Software vendors are not charged for submitting to the CMX, and the Taggant System is free for packer authors, as well.
It is the developers of anti-malware software who are paying for access to the CMX and Taggant System metadata, since they get the most value out of using that information. They are essentially underwriting the costs for everyone else in order to help provide a mechanism that helps clean up the ecosystem.
While there are probably some anti-malware software developers for whom this would be a big investment, there are probably a lot for whom it is not, and since this is being done under the auspices of the IEEE, I wouldn't be surprised if there wasn't some provision for academia, too.
I believe the idea is to allow legitimate developers of packers, cryptors, etc. a means of identifying their software. I would not expect those folks on the malware side of things to take any action as a result of this activity under the IEEE's auspices as it does not apply to them.
It probably won't help much, if at all, but the number of legitimate applications which are self-modifying is comparatively very rare compared to those which done.
Regards,
Aryeh Goretsky
In reply to "Anonymous Coward" at Wednesday July 02, 2014 @12:34AM:
how will this help against self rewriting applications
My day job is at a security software company (anti-malware). We don't do anything in the backup space (either develop software, resell someone else's software, etc.) but I did write a paper on the subject of backups for them, because not every computer problem is a virus. It is more geared towards home users or home-based businesses than the video, above, because I figured that businesses already have some idea about backups—whether or not they are doing them properly is entirely another question, though.
The paper is basically an overview of backup technologies that might be applicable to a single PC or a small LAN, and is completely vendor neutral (like I said, no ties to anyone/anything in the backup space). It is also specific to on-premise backup technologies, as opposed to cloud, because those are the types of backup technologies with which I am experienced.
Anyways, if you are interested, or want to share it with a friend, family member, et cetera, here's the the paper: Options for backing up your computer [PDF, 862KB]
Since you mentioned the problem seems to have started due to issues arisen from dealing with people in online games, it seems likely that these people are attacking you after they see you log into those games. Even if the game is client/server based, there may be some mechanism for them to obtain your IP address (direct messaging requests, lookups to see if you are online, etc.).
So, my suggestion would be to stop playing the games (or even joining the networks hosting them, if possible) for a while and let the unsavory characters find under people to harass. You can then go play some different games on some different gaming networks. Eventually, they'll probably think they've scared you off permanently and drop you from their DDoS list, and you can go back to gaming on that network.
Alternatively, you could look into using a VPN to tunnel your game traffic to a box outside your network, but you run the risk of annoying the VPN provider if their network gets DDoSed. Still, that at least transfers the problem off your home network, and it could be the VPN provider is in a better position to mitigate the DDoS than your home ISP.
While raising the price on an enterprise product is a good way to boost short-term revenue, it seems to me that companies might begin to seek less expensive alternatives. In this case, though, that might not be Linux at all.
I haven't seen any mention of this so far, but I have to wonder if the price increase might be an attempt to make enterprises look at Windows Azure as an alternative to continuing to run their own datacenters.
From what I recall, Lookout Mobile Security was founded in San Francisco in 2008. They started as an iOS shop, but moved over to Android, and their security product is probably one of the most used on that platform. I do not recall having any contact with employees, but they publish some decent research on their blog at https://blog.lookout.com/.
Does the ban extend to VPS providers like Linode and Lowendbox (et al), or cloud services like Amazon AWS or Google Cloud which could host a VPN? If not, perhaps provisioning a VPN server is one of these is an alternative.
Credit card companies and payment processors might be less willing to suspend operations with Amazon or Google.
The problem with the current crop of 802.11ac adapters is that most of them have USB 2.0 interfaces (Edimax and Zyxel each offer a USB 3.0 adapter, and Asus has a PCIe card). With 480Mbit/s of bandwidth (and that's theoretical, since it does not include serialization, 8b/10b conversions, other overhead from peripheral bus communications, etc.) no one is is going to be getting anything near a Gbit/s of bandwidth over the bus even if they do have a strong signal. They may get better data rates due to technological improvements over previous generations of Wi-Fi (fatter channels, more MIMO streams, beamforming, etc.)
That will change as more adapters enter the market (probably in the form of MiniPCIe cards inside laptops), but consumers are not going to be much better off, bandwidth-wise, then going with 802.11n gear at home until the market for 802.11ac wireless adapters matures.
Hello,
Just to clarify, the research was done in parallel by Norman and ESET with collaboration between researchers from both companies. Consider it a team effort.
Regards,
Aryeh Goretsky
Norman has done an excellent job with their report on the malware; however, it should be noted that the initial report came from ESET last week at the CARO anti-malware conference:
I would also like to point out that while it is easy to assume that the Indian government (or someone connected with it) was responsible for these targeted attacks given the seemingly poor job in hiding their tracks (domain name registrations, embedded metadata, et cetera), it could also be a more sophisticated adversary who specifically manufactured those in an attempt to divert attention from themselves. After all, Pakistan shares borders with Afghanistan, China and Iran, and there are other countries who are likely interested as well, for geopolitical and even economic reasons.
Threat attribution is incredibly difficult, and attempts to blame India at this point may not just be foolish, but counterproductive as well.
Before you were forced to leave Belize, you were in the process of researching topical antibiotic creams. How far along was that research? Had you found any promising compounds, ready to go to trials, etc., or was still more towards the basic research end of things?
As a follow-up question, if you are able to return to Belize, will you continue this avenue of research?
I know this is kind of a two-part question, but I am hoping you'll still be able to answer.
Regards,
Aryeh Goretsky
P.S. I do not know if you remember me, but I used to work for McAfee Associates back when you first started the company. I used to come to your house and sit at the kitchen table to do tech support over the phone. Later, I went to Colorado to work at your instant messaging company.
I think you are being a bit unfair here. While Mr. McAfee's ideas may see commonplace now after twenty-five years of having anti-virus software, at the time he applied them, it was quite novel. Also, the programs that Mr. McAfee was responsible for in the DOS era (SENTRY, VIRUSCAN, CLEAN-UP, VSHIELD, etc.) were pretty much state-of-the-art at that time.
Regards,
Aryeh Goretsky
At Thursday May 02, 2013 @07:16PM, BitZtream (692029) wrote: > > McAfee antivirus was never particularly impressive from a technical point of view. McAfee's brightest > moments in his career were when he basically took something known in other industries and applied > to obvious places in computing. > > I don't even think the US patent office would call what he did non-trivial.
I think continuing the rollout of Google Fiber is a good move by Google, even if it does not extend to all locations, it forces the competition to upgrade in others to prevent the threat of wholesale abandonment if/when it does arrive. Having a broadband connection connection changes not just the amount of your Internet usage, but what you use the Internet for.
I remember switching from dial-up to cable Internet access with a single-digit megabit speed back in the mid-1990s, and it opened up a whole new world of activities for me. Instead of buying retail packaged software, I could purchase and download it from the author's site. Starting a download of a video and waiting for it to complete became video streaming with services like YouTube.
I really have no idea what sort of change a gigabit Internet connection will bring, but it's just as likely to open up all sorts of new services for consumers and opportunities for revenue for software developers and content providers that were unimaginable a few years ago.
I'm not as familiar with the remote management side of things as I used to be, but I suspect that with potentially unwanted applications (PUA), the option to use would be "delete" instead of "disinfect." The latter is really only applicable to parasitic infecting viruses which actually modify host code. In the case of a PUA, there is no clean host program inside the PUA, it's a PUA all the way down.
I would suggest checking with the LabTech or ESET support folks to verify the settings, though, as they have hands-on experience that I'm out of date with.
ESET offers a bunch of free tools. There's a whole page of Stand-alone malware removal tools that's always being updated, a free online scanner that scans and cleans malware, and my personal favorite, the system inspection tool, which is great for forensic-type activities. They're all conveniently accessible from the Utilities page, but no one seems to ever go there.
Not sure about the others, but would not be surprised if they are detected, just with a different name than you wrote. Maybe you just need to change anti-malware software, and make sure detection of Potentially Unwanted Applications is turned on on it.
Slashdot Mirror
Hello,
Software vendors are not charged for submitting to the CMX, and the Taggant System is free for packer authors, as well.
It is the developers of anti-malware software who are paying for access to the CMX and Taggant System metadata, since they get the most value out of using that information. They are essentially underwriting the costs for everyone else in order to help provide a mechanism that helps clean up the ecosystem.
While there are probably some anti-malware software developers for whom this would be a big investment, there are probably a lot for whom it is not, and since this is being done under the auspices of the IEEE, I wouldn't be surprised if there wasn't some provision for academia, too.
Regards,
Aryeh Goretsky
Hello,
Oops. Thanks for catching this!
Regards,
Aryeh Goretsky
Hello,
I believe the idea is to allow legitimate developers of packers, cryptors, etc. a means of identifying their software. I would not expect those folks on the malware side of things to take any action as a result of this activity under the IEEE's auspices as it does not apply to them.
Regards,
Aryeh Goretsky
It probably won't help much, if at all, but the number of legitimate applications which are self-modifying is comparatively very rare compared to those which done.
Regards,
Aryeh Goretsky
In reply to "Anonymous Coward" at Wednesday July 02, 2014 @12:34AM:
Hello,
No problems viewing either PDF file via Sumatra PDF Reader. Perhaps you could try that.
Regards,
Aryeh Goretsky
Hello,
The SHA-256 hash for the file is 8e64c38789c1bae752e7b4d0d58078399feb7cd3339712590cf727dfd90d254d.
According to VirusTotal, at the time the report was released, it was being detected by by the following anti-malware programs:
Five out of fifty-three program, or a little under 10%. Currently, detection is at 13/53, according to this report.
Regards,
Aryeh Goretsky
Hello,
The ITWorld article didn't mention it, so here's a link to the actual write-up on the bot, which is actually called Android/Spy.Agent.AF: Facebook Webinject Leads to iBanking Mobile Bot.
Regards,
Aryeh Goretsky
Hello,
Why does MojoKid only submit articles which link to HotHardware reviews? Is HotHardware a Dice.Com site? Is MojoKid a Dice.Com employee?
A disclaimer would be nice about paid editorial content or when linking to sister sites in the Dice Holdings portfolio, etc.
Regards,
Aryeh Goretsky
Hello,
My day job is at a security software company (anti-malware). We don't do anything in the backup space (either develop software, resell someone else's software, etc.) but I did write a paper on the subject of backups for them, because not every computer problem is a virus. It is more geared towards home users or home-based businesses than the video, above, because I figured that businesses already have some idea about backups—whether or not they are doing them properly is entirely another question, though.
The paper is basically an overview of backup technologies that might be applicable to a single PC or a small LAN, and is completely vendor neutral (like I said, no ties to anyone/anything in the backup space). It is also specific to on-premise backup technologies, as opposed to cloud, because those are the types of backup technologies with which I am experienced.
Anyways, if you are interested, or want to share it with a friend, family member, et cetera, here's the the paper: Options for backing up your computer [PDF, 862KB]
Regards,
Aryeh Goretsky
Hello,
Since you mentioned the problem seems to have started due to issues arisen from dealing with people in online games, it seems likely that these people are attacking you after they see you log into those games. Even if the game is client/server based, there may be some mechanism for them to obtain your IP address (direct messaging requests, lookups to see if you are online, etc.).
So, my suggestion would be to stop playing the games (or even joining the networks hosting them, if possible) for a while and let the unsavory characters find under people to harass. You can then go play some different games on some different gaming networks. Eventually, they'll probably think they've scared you off permanently and drop you from their DDoS list, and you can go back to gaming on that network.
Alternatively, you could look into using a VPN to tunnel your game traffic to a box outside your network, but you run the risk of annoying the VPN provider if their network gets DDoSed. Still, that at least transfers the problem off your home network, and it could be the VPN provider is in a better position to mitigate the DDoS than your home ISP.
Regards,
Aryeh Goretsky
Hello,
While raising the price on an enterprise product is a good way to boost short-term revenue, it seems to me that companies might begin to seek less expensive alternatives. In this case, though, that might not be Linux at all.
I haven't seen any mention of this so far, but I have to wonder if the price increase might be an attempt to make enterprises look at Windows Azure as an alternative to continuing to run their own datacenters.
Regards,
Aryeh Goretsky
Hello,
From what I recall, Lookout Mobile Security was founded in San Francisco in 2008. They started as an iOS shop, but moved over to Android, and their security product is probably one of the most used on that platform. I do not recall having any contact with employees, but they publish some decent research on their blog at https://blog.lookout.com/.
Regards,
Aryeh Goretsky
Hello,
I guess you didn't look very closely at ESET's web site:
About Page - http://www.eset.com/us/about/profile/overview/
Contact Page - http://www.eset.com/us/about/contact/
According to their page on Wikipedia, they have over 800 employees: https://en.wikipedia.org/wiki/ESET
Hardly obscure, and as for the U.S. government listening to them, they'd have to get in line far, far behind Symantec, McAfee, Trend, etc.
Regards,
Aryeh Goretsky
Hello,
Does the ban extend to VPS providers like Linode and Lowendbox (et al), or cloud services like Amazon AWS or Google Cloud which could host a VPN? If not, perhaps provisioning a VPN server is one of these is an alternative.
Credit card companies and payment processors might be less willing to suspend operations with Amazon or Google.
Regards,
Aryeh Goretsky
Hello,
The problem with the current crop of 802.11ac adapters is that most of them have USB 2.0 interfaces (Edimax and Zyxel each offer a USB 3.0 adapter, and Asus has a PCIe card). With 480Mbit/s of bandwidth (and that's theoretical, since it does not include serialization, 8b/10b conversions, other overhead from peripheral bus communications, etc.) no one is is going to be getting anything near a Gbit/s of bandwidth over the bus even if they do have a strong signal. They may get better data rates due to technological improvements over previous generations of Wi-Fi (fatter channels, more MIMO streams, beamforming, etc.)
That will change as more adapters enter the market (probably in the form of MiniPCIe cards inside laptops), but consumers are not going to be much better off, bandwidth-wise, then going with 802.11n gear at home until the market for 802.11ac wireless adapters matures.
Regards,
Aryeh Goretsky
Hello, Just to clarify, the research was done in parallel by Norman and ESET with collaboration between researchers from both companies. Consider it a team effort. Regards, Aryeh Goretsky
Hello,
Norman has done an excellent job with their report on the malware; however, it should be noted that the initial report came from ESET last week at the CARO anti-malware conference:
Targeted information stealing attacks in South Asia use email, signed binaries
I would also like to point out that while it is easy to assume that the Indian government (or someone connected with it) was responsible for these targeted attacks given the seemingly poor job in hiding their tracks (domain name registrations, embedded metadata, et cetera), it could also be a more sophisticated adversary who specifically manufactured those in an attempt to divert attention from themselves. After all, Pakistan shares borders with Afghanistan, China and Iran, and there are other countries who are likely interested as well, for geopolitical and even economic reasons.
Threat attribution is incredibly difficult, and attempts to blame India at this point may not just be foolish, but counterproductive as well.
Regards,
Aryeh Goretsky
Hello,
Yes, that's pretty much exactly what happened. John had a few other businesses he was trying at the time. This one worked out.
Regards,
Aryeh Goretsky
Hello Mr. McAfee,
Before you were forced to leave Belize, you were in the process of researching topical antibiotic creams. How far along was that research? Had you found any promising compounds, ready to go to trials, etc., or was still more towards the basic research end of things?
As a follow-up question, if you are able to return to Belize, will you continue this avenue of research?
I know this is kind of a two-part question, but I am hoping you'll still be able to answer.
Regards,
Aryeh Goretsky
P.S. I do not know if you remember me, but I used to work for McAfee Associates back when you first started the company. I used to come to your house and sit at the kitchen table to do tech support over the phone. Later, I went to Colorado to work at your instant messaging company.
Hello,
It is pronounced "MACK-uh-FEE."
Regards,
Aryeh Goretsky
Hello,
I think you are being a bit unfair here. While Mr. McAfee's ideas may see commonplace now after twenty-five years of having anti-virus software, at the time he applied them, it was quite novel. Also, the programs that Mr. McAfee was responsible for in the DOS era (SENTRY, VIRUSCAN, CLEAN-UP, VSHIELD, etc.) were pretty much state-of-the-art at that time.
Regards,
Aryeh Goretsky
At Thursday May 02, 2013 @07:16PM, BitZtream (692029) wrote:
>
> McAfee antivirus was never particularly impressive from a technical point of view. McAfee's brightest
> moments in his career were when he basically took something known in other industries and applied
> to obvious places in computing.
>
> I don't even think the US patent office would call what he did non-trivial.
Hello,
I think continuing the rollout of Google Fiber is a good move by Google, even if it does not extend to all locations, it forces the competition to upgrade in others to prevent the threat of wholesale abandonment if/when it does arrive. Having a broadband connection connection changes not just the amount of your Internet usage, but what you use the Internet for.
I remember switching from dial-up to cable Internet access with a single-digit megabit speed back in the mid-1990s, and it opened up a whole new world of activities for me. Instead of buying retail packaged software, I could purchase and download it from the author's site. Starting a download of a video and waiting for it to complete became video streaming with services like YouTube.
I really have no idea what sort of change a gigabit Internet connection will bring, but it's just as likely to open up all sorts of new services for consumers and opportunities for revenue for software developers and content providers that were unimaginable a few years ago.
Regards,
Aryeh Goretsky
Hello, Actually, it's one of the few technologies which was adapted and worked quite well over the past couple of decades. Regards, Aryeh Goretsky
Hello,
A lucky guess.
I'm not as familiar with the remote management side of things as I used to be, but I suspect that with potentially unwanted applications (PUA), the option to use would be "delete" instead of "disinfect." The latter is really only applicable to parasitic infecting viruses which actually modify host code. In the case of a PUA, there is no clean host program inside the PUA, it's a PUA all the way down.
I would suggest checking with the LabTech or ESET support folks to verify the settings, though, as they have hands-on experience that I'm out of date with.
ESET offers a bunch of free tools. There's a whole page of Stand-alone malware removal tools that's always being updated, a free online scanner that scans and cleans malware, and my personal favorite, the system inspection tool, which is great for forensic-type activities. They're all conveniently accessible from the Utilities page, but no one seems to ever go there.
Regards,
Aryeh Goretsky
Hello,
Not sure which anti-malware software you are using, but a quick check of my employer's gave me half-a-dozen hits:
Not sure about the others, but would not be surprised if they are detected, just with a different name than you wrote. Maybe you just need to change anti-malware software, and make sure detection of Potentially Unwanted Applications is turned on on it.
Regards,
Aryeh Goretsky