Slashdot Mirror
When Hacked PCs Self-Destruct
An anonymous reader writes "From The Washington Post's Security Fix blog comes a tale that should make any Windows home user or system admin cringe. It seems the latest version of the Zeus Trojan ships with a command that will tell all infected systems to self-destruct. From the piece: 'Most security experts will tell you that while this so-called "nuclear option" is an available feature in some malware, it is hardly ever used. Disabling infected systems is counterproductive for attackers, who generally focus on hoovering as much personal and financial data as they can from the PCs they control. But try telling that to Roman Hüssy, a 21-year-old Swiss information technology expert, who last month witnessed a collection of more than 100,000 hacked Microsoft Windows systems tearing themselves apart at the command of their cyber criminal overlords.'"
Could you screw with the voltage and thermal thresholds to cause a system to literally self destruct?
It is far worse.
A friend, just last night, showed me his highly-infected laptop (please, being serious here). Not only did he have one of those "Infect the "customer", then sell them a fake cure" scams, but he had what appeared to be an everyday Trojan, with one huge difference.
It had created a hidden partition (I deduced this from HD size discrepency between reported size and actual), copied over enough "Windows" to run as a separate OS, then nuked his normal partition OS. When he reformatted, he wasn't paying attention (didn't know any better) and didn't delete that partition. The trojan was essentially maintained, right through a reformat (albeit, an incomplete one). It was an easy mistake to make considering how many Dell/Compaq built machines come with a separate 10-20GB partition that isn't always deleted on reformat, and for that reason the numbers for HD partition space don't always add up.
Here is where the sneaky part comes in. They nuked his OS, right?
NOW, after he thinks everything is groovy, he starts reinstalling applications, re-entering information and passwords and re-bookmarking sites. All while the trojan watches.
THAT is what the "nuclear winter" is for in these cases, to lull the user into a false sense of security.
If he reformatted his C: and installed a fresh windows on there, how were files from the windows install on the hidden D: being launched by the trojan? Especially if you launch an install from a bootable device such as a CD, I don't quite see how the hidden install on the second drive would be able to interfere with the reinstall or operation of the fresh install?
People replying to my sig annoy me. That's why I change it all the time.
Any machine today can self-destruct given the right circumstances.
The problem lies in the fact that all computers have a flash bios that usually isn't write protected in hardware.
And hard disks have their firmware in flash, which also can result in "interesting" permanent crashes.
So if a hacker wanted to give a certain operating system bad credit all that's needed is to prepare a huge botnet and then blow the machines.
Counter-productive - yes, but don't expect the internet to be free of vandals. We have vandal-protected ATM:s and a lot of things are suffering from vandalism even though there is no reason, so why not your machine?
If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
Yep, that would certainly be one use but my guess is they got a tip off that someone was close to indentifying them. Ever since I was stung by a dialer in the nineties I've always wondered about the impunity these guys seem to operate with. I used to think it was because nobody knew/cared but they cannot do this shit unless they also have friends in high places, especially telco places.
I told the phone company all about the dialer and that I knew it was my teenage son clicking porn links, their response was basically sorry but have already paid the $300 to the Russian telco who has already paid it to the 1900 number, if you don't pay us the $300 we will not only cut you off but will alert other vendors to your unpaid bills. I told them to go ask the Russians for their money back due to obvious and traceable fraud, they cut me off, I paid, we kissed and made up.
And did you exchange a walk on part in the war for a lead role in a cage? - Pink Floyd.
Actually, by "normal use of a computer" your computer can indeed cause serious damage to other computers, or to property. That's what TFA is all about.
Let's look at "normal use of a computer." And by "normal" I don't mean "geek normal", I mean "Joe Sixpack normal".
Joe Sixpack goes to Best Buy and buys a computer. He doesn't spend the $50 for the anti-virus software ($50 a year? The hell I will!) or $50 for a firewall (I already pay the cable company for this blue box just like it), and he dismisses every single warning, checking the "don't show me this again" box because he didn't understand it the first time. And then he surfs to the porn sites. So what we'd consider reckless behavior is pretty much "normal use of a computer".
There are no cops to give him a ticket for surfing on unsafe equipment, because it's not illegal. Nobody's going to protect him because he's not willing to pay extra for anti-virus. And we all know that his machine is going to be turned into a zombie within 15 minutes of connecting to the internet without a firewall.
As far as the damage goes, his zombied computer may attack and infect others. The direct costs to Joe Sixpack may include PC troubleshooting and repair, loss of data, and dealing with the theft and abuse of personal banking information. Banks are held liable to cover any fraud losses that result, and they collectively spend billions annually. And for secondary effects, we know there have been suicides due to lost money and also due to computer harassment. I don't think you can simply say that a computer can't "hurt" anybody.
( And this isn't about assigning blame. There's plenty of that: Joe Sixpack may be as irresponsible as they come, and dumber than average. The malware writers are common thieves. Some operating system vendors sell Swiss cheese. And every vendor in the process is happy to take Joe's money without regard to the consequences to him. )
If cars were as unregulated as computers, very few of us would safely return home on a daily basis.
John
Thanks for that. The guy in the picture in that article looks just like the "Desktop Support Coordinator" at the University I used to work for.
I like the part where it says "Instead of blowing up a single plane, these groups will be able to patch into the central computer of a large airline and blow up hundreds of planes at once!" [emphasis mine]
Anyway, the "desktop support coordinator" actually told me once that when I unplug my laptop from ethernet at night I should do so at the wall instead of at the laptop (leaving the cable plugged into the wall) because it (I swear this is true) "wastes bandwidth".
I wanted to ask him if that was because all the bits would run out of the unplugged end of the cable and onto the floor but I just couldn't do it because he had such an earnest and absolutely convinced look on his face. At the time I was just a lecturer and I'm sure he was making twice my salary (this was before the Univ. figured out that they could just pay work-study students 6 bucks an hour to do desktop support (but after they'd figured out they could pay post-docs 7 bucks an hour to teach undergrads).
You are welcome on my lawn.