Microsoft Spot New Antivirus Blocking Trojan

In Uncategorized on 22.01.11 at 04:05

A new Trojan has been spotted by Microsoft researchers in China that neutralize antivirus products that rely on cloud-based technology. The cloud technology is a relatively new technology, specially used in security software. Upon running, it targets major Chinese AV vendors and other international security brands by blocking their internet access at the network driver layer.

“Engineering it is not trivial.”

Kurt Baumgartner

Of particular concern here is the sophistication of the so-called “Bohu” Trojan, which blocks the cloud-based antivirus software by means of a Windows Sockets service provider interface (SPI) filter, itself made possible by the installation of an NDIS driver. The malware employs social engineering techniques to trick users into executing it.

The use of cloud-based technologies is becoming more prevalent, as traditional antivirus companies adopt techniques that allow them to detect and neutralize malware infestations in minutes rather than in days.

Speaking to eWeek, Kurt Baumgartner, who is a senior malware researcher at Kaspersky Lab acknowledged that engineering it is “not trivial.”

This effectively gives Bohu the ability to perform deep packet inspection on the network data, which it uses to modify search terms sent to, and cookies belong to the top search engines.

For now, Microsoft says it has already contacted the affected vendors about the Bohu threat.

More on this story:
article at eWeek
article at Computer Weekly
article at IT Pro


Microsoft tool now scans for the Zeus Trojan
Security loopholes surfaces on Mac App Store
Zeus Trojan mules used fake names, passports
Evidence of Zeus Trojan found in majority of Fortune 500 companies

Related by The Swapper:

Cyber Attacks Force EU to Close Emission Trading System

In Financial Markets, Health and Environment, International Econnomic Politics, Law & Regulations, Natural science, Quantitative Finance, Technology, Trading software, Uncategorized, Views, commentaries and opinions on 22.01.11 at 03:15

A series of cyber-attacks on national registries, where carbon permits are stored, have forced the EU to close its emissions trading system (ETS) for at least a week. The European Commission posted the announcement on its website on Wednesday after Czech Republic-based firm Blackstone Global Ventures said about €6.8 million of carbon allowances appeared to have disappeared. Thefts on electronic registries in Austria, Greece, Poland and Estonia have also been reported over the last days.

“They will over time undermine the credibility of carbon trading as a policy measure.”

Kjersti Ulset

After discovering unauthorized trading on its account on Wednesday, Blackstone contacted the Czech registry OTE AS, which promptly closed all operations and began an investigation. The Paris-based BlueNext SA, operator of the world’s biggest spot exchange for permits, followed suit, as did registries in Poland and Estonia, before the EU finally imposed a region-wide shutdown.

It’s not the first time cyber criminal have been trading stolen permits at the international ETS market, but never has the activity been so comprehensive that the regulators have been forced to close the whole market.

“Incidents over the last weeks have underlined the urgent need for enhanced security measures,” the EU commission says in its announcement of the closure.

The bloc’s ETS system will be down, at least until 26 January.

Full statement


A Criminals Market

According to The Guardian, European Authorities estimate that up to 90% of the whole market volume is plain fraudulent activities.

Belgian prosecutors highlighted the massive losses faced by EU governments from VAT fraud today after they charged three Britons and a Dutchman with money-laundering following an investigation into a multimillion-pound scam involving carbon emissions permits.

The three Britons, who were arrested last month in Belgium, were accused of failing to pay VAT worth €3m (£2.7m) on a series of carbon credit transactions.

European authorities believe the EU has lost at least €5bn to carbon-trading VAT fraud in the last 18 months.

Last month, the European police agency Europol reported that the European Union’s Emissions Trading Scheme had been victim of fraudulent trading activities over the past 18 months, worth €5 billion for several national tax revenues.

Europol, the EU’s law-­enforcement operation, fears the fraud will be used in other areas, especially gas and electricity trading markets, after criminals found VAT fraud was one of the most lucrative financial frauds.

The Most Lucrative Financial Fraud

Wednesday’s announcement and similar cyber-attacks have also damaged the EU initiative, together with reports of tax fraud and the recycling of used credits, the reports.

“They will over time undermine the credibility of carbon trading as a policy measure,” says Kjersti Ulset, manager at Point Carbon, a company that reports on Europe’s emission trading, carried out in a network of registries across the union.

Despite its pioneering position, Europe’s ETS system has attracted criticism over its six years of operation, with some businesses saying it threatens the bloc’s competitiveness, while NGOs argue emission thresholds have been set too high.

By placing a price on carbon, Europe’s trading system is designed to lower company emissions and therefore protect the environment from global warming. Corporations received emission permits for free under the first phase (2005-2007) of the scheme. Some, however, are forced to pay for a portion of their permits.

The European emission trading system is the world’s largest, as the US plans for a similar cap-and-trade scheme was blocked by the US Senate last year.

Carbon permits are, however, traded as ordinary securities at the Chicago Carbon Exchange.

Brussels wants to see energy companies buy all their permits with their own money from 2013 and onwards, with other heavy industries gradually phased in by 2020.

China experts suggest pilot ETS projects could appear in Beijing’s next five-year plan, set to be approved in March.

Here at The Swapper we have been skeptical to the ETS all along.

It’s an artificial market, created on basis of nice thoughts, without a real supply/demand situation and is regulated in a way the is more similar to a pharmacy than a financial market.

But what is really worrisome, is the sharp increase in this kind of activity.

Just wait till you see the Chicago Board Option Exchange gets hacked!

Related by The Swapper:

Bank of America Sets Up War Room, Hires Army of Lawyers

In Financial Markets, High Frequency Trading, International Econnomic Politics, Law & Regulations, National Economic Politics, Technology on 22.01.11 at 01:18

Wikileaks, and its founder Julian Assange, has certainly stirred up some murky waters releasing confidential documents and emails on government activities. Recently Assange stated that he has a large batch of confidential documents that could lead to problems for a major bank, and in at least one interview he has identified that bank to be Bank of America. And the bank are taking the possible threat serious – deadly serious! So does the US Securities and Exchange Commission.

“The nation’s largest bank has set up a war room and assembled a S.W.A.T.  team of lawyers.”

FOX Business Network

According to FOX Business, the largest US bank has set up a war room and assembled a S.W.A.T.  team of lawyers and company officials to deal with the matter if anything should arise. And now the US Securities and Exchange Commission (SEC) is focusing in on the case too.

The Securities and Exchange Commission is keeping a close eye on Bank of America’s (BAC) Wikileaks dilemma to determine whether anything that the info-leaking website might release should have already been turned over to regulators who have conducted numerous investigations into the bank’s activities, FOX Business Network has learned.

The same goes for WikiLeaks.

It is, in fact, illegal to withhold information about criminal activities.

See also: Wikileaks Obstruction of Justice?

If and when the document dump occurs, the SEC – Wall Street’s top cop –  will be examining the material to determine if Bank of America has failed to include the emails and other documents in demands for information the commission has made as part of its many investigations into BofA activities.

Bank of America has been the subject of several high-profile probes by the commission, including issues surrounding its Countrywide Financial subsidiary, and its ill-fated purchase of Merrill Lynch during the dark days of the financial crisis in 2008.

Countrywide, which was the largest issuer of so-called subprime mortgages, has been accused of issuing mortgages to people with little if any documentation of work history or  means to repay the loans.

Neither SEC’s spokesman or BofA’s spokesman had no immediate comment, FOX reports.

If Bank of America purposely failed to turn over documents involving an investigation, the bank could face possible criminal charges of obstructing justice.

But so far, BofA has said that despite all the talk about it being a target, it has no evidence that Assange’s organization has documents involving the bank.

Blogger Templates


Bank of America vs. WikiLeaks, the inside story
WikiLeaks should motivate information security managers
Bove: WikiLeaks bluffing about Bank of America
The Most Sued Companies in America

Related by The Swapper: