Two new hacking tools

news

Usenet hotbed ofmalware saysMcAfee

Usenet is now a seething massof viruses, Trojans andbackdoors, according to oneindustry spokesperson.Dmitry Gryaznov, manager ofadvanced virus research atMcAfee, claims that news-groups are increasing in popu-larity as they allow people todownload free information andfiles, but that the virus writersare joining too, and are postingtheir malware there.

Infected files are oftendisguised as multimedia filesor as pirated software.

The volume on newsgroupshas grown 20% between Jan-uary and April this year andlooks set to continue. The sheervolume of traffic makes themdifficult to police — 230GB ofdata is posted to Usenet eachday. According to Gryaznov'sresearch, a single virus can beposted about 200 times in a day.

A further danger is posed bysites such as Google that archivematerial, because they preventposts from expiring, even afterthey have been taken down.

Despite the fact that manycorporations block the use ofnewsgroups, the malware endsup on the company networkanyway. "There are plenty ofgateways and you simplycannot block all of them,"Gryaznov said.

He says that "undoubtedly,education is one of the keys" tosolving this problem. To thisend, McAfee is launching Virus-Patrol Live, a website which willcarry a lot of information aboutUsenet and viruses and form aresource for statistics and

detailed information aboutspecific viruses.

Technology News

Biometrics usedas correction tool

Biometric authentication isbeing applied by those whohave no choice in the matter— convicted criminals.According to Maurice Chad-wick, COO of voice specialistsBuytel, the ‘community correc-tions market’ is second only tofinancial services and telcoapplications.

He says that the reason forchoosing voice, rather than themore traditional fingerprint oriris recognition, is that theentry costs are significantlylower. There is no need to buyan expensive reader as only amicrophone, or even ordinarytelephone, is required at theclient side.

So, offenders who are out onbail, or governed by a curfew,will make a telephone call tosay that they are ‘home’. Thiswill be authenticated by thetelephone number from whichthey are calling, coupled witha voice sample to prove theidentity of the caller.

This is a far cry from theJames Bond image formerlyenjoyed by the biometricsindustry. Chadwick describescommunity corrections as “oneof the early adopters…[but the]end users have no choice in thematter.”

Buytel’s main business is as amanaged service provider forits own verification product,Voicevault.

The technology works bytransforming a voice sampleinto a ‘voice print’ of thecharacteristics of that person’s

voice. This voice print is thenmatched against a sample tosee if the two are the same.This can be done with amicrophone or a telephone. Ituses “algorithms to filter outnoise,” and can be used via amobile handset or on a PC.

When CF&S asked himabout the accuracy of thetechnology, he said that it hada less than 1% equal errorrate. That means that there area similar number of falserejects/accepts. However, itcan be configured bythreshold — to be more or lessstrict — depending on thepriorities of the business need.

Chadwick emphasised theimportance the application ofthe risk algorithm to decide onthe level of security sophisti-cation required.

He argued that security isabout appropriate levels andwarned against trying to“shoehorn applications intoold security methods eg. PKI.”He said that voice verificationtechnology is “the naturalthing to use in M-commerceas its uses are only limited byimagination.”

Two new hackingtools

There are two new hackingtools available for download,which are stirring up a lot ofinterest in hacking circles.They are GodMessage andChoke.

GodMessage lets crackersput ActiveX code on Web pages. This could causebrowsers to download acompressed file, to be exe-cuted on startup. The dangeris that innocent sites could

be used in this exploitation.And, according to JonathonMynott at security specialistCryptic Software, “You onlyhave to browse a Web page tobe infected”.

However, the anti-virusfirms claim that those withAV protection should beprotected. Denis Zenkin atKaspersky Lab describesGodMessage as an ordinaryInternet worm generator. Hesaid that Kaspersky has,“received no reports ofmalicious code from God-Message 4 in the wild”.

Sophos spokesperson Gra-ham Cluley concurred: “God-Message relies on a vulnera-bility in some people’sbrowsers, but if you have anup-to-date anti-virus, it’sirrelevant.”

The Choke worm circum-vents security controls usingMSN Messenger and sendsitself to user’s ‘buddy’ lists.

Cluely pointed out thatinstant messaging is notcaught by traditional AV:“These viruses can waltz pastanti-virus gateway software.”

Tally Systemsupdate threat list

Tally Systems has added afurther 400 fingerprints tothe database of threats that itcan detect.Among the threats nowcovered are Back Orifice.L0phtcrack, WinNuker andVBS Worms Generator (ofAnnaKournikova fame).

Michael Vatis from NIPCexplained: “The cyber-environ-ment is borderless, affords easyanonymity and provides newtools to engage in criminalactivity.”

4

July issue.qxd 7/4/01 2:44 PM Page 4