- 20 -
malware that eats up resources to take part in a Bitcoin mining pool. The threat, also
known as DevilRobber, was spotted alongside a Mac image editing app made available
on popular file-sharing services. The first clue that gives away the presence of the
malware is the fact an infected system will start consuming a lot of resources without
the user running large programs. That happens because the Trojan will steal most of the
resources supplied by the computer's GPU to solve Bitcoin blocks. It is not uncommon
for Bitcoin mining bots to use the GPU to fulfill their tasks, but it is the first time they
have targeted Macs. Besides using the device as a mining unit, the malicious element
will also take screenshots of the system to try to procure sensitive data one might type
while surfing the web. To make sure nothing is left of the user's computing power, it
also runs a script that copies data such as browser history and bash history to a text file.
Source:
47.
October 28, threatpost.com
– (National) New Tor release fixes de-anonymization
attack. The Tor Project has released a new version of its client software to fix a serious
vulnerability that allows an attacker to strip users of their anonymity on the network.
The new version also includes many other security and privacy fixes. The attack that
enables the anonymity stripping requires a specific set of conditions to be in place, and
the new version of Tor removes two of those components from the equation, which is
enough to prevent the attack. It relies on the fact user clients will reuse their TLS
certificates when connecting to different Tor relays, which can enable an attacker to
identify a specific user by his certificate. "The attack relies on four components: 1)
Clients reuse their TLS cert when talking to different relays, so relays can recognize a
user by the identity key in her cert. 2) An attacker who knows the client's identity key
can probe each guard relay to see if that identity key is connected to that guard relay
right now. 3) A variety of active attacks in the literature ... allow a malicious Web site
to discover the guard relays that a Tor user visiting the website is using. 4) Clients
typically pick three guards at random, so the set of guards for a given user could well
be a unique fingerprint for her. This release fixes components #1 and #2, which is
enough to block the attack; the other two remain as open research problems," a Tor
Project's spokesman said in a message announcing version 0.2.2.34.
Source:
For more stories, see items
Internet Alert Dashboard
To report cyber infrastructure incidents or to request information, please contact US-CERT at
Information on IT information sharing and analysis can be found at the IT ISAC (Information Sharing and
Analysis Center) Web site: