Hiding Malware, With Windows XP

In the nearly four decades since the first PC viruses spread in the wild, malware writers have evolved some exceptionally clever ways to hide their creations from system administrators and from anti-virus writers. The researchers at Sophos have found one that conceals itself as probably the ultimate Trojan horse: it hides its tiny payload in a Windows XP installation.

The crusty Windows version is packaged up with a copy of an older version of the VirtualBox hypervisor on which to run it. A WIndows exploit allows Microsoft Installer to download the whole thing as a 122 MB installer package that hides the hypervisor and a 282 MB disk image containing Windows XP. The Ragnar Locker ransomware payload is a tiny 49 kB component of the XP image, which the infected host will run on the hypervisor unchallenged.

The Sophos analysis has a fascinating delve into some of the Windows batch file tricks it uses to probe its environment and set up the connections between host and XP, leaving us amazed at the unorthodox use of a complete Microsoft OS and that seemingly we have reached a point of system bloat at which such a large unauthorised download and the running of a complete Microsoft operating system albeit one from twenty years ago in a hypervisor can go unnoticed. Still, unlike some malware stories we’ve seen, at least this one is real.

An SDK For The ESP8266 WiFi Chip

The ESP8266 is a chip that turned a lot of heads recently, stuffing a WiFi radio, TCP/IP stack, and all the required bits to get a microcontroller on the Internet into a tiny, $5 module. It’s an interesting chip, not only because it’s a UART to WiFi module, allowing nearly anything to get on the Internet for $5, but because there’s a user-programmable microcontroller in this board. If only we had an SDK or a few libraries…

The ESP8266 SDK is finally here. A complete SDK for the ESP8266 was just posted to the Expressif forums, along with a VirtualBox image with Ubuntu that includes GCC for the LX106 core used in this module.

Included in the SDK are sources for an SSL, JSON, and lwIP library, making this a solution for pretty much everything you would need to do with an Internet of Things thing. As far as LX106 core is concerned, there’s example code for using the spare pins on this board as GPIOs, I2C and SPI busses, and a UART.

This turns the ESP8266 into something much better than a UART to WiFi module; now you can create a Internet of Things thing with just $5 in hardware. We’d love to see some examples, so put those up on hackaday.io and send them in to the tip line.

VirtualBox Beta Runs Mac OS X

A new beta build of VirtualBox, Sun’s Oracle’s free x86 virtualization software, makes it possible to run Mac OS X as a guest operating system…no shenanigans or flaming hoops to jump through, just pop in the $30 retail Snow Leopard upgrade disc and go. This had previously only been possible with some awkward Hackintosh-style maneuvering, or using recent editions of commercial virtualization products.

Continue reading “VirtualBox Beta Runs Mac OS X”