Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Anti Malwares. Show all posts

Georgia Tech Faces DOJ Lawsuit Over Alleged Lapses in Cybersecurity for Defense Contracts

 

Researchers at the Georgia Institute of Technology, who have received over $1 billion in Defense Department contracts, are facing scrutiny for allegedly failing to secure their computers and servers, citing that doing so was too “burdensome.” Since 2013, the Department of Defense has mandated that any contractor handling sensitive data provide “adequate security” on their systems. 

However, at Georgia Tech, laboratory directors reportedly resisted developing a security plan and opposed IT department efforts to implement basic antivirus and anti-malware software. Two IT department employees filed a whistleblower lawsuit, leading the Department of Justice (DOJ) to join the case against the university and the Georgia Tech Research Corporation (GTRC), the nonprofit entity managing government contracts. The lawsuit claims that the Astrolavos Lab at Georgia Tech delayed creating and implementing a security plan, as required by the government contracts. 

When a plan was finally created in 2020, it did not cover all relevant devices, according to the DOJ. Furthermore, the lab, whose mission is to address the security of emerging technologies critical to national security, did not install or update antivirus or anti-malware tools until December 2021. The lab allegedly fabricated compliance reports sent to the Defense Department. The reasons behind these alleged security lapses reportedly stem from campus politics. The DOJ complaint suggests that researchers bringing in substantial government funding were viewed as “star quarterbacks,” using their influence to resist compliance with federal cybersecurity mandates. 

Between 2019 and 2022, GTRC secured more than $1.6 billion in government contracts, with over $423 million in 2022 alone. The whistleblowers, Christopher Craig and Kyle Koza, filed the suit under the False Claims Act, allowing them to receive a portion of any recovered funds. Georgia Tech and GTRC face nine counts, including fraud, breach of contract, negligence, and unjust enrichment, with the DOJ seeking damages to be determined at trial. The DOJ stressed the importance of cybersecurity compliance by government contractors to safeguard U.S. information against threats from malicious actors. 

Meanwhile, Georgia Tech expressed disappointment at the DOJ’s filing, arguing it misrepresents the university’s culture and integrity, claiming that the government itself had indicated that the research did not require cybersecurity restrictions. Georgia Tech has vowed to dispute the case in court, maintaining that there was no data breach or leak and reaffirming its commitment to cybersecurity and collaboration with federal agencies.  

This case is notable given recent cybersecurity threats faced by major universities, such as the University of Utah and Howard University, where ransomware attacks have resulted in significant financial losses.

Anti-Duqu available for free, 100% Accurate detection of Duqu


Duqu(similar to Stuxnet) is notorious worm that exploit Windows Zero-day Vulnerability.  Microsoft released temporary fix yesterday for this vulnerability .  NSS Labs claimed that they developed very accurate Duqu detection tool , available for free .

This tool detects all DuQu drivers installed on a system.  This tool was developed in the hopes that additional drivers can be discovered to allow us to learn more about the functionality, capabilities and ultimate purpose of DuQu.

According to the test, NSS tool Success rate is 100%, zero false positivies. Developers said it is using advanced pattern recognition techniques, it is also capable of detecting new drivers as they are discovered. 

Two new drivers were discovered after the tool was completed, and both were detected by the NSS tool with no updates required.
 

Bloody photos of Gaddafi's death, A spam Mail leads to malware infection


Malware Attackers take advantage of The death of Libyan dictator Colonel Gaddafi to spread malwares.They have spammed out an attack posing as pictures of Gaddafi's death, tricking users into believing that they came from the AFP news agency and are being forwarded by a fellow internet user.





Spam Mail:



Subject: Fw: AFP Photo News: Bloody Photos: Libya dictator Moammar Gadhafi's Death

Message body:

Libya dictator Moammar Gadhafi's Death

Libyan dictator Moammar Gadhafi, the most wanted man in the world, has been killed, the country's rebel government claimed Oct. 20. The flamboyant tyrant who terrorized his country and much of the world during his 42 years of despotic rule was cornered by insurgents in the town of Sirte, where Gadhafi had been born and a stronghold of his supporters.

Attached file: Bloody Photos_Gadhafi_Death.rar
If windows users opened the attachement, it will lead to infection of your system.

Sophos anti-virus products detect the malware proactively as Mal/Behav-103.

Symantec AdVantage(Anti-Malvertising): Armorize and Symantec partnered and launched


Armorize Technologies(malware blog) and Symantec joined together to fight against Malvertisement. They launched a AdVantage(Anti-Malvertising) Technology, cloud based scanner to detect the malvertising(malware advertisement) in online.

“Malvertising poses a serious risk to online publishers and their customers, reputation and revenue. Highly publicized malvertising infections can damage the reputation of even the most trusted online sites. Symantec AdVantage will provide ad publishers the tools they need to protect their businesses by fighting back against these threats.”
– Fran Rosch, Vice President, Identity and Authentication Services, Symantec Corp.

 Symantec Advantage will scan, detect and report malvertising on websites by automatically alerting publishers and identifying the location of malicious advertisements so customers can remove malicious ads that may damage their business’ reputation. A real-time performance dashboard complements these automatic reports by providing essential insights. For example, Symantec AdVantage will enable customers to compare safe ads to malicious advertisements and discover how and when malvertising occurred by visually tracing and identifying the path and source of infected advertisements .

Symantec AdVantage is scheduled to be made available to publishers and ad networks through a free early access program beginning in November 2011.

The service will be available here:
http://advantage.symantec.com/

Reference:
Few days back, the famous site " KickAssTorrent(KAT.ph)" served malvertising, detected by Armorize.

Malware Analyzer v3.3 Released ~Security Tools

 
Malware Analyser is a freeware tool to perform static and dynamic analysis of the malwares.

Features:
  • String based analysis for registry, API calls, IRC Commands, DLL’s called and VMAware.
  • Display detailed headers of PE with all its section details, import and export symbols etc.
  • On distros, can perform an ASCII dump of the PE along with other options (check –help argument).
  • For windows, it can generate various section of a PE : DOS Header, DOS Stub, PE File Header, Image Optional Header, Section Table, Data Directories, Sections
    ASCII dump on windows machine.
  • Code Analysis (disassembling)
  • Online malware checking (www.virustotal.com)
  • Check for Packer from the Database.
  • Tracer functionality: Can be used to identify
  • Anti-debugging Calls tricks, File system manipulations Calls Rootkit Hooks, Keyboard Hooks, DEP Setting Change, Network Identification traces.
  • Signature Creation: Allows to create signature of malware.
  • Batch Mode Scan to Scan all DLL and Exe in directories and sub-directories

Malware Analyzer v3.3 rleased.

Changelogs:

--Added Traces signatures
--Improved parsing
--Bug fixes

iScanner detects and remove malicious codes and web page malwares

iScanner is a free open source tool lets you detect and remove malicious codes and web page malwares from your website easily and automatically. iScanner will not only show you the infected files in your server but it's also able to clean these files by removing the malware code ONLY from the infected files.

This tool has been programmed by iSecur1ty using Ruby programming language and it's released under the terms of GNU Affero General Public License 3.0.

Current Features:

  • Ability to scan one file, directory or remote web page / website.
  • Detect and remove website malwares and malicious code in web pages. This include hidden iframe tags, javascript, vbscript, activex objects, suspicious PHP codes and some known malwares.
  • Extensive log shows the infected files and the malicious code.
  • Support for sending email reports.
  • Ability to clean the infected web pages automatically.
  • Easy backup and restore system for the infected files.
  • Simple and editable signature based database.
  • You can easily send malicious file to iScanner developers for analyzes.
  • Ability to update the database and the program easily from iScanner's server.
  • Very flexible options and easy to use.
  • Fast scanner with great performance.
  • Yes, it's FREE!!


Free AVG Mobilation Application for Android ~ Anit Malware



Android becomes popular , at the same time  malware for Android mobiles started to increase rapidly.  In order to provide mobile security AVG released AVG Mobilation App for Android.  There are two versions available , Free and Pro.   They offer the full "pro" version with a value of around € 7

AVG Pro
"AVG Pro Mobilation" scans Android under individual applications, and media files for viruses. In addition, you can locate your cell phone using GPS on a Google Map. This is especially handy if you have lost your Android device, or it was even stolen. However, you must advance your device via e-mail address registered on the app

The security app also allows you to create backups in order to recover critical applications and data at any time. This service is still in beta phase. Next you delete with "AVG Pro Mobilation" individual tasks that reduce the speed of your mobile phone.

How safe are Mobilation AVG Pro
Exclusive to the Pro version of AVG Mobilation app you will also receive protection from virus-infected message. Also, you can block spam messages with the app.

The anti-virus feature is updated regularly, of course. New features in this version, however you will not be recorded via an update - unless you purchase "AVG Pro Mobilation" later bought.

AVG Anti-virus Free
"AVG Anti-Virus Free" Android scans under a single application, and media files for viruses. In addition, you can locate your cell phone using GPS on a Google Maps map. This is especially handy if you have lost your Android device, or it was even stolen.

The free app that allows to create backups in order to recover critical applications and data at any time. Next you delete with "AVG Anti-Virus Free 'individual tasks that reduce the speed of your mobile phone.

Get Free version from Here.