14 DAY TRIAL // The latest incidents surrounding the elections in Russia and the controversial company Carrier IQ have caused quite a stir in the media and that’s why I thought it would be a good idea to ask the opinions of some experts regarding these matters.
Since they covered most of these subjects, I decided to speak with ESET researchers to find out details. Senior Malware Researcher Pierre-Marc Bureau, Senior Research Fellow David Harley and Stephen Cobb, security evangelist, were kind enough to give us some insight on these matters.
First, Pierre-Marc Bureau had a chat with me on the topic of the hacking operations and cyberattacks that took place during and after the elections in Russia, when a lot of election watchdogs and websites that protested against the current regime were taken down.
Softpedia: Since the elections started in Russia, a lot of incidents have occurred both in real life and in the online environment. Have you recorded any other recent attacks besides the ones on superjedi.ru and attrition.org?
Pierre-Marc Bureau: Having a global visibility on all the cyber attacks occurring in the world is a great challenge. For now, this is the only incident we have directly witnessed but other researchers from other companies have also reported similar cases. We are continuing to monitor the evolution of the situation.
Softpedia: A piece of malware called Win32/Flooder.Ramagedos was used to launch the DDoS attacks on the websites. Was this Trojan active before these attacks or was it launched especially for the occasion?
Pierre-Marc Bureau: The Win32/FLooder.Ramagedos trojan was active before the Russian elections. We have seen the first variants of this family of malware in August 2011. We have seen thousands of infection attempts on every continent. This indicates that this malware was not created with the only objective to censor discussions around the Russian elections.
Softpedia: ESET researchers claimed that the 4,500 computers that participated in the botnet were sufficient to disrupt access to a website with limited bandwidth and no specific DDoS protection. What could a company do to protect its website against such an attack?
Pierre-Marc Bureau: There are many things a company can do to protect itself against distributed denial of service attacks but there are no silver bullets. Distributing the traffic to multiple servers is often a good option. Monitoring the traffic and blocking the attack packets upstream can also help.
From David Harley we find out about the malicious pieces of software that may be advertised as Carrier IQ detection tools.
Softpedia: Regarding the controversy surrounding Carrier IQ, David Harley blogged about the possibility of some rogue Carrier IQ detection tools being made available. Have you discovered such phony software so far?
David Harley: I’m not aware of any specific attacks that have passed themselves off as some kind of CIQ detector to date. If it hasn’t happened so far (and I can’t say for sure that it hasn’t), it’s less likely to happen as the initial hype and panic dies down.
The issue that really concerns me at this point is this. A well-known, legitimate AV company is hardly likely to release some form of malware under the guise of a utility. However, there are already quite a few free security apps around for Android.
We already know from AV-Test (http://amtso.wordpress.com/2011/11/14/av-test-look-at-free-android-av/) that even legit free apps are wildly inconsistent in their performance.
The lack of regulation of Android apps and distribution channels means that it’s not difficult to make unequivocally malicious/fake apps available, and as with the recent spate of Trojans passed off as legitimate games, they’re unlikely to be removed until they’ve already had time to do considerable damage.
There’s nothing to stop a bad actor passing off a Trojan as a known legitimate security program: clearly, people aren’t necessarily checking that software they install comes from the right publisher or the right web site.
Finally, Stephen Cobb comes with some important advice for users.
Softpedia: Since the holidays are approaching, do you have any advice for our readers regarding the threats that may be roaming the Internet this time of year?
Stephen Cobb: The usual holiday threats are around this year: amazing-but-bogus offers, infectious spam, and phishing scams that try to harvest your personal data. We have seen the “package delivery” email scam in various forms including Canada Post, Fedex, and USPS.
These scams play on the fact that a lot of people are expecting packages at this time of year and are thus more likely to open a “package delivery failure” notification that arrives in their email.
Links within these emails then lead to a variety of flaky sites including malware infection sites. There is a short video of a faked USPS email scam here.
And a screenshot of a faked Canada Post email here.
Consumers should bear in mind that the major package delivery services do not use email for deliver failure notification.
Other scams to watch out for are deeply discounted gift cards and large prizes for survey participation that are not awarded by random drawing (nobody gets a $1,000 Walmart gift card just for telling a survey how often they use the Internet or whether they prefer Pepsi to Coke).