tdss/tdl4 malware – the arms race continues

Interesting analysis of yet another botnet

The malware detected by Kaspersky Anti-Virus as TDSS is the most sophisticated threat today. TDSS uses a range of methods to evade signature, heuristic, and proactive detection, and uses encryption to facilitate communication between its bots and the botnet command and control center. TDSS also has a powerful rootkit component, which allows it to conceal the presence of any other types of malware in the system.

More evidence of the increasing sophistication of malware…


tdss/tdl4 malware – the arms race continues

in which i dare disagree with security industry luminary bruce schneier

It’s not often that I disagree with Bruce Schneier, one of the leading lights of the security world… however, I do have a teensy weensy bone to pick with him regarding one of his recent blog postings.  A recent test conducted by the Department of Homeland Security on its employees found (to no one’s surprise) that people are prone to pick up unidentified USB drives and pop them into their computers with abandon, providing nefarious personages the ability to infect their systems with malware.  Schneier took issue with the following quote from a security expert regarding the study:

Mark Rasch, director of network security and privacy consulting for Falls Church, Virginia-based Computer Sciences Corp., told Bloomberg: “There’s no device known to mankind that will prevent people from being idiots.”

In Schneier’s view, the idiocy really rests with operating system manufacturers who allow their products to access untrusted USB devices with providing the user with any protection and that the users are simply doing the best that they can under the circumstances.  This is where I disagree.

While OS manufacturers should be doing a better job of securing their products against unknown USB devices, in the current situation users need to exercise extreme caution in what they stick into their computers’ USB ports.  Until we have better tools to mitigate this risk, users have to play an active role in protecting themselves and their organizations from USB borne threats.  There has been a lot of news coverage (and at least at my organization, security awareness training) to let people know about the risks of USB devices of uncertain provenance.  I happen to think that the people in my organization are smart (and good looking) enough to remember a few very basic security messages and behaviors needed to protect our systems and networks:

  • Don’t open links or files from strangers
  • Don’t open unexpected/strange links or files (that seem to be) from friends
  • Don’t take USB candy from strangers

Yes, I know that application of these rules will not provide 100% protection from malware, but following them will definitely mitigate the risks involved, which is really the best we can hope for at this time.

So, Bruce, you are still my hero, but I think we need to hold our colleagues to a slightly higher standard in terms of their role in protecting our computers and networks.

Oh, and as for Mr. Rasch’s “idiot” comment, I think he was a bit rough on users in terms of his choice of language.  I would have said “boneheaded” or “Homer Simpson-like” instead.  This is why I am beloved at my workplace.

in which i dare disagree with security industry luminary bruce schneier

my brain made me do it!

I just got done reading an extremely interesting book recently… Incognito: The Secret Lives of the Brain by Baylor University neuroscientist David Eagleman.  Eagleman’s hypothesis is that most of the activity going on in our brains is happening below the level of our consciousness, down in “burned in” subroutines which do most of the heavy cognitive lifting.  Our consciousness is the brain’s “summary” of what is going on both out in the world and inside our heads – the metaphor he uses is that of a newspaper.  While it is impossible to know all of the things going on the world around us, a newspaper gathers up a summary of information we need to know (at least according to the newspaper editors and their corporate masters).  Eagleman theorizes that consciousness is our own newspaper, constructed on a moment to moment basis by the incredible piece of gefilte fish in our heads and that without such a mechanism, we would be overwhelmed by information and sensation and unable to react to the world around us.

The interesting part of the book from a security point of view is Eagleman’s contention that free will is really an illusion and that the decisions we make are determined by organic processes and those “burned in” routines we are not even conscious of.  Neuroscientists have been making great strides in tying brain function to behavior in measurable ways, he says, and as the science gets better, we will be able to better see the connections between antisocial behavior and neural malfunctions.

Of course, this has large ramifications for crime and punishment – if there is an organic basis for criminal behavior, we need a new approach to dealing with criminals, one that protects society by isolating them, but which also focuses on whether future criminal behavior can be prevented through medical intervention.  Eagleman is very clear to say that he does not feel that criminal behavior can be excused by his theory, just that how we deal with criminals needs to change.

This was a fascinating and thought provoking book and is well worth your time.  If you want to get a taste of what Eagleman has to say, The Atlantic has an excerpt from the book on their web site.

Now I am going to go eat a pint of butter pecan ice cream and it isn’t my fault…



my brain made me do it!