that the pilots (who did not correctly follow take-off procedures) were not alerted when they did not deploy the correct takeoff configuration, and this most serious error led to the aircraft’s demise. All the configuration systems on aircraft are backed up by manually followed paper checklists, unfortunately, routine is not easy for humans, and it seems that the pilots just made a lapse in following their checklist (which is what the TOWS system is there to alert them to), and it sadly happened at a time when the backup system (an audible alert) wasn’t functioning correctly.

So, did malware cause the air disaster? No, not at all; but as is often the case, some parts of the media don’t like the facts to get in the way of a good story. Malware is frequently sensationalised, and “Pilot error causes Plane Crash” isn’t as exciting a headline as “Malware Blamed for Disastrous Plane Crash”, although the results are just as tragic.

No one can deny that as the world becomes more and more reliant on computers, that malware will continue to be a big problem, or that computers used in critical systems such as control of aircraft, life support, nuclear reactors etc are particularly likely to give rise to disastrous situations if they get infected. However, the reality is that by far and away the greatest proportion of malware is written for criminal gain, such as credit card fraud and is targeted at systems that are widely used (such as Windows or Macs), because that is where the gains are to be made.

Far from worrying whether malware might bring down your plane on your next flight, you should rather ensure that your own computer system isn’t leaking critical information like your banking details or your personal data. The best way to do that is to ensure you keep it well maintained with the latest security patches from vendors like Microsoft and Adobe, and that you run robust and updated anti-virus, such as K7 TotalSecurity, and if you’re using online banking or sites that require you to enter your financial information, consider using a secured browser like K7 SecureWeb.

Andrew Lee
CTO K7 Computing.

Facebook Farm Town game serves malware

Tuesday, April 13th, 2010

Users of the popular Facebook game, Farm Town, have been targeted by a malware scam attempting to infect PC systems with fake antivirus software, the company behind the game has admitted. (more…)

Cool Rahul

Monday, January 25th, 2010

Cool Rahul

The name probably brings out images of a Hindi movie or a school nickname. Well, it is Indian alright. But it is a rarity–a malware that originated out of India. (more…)

What is a Drive-By Download?

Tuesday, January 12th, 2010

If you’ve found your PC running slowly or causing you no end of problems after visiting a website that didn’t quite look as legitimate as you expected it to, then it’s likely that you have been the victim of a “drive-by download”. (more…)

Researchers investigate iPhone Worm

Thursday, December 24th, 2009

Your iPhone could be part of a worldwide botnet, researchers have claimed after a recent outbreak of worms designed to infect the popular mobile phone. (more…)

Malware threat on increase according to Microsoft report

Tuesday, November 3rd, 2009

The threat from worms and Trojans is on the increase, according to a bi-annual report from software giant Microsoft. (more…)

Microsoft take Malware advertisers to court

Tuesday, September 22nd, 2009

Microsoft is stepping up the fight against online criminals by launching legal action against up to five advertisers which it claims is responsible for inserting advertisements which include malicious code on websites. (more…)

New York Times hit by Malware Ads

Tuesday, September 15th, 2009

The website of the New York Times was hit with a malicious attack over the weekend, serving readers with advertisements for fake antivirus software. (more…)