MRA Consultants has been trading for over 20 years, during this time I have built up a reputation for service, reliability and value for money. A small sample of local business I serve include  Maryport Bodyworks Centre, ABI Motor body Repairs, Taylors Joinery And Plastics, West Cumbria domestic Violence, Distington Community Centre, Macs Removals Ltd .Engineering Pipework Services Ltd, Distington club for young people, Ewanrigg Community Centre, CMS, Robin Dargavel Ltd, Lake District Coast Aquarium as well as countless numbers of individuals. Over 99% of my business comes from referrals. I was the first in the area to pioneer no fix no fee and no call out charges.

Virus Bulletin news

Compromised site serves Nuclear exploit kit together with fake BSOD

Support scammers not lying about a malware infection for a change.

During our work on the development of the VBWeb tests, which will be started soon, we came across an interesting case of an infected website that served not only the Nuclear exploit kit, but also a fake blue screen of death (BSOD) that attempted to trick the user into falling for a support scam.

When a (legitimate) website includes (legitimate) advertisements, these ads themselves are rarely included in the HTML code. Rather, the HTML contains some code -- typically JavaScript -- that loads content from an ad server, which shows the advertisements in the browser. This means a selection of advertisements can be shown that are deemed the most interesting to the particular user, while it also allows advertisers to bid for "eyeballs".

Malicious websites work in the same way. Indeed, the compromised website in question (which, unsurprisingly, ran a 2008 version of WordPress) contained a little bit of obfuscated JavaScript that inserted an iframe as well as loading another piece of JavaScript, both from the same server. These are two examples of traffic distribution systems (TDS), which are the malicious equivalent of the code used by ad networks to display relevant ads.

The de-obfuscated JavaScript code added to the compromised website. (Click the image for a larger version.)

Read more (7 paragraphs)

Throwback Thursday: Riotous Assembly

This Throwback Thursday, we turn the clock back to January 1994, shortly after Cyber Riot had emerged as the first virus capable of infecting the Windows kernel.

Today, malware that affects the Windows kernel is ubiquitous - the majority of sophisticated attacks against Windows users have at least one component executing in the operating system kernel. But in 1993, the Windows kernel remained untouched by malware - and indeed Windows viruses were somewhat cumbersome and technically quite simple. That was until Cyber Riot came along.

While previous Windows viruses had operated fairly simply, Cyber Riot was the first Windows-specific virus to remain resident and to intercept the execute function by infecting KRNL386.EXE. Not only that, but Cyber Riot used several Windows functions not documented in any of the Developers' Kits. Indeed, it can be said that Cyber Riot was one of the first advanced Windows viruses.

VB's full analysis of Cyber Riot, from January 1994, can be read here in HTML-format, or downloaded here as a PDF (no registration or subscription required).

Stagefright vulnerability leaves 950 million Android devices vulnerable to remote code execution

The operating system has been patched, but it is unclear whether users will receive those patches.

Researchers at mobile security firm Zimperium have discovered a remote code execution flaw in the Stagefright media library used on Android phones. The vulnerability allegedly means it could, for instance, take one MMS message for an attacker to run code on a targeted device. In some cases, if the device is old, this code could even be run with elevated system privileges.

Few technical details have been made public so far, but Zimperium's Joshua J. Drake will present the research at the Black Hat and DEF CON security events next week.

A patch authored by Drake in the Android-based CyanogenMod operating system suggests the problem lies in a failure to check for edge cases. However, while Drake has published screenshots of him successfully targeting a device running Android Lollipop 5.1.1, it isn't immediately clear how easy it would be for an attacker to turn this into a workable exploit for all, or at least a large portion, of the 950 million vulnerable devices. In the worst case scenario, the exploit could be turned into a worm of a size not seen for a very long time.

Read more (2 paragraphs)

Throwback Thursday: Sizewell B: Fact or Fiction?

This Throwback Thursday, we turn the clock back to 1993, when VB asked the key question: could a virus compromise safety at one of Britain's nuclear power plants?

2010 saw the discovery of Stuxnet, which targeted industrial control systems in general, with the specific target of a particular Iranian nuclear facility -- but 2010 wasn't the first time VB had reported on a virus infection at a nuclear facility.

In 1993, one of the UK's nuclear power plants, Sizewell B, fell victim to the Yankee virus. As is so often the way with these things, the media went into overdrive -- the combination of perceived danger to the public, nuclear power and computer viruses did, after all, give the story all the required elements to be highly newsworthy, and much of the portrayal bordered on the hysterical.

In December 1993, VB decided it was important to cut through the hype and ask the key question: could a virus compromise saftey at the plant? Then-editor of VB Richard Ford paid a visit to the plant and concluded that not only did Nuclear Electric, the company running Britain's nuclear power plants, take the threat of viruses seriously, but that the Yankee virus had clearly never threatened the integrity of the Sizewell B computer systems in any way whatsoever.

Read more (1 paragraph)

Call for last-minute papers for VB2015 announced

Ten speaking slots waiting to be filled with presentations on 'hot' security topics.

There's never a dull moment in the world of IT security. Whether you think the breach of spyware maker Hacking Team is the most important story of the past few months, that the breach at Ashley Madison was at least as embarrassing for those affected, or you feel that the fact that anti-virus companies were found to be targeted by a piece of sophisticated malware as well as by intelligence agencies directly is a more important story: it's been an interesting few months.

With all of this in the news, we are all the more glad that, just as in previous years, we have set aside a portion of the VB2015 conference programme for 'last-minute papers': presentations dealing with up-to-the-minute specialist topics, with the emphasis on current and emerging ('hot') topics.

We have now opened the call for papers for these slots. The deadline for submissions is 3 September 2015, after which the selection committee will go through the submissions and make the final selection.

Those selected for the last-minute presentations will be notified by email 18 days prior to the start of the conference. One complimentary conference place will be allocated to each last-minute presentation selected. (Where a presentation is submitted by more than one speaker, one free conference place will be allocated, and co-speakers (who must be named at the time of abstract submission) will receive a 50% discount on the conference registration fee.)

Read more (3 paragraphs)

Telephone 01900516363
Visitors to this page : 10,157

Digital Solutions  for Cumbria

 

 

Mobile 07944982166