In association with heise online

27 December 2012, 10:39

Lost+Found: Macro viruses are back, tapjacking and hashing with cats

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Lost+Found icon Too short for news, too good to lose; Lost+Found is a roundup of useful and interesting security news. In this edition: The return of macro viruses, malicious apps in store, malicious modules in Apache servers, tapjacking, cracking encrypted drives through firewire, btrfs and hashing with cats.

  • Sudoku was previously considered a largely harmless pastime but not any more. A Sophos virus researcher has discovered an Excel file which generate new logic puzzles – but at a high price. For the generator to work, you have to activate the macros in Excel, allowing the program to then install malware in the background. The malware scoops up various bits of system information, encodes it and mails it to an address.

  • Trend Micro say they have spotted 455 malicious apps on Google's Play Store, but then opinions differ on what actually constitutes malware; recently Kaspersky listed apps as malware which did nothing or encouraged the user to shake their phone to charge it.

  • After breaking into a Linux server, attackers usually try to modify the web pages hosted on the site to link to one of their exploit kits. The easy way is to edit the HTML or JavaScript source code installed on the system. A more sophisticated variant would be to install a rootkit which manipulates the network traffic. Eset seems to have discovered a new attack variant which sits somewhere in between – a special Apache module which injects malicious iframes into pages.

  • Clickjacking, where mouse clicks are captured, is now an old hat from the mouse age. In the tablet and smartphone age, Tapjacking is where it's at.

  • With BitLocker, TrueCrypt and others, encrypted drives can be decrypted if a memory image from the computer contains the decryption key. Attackers can get to the memory via Firewire or Thunderbolt connections and Passware has offered a suitable tool for this task for some time. Elcomsoft has now released its own tool for the purpose.

  • Btrfs, the designated successor to the ext4 filesystem, has a problem with hash collisions such that if an attacker creates file system entries with identical hashes it can slow down the system. For those who need to explain how hash collisions work, a nice explanation using cats is available.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit