One Shot Design

Photo credit Egon Endrenyi © 2004 Revolution Studios Distribution Co., LLC.

In Guillermo del Toro’s big screen adaptation of Hellboy, The protagonists meet Sammael, a monster that reincarnates into two new creatures everytime it is killed. They quickly realize that getting rid of the beast turns out to be a rather tedious task since it multiplies exponentially. The characters eventually manage to destroy the offspring by burning down the very nest of which the eggs keep coming out.

Two weeks ago, I wrote about Internet providers succeeding in cutting down spam traffic by 2/3 after shutting off some identified ill-regulated Web hosts. Computer World reports how the Srizbi botnets were cut off from the chain of command, the latter being hosted at McColo. It appears however that botnets were programmed to try and reconnect to the chain of command by registering one fallback domain from a list generated by algorithms. In a round-the-clock race, security experts registered the domains guessed after a reverse engineering of the algorithm, but they were eventually overtaken as the first bots began to feed the rest of the 100,000 infected machines with the updated malware. As a result, spam traffic is now back to what it was like two weeks ago.

The Trojan horse concealed Greeks soldiers who were to overtake the city of Troy once the former had been brought in. Instead of being help up at gunpoint, today’s victims of bank details theft are being surreptitiously robbed by a new breed of criminals operating from their basement. As early (in Internet development years) as 2000 an insightful article published by Aerospace and Electronic Systems Magazine warned against the vulnerability of online banking. Since 2006, a new breed of Trojan viruses such as Sinowal, Torpig and Mebroot have been successfully used to steal an estimated half-a-million online banking account details.

It all starts when an unsuspecting web surfers catches one of the viruses while browsing on unsecured porn or gambling Web sites. Upon activation, the virus conceals itself on the master hard disk, flying below the radar of 68.6% of the antivirus software (24 out of 35). The virus has a register of 2,700 online banking Websites and it is triggered whenever the user accesses one of them. The virus then discreetly alters the HTML login form on the web browser to record all the sensitive data and forward it to a network of compromised computers cleverly laid-out and constantly redesigned to make it hard to locate the command and control point of the botnet chain.

Security group RSA advised the authorities after discovering a database of 300,000 bank accounts and 250,000 electronic cards accounts details. These kind of trojan viruses have affected hundreds of financial institutions across the world.

Needless to say, the heavy majority of trojan viruses are designed to operate on Microsoft Windows and on a Web browser that has writing privileges to the master disk (read: Internet Explorer). Some viruses for Apple OSX have been appearing too. Using an account with limited priviledges can reduce the risk of infection but online banking methods using one-time login keys are 100% efficient. The bank usually provides an input or timing device that uses algorithms to generate a unique key for each new login session. Trojan viruses can record all the other information, but the one-time key is useless and the account cannot be accessed without the proper one. Unless of course, someone manages to reverse-engineer those key-generating devices…

An EETimes article on security chips quotes an expert explaining how “Most people can’t reverse-engineer a smart card, so the cards are secure enough against most attackers. But both smart cards and memory cards assume that the reader is trusted, and they can be defeated by a malicious reader.“