The Malware Museum

malwaremuseum

At The Malware Musuem you can enjoy the experience of DOS-era viruses, trojans and other digital beasties without any of the risk. Many of them manifested as wild graphical tricks and other spectacular coding feats, distracting you as they formatted hard drives or corrupted files.

The Malware Museum is a collection of malware programs, usually viruses, that were distributed in the 1980s and 1990s on home computers. Once they infected a system, they would sometimes show animation or messages that you had been infected. Through the use of emulations, and additionally removing any destructive routines within the viruses, this collection allows you to experience virus infection of decades ago with safety.

Pictured above is LSD.COM Read the rest

Congress wants to know if agencies were compromised by the backdoor in Juniper gear (and where it came from)

Congressman_Will_Hurd_official_photo

The House Committee on Oversight and Government Reform has asked dozens of agencies in the US government to disclose whether they used switches made by Juniper, the disgraced US network technology giant that had at least two backdoors inserted into the software for one of its most popular product-lines. Read the rest

Head of NSA's hacker squad explains how to armor networks against the likes of him

Rob-Joyce-NSA-TAO-582x435

Rob Joyce runs the NSA's Tailored Access Operations group, the spies who figure out how to hack systems, publishing a spook's version of the Skymall catalog, filled with software and hardware that other spies can order for use. Read the rest

Your smartwatch knows your ATM and phone PIN

animation (1)

Because a PIN-pad is so constrained and predictable, the accelerometer in your smartwatch is able to guess with a high degree of confidence (73%) what you enter into it -- it can also serve as a general-purpose keylogger, though with less accuracy (59%), thanks to the complexity of the keyboard. Read the rest

Help wanted: malware researcher for U of T's Citizenlab

citlab-cities

Ronald Deibert from the University of Toronto's Citizenlab (previously) sez, "The Citizen Lab at the Munk School of Global Affairs, University of Toronto has a job posting for a security researcher/malware analyst. Read the rest

Startup uses ultrasound chirps to covertly link and track all your devices

animation (2)

Silverpush, a startup that's just received $1.25M in venture capital, uses ultrasonic chirps that are emitted by apps, websites, and TV commercials to combine the identities associated with different devices (tablets, phones, computers, etc), so that your activity on all of them can be aggregated and sold to marketers. Read the rest

The Economist's anti-ad-blocking tool was hacked and infected readers' computers

056c026d-1c66-4d42-9fae-a8e96df290c5-1020x822

Pagefair is an ad-blocking circumvention tool that publishers can use to track readers who've taken technological countermeasures to protect their privacy. The company has sold its service to many publishers -- including the Economist -- by deploying moral arguments about the evils of ad-blocking. Read the rest

It's been ten years since Sony Music infected the world with its rootkit

privacy-policy-445156_1280

Oct 31 2005: Security researcher Mark Russinovich blows the whistle on Sony-BMG, whose latest "audio CDs" were actually multi-session data-discs, deliberately designed to covertly infect Windows computers when inserted into their optical drives. Read the rest

Smurfs vs phones: GCHQ's smartphone malware can take pics, listen in even when phone is off

smurfs-wallpaper-the-smurfs-251131_1024_768

In a new episode of the BBC's Panorama, Edward Snowden describes the secret mobile phone malware developed by GCHQ and the NSA, which has the power to listen in through your phone's mic and follow you around, even when your phone is switched off. Read the rest

Newly disclosed Android bugs affect all devices

1443658669609635

The newly released bugs are part of the Stagefright family of vulnerabilities, disclosed by Zimperium Zlabs. Read the rest

Poker malware infects your computers and peeks at your cards

post-3404-128460424287

Odlanor is Windows malware that targets users of Pokerstars and Full Tilt Poker, and exfiltrates information about their cards to their competitors. Read the rest

Porn app secretly takes photos of you and charges you a ransom

fbi

A porn app developed by Russian hackers takes your photo, locks your phone, and displays a scary looking message from the "FBI" that says you have to pay a $500 fine for accessing "forbidden pornogaphic sites."

This piece of ransomware is called Porn Droid and affects Android devices. Unlike a similar porn malware app called Adult Player, which also take users photos and demands a ransom, Porn Droid users stay locked out of their phone even after they pay the ransom.

From IB Times:

According to security company ESET, which uncovered the campaign, the only way to recover access to your phone is through a factory reset, which means that all your photos, videos and contacts will be deleted and, unless they have been backed up, will be lost forever.

Read the rest

Proof-of-concept firmware worm targets Apple computers

It's like Bad USB, with extra Thunderbolt badness: Web-based attacks can insert undetectable malicious software into a Mac's UEFI/BIOS, which spreads to other machines by infecting Thunderbolt and USB devices. Read the rest

Boeing and disgraced malware firm Hacking Team planned flying spyware-delivery drones

An engineer at Boeing's Insitu subsidiary proposed that the disgraced malware company Hacking Team should add spyware-delivery tools to Insitu's drone platform. Read the rest

UK schools' "anti-radicalisation" software lets hackers spy on kids

The spyware that Impero supplies to UK schools -- which searches kids' Internet use for "jihadi" terms -- uses "password" as its default password, and the company has threatened brutal legal reprisals against the researcher who repeatedly demonstrated their total security negligence. Read the rest

A computer researcher haggled with a Russian ransomware criminal

hackers

If you accidentally install Troldash (via spam email) on your computer, it will encrypt your hard drive and lock up your files. Troldash will display an email address to contact the criminal, who will offer to sell you the key to decrypt your hard drive. Natalia Kolesova, a researcher at the security firm Checkpoint, intentionally installed Troldash on a test machine and engaged in an email exchange with the scammer to see if he or she would negotiate the 250 euro ransom.

Posing as a victim named Olga, the researcher contacted the scam artist, and received a reply with instructions to pay 250 euros to get the files back.

Suspecting the reply was automated, Ms Kolesova pressed for a more human response, asking more details about how to transfer the money, and pleading with the hacker to not make them pay.

Responding in Russian, the scammer offered to accept 12,000 roubles, a discount of around 15%. After Ms Kolesova pleaded further, the email response read: "The best I can do is bargain."

Eventually the unknown man or woman was talked into accepting 7,000 roubles - 50% less than the first demand.

"Perhaps if I had continued bargaining, I could have gotten an even bigger discount," Ms Kolesova concluded.

Image: Shutterstock Read the rest

Self-sustaining botnet made out of hacked home routers

Telcos send routers with default passwords to their customers, who never change them, and once they're compromised, they automatically scan neighboring IP space for more vulnerable routers from the same ISP. Read the rest

More posts