Saturday, August 23, 2008

When will people learn ?

Airtel (one of India's leading cell phone providers) has recently tied up with Apple to offer the iPhone 3G in Indian market. Everything is good but is the following sort of sales pitch necessary to sell of iPhones?? Airtel is quoted here as saying :

"even the most deadly hackers on the planet won't be able to crack the
codes that support the iPhone's Airtel applications with rival company
SIMs."

My question is : WHY ???. Even if you really have provided tamper-proof security, throwing a n open challenge to the highly skilled and distributed hacker work force on the internet is nothing short of the proverbial "hitting the axe on your own leg". Such stunts may be good to test your products before entering the market but not once the products are already out there. Such stupidity has surely attracted the bees and its just a matter of time before the bees sting.

Thursday, August 21, 2008

Return gifts from an internet cafe

Today, i was at an internet cafe for getting a printout as my old printer died its natural death. As usual, the cafe was running Windows XP machines in administrator mode. I never like the look of a windows machine running in administrator mode in a public place and i was quite sure that it was already pwned. Nevertheless, i plugged in my USB drive which contained just the file i wanted to print. After a few seconds, my drive was detected and i could print the file i wanted. All was well and good.

Then i took the drive home and plugged it back into my laptop which fortunately runs Ubuntu. Lo and behold, my drive now had three return gifts from the internet cafe. Doing a quick antivirus scan on the files revealed the following

neoblitz@n30:/tmp$ clamscan /media/PKBACK#\ 001/*
/media/PKBACK# 001/1.jpg: OK
/media/PKBACK# 001/2.jpg: OK
/media/PKBACK# 001/autorun.inf: OK
/media/PKBACK# 001/New Folder .exe: Trojan.Autoit.gen FOUND
/media/PKBACK# 001/regsvr.exe: Trojan.Autoit.gen FOUND

----------- SCAN SUMMARY -----------
Known viruses: 396428
Engine version: 0.92.1
Scanned directories: 0
Scanned files: 6
Infected files: 2
Data scanned: 1.57 MB
Time: 6.231 sec (0 m 6 s)

As you can see, i had 2 trojan binaries and an autorun.inf which pointed to those binaries. For people who didnt realize, this is a worm which uses an unsuspecting user to physically propogate it from machine to machine.

It makes me wonder, how many unsuspecting folks would have got infected by this. Also, the public machine itself is probably a part of some botnet and has all types of exotic malware already installed, sniffing passwords and recording transactions of unsuspecting users. Phew !

So the moral of the story is two-fold,
  • Do NOT trust public machines. Avoid using them for doing electronic transactions using your credit card, using your username/password for your email accounts and so on and so forth.
  • If you run as administator, then very likely you are not the only administrator :)
I will publish results of analysis of the binaries in the next post soon.