MRA Consultants has been trading for over 20 years, during this time I have built up a reputation for service, reliability and value for money. A small sample of local business I serve include  Maryport Bodyworks Centre, ABI Motor body Repairs, Taylors Joinery And Plastics, West Cumbria domestic Violence, Distington Community Centre, Macs Removals Ltd .Engineering Pipework Services Ltd, Distington club for young people, Ewanrigg Community Centre, CMS, Robin Dargavel Ltd, Lake District Coast Aquarium as well as countless numbers of individuals. Over 99% of my business comes from referrals. I was the first in the area to pioneer no fix no fee and no call out charges.

Virus Bulletin news

VB2014 preview: Design to discover: security analytics with 3D visualization engine

Thibault Reuille and Dhia Mahjoub use particle physics to shows clusters of malicious domains.

In the weeks running up to VB2014 (the 24th Virus Bulletin International Conference), we will look at some of the research that will be presented at the event. Today, we look at the paper ' Design to discover: security analytics with 3D visualization engine', by Thibault Reuille ( @ThibaultReuille) and Dhia Mahjoub ( @DhiaLite), security researchers at OpenDNS.

Whatever you think of the term 'big data', the fact is that there is a lot of data out there, and this can provide useful information that wouldn't otherwise be available. Recommendations for books and films based on what others with a similar taste have read or watched are a well-known and widely used example of this.

In the first part of their paper (which they wrote together with their colleague Ping Yan), Thibault and Dhia apply this idea to command and control domains for botnets, in particular the CryptoLocker ransomware. By analysing a large amount of DNS data -- which no doubt they see a lot of at OpenDNS -- they were able to identify all of the domains the malware connected to based on only a few known C&C domains and without reverse-engineering the DGA algorithm or analysing the content of the connections.

Thibault and Dhia have told me that, during their presentation at VB2014, they will do the same for the 'GameOver Zeus' botnet, the subject of a prominent takedown, followed by a just as spectacular revival, recently.

Read more (6 paragraphs)

Malicious ads served on java.com

If you do need to run plug-ins, make sure you enable click-to-play.

Last week, we published a blog previewing the VB2014 paper ' Optimized mal-ops. Hack the ad network like a boss' by Bromium researchers Vadim Kotov and Rahul Kashyap. In the paper, they show how purchasing ad space from legitimate ad servers, and using it to serve malicious ads, gives malware authors a lot more opportunities to spread their malicious creations than exploit kits ever did.

As if the paper didn't make this point strongly enough already, Fox-IT researcher Yonathan Klijnsma has discovered a campaign that served malicious ads on a number of prominent websites, including tmz.com, ibtimes.com and java.com -- in all cases, vulnerable users were infected without having to click on the ads.

There is some irony in the malware being served on java.com, as exploits targeting the Java browser plug-in are commonly used to serve malware. Although these days exploit kits tend to focus mostly on Flash and Silverlight exploits, few people actually need the Java plug-in, and uninstalling is much easier than always making sure you have the latest version running. If you do need to run the Java plug-in, at the very least you should take advantage of click-to-play.

Read more (1 paragraph)

Srizbi kernel-mode spambot reappears as Pitou

Malware possibly still in the 'brewing' stage.

In November 2007, we published an article by Kimmo Kasslin ( F-Secure) and Elia Florio ( Symantec), in which they analysed the 'Srizbi' trojan, notable for being the first malware found in the wild that operated fully in kernel mode. It appears that Srizbi has made a return.

In a whitepaper published today ( pdf), researchers at F-Secure describe 'Pitou', a piece of malware that the authors believe is a revival of Srizbi. And while the two families share a number of similarities, as well as the objective to send spam, the researchers considered the change in code significant enough to justify a new name for the latest incarnation.

As cybercrime goes, spam is considered neither particularly advanced, nor very profitable, so it is interesting to see that a number of fairly advanced, though not entirely new, techniques are being used by the trojan. Among these are 'DLL hijacking' by the dropper to escalate privileges, hijacking the BIOS interrupt handler, and the use of a domain generating algorithm (DGA) to communicate with its command and control servers.

Pitou is believed to have spread via drive-by downloads and through a number of downloaders, which themselves were downloaded via malicious spam. However, the malware is nowhere near as widely propagated as its predecessor was, and it is possible that Pitou is still in the 'brewing' stage. This, of course, makes it all the more important to keep a close eye on how the trojan develops; thankfully, the whitepaper provides many technical details.

Read more (1 paragraph)

VB2014 preview: Methods of malware persistence on Mac OS X

Patrick Wardle shows that OS X users really have something to worry about.

In the weeks running up to VB2014 (the 24th Virus Bulletin International Conference), we will look at some of the research that will be presented at the event. Today, we look at the paper ' Methods of malware persistence on Mac OS X', by Patrick Wardle ( @patrickwardle), Director of Research at Synack.

The very first in-the-wild virus, Elk Cloner, targeted Macs (in particular the Apple II). Yet over the course of time, many Mac users came to believe that they were immune to malware - a belief no doubt strengthened by an Apple marketing campaign.

In recent years, this belief has been proven wrong, for instance by the prevalent 'Flashback' trojan, or the 'Crisis' rootkit, allegedly used by some governments. And indeed, Apple has built a number of tools into OS X with the explicit purpose of keeping malware at bay.

However, as Patrick shows in his paper, tools such as XProtect and Gatekeeper are relatively easy to bypass. OS X's verification of binary signatures, and even the fact that kernel extensions need to be signed, don't provide the protection they promise. In the latter case, the fact that verification takes place in user mode certainly doesn't help.

Read more (8 paragraphs)

More than two million home routers have 'wide open backdoor'

Default password makes vulnerability easy to exploit.

Researchers at Trend Micro have discovered an easy-to-exploit backdoor in routers from Chinese manufacturer Netcore, that allows an attacker to take almost complete control of the device, with very little that users can do to protect themselves.

The backdoor consists of the router listening on UDP port 53413 - a port which, in a common setup, will be accessible from the Internet. While a password is required to access the backdoor, this password is the same among all routers the firm produces. Trend Micro's Tim Yeh found there to be at least two million vulnerable routers listening on the Internet.

Having gained access to the router, the attacker's life is made even easier as the credentials of the web interface are stored in the clear on the device. The attacker can then perform man-in-the-middle attacks on any device that uses the router for Internet connectivity.

Connections using SSL/TLS are in principle not affected by such man-in-the-middle attacks, at least not when performed by run-of-the-mill attackers, but many services still use, or happily fall back to, an unencrypted and unauthenticated connection. Moreover, many an impatient user will probably ignore the warnings anyway.

Read more (3 paragraphs)

Telephone 01900516363
Visitors to this page : 6,561

Digital Solutions  for Cumbria

 

 

Mobile 07944982166