Posts Tagged Virus
John McAfee reiterated his innocence in a live video session Sunday night, during which he updated viewers on his current situation, and answered questions from the press.
Wearing black square-frame glasses and sporting a goatee and mustache, the former tech entrepreneur who is wanted in connection to the murder of American expat Gregory Faull, hosted the news conference from a bare white room while in custody at a Guatemalan jail. McAfee was arrested for illegally entering Guatemala after fleeing to the country from Belize, where local authorities want him for questioning.
“Did I kill Mr. Faull? No. Let me be clear: I had absolutely nothing to do with the murder in Belize,” he said.
McAfee, 67, added that his relationship with Faull was virtually nonexistent. “I barely knew the man. I’ve spoken perhaps 50 words to him over a period of five years. I did not particularly care for him.”
The Belize government’s desire to question him, McAfee claimed, has nothing to do with Faull’s murder. “Since April of last year, the Belizean government has been trying to level charge after charge against me — all of them groundless, none of them sticking. This is simply the latest in that chain.”
The founder and former head of anti-virus software company McAfee said he and his girlfriend Samantha hope to return to the United States. McAfee has been in touch with the U.S. embassy “a number of times,” but called it “powerless to interfere within the laws of other countries.”
He mentioned England as another potential place to settle, but was adamant that he could never return to Belize, particularly after launching his blog “The Hinterland.” In it, McAfee details alleged corruption by the Belize government, and his experiences hiding from police.
“The issues that I am discussing are hurting the government; they’re hurting tourism,” McAfee said, adding that it raided his home multiple times while he was in hiding. “The government was mad at me before. They are seriously mad at me now. There is no hope for my life if I ever to return to Belize.”
“I don’t think I can, not unless there’s a change in government and a serious decline in corruption.”
In the video, which addressed inquiries from Mashable, McAfee also condemned the media for portraying him as a “paranoid schizophrenic.” He said he started blogging to “get the truth out,” and to put pressure on the Belizean government.
Calling it “the worst drug on the planet,” McAfee also denied reports that he has taken bath salts (synthetic drugs similar to amphetamine and cocaine). “I do not take drugs, and have not taken drugs for over 30 years.”
Starting Sunday at 8 p.m. ET, McAfee hosted two separate video sessions: The first was an introduction lasting less than five minutes, and the second was a Q&A that continued for nearly 15 minutes.
This article has been at Mashable. Image courtesy of Johan Ordonez/AFP/Getty Images
LONDON – The decision by the United States and Israel to develop and then deploy the Stuxnet computer worm against an Iranian nuclear facility late in George W. Bush’s presidency marked a significant and dangerous turning point in the gradual militarization of the Internet.
Washington has begun to cross the Rubicon. If it continues, contemporary warfare will change fundamentally as we move into hazardous and uncharted territory.
It is one thing to write viruses and lock them away safely for future use should circumstances dictate it. It is quite another to deploy them in peacetime. Stuxnet has effectively fired the starting gun in a new arms race that is very likely to lead to the spread of similar and still more powerful offensive cyberweaponry across the Internet.
Unlike nuclear or chemical weapons, however, countries are developing cyberweapons outside any regulatory framework.
There is no international treaty or agreement restricting the use of cyberweapons, which can do anything from controlling an individual laptop to disrupting an entire country’s critical telecommunications or banking infrastructure. It is in the United States’ interest to push for one before the monster it has unleashed comes home to roost.
Stuxnet was originally deployed with the specific aim of infecting the Natanz uranium enrichment facility in Iran. This required sneaking a memory stick into the plant to introduce the virus to its private and secure “offline” network. But despite Natanz’s isolation, Stuxnet somehow escaped into the cyberwild, eventually affecting hundreds of thousands of systems worldwide.
This is one of the frightening dangers of an uncontrolled arms race in cyberspace; once released, virus developers generally lose control of their inventions, which will inevitably seek out and attack the networks of innocent parties. Moreover, all countries that possess an offensive cyber capability will be tempted to use it now that the first shot has been fired.
Until recent revelations by The New York Times’ David E. Sanger, there was no definitive proof that America was behind Stuxnet. Now computer security experts have found a clear link between its creators and a newly discovered virus called Flame, which transforms infected computers into multipurpose espionage tools and has infected machines across the Middle East.
The United States has long been a commendable leader in combating the spread of malicious computer code, known as malware, that pranksters, criminals, intelligence services and terrorist organizations have been using to further their own ends. But by introducing such pernicious viruses as Stuxnet and Flame, America has severely undermined its moral and political credibility.
Flame circulated on the Web for at least four years and evaded detection by the big antivirus operators like McAfee, Symantec, Kaspersky Labs and F-Secure – companies that are vital to ensuring that law-abiding consumers can go about their business on the Web unmolested by the army of malware writers, who release nasty computer code onto the Internet to steal our money, data, intellectual property or identities.
But senior industry figures have now expressed deep worries about the state-sponsored release of the most potent malware ever seen.
During the cold war, countries’ chief assets were missiles with nuclear warheads. Generally their number and location was common knowledge, as was the damage they could inflict and how long it would take them to inflict it.
Advanced cyberwar is different: A country’s assets lie as much in the weaknesses of enemy computer defenses as in the power of the weapons it possesses. So in order to assess one’s own capability, there is a strong temptation to penetrate the enemy’s systems before a conflict erupts.
It is no good trying to hit them once hostilities have broken out; they will be prepared and there’s a risk that they already will have infected your systems. Once the logic of cyberwarfare takes hold, it is worryingly pre-emptive and can lead to the uncontrolled spread of malware.
Until now, America has been reluctant to discuss regulation of the Internet with Russia and China. Washington believes any moves toward a treaty might undermine its presumed superiority in the field of cyberweaponry and robotics.
And it fears that Moscow and Beijing would exploit a global regulation of military activity on the Web, in order to justify and further strengthen the powerful tools they already use to restrict their citizens’ freedom on the Net. The United States must now consider entering into discussions, anathema though they may be, with the world’s major powers about the rules governing the Internet as a military domain.
Any agreement should regulate only military uses of the Internet and should specifically avoid any clauses that might affect private or commercial use of the Web. Nobody can halt the worldwide rush to create cyberweapons, but a treaty could prevent their deployment in peacetime and allow for a collective response to countries or organizations that violate it.
Technical superiority is not written in stone, and the United States is arguably more dependent on networked computer systems than any other country in the world. Washington must halt the spiral toward an arms race, which, in the long term, it is not guaranteed to win.
WASHINGTON: The Flame computer virus which has been raging in the Middle East has strong links to Stuxnet, a malware program widely believed to have been developed by the United States or Israel, a security firm said Monday.
Kaspersky, the Russian computer security firm credited with discovering Flame last month, said its research shows the two programs share certain portions of code, suggesting some ties between two separate groups of programmers.
Kaspersky researcher Alexander Gostev said in a blog post that a first examination made it appear the two programs were unrelated.
“But it turns out we were wrong,” he wrote. “Our research unearthed some previously unknown facts that completely transform the current view of how Stuxnet was created and its link with Flame.”
Gostev said Flame, even though it was discovered just recently, appears to predate Stuxnet, which was created in 2009.
“By the time Stuxnet was created (in January-June 2009), the Flame platform was already in existence (we currently date its creation to no later than summer 2008) and already had modular structure,” he said.
“The Stuxnet code of 2009 used a module built on the Flame platform, probably created specifically to operate as part of Stuxnet.”
This, he said, points to the existence of “two independent developer teams… (each) developing its own platform since 2007-2008 at the latest.”
Kaspersky, one of the world’s biggest producers of anti-virus software, said the Flame virus was “about 20 times larger than Stuxnet,” the worm which was discovered in June 2010 and used against the Iranian nuclear program.
High concentrations of computers compromised by Flame were also found in Lebanon, the West Bank and Hungary. Additional infections have been reported in Austria, Russia, Hong Kong and the United Arab Emirates.
Compromised computers included many being used from home connections, according to security researchers who were looking into whether reports of infections in some places resulted from workers using laptops while traveling.
Stuxnet was designed to attack computer control systems made by German industrial giant Siemens and commonly used to manage water supplies, oil rigs, power plants and other critical infrastructure.
Most Stuxnet infections have been discovered in Iran, giving rise to speculation it was intended to sabotage nuclear facilities there. The worm was crafted to recognize the system it was to attack.
Some reports say US and Israeli intelligence services collaborated to develop the computer worm to sabotage Iran’s efforts to make a nuclear bomb.
Johannes Ullrich, a researcher at the Washington-based SANS Technology Institute, said the relationship between the two viruses remains unclear.
“Flame did initially appear very different, and I still think it wasn’t written by the same group or individual that wrote Stuxnet,” Ullrich told AFP.
“However, this doesn’t mean that the two groups didn’t coordinate or share code with each other. I do think this may have been the case with Stuxnet and Flame… the code could have been written by two different contractors who worked for the same government and as a result had access to each other’s resources.”
There will be few among us whose computers weren’t infected by a virus. We wouldn’t know if any data was ever stolen by a stranger sitting, say in Estonia. But, what we do recollect is how our laptops wouldn’t start; and we had to get the operating system reinstalled; and in the process, lose photos and videos we hadn’t backed up.
The buzz in cyberspace now is about the biggest, the most powerful, and the most complex computer virus ever discovered – variously called Flame, Flamer or Skywiper. It has sent alarm bells ringing, and has reminded us, for the umpteenth time, how even the best-protected network can be broken into.
The virus hit headlines in March/April this year, when the Iranian oil ministry was affected. And a few weeks back, researchers found Flame similar to Stuxnet virus that had disabled the centrifuges in an Iranian nuclear plant. What has stunned experts is the complexity of Flame, the size of which was 20MB, while Stuxnet was only about half a megabyte.
Calling it the dawn of a new era in cyberwarfare, Kaspersky Labs said the virus was “destined to leave an indelible mark on the cyber weapons’ landscape”. Symantec research shows Flamer has been operating for at least two years with the ability to steal documents, take screenshots of users’ desktops, spread via USB drives, disable security vendor products, and under certain conditions spread to other systems. One mode of operation is Bluetooth.
According to Shantanu Ghosh, VP and MD, India Product operations, Symantec, the Bluetooth functionality of Flame is embedded in a module, which when triggered in accordance with the configuration set by the attacker, can result in two actions: one, scan Bluetooth devices in the range, and once detected, steal details like the ID; and two, the infected computer itself will appear when any Bluetooth device scans the local area.
It is networks in mainly West Asia that have been affected, but Ghosh says infections have been reported from Hungary and Hong Kong. Are we in India under threat?
Kaspersky says that it recorded instance of attacks in India. Says Alex Gostev, chief security expert, Global Research and Analysis Team, Kaspersky Lab, “Only a few detections by Kaspersky Lab anti-virus were registered on the computers with Indian IP address. But that can be any user even a tourist from another country who was in India at that moment. The countries worst hit by Flame are Iran, Israel, Syria, Lebanon.”
Says Ghosh, “This threat is highly targeted and not likely to impact most users. In addition to particular organizations being targeted, many of the compromised computers appear to be personal computers being used from home Internet connections.”
However Naresh Raval, a web developer, sounds a word of caution. “You never know. Security agencies have all said Flame is so complex that they haven’t fully understood how it works. Internet is a vast global network, and it doesn’t take much for malware to spread, and wreak havoc.”
MOSCOW: When Eugene Kaspersky, the founder of Europe’s largest anti-virus company, discovered the Flame virus that is afflicting computers in Iran and the Middle East, he recognized it as a technologically sophisticated virus that only a government could create.
He also recognized that the virus, which he compares to the Stuxnet virus built by programmers employed by the U.S. and Israel, adds weight to his warnings of the grave dangers posed by governments that manufacture and release viruses on the Internet.
“Cyberweapons are the most dangerous innovation of this century,” he told a gathering of technology company executives, called CeBIT Australia, last month in Sydney, Australia. While the U.S. and Israel are using them to slow the nuclear bomb-making abilities of Iran, they could also be used to disrupt power grids and financial systems or even wreak havoc with military defenses.
Computer security companies have for years used their discovery of a new virus or worm to call attention to themselves and win more business from companies seeking computer protection. Kaspersky, a Russian computer security expert, and his company, Kaspersky Lab, are no different in that regard.
But he is also using his company’s integral role in exposing or decrypting three computer viruses apparently intended to slow or halt Iran’s nuclear program to argue for an international treaty banning computer warfare.
A growing array of states are using online weapons, he says, because they are “thousands of times cheaper” than conventional armaments. While anti-virus companies might catch some, only an international treaty that would ban militaries and spy agencies from making viruses will truly solve the problem.
The wide disclosure of the details of the Flame virus by Kaspersky Lab also seems intended to promote the Russian call for a ban on cyberweapons like those that blocked poison gas or expanding bullets from the armies of major states.
And that puts the Russian company in a difficult position because it already faces suspicions that it is tied to the Russian government, accusations Kaspersky has constantly knocked down as he has built his business.
While Russian officials have not commented on the discovery of Flame, the Russian minister of telecommunications gave a speech, also in May, calling for an international cyberweapon ban. Russia has also pushed for a bilateral treaty with the U.S.
The United States has agreed to discuss such a disarmament treaty with the Russians, but has also tried to encourage Russia to prosecute online crime, which flourishes in this country.
The U.S. has long objected to the Russian crusade for an online arms control ban. “There is no broad international support for a cyberweapon ban,” says James A. Lewis, a senior fellow at the Center for Strategic and International Studies in Washington. “This is a global diplomatic ploy by the Russians to take down a perceived area of U.S. military advantage.”
Russia, many security experts note, has been accused of using cyberwarfare in disputes with Estonia and wars in Georgia.
Kaspersky said that at no point did he cooperate with the Federal Security Agency, the successor agency to the KGB, as the Flame virus was not a threat to Russian citizens. Kaspersky Lab, he said, felt justified exposing the Flame virus because the company was working under the auspices of a United Nations agency. But the company has been noticeably silent on viruses perpetrated in its own backyard, where Russian-speaking criminal syndicates controlled a third of the estimated $12 billion global cybercrime market last year, according to the Russian security firm Group-IB.
Some say there is good reason for that. “He’s got family,” said Sean Sullivan, a security adviser at F-Secure, a computer security firm in Helsinki. “I wouldn’t expect them to be the most aggressive about publicizing threats in their neighborhood for fear those neighbors would retaliate.”
Last year, Kaspersky’s 19-year-old son was kidnapped by criminals demanding a ransom. The kidnappers did not appear to have ties to any of Russia’s online criminal syndicates, but Sullivan says,
“It was probably a wake-up call.”
Some computer security firms say Kaspersky’s researchers have hyped Flame. It is too early, his critics say, to call the virus a cyberweapon and to suggest it was sponsored by a state. Joe Jaroch, a vice president at Webroot, an anti-virus maker, says he first encountered a sample of Flame in 2007. He says he did not publicize the discovery because he did not consider the code sophisticated. “There are many more dangerous viruses out there,” he said. “I would be shocked if this was the work of a nation state.”
Sullivan, from F-Secure, said: “It’s interesting and complex, but not sleek and stealthy. It could be the work of a military contractor – Northrop Grumman, Lockheed Martin, Raytheon and other contractors are developing programs like these for different intelligence services. To call it a cyberweapon says more about Kaspersky’s Cold War mentality than anything else. It has to be taken with a grain of salt.”
Whether the skepticism is authentic or professional jealousy, no one doubts the Kaspersky Lab’s skills.
Kaspersky studied cryptography at a high school that was co-sponsored by the KGB and Russia’s ministry of defense, and later took a job with the Russian military. He started tracking computer viruses as a side project in 1989, after his work PC was infected with one. In 1997, he co-founded Kaspersky Lab with his wife at the time, Natalya, in their Moscow apartment.
The headquarters of the team that unraveled Flame is an open-plan office of cubicles overlooking a park on the edge of Moscow. Kaspersky eschews suits and his researchers wear Converse shoes and tattered jeans, much as their counterparts in the U.S. do. A Darth Vader mask adorns one desk.
Talent also abounds. The Belarussian virus hunter who first found the Stuxnet virus in 2010, Sergei Ulasen, now works for Kaspersky Lab.
Today, the company is one of Russia’s most recognizable exports. It commands 8 percent of the world’s software security market for businesses, with revenue reaching $612 million last year.
Yet Kaspersky says he often has to refute suggested ties to Russia’s security services. Analysts say suspicions about the firm’s Russian roots have hindered its expansion abroad.
“The U.S. government, defense contractors and lots of U.S. companies won’t work with them,” said Peter Firstbrook, director of malware research at Gartner, a research firm. “There’s no evidence that they have any back doors in their software or any ties to the Russian mafia or state. It’s a red herring, but there is still a concern that you can’t operate in Russia without being controlled by the ruling party.”
Kaspersky said his company tackled Flame upon the request of the International Telecommunications Unit, a branch of the U.N. He assigned about three dozen engineers to investigate a virus that was erasing files on computers at Iran’s oil ministry.
Kaspersky researchers, some of whom had analyzed suspected U.S. and Israeli viruses that destroyed centrifuges in Iran’s nuclear program two years earlier, were already following up on complaints from Iranian clients that Kaspersky’s anti-virus software was not catching a new type of malware on their systems, Kaspersky officials said.
“We saw an unusual structure of the code, compressed and encrypted in several ways,” Vitaly Kamlyuk, a researcher on the team that cracked the virus.
It was the first virus to look for Bluetooth-enabled devices in the vicinity, either to spread to those devices, map a user’s social or professional circle, or steal information from them. The program also contained a command called “microbe” that silently turned on users’ microphones to record their conversations and sent audio files back to the attackers. It was clearly not a virus made by criminals.
“Anti-virus companies are in a not easy situation,” Kaspersky said. “We have to protect our customers everywhere in the world. On the other hand, we understand there are quite serious powers behind these viruses.”
Even though finding viruses first is usually a boon for anti-virus companies, cracking Flame, Kaspersky said, might hurt his business in one regard. “For the next five years, we can forget about government contracts in the United States.”
Jerusalem, May 29: An unprecedented “cyber espionage worm” considered the most sophisticated spyware virus yet may have been unleashed by Israel to hit Iran and other Middle Eastern countries, with the possible aim of crippling Tehran’s nuclear ambitions.
Security experts discovered the new data-stealing virus dubbed Flame which they say has lurked inside thousands of computers across the Middle East for as long as five years as part of a sophisticated cyber warfare campaign.
Russia-based Internet security company Kaspersky Lab that uncovered the virus ‘Flame’ said it has attacked computers in Iran and elsewhere in Middle East and may have been designed to collect and delete sensitive information.
Israeli vice Prime Minister Moshe Ya’alon’s comments justifying such a measure triggered speculations that Flame may have originated from his country.
“Anyone who sees the Iranian threat as a significant threat – it’s reasonable [to assume] that he will take various steps, including these, to harm it,” Ya’alon told the Army Radio in an interview today.
In Tehran, Iranian authorities admitted that the malicious software dubbed “Flame” has attacked its computer and systems and instructed to run an urgent inspection of all cyber systems in the country.
Iran’s MAHER Center, which is part of the Islamic Republic’s Communication ministry, said that the Flame virus “has caused substantial damage” and that “massive amounts of data have been lost,” Ynetnews reported.
But Iran’s telecommunications ministry also claimed that it had developed software to clean this malware. Kaspersky, one of the world’s biggest producers of anti- virus softwares, said the bug had infected computers in Iran, the West Bank, Sudan, Syria, Lebanon, Saudi Arabia and Egypt.
Flame is “actively being used as a cyber weapon attacking entities in several countries,” Kaspersky said in a statement, describing its purpose as “cyber espionage”.
“The complexity and functionality of the newly discovered malicious programme exceed those of all other cyber menaces known to date,” the statement said.
The Internet security company also said that Flame contained a specific element that was used in the Stuxnet worm and which had not been seen in any other malware since.
On its blog, Kaspersky called Flame a “sophisticated attack toolkit,” adding that it was much more complex than Duqu, the vehicle used to deliver Stuxnet.
The Stuxnet bug, discovered in June 2010, targeted primarily Iranian computers.
Iran admitted that the worm had damaged centrifuges operating at an uranium enrichment facility at Nantaz.
A United Nations agency charged with helping member nations secure their national infrastructures plans to issue a stern warning about the risk of the Flame virus that was recently discovered in Iran and other parts of the Middle East.
“This is the most serious warning we have ever put out,” said Marco Obiso, cyber security coordinator for the U.N.’s International Telecommunications Union.
The confidential warning will tell member nations that the Flame virus is a dangerous espionage tool that could potentially be used to attack critical infrastructure, he said in an interview.
BOSTON: Security experts have discovered a new data-stealing virus dubbed Flame they say has lurked inside thousands of computers across the Middle East for as long as five years as part of a sophisticated cyber warfare campaign.
It is the most complex piece of malicious software discovered to date, said Kaspersky Lab security senior researcher Roel Schouwenberg, whose company discovered the virus. The results of the Lab’s work were made available on Monday.
Schouwenberg said he did not know who built Flame. If the Lab’s analysis is correct, Flame could be the third major cyber weapon uncovered after the Stuxnet virus that attacked Iran’s nuclear program in 2010, and its data-stealing cousin Duqu, named after the Star Wars villain.
The discovery by one of the world’s largest makers of anti-virus software will likely fuel speculation that nations have already secretly deployed other cyber weapons.
“If Flame went on undiscovered for five years, the only logical conclusion is that there are other operations ongoing that we don’t know about,” Schouwenberg said in an interview.
The Moscow-based company is controlled by Russian malware researcher Eugene Kaspersky, and gained notoriety in cyber weapons research after solving several mysteries surrounding Stuxnet and Duqu.
Researchers at Kaspersky said they were only starting to understand how Flame works because it is so complex. The full significance will not be known until other cyber security firms obtain samples of Flame.
The Lab’s research shows the largest number of infected machines are in Iran, followed by the Israel/Palestine region, then Sudan and Syria.
The virus contains about 20 times as much code as Stuxnet, which attacked an Iranian uranium enrichment facility, causing centrifuges to fail. It has about 100 times as much code as a typical virus designed to steal financial information, Schouwenberg said.
Flame can gather data files, remotely change settings on computers, turn on PC microphones to record conversations, take screen shots and log instant messaging chats.
He said there was evidence to suggest the code was commissioned by the same nation or nations that were behind Stuxnet and Duqu, which were built on a common platform.
Both Flame and Stuxnet appear to infect machines by exploiting the same flaw in the Windows operating system and employ a similar way of spreading.
That means the teams that built Stuxnet and Duqu might have had access to the same technology as the team that built Flame, he said.
Schouwenberg said he believed the attack was highly targeted, aimed mainly at businesses and academic institutions.
He estimated that no more than 5,000 personal computers around the world have been infected, including a handful in North America.
Kaspersky Lab discovered Flame while investigating reports that a virus dubbed Wiper was attacking computers in Iran.
The International Telecommunications Union, a UN agency that promotes research and cooperation on telecommunications technology, asked Kaspersky Lab to investigate those reports.
Schouwenberg said that his team discovered Flame, but failed to turn up anything that resembled Wiper.