The Stuxnet Story

Paul Raven @ 12-07-2011

In case you’ve not seen it already, Wired has a marvellous long-form piece about the discovery and analysis of the Stuxnet worm; well worth a look, whether you’re interested in the procedural side of malware analysis or just the storyable shape of a modern technothriller mystery-hook. Go read.

If that looks a bit TL;DR for you, there’s always the infographic video.


It’s a man’s life in the global pseudocorporate cybercrime conglomerates!

Paul Raven @ 26-03-2010

PC Pro has an interesting insight into the daily goings-on at a defunct scareware corporation from Ukraine [via SlashDot], which – if it’s to be taken at face value – demonstrates how similar such blackhat operations are to many (arguably more legitimate) organisations, at least as far as flim-flamming the people they screw over and rewarding their star employees is concerned:

According to court documents, former employees and investigators, a receptionist greeted visitors at the door of the company, known as Innovative Marketing Ukraine. Communications cables lay jumbled on the floor and a small coffee maker sat on the desk of one worker.

As business boomed, the firm added a human resources department, hired an internal IT staff and built a call center to dissuade its victims from seeking credit card refunds. Employees were treated to catered holiday parties and picnics with paintball competitions.

Top performers got bonuses as young workers turned a blind eye to the harm the software was doing. “When you are just 20, you don’t think a lot about ethics,” said Maxim, a former Innovative Marketing programer who now works for a Kiev bank and asked that only his first name be used for this story. “I had a good salary and I know that most employees also had pretty good salaries.”

Hardly the two-geeks-and-a-table operation that you might expect, eh? If only that infuriating 50% of internet users would stop opening spam emails


Windshield handbills as computer virus vector

Paul Raven @ 05-02-2009

windscreen flyerThey may be vampiric bastards, but you’ve got to give malware builders their due – they’re cunning and inventive. They’ve found a new way to get people to sign in to a website that will infect their computer with a virus: stick a handbill on their car with a URL on it.

Several days ago, yellow fliers were placed on the cards in Grand Forks, ND. They stated:

PARKING VIOLATION This vehicle is in violation of standard parking regulations. To view pictures with information about your parking preferences, go to [website-redacted]

Now that’s some crafty social engineering right there; find an approach that people have no historical reason to mistrust, and exploit a common fear. Bam – brand new bot-net. I suppose it’s too much to hope that this indicates normal email spam is becoming less effective…

Now, think of all the vectors for this sort of attack that become available once we’re all wandering through a world of ubicomp around draped in Personal Area Networks. [story via SlashDot; image by dewet]


Virus on space station searched for video game logins

Tomas Martin @ 28-08-2008

USB drives transported viruses into space...NASA revealed today that some of the laptops used by astronauts on the International Space Station were infected with the computer virus Gammima.AG. The laptops, which were carried to the station in July for nutritional programs and email, were believed to be infected when they arrived.

Gamminma.AG is a year old virus that steals logins for online computer games for sale by software pirates. Computer experts say the astronauts should have disabled the ‘autorun’ command from the laptops as the virus travels by USB stick. NASA may have been caught out but there are instructions to prevent such malware automatically subverting your computer.

I wonder if the virus managed to steal any of the astronauts logins to World of Warcraft or Sins of A Solar Empire? Are avatars worth more if their user has travelled into space?

[via Google News, picture by Caro’s Lines]


Criminal malware – now with End User License Agreements!

Paul Raven @ 05-05-2008

Eula Hotel signMalicious software and obfuscatory legalese – two bad tastes that, I imagine, taste even worse together. [image by j l t]

Thankfully, as I’m not in the business of trying to turn a profit by building botnets, it’s not a flavour combo I’ve encountered myself, but there are reports that such things really do exist. Caught with the same economic problem as legitimate software houses – an infinite good, easily reproduced – malware crews are including EULAs with their program packages.

Of course, a malware author can’t fall back on the courts to enforce the terms of the agreement, and so the threatened actions are a little more, er, direct – basically, if you mess with the code they’ll rat you out to the antivirus companies. But, in the words of Mike Masnick at TechDirt:

“… we already know that almost no one reads normal software EULAs, so I somehow doubt that the online scammers using this software are bothering with the fine print either.”

I can’t say I’m feeling too sad about that.


Next Page »