Image and video hosting by TinyPic

Monday, June 11, 2012

How to use malware to frame people you don't like...and TAKE OVER THE WORLD!

Kaspersky labs has determined that the widespread Flame and Stuxnet viruses share code and therefore must have had similar origins.

Most people believe that these cyber weapons resulted from a joint US/Israel effort targeting Iran. It is known that Stuxnet was supposed to have a "kill switch" which would deactivate it after at certain date. Apparently, the Israelis killed the kill switch and spread the malware around the world.

Now, Israel is bragging that Stuxnet was theirs, theirs alone, and how dare That Bastard Obama claim to have anything to do with it. The story appears on Breitbart, natch.

(Actually, I don't recall seeing Obama crow about Stuxnet. It's not the sort of thing a president crows about.)

I, for one, am perfectly fine with giving Israel sole credit. For what it is worth, however, there are others who claim that these cyber attacks were indeed a joint venture which began during the Bush administration. Kaspersky thinks Flame has been out there for perhaps five years.

Flame is widespread and allegedly undetectable. The virus gives an outsider complete control over a target's computer.

And who might be targeted? Hmmm. Pinky...are you pondering what I'm pondering...?

On a completely unrelated note: Eighty-seven congressional representatives are calling for an investigation of the alleged SWATs pulled on two conservative bloggers, as discussed in earlier posts. A barrage of right-wing bloggers have blamed the attacks on one Brett Kimberlin, against whom there is, as of this writing, no evidence. (But he does have a bad rap sheet.) The right-wingers have acted with such sheer, robotic coordination as to make it obvious that there a Master Plan controlling their efforts.

Obviously, this "SWAT" business is a propaganda effort designed to create the impression that left-wingers are terrorists.

By way of comparison: Nobody in Congress called for an investigation into the links between far-right, fanatically pro-Israel libertarians like Pam Geller and mad killer Anders Breivik, who opened fire on a youth camp in Norway. Geller -- frequently seen on Fox News -- was Breivik's acknowledged inspiration. And the admiration was mutual:
Geller justifies Breivik’s attack on the Norwegian Labour Party summer youth camp because she says the camp is part of an anti-Israel “indoctrination training center.” She says the victims would have grown up to become “future leaders of the party responsible for flooding Norway with Muslims who refuse to assimilate, who commit major violence against Norwegian natives including violent gang rapes, with impunity, and who live on the dole.”
After the shooting, Geller engaged in some very telling self-censorship:
Tellingly, Pamela Geller attempted to wash her hands of any pre knowledge of Breivik’s plans by excising a paragraph from one of his long rants which she posted in 2007. The portion cut out:  “We are stockpiling and caching weapons, ammunition and equipment. This is going to happen fast.”
There are no leftwingers "stockpiling and caching weapons, ammunition and equipment." There are no liberals ominously declaring that "This is going to happen fast."

That's a right-wing thing.

Obviously, the Tea Partiers are the ones who have genuine links to terror. Yet Congress will not investigate Geller -- in fact, congressmen are happy to pose for pictures with her.

Instead, the Republicans are going along with this ominous attempt to gin up evidence against an alleged leftist "leader" whom almost nobody on the actual left knew about or cared about until the Breitbarters started caterwauling about him.

And just how easy would it be to gin up evidence against Kimberlin...?

Send your eyeballs north. Re-read the section about Flame and Stuxnet.

Remember: Flame gives an outsider complete control over your computer. Your computer can be used to make phone calls, as outlined here. The evidence indicates that the SWAT calls are made from targeted computers, using VOIP.

Could Flame (or some similar trojan) have found its way onto Kimberlin's computer? Dude, that shit is everywhere.

Flame or worse could be on your system right now. While you're out of the house, someone could commandeer your computer to threaten the President. Behind your back, your system could be sending out an email to your boss confessing that extraterrestrials have told you to burn buildings. While you sleep, your computer could fire up IRC to download kiddie porn.

That's the power of Flame.

I would not be even slightly surprised if an investigation traces the SWAT calls to Brett Kimberlin's IP address. But even if that happens, should we go along with the presumption that he actually did it?

Hell no.

Cui bono? Who has benefited from SWAT hysteria?
And I have no doubt that this is true. But how do you prove it? Or protect against such an attack?
Flame and Stuxnet are both targeted at Windows, so no they couldn't be on my computer right now.

Go thou and do likewise.
P: You can't know that Apple products are impervious. As an OS grows in popularity, it attracts malware.

Anon: It is the business of our anti-virus companies to figure out a way to combat Flame. Right now, a lot of people in that world are beating themselves up because this stuff got so out of hand.

Basically, Flame resists normal signature detection and heuristic detection. To your antivirus scanner, it looks like normal code.
(Actually, I don't recall seeing Obama crow about Stuxnet. It's not the sort of thing a president crows about.)

Obama himself? Of course not! "Anonymous sources within the administration"?

P: You can't know that Apple products are impervious. As an OS grows in popularity, it attracts malware.

Who said anything about Apple?
As you say, Breivik has acknowledged Geller as inspiration, but I'm not convinced that the rant she posted, and from which she excised the reference to stockpiling weapons, was written by Breivik.

Its author says "I believe we are the very last generation on earth before the return of God". That doesn't sound like Breivik to me. LittleGreenFootballs link here.
For the technically interested, some perspective on just how advanced flame is (quick summary: pretty darn)

In any event, I'd like there to be a full investigation, with subpoena power, of these allegations. And naturally, I would hope they would lead to prosecution of those responsible: whether they're actually "SWATting", or just folks making false police reports on their own and blaming others for them.

Personally, I think the whole thing is a hoax.

Flame apparently deposits most of its components on your system in the form of .ocx files (which is the file format used for ActiveX/OLE custom controls on Microsoft systems). If you have a Microsoft OS or applications on your system, you doubtless have tons of these suckers, so identifying the fake ones is going to be a little difficult.

Keeping your system MS-free makes it easier. If you must run MS products, running them inside a locked-down VM is the next best thing.
You know, I'm curious why (or even IF) Iran uses Microsoft stuff. It's my understanding that Microsoft can't sell products directly to Iran. Other countries don't have that restriction, of course, and could turn around and sell to them. But why the hell would they even want to use Microsoft stuff? Surely they would know that that would be a huge security risk, being a US company that will help the US government if asked.
According to Kim Zetter of Wired magazine, flame infects a computer during the OS updating process. Most updated anti-virus software will detect it and isolate it.

I agree with Propertius regarding the locked down VM but would add again that using the VM for all internet use is the way to go. Any operating system can be vulnerable to exploits. The advantage of a VM is the ability to restore it to a previous state and wipe out all changes to the system. Booting with a live DVD would work just as well.

I think that people should at least get used to the idea of not being too dependent on the existing state of their machines. They should have all their data and installation files on something else and every several months do a full restore with a clean backup to clear out anything malicious that they might have picked up. I've had to deal with a lot of recent malware on user PCs, and this is the simplest way to handle it. The days of just de-registering and deleting some DLL files and then cleaning up the registry are over.
Post a Comment

<< Home

This page is 

powered by Blogger. 

Isn't yours?

Image and video hosting by TinyPic

Image and video hosting by TinyPic