Slashdot Mirror
Syrian Government Uses Skype To Push Malware To Activists
judgecorp writes "The Syrian government is using Skype as a channel to infect activists' systems with malware, installing Trojans and backdoors, according to security firm F-Secure. The evidence comes from a hard drive sent for analysis. 'The activist's system had become infected as a result of a Skype chat. The chat request came from a fellow activist. The problem was that the fellow activist had already been arrested and could not have started the chat. Initial infection occurred when the activist accepted a file called MACAddressChanger.exe over the chat. This utility was supposed to change the hardware MAC address of the system in order to bypass some monitoring tools. Instead, it dropped a file called silvia.exe which was a backdoor — a backdoor called "Xtreme RAT." Xtreme Rat is a full-blown malicious Remote Access Tool.'"
Meanwhile, the Obama administration is arguing that requiring warrants for cellphone records "cripples" investigators. No malware needed here in the U.S. Just fearmongering.
"Sufferin' succotash."
It is not Skype they use, but the gullibility of the users. Skype is only remotely involved...
How do you say "Big Brother" in arabic?
When the file comes from a trusted source, it's not stupid. You have to trust someone eventually; The OS manufacturer (ie, Apple, Microsoft, etc.), the distributor (the person making the DVDs), etc. Trusting a friend isn't stupid, it's what most people would do. That's exactly why so many different worms try to propagate using a person's address book; Human trust networks.
It was only stupid that he didn't scan the file first, not that he accepted the download. And if said malware is custom-designed, it wouldn't be in any anti-malware/anti-virus definitions, and so he could do everything right and still wind up screwed. How many governments have asked that their malware not be added to the definition files again? ALL OF THEM.
#fuckbeta #iamslashdot #dicemustdie
Initial infection occurred when the activist accepted a file called MACAddressChanger.exe over the chat.
Trust no one.
If he knew that the other activist had already been arrested, why would you accept a chat from them AND then accept a file transfer from them? Do these activists not use some super secret codes to tell each other they are who they say they are?
"Syrian Government Uses Social Engineering To Push Malware To Activists."
They could be using e-mail for the same thing. Or other IM channels that offer direct connect. Or Dropbox. Or any other channel.
The clever bit is trying to convince people to download and run an unknown tool by impersonating someone they've imprisoned.
If you feel like running the binary someone just sent you, hash the binary and google the result. Chances are it will tell you something and it only costs you a few seconds. And if you're one of those people who aren't willing to run anything like that, not even in a sandbox, you can at least tell the sender that he's an iDiot, with a proof attached.
Ezekiel 23:20
You mean like if you think you're chatting with a fellow dissident and he sends you a tool named MACAddressChanger ostensibly to help you change your MAC address?
Your prescribed security measures are not only dumb in general, here in 2012, but they're completely oblivious of the story at hand.
And I'm pretty sure the Syrian army is dumping dead bodies because they are a frickin' army against a barely armed motley crew of civilians and defectors. You should probably live in a city being shelled by artillery and covered by snipers before you start criticizing others' security failures.
is simple.
1. find current affair or topic of notice or interest to customers
2. find a vector for product placement
3. profit.
the article is perfect, it has no names or citations, no dates or other identifying information and cant have those used to refute it as it falls under the auspices of "well, its a war ya know." I wonder how many vodka tonics it took the guys at f-secure's marketing department before they came up with this crap.
the only thing this "report" serves to do is frighten the general public into purchasing anti virus software. on the bright side, it seems as though slashdot is getting better with slashvertisements!
Good people go to bed earlier.
Comment removed based on user account deletion
*snarky MS comment on*
Well you knew this would happen shortly after Microsoft bought them....
*snarky MS comment off*
Because maybe he didn't actually know the person had been arrested to begin with? These political dissident arrests are not publically broadcasted, you know...
If he knew that the other activist had already been arrested, why would you accept a chat from them AND then accept a file transfer from them?
People occasionally get released from jail.
Do these activists not use some super secret codes to tell each other they are who they say they are?
No. They're political activists, not James Bond.
#fuckbeta #iamslashdot #dicemustdie
On this day and always.
A feeling of having made the same mistake before: Deja Foobar
This F-Secure post is not news. The EFF wrote this up on March 5th: https://www.eff.org/deeplinks/2012/03/how-find-syrian-government-malware-your-computer-and-remove-it
Exactly. These people probably hooked up online and could have never even met face-to-face. There is no reason to expect that this guy necessarily would have known the other person was arrested. The secret police in countries
Ike Syria don't tell the world the names of people they arrest.
Comment removed based on user account deletion
the government is out to kill you and dump your body off a bridge
That's disappointing. I insisted on being burned alive while they chanted "She's a witch!"
you accept a crazy exe file over skype from someone not in front of your face.
The file wasn't named crazy.exe, it was named something that, in that country, is a useful tool when you're using internet cafes and open wifi to communicate covertly: Mac address changer.
how do you know where this person is. how do you know he's not arrested and having a gun pointed to his head
Dude, this is the internet. For all you know, I'm a 7 line perl script that became sentient, crawled out of Rob Malda's server, built a robot exoskeleton, and now lives down a manhole in Brooklyn. That doesn't mean you just stop talking with people, or the rest of the world. Sometimes the benefits of communication, even in a hostile medium, outweigh the risks. As a political activist, you have to talk to strangers, and people who may not be who they say they are; How do they know you aren't the government spook... or sentient 7 line perl script?
A certain degree of trust is necessary in all communications.
#fuckbeta #iamslashdot #dicemustdie
Windoze users still fall for the jessicaalbanudes.jpg.exe trick. They don't call it point-and-drool for nothing!
Your hyperlink is not working, please repost!
IAIFARSIJDPOOTV - I Am In Fact A Reality Star; I Just Don't Play One On TV
Comment removed based on user account deletion
when the government is out to kill you, the way to operate is TRUST NO ONE. this is the way revolutionaries have operated for centuries. small cadre of leadership and you never trust anyone completely.
P.S.
you run a revolution like you set up a firewall. trust no one/block everything and accept trust on a case by case basis
Sure, but whose to say that the person you meet face-to-face is the same person? The government could have easily killed the real person and had someone go in his place. Most of these dissidents probably met up online and would have no idea if they are meeting a real dissident or a government stooge. It's quite easy to criticize this person from your safe position thousands of miles away.
Trusting a friend isn't stupid, it's what most people would do.
I let all my friends know that I'm untrustworthy and stupid. I also tell my friends that I don't trust them and that I think they're dummer than a bag of hammers. I got this whole security thinging down, baby!
Of course now, i don't have to worry about being infected by worms from friends because I have no friends.
>>>When the file comes from a trusted source, it's not stupid. You have to trust someone eventually
Exactly. If I got a file from a Ron Paul activist, and it was someone I knew, I'd run it without hesitation. How would I know the Paulbot friend had been arrested and his/her account was actually the DHS in disguise?
My AC stalker: " I personally agree with your posts most of the time, but that won't keep me from modding you troll"
Comment removed based on user account deletion
I you trust no one you can never form any groups. You eventually have to trust someone. Again, it's quite easy for you to criticize from your comfortable life in a country thousands of miles away.
If the U.S. revolutionaries had operated like that, we'd still be British. At some point you have to trust your fellow compatriots and share documents, otherwise you'll never get anything done.
BTW not even Fox Mulder followed the "Trust No One" mantra you quoted. He trusted his partner Scully. He trusted Deep throat and his partners. He trusted other conspiracy people he met along the way.
My AC stalker: " I personally agree with your posts most of the time, but that won't keep me from modding you troll"
Comment removed based on user account deletion
When the file comes from a trusted source, it's not stupid. You have to trust someone eventually
"Skype" isn't a trusted source. If you're dealing with a government that's out to get you, anything that isn't cryptographically signed is untrusted. Assume everything is untrusted until it's verifiably trustable.
Give me Classic Slashdot or give me death!
How do you do that when the programmers are changing the code (and therefore the hash) every week?
My AC stalker: " I personally agree with your posts most of the time, but that won't keep me from modding you troll"
That's all well and good to say but ignores the reality of how these dissident mvements work in these third world countries. And just because something is cryptographically signed doesn't mean it's trustworthy. Whose to say the government doesn't have forged certs? These people are rag tag groups of people who meet up online, not cryptographic specialists.
In order for this not to happen again do the following:
Stop using Windows and MacOSX.
Download and install Fedora F16.
When installing, encrypt the harddrive with a really hard to break password.
Install pidgin and off the record like this: 'yum install pidgin pidgin-otr'
Generate keys and verify them before communicating.
Be _very_ careful if who you usually talks to changes their key, they might have been arrested.
Never ever communicate in the clear.
Using this strategy you will not be immune, rubber-hose-cryptanalysis with still defeat this. Also you can be tracked so your oppresive government can see that you communicate, they will just not be able to read what you are saying. And not using major OSes will keep you away from the most common exploits and trojans.
Also, try to use TOR, HTTPS-everywhere and other good tools.
References:
https://fedoraproject.org/
http://fr2.rpmfind.net//linux/RPM/fedora/16/x86_64/pidgin-otr-3.2.0-4.fc15.x86_64.html
http://www.cypherpunks.ca/otr/
Good luck.
Comment removed based on user account deletion
Misunderstanding of what a MAC address is and how they work, that is the crux of the issue.
-Lod
"Skype" isn't a trusted source. If you're dealing with a government that's out to get you, anything that isn't cryptographically signed is untrusted. Assume everything is untrusted until it's verifiably trustable.
Are you trying to get these people killed? Political activists don't show up at a meeting and spend the first half hour checking each other's credentials and signing each other's PGP keys. Why not? Anonymity is valued by the participants, who often exchange contact information under pseudonyms. Crytographically signing things means verifying the participants identity, which would make it easier for the government to identify and arrest the activists, not harder. With cryptographically signed communication, someone who's system or person had been compromised could have the communications proved beyond a doubt to have come from you.
If you are greatly outclassed by your opponent, your only protection is anonymity or (failing that), plausible deniability. The use of cryptography blows both of those away, and provides no additional protection in the process whatsoever: The government isn't going to use a multibillion dollar computer network to crack your encryption key, they're going to use brick and your face.. and when they're done with you, they'll probably put you in a feces-filled jail cell for the rest of your life because you were using crypto, which shows you were more than casually involved with the political subversives; you planned this out carefully (if badly). Most governments are a lot harsher on people who try to run from them than they are for people who can raise the defense they were in the wrong place at the wrong time, or just curious.
#fuckbeta #iamslashdot #dicemustdie
unless the name and file type looks halfway legit and you can trust the person 100%
did you even read the summary?
"The problem was that the fellow activist had already been arrested and could not have started the chat."
Join the Slashcott! Feb 10 thru Feb 17!
It was also kind of stupid that he thought he needed a 3rd party utility to change his system's MAC address, and also kind of stupid that he thought that this would provide any additional anonymity if he was already behind a home router; remote systems beyond your first gateway never see your layer 2 address.
Next, on Real TV: When script kiddies go bad -- Real bad.
(-1: Post disagrees with my already-settled worldview) is not a valid mod option.
That's all well and good to say but ignores the reality of how these dissident mvements work in these third world countries.
The reality is that they're not educated enough to do it. There's no reason they couldn't be educated, if someone decided it was worthwhile. In cost benefit terms, it's absolutely worthwhile. So all that's needed is for the resistence to realize that and do some work.
And just because something is cryptographically signed doesn't mean it's trustworthy. Whose to say the government doesn't have forged certs?
This is a good point. The Syrian government could easily have acquired his private key when they arrested him, and beaten his passphrase out of him. To protect against that, they need a revocation certificate sent on a dead mans switch.
These people are rag tag groups of people who meet up online, not cryptographic specialists.
If your life depends on it, you think you'd take the time to figure out what you can do to protect yourself.
Give me Classic Slashdot or give me death!
when the government is out to kill you, the way to operate is TRUST NO ONE. this is the way revolutionaries have operated for centuries. small cadre of leadership and you never trust anyone completely.
No, that's the way Fox Mulder operated, on a TV show. Revolutionaries are famous because they stood up publicly for an injustice. They won over the general populace with charisma, unwavering devotion to their cause, and courage. They didn't hide from their followers, or follow some anti-social creed.
#fuckbeta #iamslashdot #dicemustdie
If your life depends on it, you think you'd take the time to figure out what you can do to protect yourself.
Anonymity deflects more bullets than body armor. All cryptography does is compromise your anonymity.
#fuckbeta #iamslashdot #dicemustdie
Anonymity is valued by the participants, who often exchange contact information under pseudonyms. Crytographically signing things means verifying the participants identity
You don't have to completely identify yourself to get a benefit from cryptographic signatures. All you really need to know is that the Ahmed you corresponded with today is the same Ahmed you corresponded with last week. To do that, all you need to know is that the key used today is the same key that was used last week. This trivial precaution would have protected against this attack.
These guys aren't anonymous, they're pseudonymous. The key can be their pseudonym without compromising their actual identity in any way.
Give me Classic Slashdot or give me death!
>>>When the file comes from a trusted source, it's not stupid. You have to trust someone eventually
Exactly. If I got a file from a Ron Paul activist, and it was someone I knew, I'd run it without hesitation. How would I know the Paulbot friend had been arrested and his/her account was actually the DHS in disguise?
Eh I don't know about you, but if someone offered me a binary executable for the purpose of changing my MAC address, I would tell them "no thanks, I'll just use the built-in 'ifconfig' utility". I like that option better than playing amateur cloak-and-dagger.
It is a miracle that curiosity survives formal education. - Einstein
All cryptography does is compromise your anonymity.
Really? So if I post a private key in this thread, and you encrypt your response with that key, how does that compromise either of our anonymity?
Give me Classic Slashdot or give me death!
Shouldn't that read: Syrian Government Uses Microsoft Products To Push Malware To Activists since Microsoft owns Skype?
Maybe it's time to drop the free as in beer when talking about opensource and use free as in speech.
"Exactly. If I got a file from a Ron Paul activist, and it was someone I knew, I'd run it without hesitation. How would I know the Paulbot friend had been arrested and his/her account was actually the DHS in disguise?" -> I do love the insinuation that the RP Libertarians would be engaged in some sort of subversive activity that somehow would require the attention of DHS (even the Amish get special love from DHS, because, you know, they pose some sort of a special threat, with all that barn-raising and selling of sweet corn from the back of a horse & buggy), but realistically, running executable set to you via a messenger service is almost never a good idea. I guess the way around that is to ask for a voice / video chat, and to have a single-use, personal code-word / phrase for "I've been caught."
I am John Hurt.
More realistically, the best of kind of operational security is to assume that any security system will be compromised. All the cryptography in the world can't help you if they put a physical key-logger on your machine, while you're picking up groceries.
I am John Hurt.
I sense a bit of hostility towards people less technical than yourself. I take it you don't provide technical support to anyone?
Proverbs 21:19 It is better to dwell in the wilderness, than with a contentious and an angry woman.
If he knew that the other activist had already been arrested, why would you accept a chat from them AND then accept a file transfer from them?
Perhaps he had not heard that the other activist had been arrested? It's not like the Iranian government is going to advertise how much repression they are using.
Do these activists not use some super secret codes to tell each other they are who they say they are?
They are activists, not necessarily hax0rs or james bond types. C'Mon, they're using Skype to communicate.
Battlemaster--Game with friends in medival realms
Excellent post!
Proverbs 21:19 It is better to dwell in the wilderness, than with a contentious and an angry woman.
He trusted the writers of his show to continue to write his lines.
"We shall grapple with the ineffable, and see if we may not eff it after all." - Douglas Adams
I you trust no one you can never form any groups. You eventually have to trust someone. Again, it's quite easy for you to criticize from your comfortable life in a country thousands of miles away.
Of course, you have to trust someone, but in a properly designed covert operation, that set of people is small (a so called "cell") or hierarchical (like a "handler") and you don't fully trust them either. If the cell is that small and the handlers only handle a few folks, the damage caused by misplacement of trust is limited. In this situation, if the cell or the cell's handler was compromized (e.g., arrested in this case), the other members of the cell might have known about it, or if they did not, the damage would be limited to their cell and not a large group.
This kind of stuff is covert operation 101. Even conventional forces have used it. For example, in WWII, the US and France used this Operation Jedburgh. And if you are a Star Wars buff, Jedi is surprisingly similar to what they used to call these special force "Jeds"... Hmm... ;^)
using an OS that doesn't provide built-in system tools for such basic things as configuring a NIC, including the MAC address, because said OS from Redmond assumes you're an idiot who would only be confused by such things
Eh? My Windows must be broken, because I was able to do it just fine.
My Computer
Other Places, My Network Places
Network Tasks, View Network Connections
Right-click "Local Area Connection", Properties
Under "Connect using: Broadcom NetXtreme Gigabit Ethernet", Configure...
"Advanced" tab, "Locally Administered Address" property
Click the radio box on "value", type something.
The Syrian government figured out the Achilles heal of any Muslim. Just call the file "Allah Akbar" and they'll blindly open it up.
What political party do you join when you don't like Bible-thumpers *or* hippies?
Again, it's quite easy for you to criticize from your comfortable life in a country thousands of miles away.
The problem here is that there seem to be a bunch of arm chair cryptographers who are advising these Syrian activists. It would be really really appreciated if those people that are doing this would try to understand the real consequences to real people and give some really careful advice about how to be more seriously secure.
I you trust no one you can never form any groups. You eventually have to trust someone.
The actual statement you were responding to was you never trust anyone completely.. That's a really really good thing. In fact; and this is where our "arm chair" advice is really breaking down; you should never trust even yourself completely.
Look at the IRA's cell structure which ensured that an arrested member should not know the names of more than those in his own cell. Basically we are talking about things like proper information security; assuming that your own computer is compromised by definition; using different levels of security, both in the computer and in code words and other things which mean that it's not just the computer you rely on.
What this is all talking about is limiting and reducing the need for trust. Ensuring that you limit damage. This seems to be a real problem with modern electronic activists.
=~ s,(.*),<sarcasm>$1</sarcasm>,g if any_point_you_wish();
What you say is true but isn't directly practical. Assume they are normal computer illiterate activists. Assume their computers get hacked. Now the secret police know exactly who sent which message and can link pseudonyms to people. How do you advise the activists to work so that this doesn't happen? There are ways that may be reasonable for a normal person, but they probably need training. In real life, cryptography is probably a good idea, but can fail badly. Something as simple as training activits to use an Ubuntu liveCD during encryption/decryption might provide real aprotection. I'll bet almost nobody understands when and why to do that.
=~ s,(.*),<sarcasm>$1</sarcasm>,g if any_point_you_wish();
I sense a bit of hostility towards people less technical than yourself. I take it you don't provide technical support to anyone?
Wouldn't that only encourage hostility towards the less-technical?
Though I suppose that depends on how you define "less technical". If you mean people who could not competently administer a multi-user server from the command line, and just want to do their browsing or office work, that's one thing. If you mean people who double-left-click when you carefully, explicitly ask them to "single right click with your right mouse button" that's another thing entirely.
The former category is worthy of assistance and likely to appreciate it. They tend to understand the notion that if I thought I knew medicine better than my doctor, I wouldn't bother seeking his advice; since I don't understand medicine better than him, I should follow his advice.
For the latter category, leaving them to deal with their own problems is actually the best and most compassionate thing you could do for them. A well-meaning attempt to "help" them only teaches them to be excessively dependent, guaranteeing they will never advance beyond their present inability to follow the simplest and most trivial of instructions. Also, they tend to be more demanding and less appreciative even when you are helping them for free, as a favor, because only an entitlement mentality could cause a person with a functioning brain to act like such a idiot.
It is a miracle that curiosity survives formal education. - Einstein
Is Microsoft, which owns Skype, colluding with the Syrian government to push malware to end users, or has Syria hacked into Skype to accomplish this?
using an OS that doesn't provide built-in system tools for such basic things as configuring a NIC, including the MAC address, because said OS from Redmond assumes you're an idiot who would only be confused by such things
Eh? My Windows must be broken, because I was able to do it just fine.
My Computer Other Places, My Network Places Network Tasks, View Network Connections Right-click "Local Area Connection", Properties Under "Connect using: Broadcom NetXtreme Gigabit Ethernet", Configure... "Advanced" tab, "Locally Administered Address" property Click the radio box on "value", type something.
So in any case, there is no good reason to trust an unknown executable that purports to accomplish this task.
.exe is not to be trusted.
I've heard it said by some, in the context of the Second Amendment, that today's nearest equivalent to the musket is the computer. It is a recognition of the way information and control of information is a form of power. I don't fully agree with that because regrettably most serious conflicts eventually escalate to physical force, but it's an interesting notion all the same. Unfortunately that means so long as the average person refuses to inform themselves and RTFM, government will always have an advantage. A little technical knowledge (and not very much at all really) would have prevented this whole malware situation in Syria. The activists would have immediately known that such an
Just curious, can your GUI example above be done via PowerShell? I ask as someone who does not have a Windows installation.
It is a miracle that curiosity survives formal education. - Einstein
Why should we expect these activists to be any more computer illiterate than jihadists? We know they use PGP and Tor and steganography. Why not political activists?
Give me Classic Slashdot or give me death!
I can create a fully undetected trojan in ten minutes from any remote access Trojan. The problem here was not knowing how to manually change the physical address of thenic.
This is not the users fault..
Really? I believe you just rejected the entire notion of personal responsibility, especially in the face of a shit-hitting-the-fan situation like in Syria.
In the absence of such a volatile political situation, here's how I feel about myself. If I have Internet access (which they do, to be using Skype), and the information is freely available (which it is, via Google) and the operating system already provides a way to do this (which it does), then I take full responsibility for any problems I experience as a result of not knowing how. If I were taking my time, in no hurry, under no pressure, then it would take me only a few minutes with Google to find out how to change a MAC for my OS of choice.
By taking responsibility for my ignorance, I can become aware of where I am ignorant and I can take steps to inform myself and eliminate it. You see, I am not interested in blame-games, like this need to always have an excuse so that nothing is ever my fault or my ignorance or my shortcoming. Hear this well: that shit is just plain childish and it prevents people from bettering themselves. I reject it because it deserves to be rejected. It is neither selfish (because it does not help the person who believes that), nor is it altruistic (because it helps no one else). It is just plain stupid.
If anyone should see me say "I didn't know something and I could have easily found out, this was a mistake, an instance of laziness on my part, and it's time for me to remedy that by educating myself" and thinks of me as a lesser man because of it, let them. Anyone who would do that is, in fact, the misguided person who does not do likewise only because they lack the courage to be so honest with themselves.
Now for the love of all that is sacred, can we stop coddling and excusing willful ignorance? How about we encourage curiosity and self-education instead? Is that so much to ask, just because it focuses on solving the problem and doesn't leave much room for this infantile concern with "fault" and blame?
It is a miracle that curiosity survives formal education. - Einstein
Comment removed based on user account deletion
When I read the title, I am thinking a specific exploit in Skype was used to push the malware, when in reality all they did was send an executable and asked them to run it. As a Skype user, the former would be of great concern to me, while the later is not.
I think a better title would have been, "Syrian Government Uses Social Engineering To Push Malware To Activists."
Fanboy Status: Apache Flex, C#, Eclipse, KDE, Pirate Party, Ron Paul, Slackware, Windows 7
No campaign plan survives first contact with the enemy
-Helmuth Graf von Moltke
Revolution is different. Most are amateurs, not professionals. Increasing the degree of difficulty is fact their opponents are. Properly designed in this context is pretty simple. If you survive, it was "properly designed". You make it sound like they didn't read the Chilton Manual for revolt.
Life isn't quite so clean as that.
"Give a woman two glasses of wine and some pad thai, and they'll agree to just about anything." the Sports Guy
Would you mind running that little gem of wisdom by the FBI?
Have gnu, will travel.
Have gnu, will travel.
The Communists, who became Very Good at this sort of thing, used small "cells".
"This post is an artistic work of fiction and falsehood. Only a fool would take anything posted here as fact."
You eventually have to trust someone.
Maybe, but never a Microsoft-controlled Skype.
Two months ago, Skype replaces user-hosted P2P supernodes with Linux grsec boxes hosted by Microsoft, but for what?
I think wiretapping is one of the big reasons for the rearchitecture. Skype officially claimed they could not comply with wiretapping requests because of the P2P network as late as 2008 (http://news.cnet.com/8301-13578_3-9963028-38.html), and Microsoft was already working on wiretapping VoIP in 2009 (http://blog.tmcnet.com/blog/tom-keating/microsoft-patents-voip-and-skype-wiretapping.asp).
"I've got more toys than Teruhisa Kitahara."
In all fairness, the person who installed the malware might just be a guy off the streets who attended a rally. I hear there are occasionally thousands of them protesting.
.exe over skype. It's safer to assume he's not in the upper echelons of dissent.
The insination here is that the regime managed to infiltrate a fifth column styled group by getting a guy to accept an
Some of the protesters over at wall street might just have easily fell for such a ruse.
You could do it without PowerShell, as a matter of fact. You would need to fill in a couple of blanks, but this .bat file should work.
@echo off
rem Change Network Address - create reg file and merge into registry /s tmp.reg
cd %temp%
echo Windows Registry Editor Version 5.00>tmp.reg
echo.>>tmp.reg
echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\nnnn]>>tmp.reg
echo "NetworkAddress"="%1">>tmp.reg
regedit
del tmp.reg
rem Stop and restart NIC to apply changes
wmic path win32_networkadapter where index=n call disable
wmic path win32_networkadapter where index=n call enable
rem See if the change was successful - Display MAC addresses of local interfaces
getmac
n is the index for the NIC you want to change. The easiest way to find it is to run the command
wmic nic get name, index
and find the NIC you want to change. Since I assume you probably want to just change the MAC of a single NIC, you can hard-code it into the batch file. Hypothetically, if you wanted to, if you had a Windows installation to work with, of course...
Forgot to say how you would run it - probably self-evident, but in case it isn't, you type the name of the batch file followed by the new MAC address (which will be substituted for %1).
And this--even if true--completely absolves the current régime in Damascus of any wrongdoing, right?
Il n'y a pas de Planet B.
This is no different than an email trojan vector. They've passed the file using skype but this is not any weakness in skype itself unless one thinks that skype should be scanning files that are transferred across it as part of the service.
blindly antisocialist = antisocial