Zero Days, Unknown Malware, and Hackers for Hire

Much has been written about the rising trend of new malware and hackers for hire, as well as the newly burgeoning underground markets which finance them. eEye Research has a very strong perspective into this realm since we are bug finders ourselves as well as a research team that constantly keeps its ears to the ground.

As time goes on we will continue to see an increasing population of computer engineers, programmers, and researchers around the world. This is an inevitable trend. With this growing population, we will also see an increase in those researchers that will be competent in finding software bugs and potentially writing malware. As more people learn to program, more must also learn how to find security bugs. After all, malware programming is different in only one respect to regular computer programming: intent.
When you connect your home system or work system online… you are literally walking out into the ‘global village’ - as they used to say – and that ‘global village’ may have a lot of nice people in it. But, it also has a lot of very not nice people in it. You cannot see it physically, but you are not only connected to nearly every good neighborhood on the planet, but also every bad one – and there are a lot more bad “neighborhoods” out there than the vast majority of people realize.

There is also a lot of good with the Internet and the online ‘global village’. People from all nations with liberal laws for Internet users may converse, they may work together in spite of language differences towards the big problems facing the world. But, we cannot forget that there are a lot of big problems still facing the modern world. And most of those problems are caused by people themselves.

We have moved beyond the era of the public worms. That is not to say they do not exist and are not a formidable threat, but they are no longer the tool of choice for viable attackers now since the underground vulnerability market has become so proficient. The much worse problem facing users of computers is the rise of spyware… a term which has evolved from certain pieces of “commercial” spyware to meaning trojans, rootkits, and any piece of malware which is designed to spy on the user. These pose an especially serious threat since it is far better to get your system destroyed than to have your data stolen. Information which is taken from you retains its’ value; information which is destroyed loses its’ value.

The rise of these underground spyware markets we are now seeing is wholly attributed to the value of personal information that exists in our normal day-to-day computers. In the past, information/identity theft was not easily translated into anything monetary. However, these information/identity theft networks have become so surprisingly proficient at the sale of this information that an identity thief can translate this information into a dollar amount in only a few minutes. This has become an incredibly lucrative business and will only increase in “customers”.

Another point which is sometimes difficult to impress upon people is the value of the information they have on their computers. You often have to get people to step back and really think about that information from the standpoint of a hostile stranger. Sure, there are obvious problems such as identity theft which can range from someone literally using your information to create a new identity for themselves to bank account information being stolen. There are rising markets, globally, for this kind of data. Free and easy trade helps the global economy. Then, as we all know by now, there is also the rising desire for those who want to know everything else they can about you, and those who want to control what you see and hear on the Internet – pushing you to gaming and adult porn sites through their malicious applications.

These things said, “Don’t panic”, as Douglas Adams amusingly wrote in his “Hitchhiker’s Guide to the Galaxy” which juxtaposed an everyday guy facing bewildering new technology. It is important to be educated about those problems we face, but it is equally important to understand that these are problems we can face, problems we can conquer.

There are going to be times when the security industry has to change. The “in the box” thinking only goes so far when dealing with unorthodox criminals who do anything but think this way. Where past solutions have failed to adapt, new solutions will arise to meet the challenges.

Right now, the Internet can be compared to the Wild West in the US… made famous by countless movies. There have been similar times in the rise of every country on the planet. As civilized as the modern world may be, we are effectively talking about the barbaric outlands when we talk about the Internet: a strange mixture of modern convenience and advanced technology with near lawlessness… that is an apt description of the Internet. We do not have the laws and surely not the enforcement personnel in place to handle these crimes. At best, the authorities can hope to focus on potential big name cases… and even there they find that the laws to prosecute with or the international treaties to have global legal cooperation are just not there or are sorely lacking. Security companies are forced to take up the slack, as Pinkerton did in the old Wild West. But, at least today, they can effectively be hired to work for everyone – not just the big corporations and government.

Source: Drew Copley, Senior Security Engineer, eEye Digital Security

CNET Editor's Review: Blink Personal Edition
"Blink Personal is free for personal use; includes vulnerability scanner; many configuration settings; and is rules-based.

Blink Personal Edition Received 7.0 out of 10.0 points, a Very Good rating" Full Article

eEye spots pre-Patch Tuesday Windows flaw
"Researchers from eEye Digital Security have reported a vulnerability in numerous Microsoft Windows operating systems." Full Article

Security Researchers Say Windows .ANI Problem Surfaced Two Years Ago
"The Windows .ANI bug that has plagued users for the past week is nearly the exact same problem Microsoft had to patch two years ago, security experts say" Full Article

Hot or Not: Local privilege escalation vulnerabilities
"Due to the interactive nature and required access to exploit, local privilege escalation vulnerabilities have traditionally been thought to have a minimal impact on the strategies enterprise IT departments incorporate to protect networks when compared to other code execution vulnerabilities." Full Article

Q: Are there any more zero-days floating around in the wild?

A: Yes, two actually.
http://research.eeye.com/html/alerts/zeroday/20070407.html

http://research.eeye.com/html/alerts/zeroday/20070329.html

Also, there was one already released and patched since the last versa
http://research.eeye.com/html/alerts/zeroday/20070328.html

Have a question you would like answered? Send it to versa@eEye.com, and win an eEye t-shirt if we select your question for an upcoming newsletter.

eEye Names Kamal Arafeh Chief Executive Officer
Experienced Security Leader Joins eEye Board of Directors Full Article

eEye Offers Free Consumer Edition Award-winning Internet Security Product with Anti-virus
eEye Blink Personal provides anti-virus, anti-spyware, personal firewall, and host vulnerability assessment at no cost to consumers Full Article

eEye Releases Temporary Software Patch to Protect Against Zero-Day Flaw
eEye Digital Security protects users from critical vulnerabilities without need for software patches Full Article

eEye Exhibiting at DoDIIS Worldwide Conference 2007
Over the past several years, the Defense Intelligence Agency CIO-sponsored DoDIIS Worldwide Conference has become the Intelligence Community’s premier IT conference. This year’s event, to be held in Chicago, will highlight cutting-edge capabilities currently deployed and explore innovative solutions designed to support the changing needs of the warfighter. Full Article

Stay Up-to-Date with eEye Research
eEye Research has seen some staggering results from the recent influx in Blink Personal/Neighborhood Watch users. This data is offering eEye Research a distinct insight into host-based vulnerability and attack trends to offer enhanced protection into Blink. Keep an eye on the eEye Research Portal http://research.eeye.com/ for future projects that have arisen because of the mass use of Blink personal including Neighborhood Watch reports and attack trends. More

HOW TO SUBSCRIBE
To subscribe to this and other eEye newsletters, please visit: http://www.eeye.com/html/resources/newsletters/subscribe.html

FEEDBACK
The eEye newsletter staff welcomes any comments, questions or suggestions from our readers. We hope that you will not hesitate to contact us with any feedback you may have. Send all feedback to versa@eeye.com.

DISCLAIMER
The information within this newsletter may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties with regard to this information. In no event shall the author be liable for any damages whatsoever arising out of or in connection with the use or spread of this information. Any use of this information is at the user's own risk.

NOTICE
Permission is hereby granted for the redistribution of this newsletter electronically. It is not to be edited in any way without the express consent of eEye. If you wish to reprint the whole or any part of this newsletter in any other medium excluding electronic medium, please email versa@eeye.com for permission.