USB Thief Infects ‘Air-gapped’ Computers And Leaves No Trace

Malware (short for malicious software) is a type of program that is intended to cause harm to a system, be it in the form of ransomware, like that which has hit several hospitals in the US, or just you generic popup creating malware. A new malware named USB Thief, looks to break the chain of common threats by hiding itself and infecting systems even when they aren’t connected to the internet.

The internet is a wonderful thing but the problem with everyone being able to share and talk to one another is that sending something nasty is as easy as clicking a button (or in some cases, the software even does this for you). USB Thief avoids this by working on USB sticks, the very same ones you use to send information to and from your computer to your parents or even your friends.

The software hides by only executing under a certain set of rules, that is using a key created from the original USB drive it was created for. Even when it does spread it uses a unique key created using the ID of the USB stick and the time, meaning that traditional attempts to copy and discover the malware fail when suddenly it has unknown hardware in the mix.

Not only does it mean it won’t always execute, breaking the common rule of repeated behaviour is traceable behaviour, but it doesn’t leave any evidence on the infected computer, meaning your data could be stolen and you wouldn’t even know it. USB Thief lives up to the second part of its name, with it at the moment only working to steal data, but Tomáš Gardoň, a malware analyst with antivirus provider Ese says that “it would not be difficult to redesign the malware to change from a data-stealing payload to any other malicious payload”.

By avoiding the internet and focusing on the more traditional method of using USB drives, the virus is able to infect systems similar to how Stuxnet worked, enabling it to infect ‘air-gapped’ system (those which aren’t connected to the internet). With the USB lock in place, only the original USB created by its designers can infect systems, meaning if you didn’t create the original you won’t be able to use it.

If that wasn’t enough the USB Thief’s developer seems to have done its homework as it only runs as part of a command from portable versions of legitimate applications like Notepad++ and Firefox. If you’re running Kaspersky Lab or G Data though you should be okay as the malware won’t install itself on your system, a feature that was no doubt down to results from some initial testing.

OneDrive Placeholders May Be Replaced Back in Windows 10 ‘Redstone’

Windows 10 has so far received a mixed reception since its release, the many positive aspects which have included the return of a usable start menu has somewhat been outweighed by an operating system thin on privacy, and also a lack of communication to users concerning the update schedule. Now, Microsoft hopes to win back consumers by adding improvements within the “Redstone” update and includes a rumour that a feature by the name of “Placeholders” may return.

If you’re not familiar with this feature, Placeholders had been a handy space-saving feature within Windows 8.1 that allowed any file to be accessed from a OneDrive account by simply double clicking on an icon within file explorer, the difference was the file wouldn’t actually be downloaded to your machine until the user specified. Sounds good, well many users thought so until Microsoft took a crowbar and removed this feature from Windows 10 OS.

According to persistent rumours, this feature is set to be repackaged in time for Windows 10 Redstone release, which is due to be offered to consumers around Spring time of next year (2016).  Why had this feature been removed in the first place? It seems not everyone was able to understand how this handy tool functioned, this included consumers wondering why they were unable to update their files from the cloud when they had no internet connection to their data that was stored online, indeed.

It will be interesting to see the path with which Microsoft treads concerning the development of Windows 10.

One Java With An Added PUP Please

Critical security updates to applications are essential to maintain a patched system from the many exploits which attempt to infiltrate ones PC. Certain software companies need patching more than others and this is no less evident with both Adobe Flash and Oracle Java, the aforementioned needs fixing every five minutes and the latter, well, is probably better uninstalled altogether. On the subject of Java, many websites are using a trick which promises an update but also bundles are PUP for good measure.

So, what are the tricks, well, when a user attempts to view content which requires a Java plugin on certain websites, a pop up appears stating that they should update their version of Java. By following the prompt the user lands on various pages unconnected with Java, for example one page is coined “Media Downloader”. The user is then asked to both downloaded and install a “setup.exe” file which turns out to be a PUP.  Quick tangent here, a novice computer user once asked me if it would download a dog, I replied PUP not Puppy, not joking either.

There are other techniques too, one masquerades on a webpage as a standard Java pop up update notification, further examination shows this is in fact a background image and not a pop up. If you click on this you might receive among others a bundler which offers Java but also others including Norton 360 (terrible program) PC Mechanic and for some reason Stormfall Age of War. This though can be avoided by checking the UAC prompt which lists this .exe file as from Verified Publisher “Super IS Fried Cookie Ltd”, sounds about as authentic as a fast food burger, mentioning no names.

As standard, make sure any software applications are downloaded from authentic sources, if you visit a page that promises an update, be cautious, check the URL and as an extra precaution, always scan downloaded files with a reputable Anti-Virus and if possible a Malware scanner as well. Quick side note, these days viruses are becoming harder to detect by AV companies, therefore, while it’s essential to have these suites available, always download from authentic sources and be sceptical.

Of course, if you don’t use Java then it might be better to uninstall it considering the amount of security issues it has faced over the last few years.

Image courtesy of limewheel

Microsoft Outlook Web App Vulnerable to Password Hacking via “Backdoor”

Typical Microsoft, the tech giant has more backdoors than Disneyland and World put together; the latest vulnerability that has been unearthed by researchers is a pretty serious breach and allows an attacker the option to steal e-mail authentication credentials from major organizations.

So what is it this time? The Microsoft Outlook Web Application or OWA in question is an Internet-facing webmail server that is being deployed within private companies and organisations, this then offers the ability to provide internal emailing capabilities. Research and subsequent analyses undertaken by security firm “Cybereason” has discovered a backdoor of sorts in the form of a suspicious DLL file. This file was found to be loaded into the companies OWA server with the aim of siphoning decrypted HTTPS requests.

The clever part of this attack is the innocuous nature of deployment in the form of the file name that was the same as another legitimate file; the only difference was the attack file was unsigned and loaded from another directory. According to Cybereason, the attacker (whoever it might be, mentioning no names) replaced the OWAAUTH.dll file that is used by OWA as part of the authentication mechanism with one that contained a dangerous backdoor.

Thus, this allowed attackers to harvest log in information in plain decrypted text, even more worrying is the discovery of more than “11,000 username and password combinations in a log.txt file in the server’s “C:\” partition. The Log.txt file is believed to have been used by attackers to store all logged data”.

The attackers ensured the backdoor could not be removed by creating an IIS (Microsoft Web Filter) that loaded the malicious OWAAUTH.dll file every time the server was restarted.

Indeed, yep, same old same old then, breaches of passwords is worryingly common in the digital age, there needs to be a radical re think of security infrastructure. I do feel companies are using tech as a cheaper alternative without investing in system protection or even real-time analyses, servers and communication lines are being ignored to the point whereby attackers have free reign over such systems. I wonder as I write this as to what else is being siphoned to individuals and attackers, if I see next the formula for Coke in China own brand cola, then it will make sense.

Thank you cybereason for providing us with this information.

Image courtesy of thehackernews

Download This Gorgeous Unreal Engine 4 Apartment Demo

The level of detail which can be designed and rendered within computers is astonishing and the improvement rate over the last 10 years has been rapid. This demo which has been released by CryZENx for Unreal Engine 4 is based around a luxury apartment surroundings. The NVIDIA GTX980Ti graphics card which was used is able to replicate performance at an incredible 100fps.

So how impressive is it?  here is a selection of screenshots, as you can see within the first one below, the detail is fantastic, by designing the bed to be left unmade, this gives the impression to the eye of being authentic; life is not immaculate and it adds to the authenticity of someone living there.

The fire in this screenshot looks detailed but also natural, a lot of games manage to poorly replicate fire in a 2D flat way, this feels more vibrant.  The sofa is textured and rendered to a very high detail with the hardware managing to convey the designer’s imagination.

Last screenshot below, I could go on but the demo is around 4 minutes and it would take me a while longer to convey every aspect, the picture frame below is, in fact, a TV screen with moving pictures.

The detail of this demo is fantastic and can be downloaded here, as of writing the demo has been downloaded 840 times since it was uploaded on the 8th August 2015, the file is also a sizeable 583.08mb. Another exciting aspect would be the notion of games being this detailed. It will probably not happen in the foreseeable future considering the time and expense, but when it eventually becomes reality, expect it to be visual eye candy which will open up the door to a phenomenal future. Imagine Fifa having these visuals, or maybe not considering the likes of Wayne Rooney might scare the children…

Thank you dsogaming and File Upload for providing us with this information.

 

New Tool Challenges Windows 10 Privacy Issues

So far the brand spanking new Windows 10 OS has been a huge success compared to the mishmash that was Windows 8, which tried to do its best to annoy consumers with the deletion of the Start Menu in favour of Metro.  The default option for privacy on the other hand is far less forgiving, from stealing user’s bandwidth for updates to Webcam and Microphone access, Microsoft have shifted their position.

But users could in theory attempt to shift it back again with the development of a new free app by the name of “Do Not Spy 10” This enables the user to disable the grand total of 37 Windows privacy issues with a single click. The software has been designed by German developer pXc-coding, who have developed a centralized interface which allows for easy tinkering of settings.

There are noteworthy caveats with this software, this lies with your Antivirus product which may detect this tool as malicious in nature because it can modify Windows settings, which is to be expected. Also the developer is using an advertisement campaign within the software which is mentioned in its end-user licence agreement; this means that Anti-Virus vendors may flag this as an Adware or Pup.

A quick run through Virus Total generates a report of 10/55 services which class this exe file as suspicious, 9 class it as a pup while Symantec classifies it as a Trojan. Technically this software is not malware and you can uninstall after using it once, it’s better to use good judgement and if you have any doubts, give it a miss, also check out the below links which convey details of the product.

Thank you The Hacker News and pxc-coding and facebook

New Launcher 2.0 To Be Included in Chrome OS Beta

Google Chrome OS beta users are said to soon be able to test out a huge new feature. The Chrome Launcher 2.0 is said to come in the latest beta version, which looks more like a new tab on the Chrome browser than a platform.

The Chrome Launcher 2.0 is said to come integrated with Google Now which is able to show you the scheduled appointments, flights, reminders and other task cards. Since it is a launcher, it does have access to an app list, should you require it.

Besides the new launcher, the latest beta is said to come with an update that would update the OS timezone while travelling. Another feature that users should look forward to is the ability to unzip password-protected files.

The Material Design is making its way in the Chrome OS with the new update, but only for the File icon. Still, it is a start and Google is bound to add more in the following updates. Users who would like to test out these new features can migrate to the beta channel from the Settings page and wait for the update to be released next week.

Thank you Engadget for providing us with this information

Star Citizen Might Take up 100GB of Your Storage Space

Star Citizen was though to be a massive game from the very start, with vast environments and enormous gameplay. However, director of game operations at Cloud Imperium Games, Jeremy Masker, warns that it may be a bit more massive that people think.

The statement comes in response to a forum user from Robert Space Industries, who predicted that the game and its client will be heavily compressed and optimized. Unfortunately, Masker sends out a different and contradictory message to the latter statement.

“As I have already said, I would not count on this,” Masker stated. “The game compression and asset removal is unlikely to yield such high gains that we will be able to reduce our client size to 30-40GB. The size and number of assets that are left to deliver means that our client size is much more likely to be 100GB.”

“Also, yes we are optimizing game patching for speed and to only deliver diffs, but this is unlikely to reduce actual patch size,” he continued. “Again, each patch has 100s of assets, each of these assets are at times 200mb, this leads to 2-6gb patches, and if we end up doing a file type re-factor and have to re-download 30-40% of the assets on the hard-drive, then the patch will be 14-20gb.”

This might not be an issue for users who already have a super-fast internet connection, but fans who are not so lucky might be extremely disappointed.

Thank you PC Gamer for providing us with this information

Synology DS214Play 2-bay NAS Review

Introduction


When the imminent arrival of the DS214 was brought to people’s attention earlier in the year, hardware transcoding was a hot topic and the news that a NAS with improved on-the-fly video transcoding for mobile devices was also on the horizon only stirred more interest towards Synology. So without any more delay, it’s time to delve into the world of the DS214Play.

We’ve recently seen a few of Synology’s 2-bay systems and prior to  this review we had a look at the DS214Se – a special edition NAS that has budget users in mind – giving them a simplified NAS feature list. On the outside, the DS214Play looks nothing like the DS214Se and there is a good reason for this; whilst the DS214Se wants to make its stand in the budget end of the market, the DS214Play is aiming for a more premium look, whilst not hitting the same high prices that we see some 2-bay systems reaching. With the design and build blue-print derived from the DS414 and the little brother to this system the DS214 looking almost identical, the difference as always is what lies inside the system.

The crucial difference with this system over everything else is the Intel Eversport CPU that Synology have chosen. Many NAS options are not capable of transcoding media files – such as video – into another format for mobile devices such as phones and tablets to playback, however hardware transcoding is where the DS214Play pulls its weight. Thanks to the floating-point unit ability of the Evansport CPU, transcoding is a key part of the systems design, giving users the flexibility to watch whatever format of content they like without the worry of file compatibility.

When we look at the performance figures later on in this review we will be looking at the systems performance figures for video playback and processing photo albums as these are the two main area where this system should [in theory] top the charts. This is why we are here, so does it make a difference or is it all a load of pointless sales talk?

The DS214Play brings us a new lease of life to Synology’s packaging with a bright white and green design to the packaging, whilst inside the box there is the usual array of accessories for a system of this size.

Synology DS214Se ‘Special Edition’ 2-bay NAS Review

Introduction


Synology have been hot on the market recently with the release of the DS414 4-bay NAS – the latest revision to their popular 4-bay desktop range as it replaces the top-selling DS413. One of the main focus points of the DS414 is the price point for a pretty good level of performance. As we saw it may not be the fastest 4-bay system available, but when it’s priced considerably lower (>£100) than some of its rival units, it’s a bit of a no-brainer for anyone who is focussing more on raw capacity over performance.

Keeping on the same line, every NAS vendor has a few budget units in their product catalogue, however Synology have a more equal distribution across their range in the terms of performance and cost. As a brand Synology are not afraid to advertise that they build cheaper systems that offer lower performance figures and there is a good reason for this. When you take into account the overall cost of a typical 2 or 4-bay system with the cost of hard drives on top can easily tip over the £500 mark (or more if you go far a higher performance system); that price tag for some people does equate to a substantial chunk of money. For a number of users, the cost is simply too much to churn out. Typically those fighting the battle of cost is the home user, especially with today’s credit crunch here in the UK – where the cost of living when marked against your income is a bit out of proportion. As a result the goal is to get as much raw capacity as possible and for as little as possible.

As we’ve seen before, Synology use a simple naming system for their products, and those ending with a ‘j’ are built with capacity over performance in mind. To take things a step further, Synology have now re-written the rule book as they create a 2-bay system that is more budget conscious than ever. Bring forth the DS214Se. In the same way that the DS414 is the successor the DS413, the DS214 is the new model to the DS213 and the Se (Special Edition) marking puts this model in a position where it is even more budget friendly than before.

With the aim of the game keeping the overall purchase cost down, Synology have removed a number of features from the DS214 specification and have been more ruthless than ever. As a result, the DS214Se is going to be ideal for anyone who is a) on a very tight and b) not needing to run multiple features at the same time.

Whilst the systems specification has been cut down, the bundled extras include everything that you’ll ever need. Alongside the NAS, there is an AC power adaptor, Ethernet cable, a quick installation guide, warranty leaflet, and finally two sets of screws for fitting the drives and for holding the enclosure together.