USB key cleaner
http://circl.lu/projects/CIRCLean/
This project aims to be used in case you got an USB key you do not know what is contains but still want to have a look.
For over 5 years, and perhaps even longer, servers around the world running Linux and BSD operating systems have been targeted by an individual or group that compromised them via a backdoor Trojan, then made them send out spam, ESET researchers have found. || ArsTechnica: http://arstechnica.com/security/2015/04/30/spam-blasting-malware-infects-thousands-of-linux-and-freebsd-servers/ || Whitepaper http://www.welivesecurity.com/wp-content/uploads/2015/04/mumblehard.pdf
The Snowden leaks have taught us much about the tactics employed by the NSA and GCHQ, from brazen malware attacks to more esoteric dark arts, such as infecting low-level pieces of computer code. Correspondingly, research into more surreptitious activities targeting the guts of modern systems has often been overshadowed by studies of more obvious attacks. Yet such high-tech techniques pose a more severe risk. They can, for instance, allow agencies to spy on Tails, the Linux-based secure operating system favored by Snowden. And they’re not as difficult to exercise as many would imagine. They can totally obliterate the privacy of even the most careful computer user.
Ce programme espion au nom de fantôme porte bien son nom, tant il est difficile à détecter. Lorsqu'il atterrit sur un ordinateur, Casper s'adonne à une « partie d'échecs » avec les logiciels antivirus : il analyse très finement lesquels sont présents sur la machine et adapte son mode d'infection. Dans certains cas, il peut tout bonnement s'autodétruire lorsqu'il estime que les risques sont trop grands. « On voit rarement ce niveau de précision dans l'évitement des antivirus chez les programmes espion », note Joan Calvet, signe là encore d'une grande sophistication.
« Casper est tellement furtif et sous le radar des entreprises de sécurité, qu'on ne retrouve sa trace qu'épisodiquement pour le moment. J'espère qu'en publiant ces informations, d'autres chercheurs vont pouvoir amener leur pièce au puzzle ! », explique aussi M. Calvet.
Signe supplémentaire de sa complexité et de la motivation des attaquants, il utilise une faille dite « 0-Day », c'est-à-dire une vulnérabilité inconnue. Ce type de vulnérabilité, inédite donc invisible pour les antivirus, intéresse de près les chercheurs en sécurité informatique. Utiliser une telle faille, c'est prendre le risque de l'exposer en plein jour et de la voir rapidement corrigée.
http://www.welivesecurity.com/2015/03/05/casper-malware-babar-bunny-another-espionage-cartoon/
http://motherboard.vice.com/read/meet-casper-yet-another-malware-likely-created-by-france-for-surveillance
The NSA, GCHQ, and their allies in the Five Eyes are not the only government agencies using malware for surveillance. French intelligence is almost certainly hacking its targets too—and now security researchers believe they have proof.
On Wednesday, the researchers will reveal new details about a powerful piece of malware known as “Babar,” which is capable of eavesdropping on online conversations held via Skype, MSN and Yahoo messenger, as well as logging keystrokes and monitoring which websites an infected user has visited.
Babar is “a fully blown espionage tool, built to excessively spy” on its victims, according to the research, and which Motherboard reviewed in advance. The researchers are publishing two separate but complementary reports that analyze samples of the malware, and all but confirm that France’s spying agency the General Directorate for External Security (DGSE) was responsible for its creation.
France’s Defense Ministry did not respond to a request for comment by the time of publication.
http://www.cyphort.com/babar-suspected-nation-state-spyware-spotlight/
https://drive.google.com/file/d/0B9Mrr-en8FX4dzJqLWhDblhseTA/view?pli=1
Note: all the information contained in this essay are extracted from documents that have already been previously published by a number of news organizations at different times.
The Snowden revelations have instigated a global outcry for privacy and empowered a more informed and critical analysis of the growing adoption of mass "passive" surveillance. However, the use of "active" surveillance and targeted attacks are commonly deemed as a necessary evil.
After years of publications, and even a massive commercial speculation, on the nature of state-sponsored attacks, particularly by China and Russia, it comes to no surprise that Western governments are also engaged in malware attacks. However, we still know very little on their capabilities and sophistication.
What we are learning is that it isn't anymore just a matter of pure intelligence or counter-terrorism. A large portion of the attacks we're seeing from all fronts are mostly political and sometimes economic. In few occasions they're even in support of military missions. In a climate of fatigue from endless wars, modern day's imperialism is carried through network packets and conflicts are played in the dark, across submarine cables and Internet routers, far from the sight of the public or the press.
In order to comprehend the true nature of the 21st century's intelligence and military complex, it's important to investigate and report on the infiltration capabilities of governments around the world, with no exceptions. If we are selective on the information the public is given, we will obtain a false picture of the ongoing war for Internet and information dominance and we won't be able to build neutrally secure systems. There's no space for nationalism in technology.
Just weeks ago, SPIEGEL published the source code of an NSA malware program known internally as QWERTY. Now, experts have found that it is none other than the notorious trojan Regin, used in dozens of cyber attacks around the world.
At the end of September 2014, a new threat for the Linux operating system dubbed XOR.DDoS forming a botnet for distributed denial-of-service attacks was reported by the MalwareMustDie! group. The post mentioned the initial intrusion of SSH connection, static properties of related Linux executable and encryption methods used. Later, we realized that the installation process is customized to a victim’s Linux environment for the sake of running an additional rootkit component. In this blog post, we will describe the installation steps, the rootkit itself, and the communication protocol for getting attack commands.
Analyse technique http://www.securelist.com/en/downloads/vlpdfs/unveilingthemask_v1.0.pdf