There were three stories today with interesting variations on familiar themes:
1. Razer USA, maker of popular gaming accessories, discovered that its web site had been compromised and visitors who were trying to download mouse or keyboard drivers were getting infected copies. They shut down their site and began cleaning out the malware, which turned out to be an obscure Trojan that Trend calls WORM.ASPXOR.AB.
2. In China, someone has been sending spear phishing email attachments to the journalists and activists who are expecting to cover the 60th anniversary of the Chinese Communist revolution Oct. 1. The emails were from a fictitious economics editor named “Pam Bouron” who was asking the recipient to help her arrange interviews when she visited Beijing. As usual in China, it wasn’t clear if the malefactors were government agents, patriotic vigilantes, criminals from Russia, criminals from the U.S. or none of the above.
3. There was a piece on computer security practice on the front lines written by a company security manager under a pseudonym. “J.F. Rice” complained of managers in his company purchasing equipment without the slightest thought for security. In this case, managers replaced printers with “multi-functioning devices” (MFDs — printer plus fax plus scanner plus email, plus bells plus whistles.)
So what’s to worry about? Turns out the MFDs contain an old version of Microsoft Windows operating system and run on the company network. And, of course, nobody thought of patches, security updates or AV protection when they signed the contract with the distributor or planned the budget.
Also, when the MFDs process documents, they create temporary files then erase them. The text of those documents, of course, remains on the hard drives until it’s over written. And when they’re disposed of, will that information have really gone away? Noooo. There’s a potential compliance issue.
The point? Evil never sleeps.
No really. Malware threats and exposures evolve constantly, incessantly, prolifically. Expect that.