by Dan Harper
It seems that someone is always crowing about a new computer virus more threatening than the last. People these days are torn between blind panic and no longer caring, but the new viruses aren′t just about annoyance, the game has changed.
The creators of these programs used to be unbathed teens in their parents’ basement. Their motive was simple anarchy and bragging rights. Because of their authors’ limited resources and attention spans, these threats were insignificant compared to the latest ones. What makes these new viruses different is the level of sophistication and patience their creators have. We are no longer dealing with bored teenagers. Instead, we are up against well funded companies or a nation′s best and brightest.
Organized cyberwarfare is happening now, but the first shots of this war were fired some time ago. Many of the infections just coming to light occurred a year or more ago.
Several governments have been implicated in cyberwarfare against the infrastructure and citizens of other nations. An example includes the compromise of the Dalai Lama′s machines, located in India, by China. According to investigator Greg Walton of IWM, a Canadian security firm, “We uncovered real-time evidence of malware that had penetrated Tibetan computer systems, extracting sensitive documents from the private office of the Dalai Lama." IWM went further and discovered over 1,295 compromised computers from the ministries of foreign affairs of eight nations and hacked systems in the embassies of eleven more during their ten month investigation. (source MSNBC)
The tool used was one of a new breed, a RAT. RAT stands for Remote Administration Trojan. They have been around for years, but never with the sophistication or ease of use. See this video provided by Symantec, the makers of Norton Antivirus: http://www.youtube.com/watch?v=Vz-gg8hxaVQ
What′s this got to do with us here? Two computers in Walsenburg were infected with a variant of the same virus. These had no state secrets on them, not even close. We don′t know the motive, but I suspect that these machines were simply collateral damage in a war few even noticed was
going on. One thing we do know at this point is that we can expect more of the same as more combatants enter the arena.
Defense against this threat is difficult. While the video provided by Symantec recommends updating your virus definitions, but it should be noted that they only became aware of this threat, created the defense, and produced the video in the last month even though this infection has been around for about two years. We can learn something very simple and effective from what happened to the Dalai Lama and his staff. The first thing they noticed is that the computers were “behaving strangely.”
Observation is the key, and if your computer seems to have a mind of its own, make sure you are still its master.