Feeds

Government-built malware running out of control, F-Secure claims

What if antivirus companies are whitelisting state malware...

Next gen security for virtualised datacentres

TrustyCon A surprising number of governments are now deploying their own custom malware – and the end result could be chaos for the rest of us, F-Secure's malware chief Mikko Hyppönen told the TrustyCon conference in San Francisco on Thursday.

"Governments writing viruses: today we sort of take that for granted but 10 years ago that would have been science fiction," he told the public conference. "If someone had come to me ten years ago and told me that by 2014 it will be commonplace for democratic Western governments to write viruses and actively deploy them against other governments, even friendly governments, I would have thought it was a movie plot. But that's exactly where we are today."

The US is leading the way in this, he said, having initiated the Stuxnet malware against Iran's nuclear enrichment facilities, although the actions against the Iranians were part of a much larger program, Operation Olympic Games, which was initiated by the then-President Bush and carried on by Obama.

Hyppönen said that he had investigated a Stuxnet sample to see if it could be modified to attack other targets and found that it could, up to a point. The specific control code to interfere with the industrial SCADA control systems used by the Iranians was very difficult to reshape, but the malware could be reconfigured to introduce random controls to be sent to an infected industrial plant that could cause havoc.

Later parts of Operation Olympic Games were even more worrying, he said, particularly the Flame malware which spread using a false Windows Update system. Normally the Windows operating system refuses updates from code that isn't properly cryptographically signed, but in this case the writers appeared to have used a large team of crackers and a supercomputer to spoof Microsoft's signing key.

But it's not just the Americans, he said. China has long been fingered as using state-sponsored malware, and last June US President Obama and the Chinese premier were due to have a White House summit on the issue. Unfortunately Edward Snowden started leaking the NSA's documents four days before the meeting and the crucial topic was abandoned.

In Europe, German police and customs officials have access to a bespoke computer Trojan called R2D2 which is used to track and collect data on targets. The Russians are also major players, and even the Swedes are in on the game; Hyppönen showed the audience leaked documents showed Swedish officials had had meetings with the NSA and were setting up their own malware program.

New state actors are also piling in. Hyppönen highlighted the birth of a new malware family, called Careto (Spanish for "the mask"), which popped up in February. That software nasty, which has cropped up in 31 countries, belongs to a yet unknown Spanish-speaking country and is spreading fast.

Hyppönen also wondered out loud whether some antivirus companies had overlooked government-crafted malware. A Dutch campaign group called Bits of Freedom sent a letter to all the major antivirus vendors asking them to confirm that they weren't being asked to whitelist some kinds of malware being produced by government.

"The question was answered by our CEO saying 'No, we haven't', we have never whitelisted any government malware since the source doesn’t come into play – we simply protect all our customers," he said. "We've had this policy for 13 years."

While ESET, F-Secure, Norman Shark, Kaspersky, Panda and Trend Micro replied to Bits of Information, Symantec and McAfee (among others) have not responded, Hyppönen claimed. ®

The essential guide to IT transformation

More from The Register

next story
Goog says patch⁵⁰ your Chrome
64-bit browser loads cat vids FIFTEEN PERCENT faster!
Chinese hackers spied on investigators of Flight MH370 - report
Classified data on flight's disappearance pinched
KER-CHING! CryptoWall ransomware scam rakes in $1 MEEELLION
Anatomy of the net's most destructive ransomware threat
NIST to sysadmins: clean up your SSH mess
Too many keys, too badly managed
Scratched PC-dispatch patch patched, hatched in batch rematch
Windows security update fixed after triggering blue screens (and screams) of death
Researchers camouflage haxxor traps with fake application traffic
Honeypots sweetened to resemble actual workloads, complete with 'secure' logins
prev story

Whitepapers

Top 10 endpoint backup mistakes
Avoid the ten endpoint backup mistakes to ensure that your critical corporate data is protected and end user productivity is improved.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Backing up distributed data
Eliminating the redundant use of bandwidth and storage capacity and application consolidation in the modern data center.
The essential guide to IT transformation
ServiceNow discusses three IT transformations that can help CIOs automate IT services to transform IT and the enterprise
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.