As some of you may have already seen, we released Malwarebytes Anti-Malware for Mac last week. Prior to the release of the new product, I was of the mindset that Macs were not vulnerable to malware. So what changed my mind?
Doug Swanson, my former CTO at Malwarebytes (and current board member!) e-mailed me about a cool product called AdwareMedic he had found over the weekend. Doug’s grandmother’s computer, a Macbook Pro, had fallen victim to a search hijacker that was redirecting any links she clicked to advertising content. He ran AdwareMedic and all was well in the world. Doug insisted I take a look at the software, and his story certainly left me intrigued.
Over the weekend, I received several cryptic e-mails from my CFO, Mark Harris, asking if I had approved the wire template for “the wire I had requested.” We were in the process of making a few wire transfers on Monday but I had already approved those and communicated that to him. He repeated the question a few times, but I still didn’t think anything of it. He asked me again in person this morning. That’s when I started to dig in.
A warrant canary is a colloquial term for a regularly published statement that a service provider has not received legal process that it would be prohibited from saying it had received. Once a service provider does receive legal process, the speech prohibition goes into place, and the canary statement is removed. Source
In a nutshell, a “service provider” hoists a flag periodically that affirms they have not been subpoenaed for user information by a government agency. Often times these national security letters come with a gag order to not discuss the request. By not updating the warrant canary, or the canary disappearing, a provider can passively inform their users that an agency may have requested information and they’re now under a gag order. It’s a cute, and believed-to-be-legal way to inform users that their information may no longer be safe with the provider.
Canary Watch has even gone further and keeps an eye on any warrant canaries that are out there! Service providers watched on the site include reddit, tumblr, Adobe, and Cloudflare, among many others.
Social media is a great thing. Services such as Facebook, Twitter, and YouTube help connect friends, families, and even strangers around the world. But it’s well known that they pose an important threat to business owners.
Let’s start with the basics. It’s true that access to these services can keep an employee stimulated and give them a break from the stresses of their work. However, it’s not uncommon for people to spend endless hours scouring Facebook. Moderation is key. Put policies in place, monitor time spent on these types of sites, and help keep productivity high.
Now come the scary parts.
Continuing our media push, I wrote a guest post for Forbes.
High profile news throws a spotlight on how people feel about the privacy of their personal digital data, but for years, cybercrime has been stealing and selling it with very little coordinated public uproar. This malaise must end. The very real threat comes not from big faceless companies and governments, but those who seek to hide below the radar and the law. A combined awakening needs to take place and governments, businesses and Internet users must pull together to fight this very current threat to personal data, because at the moment cyber crime is winning.
Check out the post and let me know what you think!
So as you can see, I’ve been talking to the media a lot in the last few weeks. I was mentioned in “Soca shuts sites selling stolen credit card info” which was posted on the Computer Business Review website.
Just me preaching about how arresting a few cyber criminals will never stop the problem. New ones will take their place in a market this profitable for them.
I recently wrote an article for London Loves Business called “How can you protect your business from cyber attack?”
I figured it would come naturally to me, but I had to really give the content some thought. In a nutshell, employee education and updated security software are still so critical to keeping your business safe.
A friend of mine asked me to take a look as to why Google and Bing were inaccessible using Firefox. I dove in and realized that they were also unreachable using Internet Explorer, Chrome, and even command line ping. It became apparent that the hosts file had been hijacked. In fact, these entries were the only ones present:
I swiftly removed them from the hosts file and both websites loaded fine. But what had put them there? With a working browser, a quick search revealed that those addresses were not legitimate and something had clearly hijacked the machine.
Knowing my friend to be an avid Malwarebytes Anti-Malware user, I checked the quarantine and found several objects. The main files appeared to be dplayx.dll and dplaysvr.exe and had several registry entries allowing them to start with the computer. I sent the files to Adam Kujawa, a Malware Intelligence Analyst working with me at Malwarebytes. Adam confirmed that this malware was responsible for the hosts file redirection.
However, a further analysis revealed a more cynical side. Adam continued by saying that “all binaries analyzed were heavily packed with custom obfuscation methods and employed anti-debugging tricks which made them a pain to get through” and that “the use of the filenames dplayx.dll and dplaysvr.exe is important because the names belong to legitimate applications and are integral parts of Direct X.”
While not new, the use of these particular filenames shows that malware authors are still trying to hide their executables behind legitimate names.
Sveta from MRG brought this video to my attention.
Really shows how sophisticated and dangerous these threats can be.
With all of the SOPA talk this month, I figured an article on piracy was deserving. Being able to pinpoint users of pirated software is becoming easier and more accurate. For example, check out YouHaveDownloaded.com, a website that lists the torrents you may have downloaded in a certain time span. While the website is not perfect, for those who have static IP addresses, it can get pretty close and provide you a list.
In one article on CNET, it was mentioned that “someone in the home of French President Nicholas Sarkozy, a strong proponent of anti-piracy legislation, has been using BitTorrent to download pirated versions of music and movies.”
If the Stop Online Piracy Act passes in the United States, I’m sure technology to track torrents and other illegal downloads will improve. Consequently, imagine the privacy concerns I have for Internet users. This proof-of-concept website is scary enough!