Windshield handbills as computer virus vector

Paul Raven @ 05-02-2009

windscreen flyerThey may be vampiric bastards, but you’ve got to give malware builders their due – they’re cunning and inventive. They’ve found a new way to get people to sign in to a website that will infect their computer with a virus: stick a handbill on their car with a URL on it.

Several days ago, yellow fliers were placed on the cards in Grand Forks, ND. They stated:

PARKING VIOLATION This vehicle is in violation of standard parking regulations. To view pictures with information about your parking preferences, go to [website-redacted]

Now that’s some crafty social engineering right there; find an approach that people have no historical reason to mistrust, and exploit a common fear. Bam – brand new bot-net. I suppose it’s too much to hope that this indicates normal email spam is becoming less effective…

Now, think of all the vectors for this sort of attack that become available once we’re all wandering through a world of ubicomp around draped in Personal Area Networks. [story via SlashDot; image by dewet]


Spam ubiquity – even your Lexus is no haven

Paul Raven @ 13-01-2009

Lexus concept carOnce again, the physical space in which you can expect (or even hope) to avoid being relentlessly marketed at contracts in a dying spasm… that’s right, not even your car is a scared space any more, as
Lexus has announced plans to send targeted messages to owners of its cars based on the buyer’s zip code and vehicle type. Knowing how dependent on customer goodwill the luxury car brands are, I’ll be very surprised if this plan actually makes it to market. [via SlashDot]; image by SecondPrint Productions]

Speaking of spam, computer security researchers in Germany reckon they’ve found a serious chink in the Storm botnet’s armour that means it’s nowhere near as impregnable as previously thought. So why haven’t they smashed it up like a box of cheap crockery, then?

The team has not yet taken the final step of putting the whole thing into action with a genuine Storm Worm botnet in the wild. From a legal point of view, that could involve many problems. Any unauthorised access to third-party computers could be regarded as tampering with data, which is punishable under paragraph § 303a of the German Penal Code. That paragraph threatens up to two years’ imprisonment for unlawfully deleting, suppressing, making unusable or changing third-party data.

Oh, the irony. [also via SlashDot]


Gaza web-war: Jihadist hackers leave toxic e-graffiti; Israeli botnet recruiting volunteers

Paul Raven @ 07-01-2009

row of computersThe current conflict in Palestine is highlighting the potential of the web to become a battlefront in wars both large and small. Internet Evolution reports that Jihadist hacker groups have been cracking and defacing websites all over the world, and that a website called “Help Israel Win” is offering a software download that adds your machine into a pro-Israel botnet, presumably to be deployed against Hamas-related targets in DDoS attacks. [image by Kevin Zollman]

Leaving the politics and ideology of the conflict in question entirely aside for the moment (there are plenty of other sites and threads where you can go and have that argument if you really want to*), it’s fascinating to see someone deploying a voluntary botnet… and it’s a sign of things to come, as it won’t take long for small globally-distributed pressure groups of all kinds to realise that the power of a linked network of computers can give them leverage against their targets. Remember the anti-vivisection hackers who sent a virus to MIT?

But it’s also sad to see that the internet – touted back in the glory days of the late nineties as the global village that would bring us all closer together – has become just another place for us to fight one another. Who’d have thought the lord of the flies would upload himself behind us? [story via SlashDot and Spiraltwist of the Whitechapel Massive]

[ * Seriously, I’m going to delete comments that are partisan to either side of the Gaza conflict, so don’t bother. Regardless of history, religion or politics, innocent people are dying in the dirt. Neither side can justify that. ]


Storm botnet turns its hand to writing fiction

Paul Raven @ 27-06-2008

lightning strikeHere’s a new twist in the ongoing saga of the Storm worm spam network – it has started delivering fiction into our inboxes. [via Bruce Sterling]

Not science fiction, sadly – that’d make for an even better headline – but fake news headlines. Perhaps in response to people slowly wising up to email subject-lines about fake Rolex watches and “spec14l blu3 p1ll 4 b3dr00m”, the botnet is now replacing them with specious news stories about non-existent natural disasters and celebrity mishaps:

“The emails contain such headlines as ‘Eiffel Tower damaged by massive earthquake’ and ‘Donald Trump missing, feared kidnapped.'”

Pitching for the schadenfreude market, then … we’ll be able to judge the effectiveness of this new tactic by watching for how long they keep using it. [image by El Garza]


Carpet-bombing in cyberspace – the case for a military botnet

Paul Raven @ 12-05-2008

Bombs in an aircraft bomb-bayMore botnet news, this time in the form of military fist-shaking bluster! Here’s an article [via SlashDot] in the Armed Forces Journal that suggests the US military apparatus should build its own botnet for “the ability to carpet bomb in cyberspace”:

“The time for fortresses on the Internet also has passed, even though America has not recognized it. Now, the only consequence for an adversary who intrudes into or attacks our networks is to get kicked out — if we can find him and if he has not installed a hidden back door. That is not enough. America must have a powerful, flexible deterrent that can reach far outside our fortresses and strike the enemy while he is still on the move.”

If I’m not very much mistaken, Colonel Williamson has only partially grasped the whole “internet as a non-locational space” thing.

“As much as some think the information age is revolutionary, local networks and the Internet are conceptually similar to the ancient model of roads and towns: Things are produced in one place and moved to another place where they have more value.”

Well, yes – things are produced in one place, sometimes (er, crowdsourcing?). But with the web, that thing can then be everywhere, all at once. Data is an infinite good. Colonel Williamson’s talk about roads-and-towns and “states competing against one another” goes a long way toward suggesting why traditional military organisations have struggled to combat terrorism – they simply don’t have a clue how it (or the internet) works.

But back to the carpet-bomb botnet – Colonel Williamson says that “[t]he U.S. would not, and need not, infect unwitting computers as zombies.” Instead, he thinks it best that the power be built up legitmately – which, again, kind of misses the point of a botnet, in that they’re designed to leverage an amount of hardware that would be financially impractical to buy, build and maintain. [image by TailspinT]

Here’s a better idea – how about a kind of “Milnet@home” project? Show your love and pride in your nation by letting it use some of your spare cycles for smiting the enemy! Come on – you’d trust Uncle Sam with your computer, wouldn’t you?


« Previous PageNext Page »