6 C
Wednesday, November 22, 2017
Home Tags Trojan Horse

Tag: Trojan Horse

There is a lot of talk about devops these days, particularly how itrsquo;s a Trojan horse for slower IT shops that have struggled to digitize at a fast-enough pace.

But at what cost do you place speed over upholding the integrity and soundness of your software?I recently spoke on a panel at the MIT CIO Symposium called Running IT Like a Factory. One of my co-panelists, the CIO of a major bank, talked a lot about cloud-native companies, and how Netflix does 3,000 releases per month and Amazon does 11,000 releases per year. He also referenced the robustness of AWS and how companies like this can create a ton of value very quickly.To read this article in full or to leave a comment, please click here
Oh, well, that's all right then Barts Health NHS Trust has blamed the disruption of its IT systems last Friday on a trojan horse infection and not ransomware. The trust, which runs five east London hospitals and is among the biggest in the UK, was forced to quarantine systems in response to the outbreak last week.
In an update on Monday, the trust said that systems are back to normal and there was no leak of confidential data. On Friday 13 January 2017 Barts Health discovered and took immediate steps to contain a virus in the Trust's computers.

The virus has been quarantined, and all major clinical systems are now up and running. No patient data was affected, there was no unauthorised access to medical records, and our anti-virus protection has now been updated to prevent any recurrence. Early reports on Friday, based on a supposed email sent out to staff, said that the trust was grappling with a file-scrambling ransomware outbreak, like many of its sister NHS hospitals before it.

Dead wrong, according to the trust. "The incident was caused by Trojan malware, not ransomware.

The particular virus has never been seen before and, whilst it had the potential to do significant damage to computer network files, our measures to contain the virus were successful," it said. ® Sponsored: Next gen cybersecurity.
Visit The Register's security hub
Malware can be introduced into a system or network in the form of a virus, a worm, spyware, a Trojan horse, adware or ransomware.
It is any malicious program that could potentially impact an organization's privacy and security.

An example currently dis...
Researchers say tracking data flows in processor chips could give companies and government agencies a way to detect malicious modifications to chip designs. While Moore's Law has a limit, the steady march of increasingly sophisticated chip designs that incorporate an ever increasing number of transistors on a chip has made designing device controllers and processors more complex.As a result, errors can creep into designs, but even more alarming, according to computer scientists, is that it's possible that a malicious agent in the chip supply chain could insert Trojan horse functionality into processor designs.Creating "kill codes" or adding surreptitious surveillance to chip designs may seem like the far-fetched scenario of a good modern thriller, but the capability exists, according to Ryan Kastner, a professor in the department of computer science and engineering at the University of California, San Diego.With hardware design frequently an activity that involves global teams, the risk of a compromise in the supply chain is real, Kastner told eWEEK. "The designs are super complex.

And even when it's not, it is not easy to figure out the potential issues posed by design choices, even if the same group is developing the entire chip," he said. Academic researchers have focused a great deal of effort to find ways of detecting hardware Trojan horses—devices, chips or modifications to a piece of hardware that allows an attacker access to the device.Kastner, along with researchers from Northwestern Polytechnical University and a startup company, Tortuga Logic, has instead focused on the chip-design phase, creating a way of checking a chip design for unexpected functionality. Known as gate-level information-flow tracking, or GLIFT, the technique can detect design anomalies, which could be mistakes made by engineers or malicious modifications made by an adversary.Chip designs have millions—and often, billions—of transistors.

The A8 chip, which is the main processor for Apple’s iPhone 6, has 2 billion transistors, for example.

The Xbox One’s system-on-a-chip boasts 5 billion transistors.
Intel’s largest chip—the 22-core Xeon Broadwell-E5—has 7.2 billion.Making sure that the designs of those chips—and peripheral components, such as networking and encryption processors—do not have embedded trojan horses is difficult."The modern chip has thousands of 'lines of code' that they use to specify a modern chip that gets compiled down to a specification that is sent to the foundry,” Kastner said. "The trojans could be hiding in that code, and because we reuse a lot of code, any malicious changes could be passed along the supply chain."To ferret out potentially malicious changes, the researchers' technique uses information-flow tracking to identify a piece of information—such as an encryption key or credit-card data—and then see where in the chip that information could flow to based on the design.Using the analysis, a designer could specify the security properties of the chip, such as whether a specific piece of data should be allowed to be stored in an untrusted part of the chip or allowed to be communicated to a part of the design made by an untrusted group."If the property is violated, then you know that something weird is happening," he said. "Maybe it is a bug, but it could be malicious."GLIFT is a technology that is currently being used by Tortuga Logic, to find flaws in client's chip designs.
Most people’s computers get exploited in only a handful of ways.

Among the most popular methods is tricking people into downloading and running Trojans. Often, unsuspecting users get socially engineered into running a malicious file or app by following a link in email or visiting a website. It can be tough to spot the fake stuff, so here's what you should watch for. 1.

Emails with links to suspicious downloads Yes, you can be sent legitimate info in emails, but 99 percent of it is either garbage or malicious.

Due to antispam measures, most vendors now use methods other than email to advertise and spread their software. You know better.

Don't fall for this. 2. Promos for antimalware software, disk cleaners, and optimizers Find out what your antivirus program looks like when it's scanning for malware, so when you see the fake one, you’ll know the difference.
In general, real antivirus programs will not pop up when you visit a website -- then begin scanning your computer and claiming you’re infected with dozens of viruses. Real antivirus software pops up and tells you it has blocked one malware program.

The fake stuff usually also wants to scan your whole computer. Malware writers also like to hide their rogue creations in fake disk compressors and optimizer programs.

Don’t install computer optimization programs. Most of them, including the real stuff, are junk. 3. Websites that ask you to install software It's the rare website that asks you to install an app or a plugin to enjoy its content. Most often the site has either been created or modified by hackers to trick you into installing software. Want to stay uninfected? Don’t install software from websites unless you're 100 percent sure the software is needed and is a legitimate product. This includes Java, Adobe Acrobat, and Flash.

Be especially suspicious if you know you’ve already installed what is ostensibly required -- and absolutely reject the install if the link doesn’t point to the legitimate vendor’s website. Legitimate vendors do not let other websites install their software. (The exceptions are legitimate proxy sites such as Download.com.) 4.

The program you downloaded doesn't do what it said it would Let's say you've followed a request to download and run software so that you can view an “encrypted” file.

But after doing so, you can’t read the purported (bait) document. Or you downloaded an app that was supposed to speed up your computer, but it doesn't work.
Some Trojan horse programs follow through with the promised action, but most don’t. 5. Your computer is much slower after installation If you install a program and your computer runs much slower, you should suspect malware is at work, especially if the promised action fails to materialize.
Sure, if you install a huge hunk of software, you can expect your computer to drop the pace a bit.

But if you install a small program and your computer crawls like molasses, something is up. 6. Your antimalware tools have been disabled Here's a huge warning sign: Your antimalware tools or firewall no longer work. Unless you downloaded and installed another antimalware product or personal firewall, the ones you are currently running should still be active.

But many malicious programs start by disabling your current protection. 7.

Task Manager does not start Along the same lines, if you try to start Task Manager and it doesn't load, you probably have malware to blame.
I’ve also seen Task Manager pop up for a second, then disappear.
It's the same situation. 8. You can't uninstall the program A legitimate program is required to include an uninstall option, but malware programs don’t like to be uninstalled.
If the newly downloaded program doesn’t uninstall, look out.
If it includes an option to uninstall, but doesn’t carry out the action, look out. Yes, uninstall routines sometimes get hosed and fail -- but usually not right away. 9.

A funky end-user license agreement Most people don’t read the end-user license agreement (EULA) before they install a program.
I do -- and I’ve seen malicious acts spelled out in English.
I’ve seen one EULA that claimed after the program was installed, my computer and data was its property and it reserved the right to disable any action I took to uninstall the program.

That EULA certainly wouldn’t hold up in court, but at least it warned me. What should you do? When in doubt, chicken out and don’t install.

Close the browser if you have to.
If it's truly legitimate software that you need to access a website, go directly to the vendor’s website to download.

For example, if you absolutely need Adobe Acrobat, open a new browser window, surf to adobe.com, and install it from there. What if it's too late? Fire up your antivirus scanner to see if it detects any abnormal activity.

Better yet, if you have a Windows computer, use Microsoft’s free Process Explorer utility that runs all active executables against up to 57 antivirus engines.
See my prior article about this or watch my video. You can’t beat its accuracy of this method for detecting malware.