Lost+Found: Hacking keyloggers, honeypots and the return of TDL4
Too short for news, too good to lose; Lost+Found is a roundup of useful security news. This time: Hacking a hardware keylogger, setting up a free cloud-based honeypot with Amazon EC2, a GUI for ping.exe, the supposed return of TDL4 and a hotel master key disguised as a dry erase marker.
- How do you crack the access code for a hardware keylogger discovered between a keyboard and a computer? By using a Teensy USB development board which identifies itself as a USB keyboard and runs through every possible key combination.
- Amazon's E2C cloud computing instances can be used for all sorts of things, including setting up a honeypot on which cyber-fraudsters can get up to as much mischief as they want. And the cost? £0.00.
- We're not sure which is worse: the fact that a GUI for ping.exe even exists or that it's been written in Visual Basic. But then it was created by experts in forensics...
- Based on analysis of network traffic, security company Damballa claims to have identified a new version of the TDL4 rootkit, which it has christened Damballa DGAv14. It was, however, unable to find the actual malware, even though it has allegedly already infected 46 of the Fortune Global 500 companies. DGA stands for domain generation algorithm, by which infected bots determine the domain name for the current command and control server.
- Building on a presentation from the Black Hat Security conference by Cody Brocious, the hackers at Trustwave's SpiderLabs have created an Arduino-based hotel room master key for the Onity HT lock system that fits into a dry erase marker.
(crve)