If you want to make sure your computer or server is not tricked into undertaking malicious or undesirable behavior, it’s not enough to keep bad code out of the system.

Two graduate students from UC San Diego’s computer science department—Erik Buchanan and Ryan Roemer—have just published work showing that the process of building bad programs from good code using “return-oriented programming” can be automated and that this vulnerability applies to RISC computer architectures and not just the x86 architecture (which includes the vast majority of personal computers).

Last year, UC San Diego computer science professor Hovav Shacham formally described how return-oriented programming could be used to force computers with the x86 architecture to behave maliciously without introducing any bad code into the system. However, the attack required painstaking construction by hand and appeared to rely a unique quirk of the x86 design.

This new automation and generalization work from graduate students and professors from UC San Diego’s Jacobs School of Engineering will be presented on October 28 at ACM’s Conference on Communications and Computer Security (CCS) 2008, one of the premier academic computer security conferences.

“Most computer security defenses are based on the notion that preventing the introduction of malicious code is sufficient to protect a computer. This assumption is at the core of trusted computing, anti-virus software, and various defenses like Intel and AMD’s no execute protections. There is a subtle fallacy in the logic, however: simply keeping out bad code is not sufficient to keep out bad computation,” said UC San Diego computer science professor Stefan Savage, an author on the CCS 2008 paper.

Posted by Justin Payton in Adware, Spyware and Trojans at 10:22

JANESVILLE--The Janesville School District’s Web site was taken down Monday after a link to a computer virus was discovered.

The link was to the same virus that attacked the district’s computer system Sept. 19 and forced the district to take the Web site down at that time.

Part of the virus’ attack included installing a link to itself in the district’s Web site, said Brandon Keirns, manager of information technology. So when someone accessed the site, the virus tried to download itself.

Posted by Justin Payton in Adware, Spyware and Trojans at 17:30

People use the term “virus” for any piece of software that causes harm to their computers. Nevertheless, a computer virus is only one form of harmful software among many others which are purposely fabricated to disrupt computers or computer networks. Other types of harmful software include worms, trojans, spyware, adware, etc. Malicious Software or Malware for short, is the common term used to define all these harmful software.

Malware can destroy your data in computers, shut down networks/services by creating enormous amount of data traffic, or steal your confidential information which may result in considerable amount of losses both in terms of time and money. Even worse, you may not be able to recover the systems back to the original condition resulting in a permanent loss of your valuable data.

In order to protect your computers from these malware you need to get some basic understanding on the behavior of each type and possible defensive mechanisms.

Viruses

A malware can be called as a virus only when if it fulfills the following three (3) requirements.

It should have the capability to cause harm to a computer or its information

It propagates with the support of another file (host file)

* It can add or send its replica to selected targets Worms

A worm is a self propagating malicious piece of software. It uses the network connections of the infected computers or services such as email to propagate and infect other computers. Worms do not need a host file to propagate as in the case of a virus.

Posted by Justin Payton in Adware, Spyware and Trojans at 16:11

An angry Chinese lawyer accused Microsoft of perpetrating the biggest ever hacker attack in response to the software giant's controversial move to trigger hourly screen blackouts on computers using pirated copies of Windows XP.

On October 20, Dong Zhengwei, a lawyer of Beijing Zhongyin Law Office, sent a complaint to China's Ministry of Public Security, accusing Microsoft of invading personal computers without user permission or judicial authorization, the Beijing Times reported.

Dong said the judiciary should assign criminal responsibility for the Windows Genuine Advantage Program so called "Black Screen" scheme and halt this "illegal move".

To fight software piracy Microsoft announced on October 15 that, starting October 21, Microsoft anti-piracy software would be automatically installed on users' computers through the routine Internet-based update mechanism. If a computer fails a validation test, the desktop will change to a plain black background when the computer is restarted.

Users will be able to reset the black background to any wallpaper or another background color, but every 60 minutes the desktop will revert to black until a genuine copy of Windows is installed.

Microsoft's plan has aroused huge controversy in China. According to a poll on Chinese portal QQ.com, out of 574,923 participants, 73.33 percent said they were using pirate versions of XP, 51.58 percent said they intend to continue using pirate versions, and 32.87 percent said they will ignore Microsoft's "black screen" campaign. Only 15.55 percent said they intend to buy an authorized version. 77.23 percent said they oppose Microsoft's action.

Microsoft's anti-piracy campaign is also targeted at pirated versions of Office software, which includes the popular Word, Excel and Powerpoint applications.

Microsoft said their action was not particularly targeted at Chinese users and that it planned to extend the verification system to all Windows XP and Office users within two months. Microsoft also said that the "black screen" is just a "notification of piracy" and will not actually affect the normal operation of the computer. "And even if your XP or Office is pirated, we will not collect any information from you, so let's hear less of the charge of ' infringing privacy '."

But in his complaint, Dong Zhengwei said frequent compulsory validations will cause certain functions of PC to slow down and he maintains that computer users face potential information leakage. He characterized Microsoft's behavior as a kind of "hacker attack", because it infringes users' privacy and has not been legally authorized.

Chinese laws stipulate that a party will be considered guilty of illegal intrusion if it disrupts the normal functioning of computers by altering their operating systems.

Dong Zhengwei further noted that although Microsoft's action is understandable, its own failure to act for a long period had brought about a situation in which nearly 10 percent Chinese people use pirate software. Microsoft's failure to act could be construed as abandonment of its copyright. Furthermore, he said, "the creators of pirate software are to blame for piracy." Dong said, "Ordinary computers users should not be victimized."

Jiang Qiping, of the Informatization Research Center of the China Academy of Social Sciences, also said that Microsoft is conducting a hacker-styled attack. First, he said Microsoft's move to verify XP was an abuse of power and might infringe China's anti-monopoly law; second, since users of pirated versions will suffer hourly screen blackouts, it resembles a classic hacker attack.

There was a similar case in 1997. To fight piracy, Jiangmin, one of China's leading anti-virus software providers, released a logic bomb, a piece of code that would destroy all the data on a computer's hard disk if it detected pirate software. At that time, the public security department ruled that Jiangmin had no right to punish ordinary computer users, and that its action violated Regulations of the People's Republic of China for the Protection of Computer Information Systems. The company was fined 3,000 yuan (US$439).

Posted by Justin Payton in Adware, Spyware and Trojans at 09:57