VPNFilter: The Russians Really Are Coming For Your Data

A deadly serious threat is on the loose: a virus called VPNFilter that infects business and consumer-grade routers to steal passwords and other sensitive data from any device on a network served by an infected router. Here’s what you need to know now…

What is VPNFilter Malware?

In addition to stealing passwords, VPNFilter also degrades (decrypts) secure HTTPS connections to steal data from them and pass along new infections to the HTTPS connections’ destinations. Part of VPNFilter can survive a router reboot and then download other malware modules. It even has a “kill switch” that can destroy the firmware of its host router.

Already, VPNFilter has infected an estimated 500,000 to 1,000,000 routers worldwide, according to Cisco Systems’ Talos Intelligence threat research division.

The FBI attributes VPNFilter to the “Fancy Bear” Russian hacker group, which is implicated in the 2016 hack of the U.S. Democratic National Committee’s network and other political and industrial espionage campaigns. Political news site, The Daily Beast, reported on May 23rd that the FBI seized a key server used by the VPNFilter botnet. But that hardly slowed the havoc being wrought by VPNfilter because of the diabolically ingenious way it is designed.

VPNFilter consists of three modules or stages. The first module is a worm, a virus that rapidly slithers from one router to another, infecting each and replicating itself for further infections. Stage One also writes itself into a list of tasks that are performed by vulnerable routers each time they are rebooted, thereby ensuring that it will survive a reboot. Stage One’s next function is to facilitate other modules’ infection of the host router.

Stage Two is downloaded by Stage One if the former is not already present. Stage Two contains the “routine” spying functions that VPNFilter performs on each device connected to an infected router. It sniffs out passwords and other account credentials, contact lists, calendars with birthdays and other sensitive personal info. Stage Two can also execute any special instructions given to it by optional Stage Three modules, which may also be downloaded by Stage One.

Many Stage Three modules have been discovered since Talos Intelligence started tracking VPNFilter in 2016. For most of that time, it appeared that VPNFilter targeted relatively few but critically important industrial control systems. The infection of consumer routers was thought to be recruitment for a botnet whose primary target was the control systems.

Plenty of Fish

But recent modules show that VPNFilter’s masters are after many more and smaller prey, including your little home network.

One new module can alter incoming data before it’s displayed to users; for example, it can make your bank account balance look normal when in reality the account is being drained dry. Others can steal PGP encryption keys, SSL certificates, and other authentication credentials. Still others can inject malicious payloads into streams of outgoing data to spread VPNFilter and its custom payloads to destination devices.

Libraries of Stage Three modules are scattered all over the Internet. A clever clue to the IP addresses of such libraries was found hidden in the metadata of image files stored on Photobucket. When that resource was removed, Stage One moved on to backup sources.

If Stage One cannot find a library of Stage Three Modules it can go into “listening mode,” passively awaiting new instructions from its human masters. Those instructions may include the locations of libraries, or malicious payloads themselves, or a “kill switch” instruction that causes Stage One to erase itself and the entire file system of its host, effectively turning the router into a brick.

Who Is Vulnerable?

Only routers that run specific Linux-based firmware are vulnerable to VPNFilter. The bad news is that a lot of manufacturers use such firmware on many consumer-grade routers. Note that this vulnerability has nothing to do with the operating system on your computer. It’s the code running inside your router that’s at issue here.

I was going to include a list of vulnerable devices from vendors including Asus, D-Link, Huawei, Linksys, Mikrotik, Netgear, QNAP, TP-Link, Ubiquiti, Upvel, and ZTE, but there are over 100 known so far, and the list is growing. At this point, it seems better to assume that your router is on the list of vulnerable devices.

There’s one important caveat, though. VPNFilter is lazy, so it only tries to break into routers that have the default (factory-supplied) login credentials. If you are certain that you’ve secured your router with a password of your own choosing, then VPNFilter will move on to other targets.

I want to remind readers that your WiFi password (the one you use to connect your computer, tablet or phone to your router) is not the same as your router’s admin password. They are distinct; the router password is used to login to the router’s setup screens, where one can configure wifi passwords, and other settings.

What To Do About VPNFilter

Some security experts recommend that all router owners, not just owners of routers on this list, perform a factory reset on their routers. A reset restores a router’s firmware to the version that was shipped with it; so VPNFilter wlll be erased for certain, if it was present.

Most routers have a RESET button on the device. Depressing that button for 10 (or sometimes 30) seconds will reset the router’s login credentials, but may or may not affect the firmware. Because there are so many different router vendors and models, I recommend that you search online for instructions on how to reset your router’s firmware, if you decide to do so.

Next, change that default admin password! The Stage One worm works at lightning speed. It knocks on a router’s door just once, with the default password. If the worm gets no answer, it is vanquished. VPNFilter has gotten as far as it has by relying on the laziness of consumers and of professional IT workers who should know better. Change the router’s password, dang it! If you don’t know how to do that search online, or ask your Internet provider for help.

If your router is more than 4-5 years old, consider replacing it rather than resetting its firmware. The value of an antique router is negligible, a new one can be had for less than $50, and you will have peace of mind knowing that it’s factory-fresh. Your internet provider may even swap out your old router for a new one upon request.

Bottom line: VPNFilter is powerfully malicious; highly resilient; and spreading like wildfire. This is not a drill. Take all the precautions you can.

Have a Great Week From all of us on the ZI Staff.

NVIDIA 1180 Rumors

Credit:

The release date is the big rumor. It ranges from July to September 2018.

It also looks like NVIDIA may be the only manufacturer releasing a major video card in 2018. The collection of information available as of June 2nd, 2018 is in this nerdy video.

The TL:DR take away is it will be the best card of 2018 (…is that because it is the ONLY card?), pricy, somewhat faster but no one is for sure, will use the newest GDDR6 VRAM which is in short supply… But, this is only speculation even when based on educated guesses.

From an earlier video we get more specific details and for the visually oriented (aren’t all SL peeps visually oriented?) it is in an easier to compare format.

The take away from this video is the new 1180 will outperform the 1080 Titan, which is the pentacle of the 10xx series of cards.

The big thing in the new cards is their design for raytracing light and shadows. Raytracing is literally calculating the path of light from the source to the camera/eye (actually for each pixel on your screen) and all the things that happen to it along the way. This is WAY math intense and time consuming. So, all sorts of alternative systems are used to fake lighting in games and improve performance. Building fast ray trace engines into the video card is about getting more photorealistic images in less time. Meaning the card will provide enough performance games needing performance for VR will likely be able to start using raytracing.

What will the new cards do for Second Life peeps? Not a lot. Expect them to be faster. The total number of polygons they can render per second is like 10 million to 16 billion, depending on who you read. For SL that means about 352,000,000 polygons per frame in an SL viewer. At the Cosmopolitan even I only need to render 700k to 900k polys per second, 33k per frame actual from Viewer Stats. It isn’t the polygons that are choking the system. So, faster video cards won’t provide enough muscle to turn our unoptimized content into something that renders like Unreal, Cry, or Unity games.

We also have the challenge of OpenGL limits. In January 2018 OpenGL Version: 4.6.0 was released. My NVIDIA driver uses that version in its driver. But, OpenGL and Second Life use of it are not at parity. Only recently did a software engineer with in depth rendering knowledge come over to the SL product. There is a lot to fix in the SL render engine. That work is just starting. How much can be done or will be done is unknown. But, I don’t expect to see the Lab attempting to adopt the new NVIDIA features any time soon. Improving and using performance features, yes. But, adding raytraced reflections and shadows… no.

I don’t see US$700± of possible improvement from a new GTX 1150, 60, 70, or 80 video card for Second Life users. But, the new cards will give a bit more performance. Of course, some will have to have the latest and greatest.

I think our gains in performance will be from changes in the SL system. The move to the cloud and the Bakes-On-Mesh project reducing our texture count have the most likelihood of improving performance.

Mad Pea’s “Mad World” Coming Soon to Commemorate Made Pea’s 10th Anniversary in SL – Come be a V.I.Pea!

Mad Pea games in Second Life are a wonderful fun filled immersion into creative worlds and brilliant story lines.  They’ve taken us on dangerous adventures, horrors, and puzzles that boggle the senses!  I’m sure this will be of no exception to the quality we’ve all come to know and love from the wonderful crew over at Mad Pea Productions.  The excerpt below was featured on Mad Pea’s website, I am so excited to see what madness Queen Pea, Kiana Writer and her crew of Peas have come up with us for this adventure!

WHO WANTS TO BE A MAD WORLD V.I.PEA?!

“NO GREAT MIND HAS EVER EXISTED WITHOUT A TOUCH OF MADNESS.” ARISTOTLE

Over at MadPea we are literally bursting with excitement over the impending release of our new and unique 10th Anniversary interactive experience Mad World, and we can’t wait to share it with all our lovely Peas! Unless you have been locked in a dark room listening to heavy metal music, you will have seen all the articles and notices on our exclusive Mad World VIP tickets, which are available to buy NOW! With a nod to MadPea games of old, plus the mysterious story of the abandoned theme park and the tragic tale of the Washington family, this really is an experience not to be missed. But what does it mean to be a VIPea, you ask – well read on and find out!

Mad World Golden Ticket

If you are one of the lucky VIP ticket holders you can look forward to the following:

  • 24 hours of exclusive game play to hunt, explore, play, discover and enjoy Mad World;
  • Personal guidance by Queen Pea Kiana Writer and the MadPea Crew;
  • An exclusive VIP Souvenir;
  • MadPea 10th Birthday Goodie Bag;
  • Due to early access, the sims will be almost completely lag free;
  • Exclusive Group VIP Peas throughout June 2018 with special attention and help;
  • 1000 MadPoints.

All our Peas are important to us, but as a VIPea you will obtain something very few people in SL will get to experience, so this opportunity is not to be missed! With only 15 VIP tickets going on sale, you will be one of the first in hundreds, possibly thousands, who will get to see this amazing place and experience the magic. On top of all that, we are offering an exclusive VIP gift, only available for the handful of lucky Peas with a ticket. Plus the fun never ends! Mad World is a fantastic ‘work-in-progress’, which means the theme park will never be complete; we will be adding content, twists and turns every month! It will without a doubt be the most unique experience MadPea have created to date.

Mad World sneak peek!

Mad World Golden VIP tickets are ONLY on sale on the Second Life Marketplace and cost 5,000L each. If you are lucky enough to get your hands on one of them you will be told the date your exclusive entry begins. Once you log in on this day, send an instant message to Queen Pea, Kiana Writer so that you can be transported to the start of Mad World. Golden VIP tickets CAN be given to others or re-sold, but only one person can enter Mad World with each golden ticket. Finally, on the day of entry make sure you have your ticket with you, otherwise our Pea Bouncers will not allow you inside.

Good luck to all those that seek to purchase a ticket and we at MadPea look forward to sharing this experience with you.

Mad World is here!

________________________________________

For more information click on the links below:

   

What is the Windows Registry?

In many tech troubleshooting articles, you’ll find a way to fix a problem that involves “editing the Windows registry.” There’s always a dire warning attached, along with the lines of, “Do not attempt to edit the registry unless you know what you’re doing! One wrong registry edit can render your machine unusable!” That’s true, but with a bit of caution, you can safely edit the registry. Here’s what you need to know…

Slow Computer? It might be the Windows Registry…

What is the Windows Registry?

It’s always good to start with a definition. I like to call the Windows registry “a hideously complex ball of string, rubber bands, duct tape and bailing wire that’s supposed to keep track of Windows system settings, your hardware configuration, user preferences, file associations, system policies, and installed software.” It was intended to be an improvement on the simple text-based INI files that stored in Windows configuration settings, but apparently, too many pocket protectors were involved in the design.

One advantage of the registry is that it enables each user of a machine to maintain his/her own settings; each user can have a unique theme, speaker volume setting, set of apps, and so on. But the registry can also apply settings to all users, or a group of users specified by the system administrator (e. g., “adults” and “kids”). The registry is one of the most important files on your hard drive.

ZoHa Islands Seeking Sim Builder

ZoHa Islands Seeking Sim Builder ( Please Share)
 
For More info please visit link below:
Serious Inquiries only please via email provided.
 
https://docs.google.com/document/d/1UCvSZd-41jg9tnwW5325UlZ9-DzYsbQFg5kV2YL_5NM/edit?usp=sharing

ZoHa Islands Business District Builder Wanted.

Please Read Thoroughly and respond via email @ ZoHaIslandsBD@gmail.com

Concept:

This would be a 12 full prim region build, roads, terraforming, sidewalks, landscaping etc, (buildings not required as this will be for open lots for rentals within our Business District – which also does allow for residential places as well)  We want this to have a community feel with open parcels for all of the various businesses and homes that will eventually fill the vacancies. Regions are in a 4 x 3 grid currently connected. The outer portions will need to be waterfront working up to a higher elevation towards the center.  No flat grid builds. All roads, bridges, tunnels etc must be mesh. The more detail the better…prim requirements will be discussed upon interview and a timeline will need to be followed and kept up on.

Requirements:

  • Must be able to build in mesh, high detail, low scripts/low lag.
  • Terraforming work is necessary.
  • Build will be completed on a separate build avatar only, and all items used shall be in the build avatar only, to protect the build upon completion.
  • Must provide a portfolio of some previous builds and work completed.  – this portfolio can be sent via email to the address above along with your in world contact details.
  • This is to include photos, Landmarks in places are currently still in world.
  • Ability to work in Blender, Maya, or programs of the like for custom mesh products is a plus.

Compensation:

This will be discussed upon hiring/interview process.  We would like to select a serious candidate for this job.  Attentiveness to time management and detail are a priority.

If we are interested in your work – we will contact you in world. (Legacy names only please – not display names for ease of contact)

Cybercrime

A new report that looks at the big picture pegs the worldwide haul from cybercrime at 1.5 trillion dollars. That’s not just criminal business, it’s an entire criminal economy, say the authors of the report, “Into The Web Of Profit.” So what’s this about secret sauce? Well, you’ll have to read on for that…

What do you know? Crime DOES Pay!

The cybercrime report was researched at the University of Surrey (UK) and commissioned (paid for) by Bromium, a startup security software firm that must have a lot of venture capital behind it.

The security software market has dozens of entrenched players, many of which are household names at least among computer-housing households. Think Symantec, McAfee, Avast, AVG, Kaspersky, Bitdefender, and all of the others I have tested over the years. To gain a profitable market share, Bromium will need some “secret sauce” that nobody else has and which sounds terribly sexy to its prospective users.

Sure enough, Bromium has it: “virtualization-based security” is what they’re selling, and it doesn’t come cheap; I know because no price is to be found anywhere, just “contact us for a demo” buttons on every page of Bromium’s site. Here is the company’s own explanation of its secret sauce:

“The Bromium Secure Platform protects you from threats by isolating user tasks, such as email attachments, links, and downloads, inside protected micro-virtual machines — a separate VM for each task. If malware is delivered, it can’t escape. Users can click with confidence.” (Sounds more like “reckless abandon” to me.)

Bromium’s tech was tested by NSS Labs and got a perfect score in defeating all malware and even expert human attempts at penetration. So you might be wondering if there’s a free version of Bromium for personal use. Fuggedaboutit… Bromium’s solution requires a specially equipped computer connected to a corporate network. Their product is aimed at companies, not consumers. But the cybercrime report that Bromium bought is useful and free.

Dr. Michael McGuire is a Senior Lecturer in Criminology at Surrey University, England. He spent nearly a year figuring out where the money goes after a ransom is paid or intellectual property is stolen. Let’s look at some the highlights of his report.

First, the cybercrime economy moves very fast! There are no hours-long lunches at Luigi’s where plots are discussed

obliquely; these criminals use encrypted, short-lived channels to make deals, swap data, commit crimes, and move on before Don Corleone puts a spoon to his spumoni.

Second, the real world of crime is blending into the cybercrime world. According to the report, “Companies and nation states now make money from it (the cybercrime world), acquire data and competitive advantages from it, and use it as a tool for strategy, global advancement and social control.”

Today’s Cybercrime is Carefully Planned and Executed

Gone are the days when “hacking” was just a prank, or a way to show off your skills to your circle of hacker pals. Today’s cybercriminal is in it for the money, sonny, and not for the laughs. There are no more “random attacks,” it’s all very carefully planned and executed.

The report contends that cybercrime “has now become a kind of mirror image of contemporary capitalism – reproducing disruptive business models popularised by the likes of Amazon and Uber.” The report lists a number of ways in which the cybercrime economy has copied the wealth-generating techniques developed by the legitimate information economy; here are just a few of them:

  • A dizzying range of methods and mechanisms for generating revenues, often at industrial scales.
  • Digitally specific currencies and currency exchange tools. (Somebody must be using those hundreds of Bitcoin imitators.)
  • A range of specialised economic agents, such as producers, suppliers, service providers and consumers.
  • The extraction and exchange of data as the key raw material and object of value for illicit trading (this trade now occurs across many dimensions and no longer simply involves buying or selling data from stolen credit or debit cards, but newer data forms that possess value – such as hotel loyalty points, ‘likes’ on Facebook, account login details and even soft drink formulas or government-developed hacking tools).
  • Dedicated production zones and centres of income generation – whether these be troll factories in Russia, the Hackerville fraud villages in Romania, or mass marketing scam centres in West Africa.
  • Specialised tool supply, technical support and provision of skills and expertise.
  • Professionalisation and the development of career structures – this includes training, CVs, personal recommendations and references.

Okay, let’s stop at the thought of hackers with resumes and references, marching (or video-calling, more likely) into the HQ of a Russian troll factory to apply for a job. That’s enough to freeze my brain.

Following the Money

The scariest headline-grabbing cybercrimes are barely registering on the global economy’s meter. Ransomware and “cyber-crime-as-a-service” each contributes less than 1 percent to the cybercrime economy. None the less, the FBI estimates worldwide revenues from ransomware were about $1 billion in 2017.

Also, cryptocurrencies such as Bitcoin may not play as large a role in cybercrime as the popular press has suggested. Only about 4 percent of laundered money – proceeds of crime that have been processed through enough legitimate online payment systems to appear “clean” or at least “not guilty” – is held in cryptocurrencies. The rest has found its way into more legitimate currencies and bank accounts, or is even used to buy tangible, untraceable commodities like gold or oil directly with cryptocurrencies.

And surprisingly, trade in stolen identities is not one of the biggest contributors to the cybercrime economy. In fact, such trade accounts for “only” $160 billion of the $15,000 billion cybercrime economy.

Trade in illegal drugs and other physical contraband accounts for $860 billion. Thefts and sales of “trade secrets,” such as soft drink recipes, and other intellectual property score $500 billion, and “data trading” brings in another $160 billion. “Data trading” is what happens after you lose your wallet, but on a much larger (digital) scale.

I have to wonder, given the labyrinthine world of cybercrime, how much of the digital iceberg Dr. McGuire was able to discover. The fact that he lives to tell may indicate that he’s only scratched the surface. Still, the report makes fascinating reading if you are interested in either crime or how cybercrime economies form, grow more complex, and eventually become dark shadows of the economies upon which they prey.

Have a great week

ZI Staff