Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

New Ransomware Poses As A Windows Update ( 89

Slashdot reader MojoKid quotes an article from Hot Hardware: A security researcher for AVG has discovered a new piece of ransomware called Fantom that masquerades as a critical Windows update. Victims who fall for the ruse will see a Windows screen acting like it's installing the update, but what's really happening is that the user's documents and files are being encrypted in the background...

The scam starts with a pop-up labeled as a critical update from Microsoft. Once a user decides to apply the fake update, it extracts files and executes an embedded program called WindowsUpdate.exe... As with other EDA2 ransomware, Fantom generates a random AES-128 key, encrypts it using RSA, and then uploads it to the culprit. From there, Fantom targets specific file extensions and encrypts those files using AES-128 encryption... Users affected by this are instructed to email the culprit for payment instructions.

While the ransomware is busy encrypting your files, it displays Microsoft's standard warning about not turning off the computer while the "update" is in progress. Pressing Ctrl+F4 closes that window, according to the article, "but that doesn't stop the ransomware from encrypting files in the background."

NASA's Outsourced Computer People Are Even Worse Than You Might Expect ( 252

Eric berger, writing for ArsTechnica: As part of a plan to help NASA "modernize" its desktop and laptop computers, the space agency signed a $2.5 billion services contract with HP Enterprise Services in 2011. According to HP (now HPE), part of the Agency Consolidated End-User Service (ACES) program the computing company would "modernize NASA's entire end-user infrastructure by delivering a full range of personal computing services and devices to more than 60,000 users." HPE also said the program would "allow (NASA) employees to more easily collaborate in a secure computing environment." The services contract, alas, hasn't gone quite as well as one might have hoped. This week Federal News Radio reported that HPE is doing such a poor job that NASA's chief information officer, Renee Wynn, could no longer accept the security risks associated with the contract. Wynn, therefore, did not sign off on the authority to operate (ATO) for systems and tools.A spokesperson for NASA said: "NASA continues to work with HPE to remediate vulnerabilities. As required by NASA policy, system owners must accomplish this remediation within a specified period of time. For those vulnerabilities that cannot be fully remediated within the established time frame, a Plan of Actions and Milestones (POAM) must be developed, approved, and tracked to closure."

Antivirus Software Is 'Increasingly Useless' and May Make Your Computer Less Safe ( 212

Emily Chung, writing for CBC: Is your antivirus protecting your computer or making it more hackable? Internet security experts are warning that anti-malware technology is becoming less and less effective at protecting your data and devices, and there's evidence that security software can sometimes even make your computer more vulnerable to security breaches. This week, the U.S. Department of Homeland Security's Computer Emergency Readiness Team (CERT) issued a warning about popular antivirus software made by Symantec, some of it under the Norton brand, after security researchers with Google's Project Zero found critical vulnerabilities. "These vulnerabilities are as bad as it gets. They don't require any user interaction, they affect the default configuration, and the software runs at the highest privilege levels possible," wrote Google researcher Tavis Ormandy in a blog post. Symantec said it had verified and addressed the issues in updates that users are advised to install. It's not the only instance of security software potentially making your computer less safe. Concordia University professor Mohammad Mannan and his PhD student Xavier de Carne de Carnavalet recently presented research on antivirus and parental control software packages, including popular brands like AVG, Kaspersky and BitDefender, that bypass some security features built into internet browsers to verify whether sites are safe or not in order to be able to scan encrypted connections for potential threats. In theory, they should make up for it with their own content verification systems. But Mannan's research, presented at the Network and Distributed System Security Symposium in California earlier this year, found they didn't do a very good job. "We were surprised at how bad they were," he said in an interview. "Some of them, they did not even make it secure in any sense."

Google Found Disastrous Symantec and Norton Vulnerabilities That Are 'As Bad As It Gets' ( 113

Google's Project Zero team has discovered a heap of critical vulnerabilities in Symantec and Norton security products. The flaws, the team says, allow hackers to completely compromise people's machines by simply sending them malicious self-replicating code through unopened emails or un-clicked links. According to a Fortune report, the vulnerabilities affect millions of people who run the company's endpoint security and antivirus software -- all 17 enterprise products (Symantec brand) and eight consumer and small business products (Norton brand). Dan Goodin, reporting for Ars Technica:The flaws reside in the engine the products use to reverse the compression tools malware developers use to conceal their malicious payloads. The unpackers work by parsing code contained in files before they're allowed to be downloaded or executed. Because Symantec runs the unpackers directly in the operating system kernel, errors can allow attackers to gain complete control over the vulnerable machine. Tavis Ormandy, a researcher with Google's Project Zero, said a better design would be for unpackers to run in a security "sandbox," which isolates untrusted code from sensitive parts of an operating system.

NASCAR Team Pays Ransomware Fee To Recover Files Worth $2 Million ( 58

An anonymous reader writes: "NASCAR team Circle Sport-Leavine Family Racing (CSLFR) revealed today it faced a ransomware infection this past April when it almost lost access to crucial files worth nearly $2 million, containing car parts lists and custom high-profile simulations that would have taken 1,500 man-hours to replicate," reports Softpedia. "The infection took place on the computer belonging to CSLFR's crew chief. Winston's staff detected the infection when encrypted files from Winston's computer began syncing to their joint Dropbox account." It was later discovered that he was infected with the TeslaCrypt ransomware. Because the team had no backups of the crucial data, they eventually paid the ransom (around $500). This happened before TeslaCrypt's authors decided to shut down their operations and release free decryption keys.

Fake Gaming Torrents Download Unwanted Apps Instead of Popular Games ( 92

Reader Orome1 writes: If you're looking for torrents to download pirated copies of popular games, be extra careful not to be tricked into downloading malicious and unwanted software instead. According to Symantec researchers, who have been trawling popular torrent websites, there's an active distribution campaign going on that delivers potentially unwanted apps posing as torrents for games like Assassin's Creed Syndicate, The Witcher 3, World of Warcraft: Legion, The Walking Dead: Michonne, and several others. At first glance, the torrent does not seem suspicious -- its size is as small as expected from a torrent file. After saying "Yes" to the UAC security dialogue that asks if they are sure they want to allow the program to make changes to the computer, users end up with a file downloaded from a Google Drive -- a file that is considerably larger than a torrent file (around 3.5 MB) and is obviously an executable.

ASUS Delivers Its Updates Over HTTP With No Verification ( 77

The top five PC sellers have big security holes in the third-party tools which updates their software. Now Softpedia follows up with a report that "The ASUS LiveUpdate software that comes pre-installed on all ASUS computers downloads critical BIOS and UEFI updates via plaintext HTTP and installs them without verifying the content's source or validity." An anonymous reader shares this report from developer Morgan Gangwere: "Content is delivered via ZIP archives over plain HTTP, extracted into a temporary directory and an executable run as a user in the "Administrators" NT group ("Highest Permissions" task scheduler).
Softpedia adds that "The attackers wouldn't even need to mess around modifying low-level firmware code because the update process would launch anything you throw at it. This includes spyware, backdoors, remote access trojans, and anything an attacker would wish."

Even In Remotest Africa, Windows 10 Nagware Ruins Your Day ( 224

Iain Thomson, writing for The Register: When you're stuck in the middle of the Central African Republic (CAR) trying to protect the wildlife from armed poachers and the Lord's Resistance Army, then life's pretty tough. And now Microsoft has made it tougher with Windows 10 upgrades. The Chinko Project manages roughly 17,600 square kilometres (6,795 square miles) of rainforest and savannah in the east of the CAR, near the border with South Sudan. Money is tight, and so is internet bandwidth. So the staff was more than a little displeased when one of the donated laptops the team uses began upgrading to Windows 10 automatically, pulling in gigabytes of data over a radio link. And it's not just bandwidth bills they have to worry about. "If a forced upgrade happened and crashed our PCs while in the middle of coordinating rangers under fire from armed militarized poachers, blood could literally be on Microsoft's hands," said one member of the team.This is not a one-off case. We're reading about similar incidents everyday. Automatic updates, accidental automatic update, and the humongous data that these updates eat are ruining user experience for many. These are real issues. It's been roughly a year since Windows 10 has been officially available to consumers, and Microsoft is yet to address the issue.

Top Windows OEM Lenovo Urges Customers To Uninstall Accelerator Application ( 49

Two-Factor Authentication service Duo Security reported earlier that third-party updating tools found on Dell, HP, Lenovo, Acer, and Asus (the top five Windows OEMs) are vulnerable to man-in-the-middle attack. Hours later, Lenovo, the world's largest Windows OEM by shipment figure, has issued an advisory in which it urges users to uninstall Accelerator Application, which comes preinstalled on many of its laptops and desktops models. Fortune reports: Specifically, as Lenovo said in an advisory notice, the auto-update feature in its Accelerator Application software can be exploited by a "man-in-the-middle attack" -- someone could get in between the computer and the server pushing out the updated software, fooling the computer into installing a fake version of the update instead of the genuine article. Such attacks can allow anything from surreptitious malware installation to the insertion of surveillance capabilities, or even the hijacking of PCs.

Windows Zero-Day Affecting All OS Versions On Sale For $90,000 ( 187

An anonymous reader writes: "A hacker going by the handle BuggiCorp is selling a zero-day vulnerability affecting all Windows OS versions that can allow an attacker to elevate privileges for software processes to the highest level available in Windows, known as SYSTEM," writes Softpedia. The zero-day is up for sale on a Russian underground hacking forum, and is currently available for $90,000 -- after it was initially up for $95,000. The hacker is saying he'll sell the zero-day to one person only, who'll receive its source code and a working demo. Two videos are available, one showing the hacker exploit Windows 10 with the May 2016 security patch, and another one bypassing all EMET features. While security experts think the zero-day may be overpriced, they think the hacker will find a buyer regardless.

Microsoft Warns of ZCryptor Ransomware With Self-Propagation Features ( 71

An anonymous reader writes from a report issued by Softpedia on May 27: Microsoft and several other security researchers have detected the first ransomware versions that appears to have self-propagation features, being able to spread to other machines on its own by copying itself to shared network drives or portable storage devices automatically. Called ZCryptor, this ransomware seems to enjoy quite the attention from crooks, who are actively distributing today via Flash malvertising and boobytrapped Office files that infect the victim if he enables macro support when opening the file. This just seems to be the latest addition to the ransomware family, one which recently received the ability to launch DDoS attacks while locking the user's computer.
Portables (Apple)

ASUS' ZenBook 3 Is Thinner, Lighter and Faster Than the MacBook ( 209

At the ongoing Computex trade show in China, Asus unveiled the ZenBook 3 laptop. The ZenBook 3's chassis measures 11.9mm while the whole body weighs 910g. At the event, the company's executive said that ZenBook 3 is better than both MacBook Air and the 12-inch MacBook. As for the specifications, the ZenBook 3, which is crafted from aerospace-grade aluminum alloy, sports a 12.5-inch full-HD display (1920x1080 pixels), and offers up to Core i7 processor, 16GB of 2133MHz RAM, up to a 1TB PCIe Gen 3 x4 SSD, a next-gen USB Type-C port (for power and data transfer), powerful quad-speaker audio by Harman Kardon, and a fingerprint scanner. Do note that there is only one USB port on the device. The entry-level variant featuring Core i5 processor, 256GB of SSD and 4GB of RAM is priced at 999, while the top-of-the-line model will set you back by $1,999. Asus also had nice things to say about the keyboard, though Engadget's reporter was not impressed. More details here.

Medical Equipment Crashes During Heart Procedure Because Of Antivirus Scan ( 266

An anonymous reader quotes a report from Softpedia: The device in question is Merge Hemo, a complex medical equipment used to supervise heart catheterization procedures, during which doctors insert a catheter inside blood veins and arteries in order to diagnose various types of heart diseases. According to one such report filed by Merge Healthcare in February, Merge Hemo suffered a mysterious crash right in the middle of a heart procedure when the screen went black and doctors had to reboot their computer. Merge investigated the issue and later reported to the FDA that the problem occurred because of the antivirus software running on the doctors' computer. The antivirus was configured to scan for viruses every hour, and the scan started right in the middle of the procedure. Merge says the antivirus froze access to crucial data acquired during the heart catheterization. Unable to access real-time data, the app crashed spectacularly.

Researchers Find Hybrid GozNym Malware, 24 Financial Institutions Already Affected ( 21

An anonymous reader writes: Researchers are warning about a new hybrid Trojan -- dubbed GozNym-- which is a combination of Nymaim dropper and the Gozi financial malware. IBM researchers say that the malware has been designed to target banks, ecommerce websites, and retail banking, adding that GozNym has already targeted 22 financial institutions in the United States and two in Canada. A ComputerWorld report sheds more light into it, "Nymaim is what researchers call a dropper. Its purpose is to download and run other malware programs on infected computers. It is usually distributed through Web-based exploits launched from compromised websites. Nymaim uses detection evasion techniques such as encryption, anti-VM and anti-debugging routines, and control flow obfuscation. In the past, it has primarily been used to install ransomware on computers. The integration between Nymaim and Gozi became complete in April, when a new version was discovered that combined code from both threats in a single new Trojan -- GozNym."

Petya Ransomware Uses DOS-Level Lock Screen, Prevents OS Boot Up ( 155

An anonymous reader writes: A new type of ransomware was discovered that crashes your PC into a BSOD, restarts your computer, and then prevents your OS from starting by altering the hard drive's master boot record (MBR). This keeps the user locked in a DOS screen that doubles as the ransomware's ransom note. The ransomware's name is Petya, and was currently seen only targeting HR departments in Germany.

Slashdot Top Deals

Consider the postage stamp: its usefulness consists in the ability to stick to one thing till it gets there. -- Josh Billings