Viruses & Malware
A group of Israeli researchers have improved on a way to steal data from air-gapped computers, thought to be safer from attack due to their isolation from the Internet.
They’ve figured out how to turn the computer into a cellular transmitter, leaking bits of data that can be picked up by a nearby low-end mobile phone.
Russian antivirus company Kaspersky revealed recently that it was the target of hackers behind the Stuxnet and Duqu worms last year. The hackers have been attacking the company’s network for months, collecting data on its operations and software. But it turns out that intelligence agencies including the NSA and GCHQ have spied on antivirus companies for years, looking for exploitable vulnerabilities.
The new report comes from newly leaked documentation from NSA-whistleblower Edward Snowden, who made them available to The Intercept.
For the past several months, different groups of attackers have distributed malware through Microsoft Office documents that contain malicious macros, reviving a technique that has been out of style for over a decade.
Macros are scripts that contain commands for automating tasks in various applications. Microsoft Office programs like Word and Excel support macros written in Visual Basic for Applications (VBA) and these can be used for malicious activities like installing malware.
Security firm Kaspersky Labs reports that a new sample of the Destover malware—the malware family used in the recent attack on the networks of Sony Pictures—has been found bearing a valid digital signature that could help it sneak past security screening on some Windows systems. And that digital signature is courtesy of a certificate stolen from Sony Pictures.
Details of malware that may have been associated with the attack on Sony Pictures were disseminated in an FBI “Flash” earlier this week. A copy of the memorandum obtained by Ars Technica details “a destructive malware used by unknown computer network exploitation (CNE) operators” that can destroy all the data on Windows computers it infects and spread itself over network file shares to attack Windows servers.