Expect More Worms

The team at PandaLabs has discovered an application that converts any given executable into a worm. Apparently originating in Spain the tool allows a user to wrap any executable in worm code using a simple GUI interface. There are options for enabling Mutex, UPX compression, and disabling various operating system components. We will continue to see these types of tools lower the technical threshold of attackers and increase the number of malicious agents increase in the wild.

Security practitioners need to continue to assist their clients in developing defense in depth strategies that will reduce risk and exposure to these threats. Key elements to address would be identifying key at risk assests, moving towards enclave computing and adding more rigorous security testing of Internet facing applications (slowing their deployment if necessary). The need for security awareness training that is both engaging and current will continue to increase.

For more details on the tool itself you can visit:  http://pandalabs.pandasecurity.com/archive/T2W-_2D002D003E00_-Trojan-to-Worm.aspx

0wned By a Picture Frame & Other Digital Errata

First it was Trojan firmware on network routers, firewalls and other network appliances. That was followed by attackers installing trojans and malware on USB keys and then dumping them back into those sale bins by the registers. Now, SANS is reporting that a number of digital picture frames sold by retailers were pre-infected with malware, just waiting to be mounted on a PC during the picture loading process.

As we have been predicting in the State of the Threat presentations for more than a year, the attackers have found new and insidious ways to turn the newest and seemingly most benign technologies into platforms of attack. Now that just about everything from refrigerators to washing machines and from toasters to picture frames have memory, CPU and connectivity – the vectors for malware introduction and propagation are becoming logarithmically more available. As computers, mesh networks and home automation continue to merge, we have to think differently about risk, threats and vulnerabilities.

Until we as security folks can get our head around overall strategies for securing the personal networks and tools we become more dependent upon each day, we have to rely on point tactics like wiping drives when we get them, reloading firmware on all devices – even new ones – from trusted vendor sources and doing the basics to secure home and business networks and systems. Hopefully, one day soon, we can build better, more proactive solutions like integrated hashing, malware identification and other mechanisms for alerting users to basic tampering with our devices. While we geeks are getting the wired world we always dreamed of, we are learning all too quickly that it comes with some unexpected risk…