Oooh! Scary! (and also wrong …)

You wanna know why I’m pedantic about malware terminology?

`United Kingdom banks and other financial institutions are being warned to be extra vigilant following the release on the internet of a new so-called “PC super bug” designed to steal online banking log-on details on an unprecedented scale. Cyber criminals have let loose a virus called Limbo 2 Trojan, which, according to security experts, is an extremely nasty bug developed specifically to worm its way into finance websites in order to cause maximum damage.’

So far, aside from the rather ill-defined reference to a “PC super bug” I don’t have all that much of a problem. A trojan could be designed to “worm” into the system.

“Security firm Prevx said the difference this time is that the new bug has been developed specifically to evade the vast majority of anti-virus computer systems. Such systems are devised by global IT security firms including McAfee, Symantec, and AVG. Finance houses all over the world rely on them to provide adequate protection.”

Hmmm. What we have heah, is a failyuh to c’mmunicate that we are trying to badmouth our competition.

“It is estimated that a single data breach can cost a big firm more than £3m to rectify.”

Ooooh, scary.

“Prevx reported that the Trojan bug features a changeable shell with a pliable cloak coming in many guises and variants to try to fool security systems and slip past conventional signature-based anti-virus detection.”

Can you say “polymorphic”? Can you say that we’ve already dealt with polymorphs, as far back as 1987? Can you say that trojans, because they are non-replicative, don’t use ploymorphism because they don’t copy themselves? (Argh.)

“This involves illegal technology that generates fake information boxes on a compromised computer, asking the user to enter more information than usual. While this is happening, passwords, credit card information and other personal details are transmitted to the malware’s criminal operator to then exploit financially.”

Gee, sounds like phishing.

http://business.scotsman.com/bankinginsurance/ Banks-warned-of-computer-39super.4328710.jp

Let the reader beware of a) vendor press releases, and b) newspapers that uncritically print vendor press releases as news.

Share
  • http://anti-virus-rants.blogspot.com kurt wismer

    “Can you say “polymorphic”? Can you say that we’ve already dealt with polymorphs, as far back as 1987? Can you say that trojans, because they are non-replicative, don’t use ploymorphism because they don’t copy themselves? (Argh.)”

    could they possibly be referring to a situation where the malware is highly targeted (ie. few victims) and each target has an instance with a different (as yet impenetrable) wrapper (basically server side polymorphism, which bears little or no relation to traditional polymorphism)?…

  • Nuno

    Hi,

    nice entry…

    I think if banks used a more secure method possible the trojan wouldn’t be so good… lets see uk banks use a ID and a memorable information comprised with 10characters or in same cases 6 as HSBC example, this is extremely week, in Portugal they issue a ID and a card with more than undreds of combinations and is a small card with columsn and rows, this is extremely good. in uk case if the trojan can still 3 times your logon information he can build easily your memorable information and than use your internet banking details…

    in Portugal the undreds of combinations can give time for anti-virus to detect the trojan and eliminate it…

    again uk systems still behind and I don’t know why.

  • Jason

    If I’d gotten that email in my mailbox, I would have thought it was one of those hysterical virus hoax messages.

    The level of semantical gymnastics and hyperbole is amazing.

    The ArsTechnica boys are a little less excited over it: http://arstechnica.com/news.ars/post/20080718-malware-bad-guys-tout-new-trojan-guaranteed-to-evade-filters.html

  • Mat

    Good article. Although you missed a golden opportunity to comment on the fact the article also throws in some mild racism for good measure in the last paragraph…

    “Now gangs operate from a number of countries, including Bulgaria and Romania.”

    Might as well say:
    “Sure, and we are fighting global terror from lots of people including muslims and people with brown skin.”

    Grrr, that kind of subtle passive-aggressive form of racism really narks me off.

  • nuno

    well mild racism ??

    this is security information.. and I’m not saying is correct, but there are some study’s that shows where cyber crime is higher… I wouldn’t call that racism at all..