Scientist-developed malware prototype covertly jumps air gaps using inaudible sound

Topology of a covert mesh network that connects air-gapped computers to the Internet.

Computer scientists have proposed a malware prototype that uses inaudible audio signals to communicate, a capability that allows the malware to covertly transmit keystrokes and other sensitive data even when infected machines have no network connection.

The proof-of-concept software—or malicious trojans that adopt the same high-frequency communication methods—could prove especially adept in penetrating highly sensitive environments that routinely place an "air gap" between computers and the outside world. Using nothing more than the built-in microphones and speakers of standard computers, the researchers were able to transmit passwords and other small amounts of data from distances of almost 65 feet. The software can transfer data at much greater distances by employing an acoustical mesh network made up of attacker-controlled devices that repeat the audio signals.

The researchers, from Germany's Fraunhofer Institute for Communication, Information Processing, and Ergonomics, recently disclosed their findings in a paper published in the Journal of Communications. It came a few weeks after a security researcher said his computers were infected with a mysterious piece of malware that used high-frequency transmissions to jump air gaps. The new research neither confirms nor disproves Dragos Ruiu's claims of the so-called badBIOS infections, but it does show that high-frequency networking is easily within the grasp of today's malware.

Read 8 remaining paragraphs | Comments

Look Before You Get Phished This Christmas

The Christmas season is a time to loosen up a few strings.  The ‘how’ is obvious, and the ‘where’ is situated in your pocket.

Now that’s no joke. You draw your plans and fix your expenditure. After all, you know the frontiers of your funds. But, the one who values it the most after you is the one who pries on you! It’s amazing to see how easily they do it. All it takes is a little bit of greed, a little bit of fear and a little bit of urgency and you lose your resolutions.  It’s only moments after you have allowed yourself to be cheated that you feel the remorse. After all, you have struggled for months to build your bank account balance to spend for Christmas only to have it burgled in an instance. If this detour does not bring you goosebumps, a little analysis on one such phishing sample should do the needful.

The header of the phishing email reads:

Subject: [Brand name] is giving you a chance to shop for free!
From: "[Brand name] Card" [name]@[domain].com

figure1_1.png
Figure 1. A spam email about a Christmas Phishing attack

The mail seems to come from a reputed financial institution, allegedly doling out ‘free shopping vouchers’ for Christmas. The mail also adds a hyperlink, stating ‘Kindly Click here now’ for users to qualify for a shopping voucher, and informing them the offer is valid till 31st December, 2013.

The most interesting part is that the voucher will be sent to users after they validate the voucher. It means, users must click first to be eligible! Now, that would not require second thoughts but be wary before you do it. There are many fraudulent tricks doing the rounds this Christmas.

Be aware when dealing with every financial transaction, check for discrepancies, and be absolutely certain before you click any link mailed to you. Verify that the hyperlink embedded in the email truly belongs to the financial institution to make sure you are not being taken for a ride. Don’t forget to regularly change your password and keep them secret, strong and unpredictable.

Such offers seem enticing but can wield a scattering blow to your tote and no amount of lamenting thereafter will bring back your possession. While we make every effort to protect you from online illegal activities and phishing attacks, we encourage you to follow best security practices to avoid fraudulent misdemeanors.

Symantec wishes you a safe and merry Christmas.