Flame Malware Ripped Off Middle East Computer Systems

A strain of malware dubbed "Flame" has been spotted on computer systems in the Middle East, and threat researcher Kaspersky says it's one of the most sophisticated threats it's ever seen. Flame is designed to slurp up data and send it to command and control centers. However, it's unclear who made it, how far it's spread, and even just how sophisticated a threat it really is.

A cyberweapon of unprecedented sophistication is ripping through computer systems in the Middle East, security vendor Kaspersky Lab claims. It has dubbed the malware "Worm.Win32.Flame" -- or "Flame," for short.

Other security vendors, including McAfee and Symantec (Nasdaq: SYMC), have issued similar warnings, and there are claims that it was created, or at least backed, by a nation-state.

Flame is one of the most complex threats ever discovered, Kasperksy contends. However, the picture on Flame is far from clear. Various names have been given to various pieces of malware floating about, and it's uncertain whether or not they all refer to the same code.

"It's in the early stages of research at the moment," Dave Marcus, director, advanced research and threat intelligence at McAfee, told TechNewsWorld.

Kaspersky Labs spokesperson Greg Sabey declined to provide further comment.

However, Webroot contends the threat from this malware is overblown.

"Flame would be easy to discover for multiple elements of an intrusion defense system, so if a nation-state was behind it, they clearly didn't plan it well or want it to actually work," Joe Jaroch, vice president of endpoint solutions engineering at Webroot.

Something Wicked This Way Comes, We Think

Over the weekend, Iran's emergency response team published news of an attack it called "Flame" or "Flamer," McAfee said.

Meanwhile, Hungarian research team CrySys published information about a new piece of malware it called "sKyWIper," parts of which had been uploaded from Europe. CrySys later said sKyWIper is what Kaspersky called "Flame" and the Iranians call "Flamer."

Then there are news reports out of Iran that claim a piece of malware called either "Viper" or "Wiper" had infected computers at the country's oil ministry.

It's unclear whether all these names refer to the same piece of malware.

Meanwhile, there's speculation that Flame may be connected to the Stuxnet worm, but again the picture's murky. Kaspersky claimed at one point that Flame shares many characteristics with Stuxnet and its relative, the Duqu worm, then later said Flame has no major similarities with the other two.

"We don't see them being related," Webroot's Jaroch said. McAfee's Marcus is not sure yet.

What Does Flame Do?

The worm was launched to systematically collect information on the operations of states in the Middle East, Kaspersky said. However, there doesn't seem to be any kind of pattern as to who's being attacked. Victims include individuals, state-related organizations and educational institutions across several countries.

Once a system's infected, Flame begins sniffing network traffic, taking screenshots, recording audio conversations and intercepting keyboard commands. It then sends all this back to several command and control servers scattered around the world, Kaspersky said. Flame can also collect information about discoverable devices near an infected machine.

The Threat From Flame

Flame has many different libraries for compression and data manipulation, and it implements security algorithms as well as a Lua virtual machine, Kaspersky said. At about 20 MB in size, it is exceptionally large, and it is very sophisticated.

"Yes, it is a highly modular piece of code with many components, but that doesn't equate to the conventional term of complexity with regard to threats," Webroot's Jaroch remarked. Server-side polymorphic malware, which has been around for several years, is "orders of magnitude more complicated."

Further, while Flame does use differing algorithms, "none of them are challenging," Jaroch said. They're "significantly outdated and easily broken automatically by current security technology."

Although Flame covers several areas that some threats don't, none of them are unique, Jaroch pointed out. "One of the frequently commented-on aspects of Flame is that it collects the name of every file on the system but even this is far from revolutionary. Most backdoor Trojans have significantly more functionality than this -- Rbot, SubSeven and Bifrost, to name a few."

"Whether sKyWIper is the most complex [malware] ever or not has no bearing on whether or not Iran's CERT can come up with a remediation tool to remove the infection," McAfee's Marcus pointed out. "A full detailed analysis of sKyWIper is of a level of analysis way deeper than is required to come up with remediation tools."

As for Flame's complexity, Webroot "automatically developed a solution in 2007 ... and it would not be difficult for Iran to develop a solution either in our opinion."

Samsung Chromebox Review

Some may have suggested that the desktop is a dying breed – a relic of a bygone computing era – but Google is looking to buck that trend by putting its Chrome OS on a tiny computer called the Samsung Chromebox. 

The small form-factor PC sports the latest version of Chrome OS and arrives alongside the new Samsung Series 5 Chromebook, to offer up a meaningful competitor to Apple's Mac OS and Windows PCs.

Priced at $329 (£279), the Samsung Chromebox is designed for the lower end of the market – think net-top – and its tiny size and simple interface could just make it a viable computer for people who value simplicity and surfing over file management and power.

The Chromebox ships without a monitor, keyboard and mouse but obviously needs all three – something worth considering if you do not already have the necessary accessories.

Ports and Specs

Port wise the box sports six USB, a single Ethernet, two display port outputs and a DVI single link output.

The first thing you may notice is that there is no HDMI port, something of a surprise considering the growing market for media PCs that plug easily into the television and, perhaps more critically, there is no VGA port – which may mean many of its target audience will need to shell out for adapters to get it to work. 

Innards wise, the Chromebox sports an Intel Celeron B840, a cheaper 1900Mhz dual-core processor with integrated graphics.

This is at the lower end of the power spectrum, but probably what you would expect at this price-point. Given that the Chromebox really isn't built with any manner of core gaming in mind, it's probably fit for purpose.

Bootup and Chrome OS introduction

Perhaps the most significant thing about the Chromebox is the Chrome OS within – an operating system that is built for being online and might well be more suitable to a home environment (where a connection is usually present) than in the Chromebook ranges.

We'll dip into Chrome OS a little later, but it's worth pointing out just how ridiculously easy it is to get the Chromebox up and running – something that could well be a critical point to its audience.

Using the office Wi-Fi, after plugging our Chromebox in to a keyboard, mouse and monitor (after finding an adaptor for the latter) we were up and surfing with all our Google apps, docs and Chrome bookmarks inside two minutes.

For many that have battled to get up and running on various PCs over the years it's genuinely a breath of fresh air to be online and set up within minutes.

Chrome OS explored

Chrome OS itself has gone through a huge overhaul – bringing in a desktop and a windows set-up that will feel far more familiar to anyone who has used Macs or Windows PCs.

That means that multitasking is significantly improved in this version, something that you would expect from a desktop computer, and allows for you to have windows side by side on your monitor.

Another huge advantage of the Chrome OS in the Chromebox is that it boots in seconds, meaning that it is an ideal extra computer used for when you simply need to surf rather than to get to grips with more memory intensive programs.

This latter point is perhaps the crux – if you want to spend hours on productivity programs, video or picture editing for instance or constructing complicated office documents, then the Chromebox is probably not for you.

Programs cannot be simply installed as you would on a Windows PC or Mac but must be purchased or downloaded from the Chrome App Store.


This has certain advantages in terms of keeping the system speedy. All of the apps run online which means you never need to download updates and because most of the files are stored remotely rather than locally the in-built virus protection is not something you really need to worry about.


However, it does mean you are limited to what has made it to the App Store and been vetted by Google; so no "full-fat" Photoshop and no Microsoft Office (although the online Google Docs may well be powerful enough for many).


The super-speedy 16GB SSD is there to provide a little local storage, but, especially with a desktop PC designed to always be online, it is really just for the operating system files, cache and the odd bit of music.

Early Verdict

In a lot of ways the Chromebox makes more sense for Google than the Chromebook; it provides a speedy, well-designed and novel way of getting online quickly with enough additional functionality to make it a fine second computer.

Because, by its nature, a desktop PC is normally always in range of a network (be it LAN or Wi-Fi) the offline functionality issues that have blighted the rise of the Chromebook are irrelevant to the Chromebox.

Although the issues around programs are still there, as a secondary PC the remote access features mean that this provides a neat addition for heavy users who need the additional power but want a "surfing" computer.

And for those who don't need to do much more than consume media, files and browse the internet, this is a very cheap, very efficient and neatly designed offering from Samsung.

But, the omission of both HDMI and a VGA monitor cable in favour of the more-modern DVI is a massive oversight given the target audiences.

For many, having a second PC that they can plug into their TV (and many TVs have either of the two options) would be a tempting proposition, but making them go out to buy a cable is not ideal. Especially when they could feasibly go out and buy a tablet as a (pricier) alternative.

And for those with an old monitor (i.e. probably sporting an older cable and not DVI or DisplayPort) there would also be the need of a cable. It's a silly oversight – and one that you would hope is rectified at point of sale.

Because beyond that, the Chromebox could well carve itself a nice little niche in the desktop market.

Browser War: Google Chrome VS Mozilla Firefox

As of February 2012, Firefox and Chrome are neck-and-neck in the race for being the most used Web browser in the world, both with about 36 percent market share, according to statistics from W3Schools. While Firefox claims a slight lead over Chrome in terms of popularity, both browsers offer features that make them worth taking for a test drive. Important factors such as speed and security are more ore less comparable for the two browsers, so your ultimate decision may come down to which one offers the customizations or features that you need to perform your desired tasks

Structure

When it comes to structure, Chrome and Firefox subscribe to two different schools of thought. Firefox, owned by Mozilla, is an open-source project with many contributors, whereas Google's Chrome is closed-source and documentation is kept private. That's not to say that Google doesn't invite open-source projects, but its open-source browser is Chromium, not Chrome. What this means for the browser experience is that Firefox has potentially had "more cooks in the kitchen" working out potential bugs. Behind the scenes of the two browsers are two different browser engines -- they handle how the browser manages your requests; Firefox relies on the Gecko browser engine, while Chrome is based on Webkit. While both are equally viable, Webkit -- also used in Apple's Safari browser -- is more often used in mobile devices. For the future of browsing, this may be a big factor in overall viability. Firefox is also available on more operating systems, including Mac OS X, Linux, Windows, Sun Solaris, Open BSD and Free BSD. Chrome, meanwhile is available only for Linux, Windows and Mac; other operating systems must use Chromium.

Security

An important aspect for any browser is its level of security. According to a study conducted by Accuvant, Chrome emerged as the most secure browser, over both Firefox and Internet Explorer -- with Internet Explorer coming in over Firefox. Chrome scored the highest marks for having the highest number of anti-security measures. While both Firefox and Chrome employ "sandboxing" to isolate potentially harmful attacks on your computer, Chrome employs it more often, for more processes. Likewise, Chrome offers more security features for plug-ins, and automatically disables them when they become out-of-date.

Tabs

Another distinguishing feature of Chrome is its separate processes for each window and tab. When you open a new tab or window, Chrome separates that tab or window in to its own process. What this means for you is that if you're experiencing a slow load time on one site, it's not going to slow down your experience in other windows and tabs. Likewise, if one tab crashes, it won't crash the entire browser. Firefox, meanwhile, continues to employ the more traditional method of processing tabs, in which are all are tied together. In terms of security, this process separation employed by Chrome may make it more secure overall.

Extensions

When it comes to extensions to the browser, Firefox is the clear leader in the number of options. Likewise, Firefox comes with a number of extensions already built in, which could lead to a slower initial load time for the browser. If you're looking for the fastest load time, Chrome may be your choice. If you want a wider array of features to add in to your browsing experience, Firefox may be the answer. At present, Firefox's extension options include more security add-ons than Chrome. And since Firefox has been around longer, there's also been more time for finding and solving security issues.

How To Keep Your PC Malware-Free

Despite the best efforts of computer scientists around the world, malware remains a problem for all PC users, rank novices and seasoned professionals alike. Malware spies on your computer activities, hijacks your browser and contaminates your files. The Internet has become a prime conduit for malware infections, as malicious programs piggyback themselves on enticing, funny or apparently important messages. If you believe your computer has a malware infection, don’t despair; good solutions are available at little or no cost. 

Definition

Malware takes several forms, including viruses, Trojans, spyware and rootkits. A computer virus passes into your computer as part of a downloaded file or on portable media such as a USB drive. The virus runs as a low-profile program on your computer, creating and sending out copies of itself. A Trojan is a virus that typically spreads itself through email attachments and other files disguised as funny videos or important documents. When you click on the attachment, the virus installs itself. Spyware surreptitiously records your Web searches, keystrokes and other activity, looking for passwords, bank account numbers and other vital information. The spyware program sends your data through the Internet to another computer, where identity thieves and unscrupulous businesses collect it. A rootkit installs itself deeply in the computer’s operating system; when you remove the visible malware process and subsequently restart your machine, the act of restarting reinstalls the malware. Rootkits are difficult to detect and remove.

Symptoms

Computers infected with malware display a range of symptoms, some obvious, others barely noticeable. Obvious signs include annoying, persistent pop-up windows in Web pages and a reduction in your computer’s speed. A virus may hijack your system to send out enormous amounts of spam email, which slows other programs and brings Internet activities to a crawl. Some malware programs prevent you from running Microsoft Window’s Help system or your Web browsers. Clever malware programs mimic anti-virus software; these suddenly appear on your computer, flashing warning messages and offering to fix the “problem” for a price. If you see this message, do not accept the offer.

If you suspect an infection, close all open programs on the PC but do not restart it. If you have more than one PC in your home network, disconnect the infected one if possible. Make a backup copy of important documents you recently created or changed. Note any software programs you installed in the past few days; unless they were from trustworthy sources, these programs may have led to the infection. If the programs came from dubious sources, do not reinstall them. Refrain from sending email from the infected PC until you fix the problem.

Detection and Identification

A malware detection program scans your computer’s hard drive, detecting and identifying problems. Typically called anti-malware or anti-virus, the program has a built-in library of malware types and periodically downloads new malware information from its developer. This is necessary, as malware authors create new variations almost daily. When you perform a scan, include your computer’s internal hard drive and any external USB hard drives or memory sticks, as these may also contain malware.

Many new PCs include a preinstalled anti-malware program or suite of programs along with a subscription to malware library updates. Some common choices include McAfee Total Protection, Symantec's Norton 360 and Trend Micro's Titanium line. There are many others, including Malwarebytes, Microsoft Security Essentials and Kaspersky Lab's home security line. Independent reviews based on malware testing are your best bet for finding an effective solution.

The Malwarebytes Corporation distributes a free version of its Malwarebytes scanning software that does a competent job of detecting, identifying and removing infections. For $25, you can upgrade to the Pro version, which prevents infections and has other advanced features. CNET editors rate Malwarebytes 4 1/2 stars out of 5.

Microsoft offers a virus scanner called Microsoft Security Essentials free for home users and small businesses with 10 or fewer PCs. According to the experts at TechRadar, installing the software replaces the default program known as Windows Defender in Windows Vista and 7. Microsoft Security Essentials supports Windows XP, Vista and 7. If you have XP, you do not have Windows Defender, so Microsoft Security Essentials is especially worthy of your consideration.

Kaspersky Lab sells a variety of anti-malware packages including home and business editions. The personal and home office anti-virus software costs between $40 and $180, depending on the computer and your specific needs. The software license is an annual subscription to Kaspersky's malware database. Subscription renewals are slightly less expensive than the initial purchase price. On a case-by-case basis, Kaspersky Lab also offers single-purpose programs for removing malware at no charge; each program detects and removes a specific malware program.

If you have time and patience, visit websites such as “Bleeping Computer.” Computer professionals at these sites volunteer to help you identify and fix malware-related problems. On the site, you post a message giving details of the problem. The experts there give you step-by-step instructions to remove the malware. Typically, they provide links to download single-use software that addresses a particular virus. They provide these services at no cost to you. If your PC has a severe infection, use a second computer to do the research and download the necessary fixes.

Removal

The same anti-virus program that detects malware also removes it. Typically, after scanning your hard drive, the program displays a list of malware files. You select them and click a “Delete” button to remove the malware. Rarely, the software may have a false positive or flag a program that is not malware. Skip those files you trust and delete the rest. After deleting the malware files, the scanner may ask you to restart your computer. When the computer returns to its normal working state, rerun the virus scanner. It doesn’t happen often, but your anti-virus program may detect the same malware. In this case, your computer has a rootkit, which the virus scan did not remove. Do an Internet search on the malware’s file name to find a free, single-purpose program designed to remove it. Download and run the program and scan again. The program may remove the underlying rootkit but leave some malware files. The virus scan removes these.

Prevention

Because malware threatens your privacy, reduces your productivity and poses difficulties in removal, take steps to prevent infections. Windows software, beginning with XP, includes a firewall program that prevents outside intruders from compromising your computer; keep this program enabled. Exercise healthy skepticism when reading your emails; do not open attachments unless you know both the sender and the contents -- and unless you trust the sender to exercise a high degree of caution as well. For the same reason, do not click on Web links embedded in emails. Avoid unsavory websites or those flagged as infected by search engines, as simply loading a Web page can install an infection. Encourage all users of the PC to do the same. Regularly back up essential files and documents onto removable media, such as a USB drive or writable DVD and keep the media in a safe place. Install a good anti-malware program, keep it up to date with periodic updates and scan your hard drive regularly.

Things To Consider in Choosing Broadband Router

A router, or "residential gateway," is a network component that serves as a switch or hub connecting computers and devices on a network to a DSL or cable modem. There are a number of considerations to make when choosing a broadband router. Which product will best suit your needs depends largely on the type of network installed and individual performance requirements. A corporate network will have different requirements than a home or small office network. Likewise, a casual Internet surfer will have different requirements than an online gamer. This article provides information that will help you choose the best broadband router for your particular network. 

1. Choose between a consumer or commercial-grade router. A commercial-grade or "enterprise" router is designed for medium to large-size organizations. A consumer-grade router is designed for use in a home or small office network.

2. Understand that the primary difference between a consumer-grade router, and a commercial-grade router is the amount of data which can be transferred and the transfer rate. A commercial-grade router is designed to transfer much larger quantities of data at a much faster rate and therefore will exceed both the needs and the budgets of the average user. Typically, only users whose activities require the transfer of large amounts of data, such as online gamers, and users viewing or hosting streaming video.

3. Decide whether or not to install a router with wireless capabilities. Wireless routers have become the standard in recent years because they eliminate the need for a direct, physical connection with the server computer via Ethernet cable. The downside to wireless routers is that the connection can be slightly slower in certain situations. However, wireless routers typically provide ports for making a physical connection when faster data transfer rates are required.

4. Determine the number of Ethernet ports needed. The router will need to have enough ports for each device you plan to physically connect to the network. For example, if you plan to connect a printer, a scanner and 2 computers to the network, at least 4 ports will be required. The Ethernet ports are located on the rear panel of the router.

5. Understand the performance specifications. Most users will find the standard router specifications more than adequate. However, some users, such as online gamers and others who need to transfer large video or data files quickly, will require a higher level of performance than will the average user.

6. Choose an "IEEE 802.11n" compliance standard wireless router when superior range is required. A standard wireless router will have a range of about 120 feet (32 m) indoors, and about 300 feet (95 m) outside. However, an "IEEE 802.11n" class router will have an outdoor range of roughly 400 feet (96 m), and an indoor range of approximately 900 feet (285 m).

7. Choose a router that transmits on the 2.4 GHz frequency for superior data transfer rates. Wireless routers broadcast on 2 frequencies: 2.4-GHz and 5-GHz. The 2.4-GHz frequency provides a greater Wi-Fi range; however, the 5-GHz range will have increased bandwidth of 20 percent or more. A dual-band router can broadcast on both frequencies, but are typically considerably more expensive than routers broadcasting on the 2.4-GHz or 5-GHz frequencies.

8. Consider the amount of RAM memory installed on the router. The amount of RAM memory installed on a router will range between 8 and 128 megabytes (MB) and will have a dramatic effect on a router's performance. Gamers and other users who regularly transfer large amounts of data over the network and the Internet should choose a router with a minimum of 64 MB.

9. Consider the amount of flash memory installed. The amount of flash memory installed will range between 1 to 8 MB and will also impact the performance of the device. Users who regularly transfer large amounts of data should choose a router with at least 4 MB of flash memory installed.

10. Confirm that the router has the following features.

• Understand that firewall protection is an important security feature, standard on most broadband routers. Just like a computer firewall, a router firewall prevents unauthorized users from accessing the network by blocking access to all unrecognized connections.
• Consider the Dynamic Host Configuration Protocol (DHCP) support feature. DHCP support allows the router to assign a static IP address to each device connected to the network and is typically included as a standard feature.
• Confirm that the router provides Virtual Private Network (VPN) support. The VPN feature allows mobile and portable devices to establish a secure connection to the network.
• Consider a device with full duplex capability. The full duplex feature increases the performance of a router in terms of the speed in which data can be transferred over an Ethernet connection. The full-duplex feature allows for simultaneous 2-way communication between 2 devices across an Ethernet line, doubling a router's data transfer rate.
• Purchase a router with a "De Militarized Zone" port (DMZ). Also referred to as "isolated network support," DMZ is a security feature that allows a device to accept incoming connections through the Internet without providing access to the entire network. This feature is often used by online gamers to connect a gaming console to the network and allow incoming connections while, at the same time, preventing access to the entire network.
• Confirm that the device provides support for the Bootstrap Protocol (BOOTP). BOOTP is a legacy protocol used by a workstation to identify the host IP address. BOOTP support provides network access to clients who do not use the DHCP static IP address protocols. While DHCP has become the standard, some clients still use BOOTP, making BOOTP support a valuable feature in certain situations.

Keyboard Shortcuts That Work in All Web Browsers

Each major web browser shares a large number of keyboard shortcuts in common. Whether you’re using Mozilla Firefox, Google Chrome, Internet Explorer, Apple Safari, or Opera – these keyboard shortcuts will work in your browser.

Each browser also has some of its own, browser-specific shortcuts, but learning the ones they have in common will serve you well as you switch between different browsers and computers. This list includes a few mouse actions, too.

Tabs

Ctrl+1-8 – Switch to the specified tab, counting from the left.

Ctrl+9 – Switch to the last tab.

Ctrl+Tab – Switch to the next tab – in other words, the tab on the right. (Ctrl+Page Up also works, but not in Internet Explorer.)

Ctrl+Shift+Tab – Switch to the previous tab – in other words, the tab on the left. (Ctrl+Page Down also works, but not in Internet Explorer.)

Ctrl+W, Ctrl+F4 – Close the current tab.

Ctrl+Shift+T – Reopen the last closed tab.

Ctrl+T – Open a new tab.

Ctrl+N – Open a new browser window.

Alt+F4 – Close the current window. (Works in all applications.)

Mouse Actions for Tabs

Middle Click a Tab – Close the tab.

Ctrl+Left Click, Middle Click – Open a link in a background tab.

Shift+Left Click – Open a link in a new browser window.

Ctrl+Shift+Left Click – Open a link in a foreground tab.

Navigation

Alt+Left Arrow, Backspace – Back.

Alt+Right Arrow, Shift+Backspace – Forward.

F5 – Reload.

Shift+F5 – Reload and skip the cache, re-downloading the entire website.

Escape – Stop.

Alt+Home – Open homepage.

Zooming

Ctrl and +, Ctrl+Mousewheel Up – Zoom in.

Ctrl and -, Ctrl+Mousewheel Down — Zoom out.

Ctrl+0 – Default zoom level.

F11 – Full-screen mode.

Scrolling

Space, Page Down – Scroll down a frame.

Page Up – Scroll up a frame.

Home – Top of page.

End – Bottom of page.

Middle Click – Scroll with the mouse.

Address Bar

Ctrl+L, Alt+D, F6 – Focus the address bar so you can begin typing.

Ctrl+Enter – Prefix www. and append .com to the text in the address bar, and then load the website. 

Alt+Enter – Open the location in the address bar in a new tab.

Search

Ctrl+K, Ctrl+E – Focus the browser’s built-in search box or focus the address bar if the browser doesn’t have a dedicated search box. (Ctrl+K doesn’t work in IE, Ctrl+E does.)

Alt+Enter – Perform a search from the search box in a new tab.

Ctrl+F, F3 – Open the in-page search box to search on the current page.

Ctrl+G, F3 – Find the next match of the searched text on the page.

Ctrl+Shift+G, Shift+F3 – Find the previous match of the searched text on the page.

History & Bookmarks

Ctrl+H – Open the browsing history.

Ctrl+J – Open the download history.

Ctrl+D – Bookmark the current website.

Ctrl+Shift+Del – Open the Clear Browsing History window.

Other Functions

Ctrl+P – Print the current page.

Ctrl+S – Save the current page to your computer.

Ctrl+O – Open a file from your computer.

Ctrl+U – Open the current page’s source code. (Not in IE.)

F12 – Open Developer Tools. (Not in Firefox.)

Does one of these keyboard shortcuts not work in a specific browser, or is there another important one we missed here? Leave a comment and let us know.