Museum Shows Off Retro Malware

There’s some debate on which program gets the infamous title of “First Computer Virus”. There were a few for MS-DOS machines in the 80s and even one that spread through ARPANET in the 70s. Even John von Neumann theorized that programs might one day self-replicate. To compile all of these early examples of malware, and possibly settle this question once and for all, [Mikko Hypponen] has started collecting many of the early malware programs into a Museum of Malware.

While unlucky (or careless) users today are confronted with entire hard drive encryption viruses (or worse), a lot of the early viruses were relatively harmless. Examples include Brain which spread via floppy disk, the experimental ARPANET virus, or Elk Cloner which, despite many geniuses falsely claiming that Apples are immune to viruses, infected Mac computers of the 80s. [Mikko] has collected many more from this era that can be downloaded or demonstrated in a browser.

Retrocomputing is an active community, with users keeping gear of this era up and running despite it being 30+ years old. This software, while malicious at the time, is a great look into what the personal computing world was like in its infancy. And don’t forget, if you have a beige computer from a bygone era, you can always load up our Retro Page.

Thanks to [chad] for the tip!

The Most Brilliant Use of Crowdfunding Yet: Medical Research

Since the rise of Kickstarter and Indiegogo, the world has been blessed with $100 resin-based 3D printers, Video game consoles built on Android, quadcopters that follow you around, and thousands of other projects that either haven’t lived up to expectations or simply disappeared into the ether. The idea of crowdfunding is a very powerful one: it’s the ability for thousands of people to chip in a few bucks for something they think is valuable. It’s a direct democracy for scientific funding. It’s the potential for people to pool their money, give it to someone capable, and create something really great. The reality of crowdfunding isn’t producing the best humanity has to offer. Right now, the top five crowdfunding campaigns ever are two video games, a beer cooler, a wristwatch with an e-ink screen, and something to do with Bitcoin. You will never go broke underestimating people.

[Dr. Todd Rider] wants to change this. He might have developed a way to cure nearly all viral diseases in humans, but he can’t find the funding for the research to back up his claims. He’s turned to IndieGoGo with an audacious plan: get normal people, and not NIH grants, to pay for the research.

The research [Dr. Rider] has developed is called the DRACO, the Double-stranded RNA Activated Caspase Oligomerizer. It works by relying on the singular difference between healthy cells and infected cells. Infected cells contain long chains viral double-stranded RNA. The DRACOs attach themselves to these long strands of RNA and cause those cells to commit suicide. The research behind the DRACO was published in 2011, and since then [Dr. Rider] has already received funding from more traditional sources, but right now the project is stuck in the ‘funding valley of death’. It’s easy to get funding for early research, but to get the millions of dollars for clinical trials it takes real results – showing efficacy, and proving to pharmaceutical companies or VCs that the drug will make money.

So far, results are promising, but far from the cure for HIV and the common cold the DRACO promises to be. [Dr. Rider] has performed a few tests on cell cultures and mice, and the DRACOs have been effective in combating everything from the common cold, to the flu to dengue hemorrhagic fever.

The IndieGoGo campaign is flexible funding, meaning all the money raised will go towards research even if the funding goal is not met. Right now, just over $50,000 has been raised of a $100,000 goal. That $100k goal is just the first step; [Dr. Rider] thinks he’ll need about $2 Million to test DRACOs against more viruses and hopefully show enough progress to get additional traditional funding. That $2 Million is a little less than what Solar Roadways raised, meaning no matter what [Dr. Rider] will make one important medical discovery: people are very, very, very dumb.

Continue reading “The Most Brilliant Use of Crowdfunding Yet: Medical Research”

Decoding ZeuS Malware Disguised as a .DOC

[Ronnie] recently posted about his adventures in decoding malware. One of his users reported a phishy email, which did indeed turn out to contain a nasty attachment. The process that [Ronnie] followed in order to figure out what this malware was trying to do is quite fascinating and worth the full read.

[Ronnie] started out by downloading the .doc attachment in a virtual machine. This would isolate any potential damage to a junk system that could be restored easily. When he tried to open the .doc file, he was presented with an error stating that he did not have either enough memory or disk space to proceed. With 45GB of free space and 2GB of RAM, this should not have been an issue. Something was definitely wrong.

The next step was to open the .doc file in Notepad++ for analysis. [Ronnie] quickly noticed that the file was actually a .rtf disguised as a .doc. [Ronnie] scanned through large chunks of data in an attempt to guess what the malware was trying to do. He noticed that one data chunk ended with the bytes “FF” and D9″, which are also found as the ending two bytes of .gif files.

[Ronnie] copied this data into a new document and removed all new line and return characters. He then converted the hex to ASCII, revealing some more signs that this was actually image data. He saved this file as a .gif and opened it up for viewing. It was a 79KB image of a 3D rendered house. He also found another chunk of data that was the same picture, but 3MB in size. Strange to say the least.

After finding a few other weird bits of data, [Ronnie] finally started to see more interesting sections. First he noticed some strings with mixed up capital and lowercase letters, a tactic sometimes used to avoid antivirus signatures. A bit lower he found a section of data that was about the size of typical shellcode. He decoded this data and found what he was looking for. The shellcode contained a readable URL. The URL pointed to a malicious .exe file that happened to still be available online.

Of course [Ronnie] downloaded the .exe and monitored it to see how it acted. He found that it set a run key in the registry to ensure that it would persist later on. The malware installed itself to the user’s appdata folder and also reached out repeatedly to an IP address known to be affiliated with ZeuS malware. It was a lot of obfuscation, but it was still no match for an experienced malware detective.

Hackaday Links: August 21, 2011

Arduino + PS2 controller + R2D2

Here’s an unbelievably real-looking R2D2 replica driven by a PS2 controller with an Arduino inside that plays sounds from the movies. Too bad we couldn’t find any more details about it. [Thanks Bill]

Server build time-lapse

[Justin] and his colleagues spent five days upgrading their server by building a 29-unit cluster. Lucky for us they set up a web-cam to capture the process.

Cockroach computer

Behold this working desktop computer, complete with monitor and mouse. We’re not sure how it was done, or what it’s for, but worth a peek just because of its size. [Thanks Harald via Dvice]

Modelling self-assembling viruses

A 3D printer and magnets were used to build this model of a self-assembling virus. Shake the jar and it falls apart. Shake a bit more and it’ll rebuild itself… it has the technology.

Tardis cufflinks

[Simon] is exercising his geek chic with these Tardis cuff links. The Doctor Who inspired accessories were made from a model railroad telephone booth.

Exploit Bait and Switch

When a new virus or other piece of malware is identified, security researchers attempt to get a hold of the infection toolkit used by malicious users, and then apply this infection into a specially controlled environment in order to study how the virus spreads and communicates. Normally, these toolkits also include some sort of management console commonly used to evaluate successfulness of infection and other factors of the malware application. In the case of the EFTPS Malware campaign however, the admin console had a special trick.

This console was actually a fake, accepting a number of generic passwords and user accounts, and provide fake statistics to whoever looked in to it. All the while, the console would “call home” with as much data about the researcher as possible. By tricking the researchers in this way, the crooks would be able to stay one step ahead of anti-virus tools that would limit the effectiveness of any exploit. Thankfully though, the researchers managed to come out on top this time.

[via boingboing]

Things that kill you, hacked for clean energy

Tobacco and E coli can wreak havoc on your body causing serious damage if not death. Some researchers from the University of California at Berkeley have found a way to take these potentially dangerous organisms and make them do our bidding. By genetically engineering a virus they have shown that the two can be used to grow solar cells. Well, they grow some of the important bits that go into solar cells, reducing the environmental impact of the manufacturing process.

Once a tobacco plant is infected with the altered virus it begins producing artificial chromophores that turn sunlight into electricity. Fully grown plants are ground up, suspending the chromophores in a liquid which is sprayed onto glass panels to create the solar cells. This types of creative solar energy production make us wonder if Thunderdome and the apocalypse are further off than we thought.

[Thanks Jon]

Bios level malware


“Reformat it”. That’s pretty much our default answer when someone calls us complaining of malware and viruses. Though many can be removed, it can sometimes be quicker and less frustrating just to reformat it. Some of us even have specific ways that we organize all of our files just to make the quarterly reformat go smoother.  Unfortunately, reformatting may no longer be the absolute cure. Researchers have developed a piece of malware that infects the BIOS.  It is un affected by reformating or flashing. This means that it is also OS independent. They tested it on Windows and OpenBSD as well as a machine running VMware Player. This is a grim sign for the future.