Subscribe to:

Subscribe to :: TheGuruReview.net ::

IBM Taking QRadar To The Cloud

April 24, 2015 by Michael  
Filed under Computing

IBM IS bringing its QRadar Security Intelligence technology to the cloud in a bid to help companies prioritize major security threats more quickly and free up critical resources to fight cyber attacks.

The offering is available through a cloud-based software-as-a-service model, and comes with an IBM Security Managed Services option for security experts with more advanced skills.

QRadar Security Intelligence comes in the form of two services. The first is IBM Security Intelligence on Cloud, which the firm said will help organisations determine whether security-related events are simple anomalies or actual threats.

“Built as a cloud service using IBM QRadar, enterprises can quickly correlate security event data with threat information from over 500 supported data sources for devices, systems and applications,” IBM explained.

“This is complemented by more than 1,500 pre-defined reports for use cases such as compliance, vulnerability management and security incident response.”

The second service is Intelligent Log Management on Cloud designed to simplify security and compliance data collection.

This is also powered by IBM QRadar technology, and uses analytics and a hosted, multi-tenant technology to integrate with existing infrastructure, working with real-time correlation and anomaly detection capabilities.

“Through support for more than 400 platforms, security managers can also capture logs from nearly any device in their security operation,” the firm added.

IBM said that the announcement is a reaction to the findings in the 2014 IBM Cyber Index, which revealed that organisations across the world deal with an average of 91 million potential security events every year, a problem that creates huge amounts of data that needs to be stored and analysed.

The cloud software announcement arrives just after IBM posted its Q1 2015 financial results, demonstrating strong growth in the cloud.

The results showed cloud revenues up 75 percent to $3.8bn from $2.3bn in the first quarter of 2014.

However, IBM posted an overall quarterly revenue decline of 12 percent owing to the effects of the strong dollar.

Revenues were $19.6bn for Q1, a figure that would have been equal to the $22.5bn that IBM made last year were it not for the effects of the dollar and moves to divest unprofitable parts of the business.

Overall the revenue drove IBM to profits of $2.4bn for the quarter. The company said that this was down five percent on the same period last year, although at that time IBM also reported profits of $2.4bn, suggesting that the original figure was raised at some point.

Courtesy-TheInq

 

Citrix Finally Goes OpenStack

April 24, 2015 by Michael  
Filed under Computing

Citrix has become a corporate sponsor of the OpenStack Foundation in a push towards interoperability and unified standards in the cloud community.

As part of the announcement, Citrix said that products including NetScaler and XenServer will be coming to OpenStack.

Citrix has been a contributor to OpenStack for some time, but this sponsorship announcement sees the company ramping up its involvement and integrating its core product lines.

Klaus Oestermann, senior vice president and general manager of delivery networks at Citrix, said: “We’re pleased to formally sponsor the OpenStack Foundation to help drive cloud interoperability standards.

“Citrix products like NetScaler, through the recently announced NetScaler Control Centre, and XenServer are already integrated with OpenStack.

“Our move to support the OpenStack community reflects the great customer and partner demand for Citrix to bring the value of our cloud and networking infrastructure products to customers running OpenStack.”

Citrix already supports the Apache Software Foundation and the Linux Foundation, and has pledged to continue investing in Apache CloudStack and CloudPlatform in addition to its work with OpenStack.

Jonathan Bryce, executive director of the OpenStack Foundation, added: “Diversity and choice are two powerful drivers behind the success of OpenStack and the growing list of companies that have chosen OpenStack as their infrastructure platform.

“We’re glad to see Citrix become a corporate sponsor, and we look forward to the contributions they can bring to the community as it continues driving cloud infrastructure innovation and software maturity.”

Canonical announced on Tuesday that the 15.04 edition of Ubuntu OpenStack will be the first commercially available product to be based on OpenStack Kilo, which is due for release at the end of the month.

Early adopters will get the release candidate, and the full version will follow days after.

Citrix is joining the alliance at an interesting time. Earlier this year, it was revealed that HP has become the largest single contributor to the current OpenStack version, Juno, overtaking Red Hat.

A number of alliances are forming within the OpenStack community to try and gain the upper hand. HP has buddied up with telecoms companies including AT&T and BT, while Juniper and Mirantis have joined forces, though the latter has confirmed that this is not a snub to VMWare.

Citrix coming aboard with its existing ties to Apache and Linux seems to represent another example of the cross-pollination of the OpenStack movement across the industry, with companies clamoring to back it either as a first or second line of opportunity.

Courtesy-TheInq

Raytheon Acquires Websense, Forms Defense-grade Security Unit

April 23, 2015 by mphillips  
Filed under Around The Net

Defense contractor Raytheon is acquiring Websense, which it will combine with its own security unit to create a new, separately operated business to battle criminal networks and state-funded espionage.

Today’s Internet attacks “are becoming increasingly more sophisticated and are being perpetuated by state sponsored groups, criminal organizations, hacktivists and insiders,” said David Wajsgras, president of Raytheon intelligence, information and services business, in a conference call Monday announcing the acquisition. “Our goal is to provide defense-grade solutions that allow our customers defend against [attacks], detect them early, decide how to counter and defeat such attacks in real-time.”

Raytheon plans to spend $1.9 billion in a deal to get 80 percent ownership of the new business based on Websense. It will then create the new company by combining Websense with its own cyberproducts business unit, valued at approximately $400 million. Vista Equity Partners, Websense’s current owner, will purchase a 20 percent stake in the new, combined company, for approximately $335 million.

The joint venture will be a separately operated Raytheon business segment. John McCormack, current CEO of Websense, will serve as chief executive of the new business. The name of the new company will be disclosed when the deal closes, by the end of the second quarter, the companies said.

Websense’s Triton line of secure Web gateway products guard internal networks against malware, data theft and Internet-based snooping. The new company will combine Triton with Raytheon’s own SureView portfolio of security products, which can watch for unusual user activity, protect against known vulnerability attacks, and detect hidden anomalies using machine-learning technologies.

The two companies also have a complementary customer base. Raytheon has focused largely on serving U.S. defense agencies — it generated sales of $23 billion in 2014, which was mostly from large-scale systems work. Websense has a strong presence in the commercial enterprise market. It serves 21,000 customers and has relationships with over 2,200 channel partners.

 

 

 

BlackBerry To Offer Security Function For IoT

April 23, 2015 by mphillips  
Filed under Consumer Electronics

BlackBerry Ltd announced that it will be offering a new certificate service that will help bring the security level it offers on smartphones to a slew of devices from cars to smart meters.

Certicom, a subsidiary of BlackBerry and an industry pioneer in elliptic curve cryptography, announced a new offering that it contends will secure millions of devices, expected to be part of the growing Internet of Things (IoT) sphere.

The company said it has already won a contract in Britain to issue certificates for the smart meter initiative there with more than 104 million smart meters and home energy management devices.

The service will make it much easier for companies rolling out such devices to authenticate and secure them, the company said.

Separately, BlackBerry also outlined a plan to expand its research and development efforts on innovation and improvement in computer security.

The initiative is being dubbed BlackBerry Center for High Assurance Computing Excellence (CHACE).

Increased network and device security has become a huge focus for large North American corporations in the face of costly and damaging security breaches.

U.S. retailer Target Corp is still recovering from a major breach in 2013 in which 40 million payment card numbers and 70 million other pieces of customer data such as email addresses and phone numbers were stolen.

Michaels Stores, the biggest U.S. arts and crafts retailer, said last year it had suffered a security breach that may have affected about 2.6 million payment cards.

BlackBerry said the fail-then-patch approach to managing security risk has become a widely accepted practice, but through CHACE it plans to develop tools and techniques that deliver a far higher level of protection than is currently available.

 

Russian Hackers Going After Adobe And Windows

April 21, 2015 by Michael  
Filed under Computing

Russian hackers have been taking advantage of vulnerabilities in popular Adobe and Microsoft software to gather government information, US security firm FireEye has claimed.

The company’s latest report said that it detected a limited advanced persistent threat campaign targeting zero-day vulnerabilities in Adobe Flash and Microsoft Windows which started on 13 April.

FireEye said that the group’s goal is to find information about government, military and security organizations which is “likely to benefit the Russian government”.

Researchers using the security firm’s Dynamic Threat Intelligence Cloud software detected the pattern of attacks through a “correlation of technical indicators and command and control infrastructure”, and believes that APT28 is “probably responsible” for this activity.

Adobe has since patched the CVE-2015-3043 vulnerability in APSB15-06.

Microsoft is aware of the outstanding local privilege escalation vulnerability in Windows, named CVE-2015-1701, but has not yet issued a patch.

FireEye said that updating Adobe Flash to the latest version will render the exploit harmless because it has seen CVE-2015-1701 in use only in conjunction with the Adobe Flash exploit for CVE-2015-3043.

The Flash exploit is served from unobfuscated HTML/JS. The launcher page picks one of two Flash files to deliver depending on the target’s platform, for example Windows 32-bit or 64-bit.

“The payload exploits a local privilege escalation vulnerability in the Windows kernel if it detects that it is running with limited privileges,” explained FireEye.

“It uses the vulnerability to run code from userspace in the context of the kernel, which modifies the attacker’s process token to have the same privileges as that of the system process.”

The APT28 attackers relied heavily on the CVE-2014-0515 metasploit module to conduct these new exploits, FireEye said.

CVE-2014-0515 exploits a vulnerability in Flash’s Shader processing, whereas CVE-2015-3043 exploits a vulnerability in Flash’s FLV processing.

Users are advised to patch their Flash software as soon as possible to protect against the vulnerability.

FireEye said last week that a Chinese hacking group called APT 30 spied on Asian governments for over a decade.

The group was discovered and detailed by FireEye in a report which claimed that it has been spying on Asia Pacific countries’ governments from as far back as 2004.

The security firm said that APT 30 takes a special interest in political developments in Southeast Asia and India, and is particularly active during Association of Southeast Asian Nations summits.

It also focuses on regional issues and territorial disputes between China, India and Southeast Asian countries.

Courtesy-TheInq

Apple Pay Headed To Canada

April 20, 2015 by mphillips  
Filed under Mobile

Apple Inc is gearing up to launch its electronic payments service in Canada in November, the first international expansion of Apple Pay, the Wall Street Journal reported, citing people familiar with the matter.

The iPhone maker is in talks with Canada’s six biggest banks, Royal Bank of Canada, Toronto-Dominion Bank , Bank of Nova Scotia, Bank of Montreal, Canadian Imperial Bank of Commerce and National Bank of Canada, the people told the Journal.

The banks are open to an agreement, but are not happy with Apple’s fee proposals and are worried about security vulnerabilities like the ones that U.S. banks experienced, the Journal said, citing the people.

It was still unclear if all six Canadian banks would launch Apple Pay at the same time, the Journal said.

Apple launched the service, a mobile payment app that allows consumers to buy things by holding their iPhone6 and 6 Plus devices up to a reader, in the United States in October.

 

Qualcomm Gives Snapdragon More Umph

April 20, 2015 by Michael  
Filed under Computing

Qualcomm has released a new Trepn Profiler app for Android which will profile Snapdragon processors and tinker with them.

The Trepn Profiler app identifies apps that overwork the CPU or are eating too much data. The app will pinpoint which of the apps drain the battery faster.

All data that will be obtained by this app can provide information you need to know which program is slowing down your phone.

Most Android phone users will not give a damn, but developers will find it useful. Those who are interested in testing roms, custom kernels, and their own apps can use the data gathered by the Trepn Profiler.

Developers can measure optimisation and performance on Snapdragon-powered mobile devices. Data are real-time include network usage, battery power, GPU frequency load, and CPU cores’ load. Key features also include six fast-loading profiling presets, and an advanced mode to manually select data points and save for analysis.

The Advanced Mode allows profiling a single app or device, offline data analysis, and increasing of data collection interval. This special mode also allows longer profiling sessions, displaying two data point in one overlay, and viewing of profile data.

All up this should enable developers to come up with more Snapdragon friendly apps.

Courtesy-Fud

Is EA Shuttering It’s Free To Play Model?

April 20, 2015 by Michael  
Filed under Gaming

EA is shuttering four high-profile free-to-play games, all of them allied to popular IP like Battlefield and FIFA.

Battlefield Heroes, Battlefield Play4Free, Need for Speed World and FIFA World will all continue for another 90 days, at which point they will be taken offline for good. Further development on the games has stopped already.

“In more than five years since most of these titles launched, how we play games has changed dramatically,” said Patrick Soderlund, EVP of EA Games, in a statement. “These were pioneering experiences, and we’re humbled that, over the years, so many of you joined us to enjoy the games and the community.”

In terms of EA’s growing interest in free-to-play models, the real pioneer among that group is Battlefield Heroes, which was pitched at “frustrated, restricted” gamers back in 2008. Need for Speed World and Battlefield Play4Free followed, launching over the second half of 2010.

By the start of 2012, EA was reporting a combined total of 25 million players across the six games in its “Play4Free” initiative, with Battlefield Heroes and Need for Speed World contributing 10 million players each.

However, FIFA World is by no means a forerunner. It only reaching open beta late in 2013, and so it is being shuttered after substantially less than two years of public availability. This wouldn’t imply a slow decline in interest, but a lack of interest in the first place.

That’s in stark contrast to FIFA Online, the free-to-play version of the game made specifically for markets in Asia. In 2012, EA’s Andrew Wilson claimed that FIFA Online was making $100 million a year in revenue. A year later, FIFA Online 3, the most recent iteration, was the leading online sports game in both traffic and revenue in Korea.

One thing is certain, take these four titles away from EA’s free-to-play games on Origin, and you’re left with only Command & Conquer: Tiberium Alliances and Star Wars: The Old Republic – in his statement, Soderlund stressed the latter’s “enthusiastic and growing” community, and reiterated EA’s commitment to providing new content.

The remainder of the company’s free-to-play catalog is composed of games like Outernauts, The Simpsons: Tapped Out and Bejeweled Blitz. Casual, social, call them what you will, but they are intended for a very different audience to Need for Speed World and Battlefield Play4Free, and that audience has just lost two-thirds of the games EA had made to satisfy its needs.

Courtesy-GI.biz

RadioShack Moving Forward With Plans To Sell Customer Data

April 16, 2015 by mphillips  
Filed under Around The Net

RadioShack plans to keep moving forward with its plan to sell its customer data, despite opposition from a number of states.

The company has asked a bankruptcy court for approval for a second auction of its assets, which includes the consumer data.

The state of Texas, which is leading the action by the states, opposed the sale of personally identifiable information (PII), citing the online and in-store privacy policies of the bankrupt consumer electronics retailer.

The state claimed that it found from a RadioShack deposition that the personal information of 117 million customers could be involved. But it learned later from testimony in court that the number of customer files offered for sale might be reduced to around 67 million.

In the first round of the sale, RadioShack sold about 1,700 stores to hedge fund Standard General, which entered into an agreement to set up 1,435 of these as co-branded stores with wireless operator Sprint. Some other assets were also sold in the auction.

The sale of customer data, including PII, was withdrawn from the previous auction, though RadioShack did not rule out that it could be put up for sale at a later date.

The case could have privacy implications for the tech industry as it could set a precedent, for example, for large Internet companies holding consumer data, if they happen to go bankrupt.

Texas has asked the U.S. Bankruptcy Court for the District of Delaware for a case management order to ensure that in any motion for sale of the PII, RadioShack should be required to provide information on the kind of personal data that is up for sale and the number of customers that will be affected.

On Monday, Texas asked the court that its motion be heard ahead of RadioShack’s motion for approval to auction more assets.

The court had ordered in March the appointment of a consumer privacy ombudsman in connection with the potential sale of the consumer data including PII. RadioShack said in a filing Friday that it intends to continue working with the ombudsman and the states with regard to any potential sale of PII, but did not provide details.

 

 

 

 

 

RedHat And Canonical Discuss Linux 4.0

April 16, 2015 by Michael  
Filed under Computing

Red Hat has been telling everyone  its plans to integrate the latest Linux 4.0 kernel into its products.

In a statement, a spokesman told us, “Red Hat’s upstream community projects will begin working with 4.0 almost immediately; in fact, Fedora 22 Alpha was based on the RC1 version of the 4.0 kernel.

“From a productization perspective, we will keep an eye on these integration efforts for possible inclusion into Red Hat’s enterprise portfolio.

“As with all of our enterprise-grade solutions, we provide stable, secure and hardened features, including the Linux kernel, to our customers – once we are certain that the next iterations of the Linux kernel, be it 4.0 or later, has the features and maturity that our customer base requires, we will begin packaging it into our enterprise portfolio with the intention of supporting it for 10 years, as we do with all of our products.”

Meanwhile, Canonical Head Honcho Mark Shuttleworth has confirmed that Linux Kernel 4.0 should be making its debut in Ubuntu products before the end of the year.

In an earlier note to The INQUIRER, Shuttleworth confirmed that the newly released kernel’s integration was “likely to be in this October release.”

The news follows the release of version 4.0 of the Linux kernel in a flurry of what T S Eliot would describe as “not with a bang but a whimper”.

Writing on the Linux Kernel Mailing List on Sunday afternoon, Linux overlord Linus Torvalds explained that the new version was being released according to schedule, rather than because of any dramatic improvements, and because of a lack of any specific reason not to.

“Linux 4.0 was a pretty small release in linux-next and in final size, although obviously ‘small’ is relative. It’s still over 10,000 non-merge commits. But we’ve definitely had bigger releases (and judging by linux-next v4.1 is going to be one of the bigger ones),” he said.

“Feature-wise, 4.0 doesn’t have all that much special. Much has been made of the new kernel patching infrastructure, but realistically that wasn’t the only reason for the version number change. We’ve had much bigger changes in other versions. So this is very much a ‘solid code progress’ release.”

Come to think of it, it is very unlikely that T S Eliot would ever have written about Linux kernels, but that’s not the point.

Torvalds, meanwhile, explained that he is happier with releasing to a schedule rather than because of any specific feature-related reason, although he does note that there have been four billion code commits, and Linux 3.0 was released after the two billion mark, so there’s a nice symmetry there.

In fact, back in 2011 the version numbering of the Linux kernel was a matter of some debate, and Torvalds’ lacklustre announcement seems to be pre-empting more of the same.

In a subsequent post Torvalds jokes, “the strongest argument for some people advocating 4.0 seems to have been a wish to see 4.1.15 – because ‘that was the version of Linux Skynet used for the T-800 Terminator.’”

Courtesy-TheInq

Hackers Appear To Be More Focused On The Infrastructure

April 9, 2015 by Michael  
Filed under Computing

Hackers who seek to destroy, rather than steal, important data and launch attacks on systems that control major critical infrastructure are more common than widely believed, a report from the Organization of American States has revealed.

The report was given to Reuters ahead of publication and quoted the results of a poll of critical infrastructure companies and agencies in crucial sectors throughout North and South America.

Almost a third of the respondents were public entities, principally in the communications, security and finance industries.

The figures show that 40 percent of the organisations that responded had battled attempts to shut down their computer networks, while 44 percent had dealt with bids to delete files.

A disturbing 54 percent of those surveyed had encountered “attempts to manipulate” equipment through a control system.

Even more worrying is that just 60 percent of the 575 companies polled had detected any attempts to steal data, long considered the predominant hacking goal.

The report suggests that cyber attacks on infrastructure are not so widely known, but they are certainly not unheard of. The most notable is the Stuxnet assault on Iranian nuclear centrifuges throughout the 1990s, widely linked to the US and Israel.

In case you missed it, Sony Entertainment suffered an unprecedented cyber attack last year when its film division’s servers were breached, resulting in leaked emails and information about major Hollywood films, deals and celebrities.

The hackers threatened Sony, leaked its remake of Annie, and posted Sylvester Stallone’s social security number online.

However, it was also revealed that Sony didn’t make it too difficult for the hackers to breach its systems, having held passwords in a file named ‘passwords’.

The file included log-ins for services like Facebook and something called MySpace – no, us neither – and suggests that someone at Sony needs a lesson in security, or at the very least a lesson in file-naming.

The hack disrupted the company for months and led to the departure of chairwoman Amy Pascal, fuelling concerns of similar cyber attacks in the future.

Courtesy-TheInq

Intel Still King Of The Semiconductor Industry

April 8, 2015 by Michael  
Filed under Computing

Semiconductor sales reached $340 billion in 2014, up eight percent on the year before and led by Intel, according to a report by analyst house Gartner.

The figures represent positive growth for semiconductors powering all device categories, unlike in 2013 when Gartner said that application-specific integrated circuits, discrete components and micro-components all declined.

Intel was the top ranking chip manufacturer in 2014, seeing a return to growth after two years of revenue decline and retaining the number one market share position for the 23rd consecutive year with 15 percent.

Gartner claimed that this was down to a recovery in PC production, which saw sales up just under eight percent to $52bn.

Samsung was the second best in terms of semiconductor revenue last year, according to Gartner’s report, with $34bn in revenue and a market share of 10 percent. However, the 2013-2014 growth was almost double that of Intel’s at 13 percent.

Qualcomm came in third with revenues last year of $19bn, growing 12 percent compared with 2013, but with a much lower market share of almost six percent.

The top 25 semiconductor vendors’ combined revenue increased by almost 12 percent, which was more than the overall industry’s growth, and accounted for 72 percent of total market revenue, up from 70 percent in 2013.

Across the industry, the memory market was the best performer for the second year in a row, Gartner said, growing 17 percent.

This meant that the rest of the market achieved only five percent growth, according to Gartner research vice president Andrew Norwood.

“As a group, DRAM vendors performed best, lifted by the booming DRAM market which saw revenue increase 32 percent to $46bn, surpassing the all-time high of $41.8bn in 1995,” he said.

Last year also saw more merger and acquisition activity among the major semiconductor vendors than the previous year, Gartner said, and some announced deals are still to close in 2015.

Among the most significant was Avago Technologies’ acquisition of LSI, propelling the company into the top 25 semiconductor vendors for the first time.

MStar Semiconductor merged with MediaTek after a prolonged merger, and ON Semiconductor acquired Aptina Imaging.

“After adjusting for closed M&A activity, the top 25 semiconductor vendors grew at nine percent,” Gartner said.

Courtesy-TheInq

Are Cyber Criminals Hard To Catch?

April 7, 2015 by Michael  
Filed under Computing

Despite 100,000 cyber crimes being committed every year UK coppers only caught 12 hackers.

In fact on average just one person was convicted of an offence under the Computer Misuse Act every month for the past 23 years.

We assume that it was not the same bloke, because he would be the most luckless criminal ever.

Campaigners from the Digital Trust, which supports victims of online abuse, said police do not know how to cope with the problem.

Need more laws

Criminal justice expert Harry Fletcher, who is a director of the Digital Trust, said: “The police still concentrate their resources on traditional offences offline, but most people are more likely to be mugged online than in the street.

“The law needs to change. It should, for example, be an offence to use any technological device to locate, listen to or watch a person without legitimate purpose.

“In addition, restrictions should be placed on the sale of spyware without lawful reasons. It should also be against the law to install a webcam or any other form or surveillance device without the target’s knowledge.”

Of course just creating new laws is not going to mean that more hackers will be caught, it will just mean that there are more crimes which they could be arrested for.

The conviction rate against hackers are not bad, if the coppers do arrest someone. Between 1990 to 2006 only 183 defendants were proceeded against and 134 found guilty under the Computer Misuse Act.

Unfortunately the Trust did not see, to realize that a lot of the hacks against companies and individuals come from overseas, particularly Russian or China. Changing laws in the UK would not change anything.

Courtesy-Fud

 

Did AMD Commit Fraud?

April 6, 2015 by Michael  
Filed under Computing

AMD must face claims that it committed securities fraud by hiding problems with the bungled 2011 launch of Llano that eventually led to a $100 million write-down, a US court has decided.

According to Techeye US District Judge Yvonne Gonzales Rogers said plaintiffs had a case that AMD officials misled them by stating in the spring of 2011 and will have to face a full trial.

The lawsuit was over the Llano chip, which AMD had claimed was “the most impressive processor in history.”

AMD originally said that the product launch would happen in the fourth quarter of 2010, sales of the Llano were delayed because of problems at the company’s chip manufacturing plant.

The then Chief Financial Officer Thomas Seifert told analysts on an April 2011 conference call that problems with chip production for the Llano were in the past, and that the company would have ample product for a launch in the second quarter.

Press officers for AMD continued to insist that there were no problems with supply, concealing the fact that it was only shipping Llanos to top-tier computer manufacturers because it did not have enough chips.

By the time AMD ramped up Llano shipments in late 2011, no one wanted them any more, leading to an inventory glut.
AMD disclosed in October 2012 that it was writing down $100 million of Llano inventory as not shiftable.

Shares fell nearly 74 percent from a peak of $8.35 in March 2012 to a low of $2.18 in October 2012 when the market learned the extent of the problems with the Llano launch.

Courtesy-Fud

New Malware Focusing On Energy Companies

April 2, 2015 by mphillips  
Filed under Around The Net

A new malware program is being used to do research for targeted attacks against businesses in the energy sector.

The program, dubbed Trojan.Laziok by researchers from antivirus vendor Symantec, was used in spear-phishing attacks earlier this year against companies from the petroleum, gas and helium industries.

The attacks targeted companies from many countries in the Middle East, but also from the U.S., India, the U.K., and others, according to malware researchers from Symantec.

The Trojan is spread via emails with malicious documents that exploit a Microsoft Office vulnerability for which a patch has existed since April 2012.

“If the user opens the email attachment, which is typically an Excel file, then the exploit code is executed,” the Symantec researchers said Monday in a blog post. “If the exploit succeeds, it drops Trojan.Laziok, kicking off the infection process.”

Trojan.Laziok is mainly used to determine if a compromised system is worth further attention from the attackers. It collects information like the computer’s name, RAM size, hard disk size, GPU and CPU type, as well as a list of installed software, including running antivirus programs.

The information is sent back to the attackers, who then decide if they want to deploy additional malware that can provide them with remote access to the infected system. For this second stage of attack they use customized versions of Backdoor.Cyberat and Trojan.Zbot, two well known malware threats.

“The group behind the attack does not seem to be particularly advanced, as they exploited an old vulnerability and used their attack to distribute well-known threats that are available in the underground market,” the Symantec researchers said. “However, many people still fail to apply patches for vulnerabilities that are several years old, leaving themselves open to attacks of this kind.”