The trojans always activate first. Then the basestars jump into Colonial space and launch their missiles. Before long, it'll be the end of the Twelve Colonies!

[img][/img]

That's the operating system equivalent of the survivalist with a tinfoil hat and a safe full of AR-15's in his off-the-grid cabin in Montana.

Strangest of all was the ability of infected machines to transmit small amounts of network data with other infected machines even when their power cords and Ethernet cables were unplugged and their Wi-Fi and Bluetooth cards were removed

My first thought was "Halloween prank story". But then I remembered most computers now have infrared transmitters and receivers for multimedia remotes...

Which is actually quite nifty since the laptop has a sound card and mic.

Surreal.

But that required having a CRT...

Unless they were playing with such a thing and got "lucky", meaning they stumbled upon it.

But nobody that isn't pure evil would make such a thing on purpose, something that would shut down commerce, etc.

This takes a Ted K Uni-bomber kind of mentality.

No they are not too inept.

They can certainly cook something like this up.

Thought I came across one, but turned out the client screwed around with the some settings that shouldn't be, and basically used a Syskey encryption to a point where I had to reinstall XP (yes, he was running XP which made resetting the passwords impossible) on top of the screwup, and got him up and running shortly thereafter.

So I'd like to stay ahead of those ransomware and merely defeating them after what others couldn't do - so I can get in some business. Again.

Last edited Thu Oct 31, 2013, 11:42 PM - Edit history (1)

Cryptolocker encrypts your files using 2048-bit RSA encryption, and the decryption key's stored on a remote server - and they're happy to send you the key, if you send them the ransom.

Unless there's a bad implementation of the crypto, I'd say anyone hit with this malware is SOL. Hope they've got backups.

Maybe we need condoms for USB flash drives.

It operates at a very low level, close to the bare iron.

When you stick an infected USB flash drive in your system, the PC's USB subsystem detects a new device, says "Hello, who are you". The flash drive is supposed to respond with "Hello, I'm a USB flash drive." so the USB subsystem can get instructions from Windows (or Mac OS X or Linux or FreeBSD) that say "OK, you set this device up as a filesystem, so the user can access the files on the drive."

Except that in this step, the USB flash drive, instead of saying "Hello, I'm a USB flash drive." says "Hello, I'm a USB fla...bhads;hjgtewfuhtg3r q9tj-7fs 3j79g h7yt4fn7t4h8gfrh8ghtrfd", where that last string is a hackerly trick called a buffer overrun attack. If the system's vulnerable to such attacks, the buffer overrun attack will blow through the end of the piece of memory that the USB subsystem's using to pick up and store messages from the USB key, goes way past that, and overwrites some code in the stack that points to executable code, so instead it points to malware code.

Boom, your USB subsystem has just been hijacked, in a subroutine that's executing down in the BIOS, not up in Windows, and from there, it plants its seeds in strategic places in your system.

Strikes me as odd that only one guy has seen this. All of the comments from security professionals though taking it seriously worries me.

Sounds unbelievable. Will definitely be keeping an eye on this.

So he may be coming to wrong conclusions about the data being transmitted by sound, but if what he said was correct, that is the only explanation I can come up with. He said he unplugged everything else.

It's an incredible find if so. NSA level stuff.

edit: He'll be revealing what he found at CanSecWest next week according to this article: http://blog.erratasec.com/2013/10/badbios-features-explained.html