Lost+Found: Macro viruses are back, tapjacking and hashing with cats
Too short for news, too good to lose; Lost+Found is a roundup of useful and interesting security news. In this edition: The return of macro viruses, malicious apps in store, malicious modules in Apache servers, tapjacking, cracking encrypted drives through firewire, btrfs and hashing with cats.
- Sudoku was previously considered a largely harmless pastime but not any more. A Sophos virus researcher has discovered an Excel file which generate new logic puzzles – but at a high price. For the generator to work, you have to activate the macros in Excel, allowing the program to then install malware in the background. The malware scoops up various bits of system information, encodes it and mails it to an aol.com address.
- Trend Micro say they have spotted 455 malicious apps on Google's Play Store, but then opinions differ on what actually constitutes malware; recently Kaspersky listed apps as malware which did nothing or encouraged the user to shake their phone to charge it.
- Clickjacking, where mouse clicks are captured, is now an old hat from the mouse age. In the tablet and smartphone age, Tapjacking is where it's at.
- With BitLocker, TrueCrypt and others, encrypted drives can be decrypted if a memory image from the computer contains the decryption key. Attackers can get to the memory via Firewire or Thunderbolt connections and Passware has offered a suitable tool for this task for some time. Elcomsoft has now released its own tool for the purpose.
- Btrfs, the designated successor to the ext4 filesystem, has a problem with hash collisions such that if an attacker creates file system entries with identical hashes it can slow down the system. For those who need to explain how hash collisions work, a nice explanation using cats is available.