Money for old (Indian) rope trick

 In ITC's Threat of the Week

A small wave of fear and nausea swept over ITC towers this week when stories of the latest, greatest new funky malware with its very own name started seeping into the collected mailboxes of staff in all departments, many of whom forwarded the news of impending and certain doom to the long suffering technologists who had almost certainly read all about it already.

This bad boy has been called ROPEMAKER, presumably by the folks that err ‘discovered’ it. Step forward none other than email security outfit Mimecast.

If your spidey senses are all a jangle right now, you are not alone.

The premise is this. Although it is major domo tricky to alter the contents of emails in transit (although sending emails stuffed with badness from spoofed sources is the stuff of primary school Raspberry Pi brats), once delivered, the contents of those emails could be altered on the fly if being read via a browser by tampering with the Content Style Sheets (CSS) concerned.

We are curious to know if they considered naming this new megahack DOGBITESMAN for it seems to us fairly obvious, and potentially something that would have to be targeted in the manner of a dog err, biting a man, in the painful bits, on a Monday morning.

For once we bring you excellent news. Not only is this shizzle unlikely to turn into a mass email editing fandango any time soon (it hasn’t been seen in the wild yet, just in Mimecast’s malware labs!), but amazingly Mimecast has added some level of defence in its product set, together with some technical recommendations and safe browsers. Phew, and all breathe out.

To take advantage of Mimecast’s insight, read the link above and immediately phone your Mimecast representative for product and licencing opportunities.

In case you think we are being a tad too cynical here, have a read of El Reg’s piece known as they are for straight down the line reportage.

Whilst having a quick sniff round to update our now regular Marcuswatch piece (Marcus is still on bail, still pleading not guilty and still preparing to vigorously defend himself in October), it became apparent that law enforcement activity against the evil hax0rs is very much on the up.

Kim Baratov (mwahahaha), accused of the Yahoo breach, was extradited from Canada to the USA this week where he was charged and guess what, pleaded not guilty (surprise) having waived his right to an extradition hearing in Canada.

Also this week, two twentysomething boys were arrested (we are assuming re-arrested and that they are Messers Yarden “applej4ck” Bidani and Itay “p1st” Huri although this has not been confirmed) in Israel and charged with running the DDOS for hire vDOS service (see here). We have no doubt that the esteemed Brian Krebs will be enjoying this news more than he lets on in his piece.

On the one hand, it is A Good Thing that law enforcement is turning its attention to cyber crime. What worries us however is how exactly will the cases run? Presumably a Jury will be present and will be made up of regular citizens, also know to us as ‘users’, prosecuted and defended by lawyers, known to us as ‘needy users’ and presided over by Judges (saying nothing about Judges).

The mind boggles at how the technicalities will be explained (massive whiteboard, interpretive dance etc.) but there will certainly be some money to be made by the ‘expert witnesses’, oh hang on a minute the phone’s ringing.

Seriously though, these court cases are going to make for interesting viewing and may shape the future of prosecutions one way or the other. Very intriguing.

If you would like to discuss malware, no matter how shady, any of these impending court cases, or anything to do with Information Security, contact us at: [email protected] or call 020 7517 3900.

P.S. Many were sceptical about the Indian Rope Trick too, which in juxtaposition with ROPEMAKER was only seen in the wild and never in the lab.

Author: Kevin Whelan

Recent Posts

Leave a Comment

Tel:
+44 (0) 20 7517 3900

 

Contact ITC Secure

If you have a question, request, comment or requirement, please send us an email now and we will get back to you by return

totw