Kaspersky Anti-Virus 2009 (Live CD)

Russian security firm Kaspersky has produced a bootable Linux CD capable of mounting and disinfecting hard disks used by Windows PCs.

The ISO file seems to be freely available, although is tucked away on a part of the company's website that is pretty well hidden. This makes me suspect that it is not intended for general use.

Amed Kamal wrote about it a week ago, providing a direct link.

Using a rescue disc could improve the detection of threats that are usually hard to find and remove, such as rootkits. This is because the Windows operating system is not running - and rootkits hide by tricking the operating system.

Windows 7 contains Trojan

A pre-release version of Windows 7 has been infected with malware and is currently being distributed on peer-to-peer networks.

The tainted version of the new operating system includes malware that downloads further files from the internet. Trend Micro has named the threat TROJ_AGENT.NICE.

Last month criminals attacked Mac PCs using a similar tactic. They added malware to pirated versions of Apple's iWork '09 suite and Adobe's Photoshop CS4 software.

Virtual Windows 7

It is possible to install Windows 7 Ultimate Edition into an instance of VMware Server 1.0.5 running on Windows Vista. It is not a trouble-free process, however.

If you want to do the same, know that I set up a custom profile based on 'Windows Vista (experimental)' and chose to use a virtual IDE hard disk. Windows 7 does not have drivers for VMware's network adapter so install VMware tools (VM - Install VMware Tools). I found that the Sync driver failed to install but fortunately the network driver worked fine.

This set up is going to be very handy for those who need to take screenshots of the new operating system, particularly when illustrating installation steps or demonstrating how User Account Control (UAC) looks and behaves (see below).

Windows 7 User Account Control (UAC) in action

Virus Lab upgrade

Just over two years ago we put together our first purpose-built anti-virus testing lab. We're now upgrading it so that we can test more security products in less time - and expose them to more threats.

The new lab will be three times larger and will be relocated to its own secure basement lab space, with air conditioning and full-height rack-mounting facilities.

We've just received delivery of the desktop PCs that will be used as target systems i.e. their future involves myriad virus infections and hacker attacks. The KVMs and a new server arrived a week ago so the next step is to start wiring it all up and test the network.

Internet fraudsters being arrested (video)

Darkmarket was a trading website that allowed criminals to buy and sell personal data such as credit card numbers. When two of the criminals involved in this type of business were arrested last year, video footage of the bust was made available on the internet. It shows a room full of running computers and devices used to create fake credit cards.

Darkmarket was actually an FBI sting operation, the webmaster being an FBI agent.

Ebay disk contained rocket launch codes

A hard disk bought from eBay contained launch procedures for a ground to air missile launch system.

According to the BBC, researchers from BT and the University of Glamorgan bought disks from the UK, America, Germany, France and Australia. They then examined these disks to see if they contained sensitive data.

How hard is it to analyse second hand disks? According to Professor Blyth from the University of Glamorgan, "It's not rocket science."

The enemy inside

People are the weak link in most security systems. This much is said frequently by security experts. The BBC has published an article that introduces the business of physical penetration testing, a task carried out by tiger teams. The idea is that you pay a company to attempt to gain physical access to your building.

In this example, Colin Greenlees, a consultant of Siemens Enterprise Communications, tells how he gained access to a publically-listed financial company by fooling the MD to hold open the door for him. He then set up camp in an empty office for five days, inviting a collaborator to join him.

The art of internet threats

Message Labs has produced another range of visualisations. This time is has updated its archive with representations of some more recent threats, as well as illustrating its email services.

The new images are now available from the Message Labs site.

Windows 7 will help hide viruses

The version of Explorer included in Windows 7 will hide file extensions by default. This is the same behaviour as Explorer in earlier versions of Windows, which had been abused by virus writers frequently to trick unsuspecting victims into running programs.

For example, on a default Windows XP PC Explorer would display a file called 'image.jpg' as simply 'image'. Thus users are not confronted by strange looking file names. However, here's the problem. Non-technical users don't know what's going on half the time and the bad guys know this, which is why they do things like renaming malicious files with a false extension just before the real one.

For example, rename file.exe to file.jpg.exe and it will will appear in Explorer as 'file.jpg', which looks pretty innocent if you forget that you shouldn't see any extension at all (and it's so subtle that most people won't notice this anomaly). Double-clicking this file will not open an image editor or viewer. It will run the program, which is going to be a bad thing. In this respect Windows helps the criminals disguise their Trojans.

Microsoft should balance the convenience of hiding file extensions with the danger that accompanies this as a default setting that only experts will change. I'm not even sure that hiding file extensions is any more convenient. It just makes the screen look fractionally less cluttered. There is still time for the company to change the default setting - Windows 7 is at least a few weeks away from a final release. I hope that it makes that change.

Regardless of which version of Windows you use, it is a sensible idea to change Explorer's default settings so that you can see all file extensions. In Windows XP you can do this by running Explorer, choosing Tools from the menu and clicking on Folder Options. Click the View tab and untick the option called 'Hide extensions for known file types'.

Security company F-Secure posted about this setting in Windows 7 earlier today.

Low-cost remote snooping with laser pens

It's the kind of gadget you'd expect to see in a movie featuring James Bond, Ethan Hunt (Mission Impossible) or the men from The Man From U.N.C.L.E. Researchers have built a miniature laser microphone using parts costing less than $80. This device can be used to 'read' the keys pressed on a personal computer 50-100m away.

The laser pen, developed by Inverse Path, has been used in a demonstration to show how it can detect keystrokes made by a PS/2 keyboard that is plugged into a PC.

According to Cnet, which was covering the CanSecWest security conference last month, "Chief Security Engineer Andrea Barisani and hardware hacker Daniele Bianco used a handmade laser microphone device and a photo diode to measure the vibrations, software for analyzing the spectrograms of frequencies from different keystrokes, as well as technology to apply the data to a dictionary to try to guess the words. They used a technique called dynamic time warping that's typically used for speech recognition applications, to measure the similarity of signals."