Proof of Concept Symbian Malware Courtesy of the Academic World

Know your enemy to better predict his moves and future strategies as Symbian malware optimization is getting the necessary attention from the academic community :

"The University of Santa Barbara's software group released the source code for their proof of concept 'Feakk' worm that was developed by Paul Haas in March 2005. The worm uses SMS to send a hyperlink to its target. The targeted user then has to visit the hyperlink and download and acknowledge three sets of prompts in order for the worm to install, at which point it will immediately start to run in the background. It will scan the user's contact list and send a message to each contact (including the recipients' names) and will also scan for new contacts at certain intervals.

Upon installation, the worm checks for a contact with the first name "HACKME." If this isn't found the worm will exit. If it is found, then the worm sends itself to every mobile number it finds in the user's contact list. The author did not write a payload because this was for demonstration purposes only and it should be noted that it can be removed via the "Uninstall List."

While malware authors will turn the concept into a commodity, it doesn't exploit a speficic OS vulnerability, thus the possibility of large scale outbreaks doesn't really exist at all. In a previous post I commented on some future developments related to the penetration of mobile devices in our daily lifes and the trust factor assuming whoever holds the handset is actually the one using it :

"Malware authors indeed have financial incentives to futher continue recompling publicly available PoC mobile malware source code, and it's the purchasing/identification features phones, opening a car with an SMS, opening a door with an SMS, purchasing over an SMS or direct barcode scanning, mobile impersonation scams, harvesting phone numbers of infected victims, as well as unknowingly interacting with premium numbers are the things about to get directly abused -- efficiently and automatically."

Digitally fingerprinting mobile malware may be marketable, but it's rather useless as we've seen in the past compared to basic user awareness.

I feel the University of Santa Barbara's software group are very much on the right track, conducting research on OS and application specific vulnerabilities, as they've released quite some interesting papers during 2006 :

Advanced Attacks Against PocketPC Phones
PocketPC MMS - Remote Code Injection/Execution Vulnerability and Denial-of-Service
Vulnerability Analysis of MMS User Agents
Security of Smart Phones
Using Labeling to Prevent Cross-Service Attacks Against Smart Phones

Fake Search Warrant Generator

In response to Christopher Soghoian's home raid -- the masked superhero by night -- a fake search warrant generator was just released :

"for district courts all across the United States with the intent of improving national security by reducing the amount of time it takes for our public guardians to create search warrants."

Sarcasm's most effective when having a point.

Greetings Professor Falken

The classic that originally started the war dialing generation seems to never fade, and its core idea of simulating a Global Thermonuclear War has motivated the authors of Defcon - The Game to come up with a fully realistic representation of it. I recently took the time to play around with it -- it's so compact you can even play it on a removable media --, and I must say I never enjoyed seeing my missile projections and the sound effects out of my launches. The trailer speaks for itself!

Rule number one of thermonuclear war, launch your ICBMs as soon as you hear the Defcon 1 alert, or you risk lossing your silos due to the AIs "shooting into the dark" or conducting reconnaissance, however, keep one silo -- each has 10 ICBMs reaching anywhere on the map -- as you wouldn't be able to hit the biggest cities by the time you don't neutralize the surrounding air-defense. Submarines are sneaky and very powerful with each holding 5 missiles, but firing occures if the target is within range so make sure you position yourself where you should be. Sea and air-to-air battles are very common and there aren't any land conflicts at all. Make sure you don't fire from numerous submarines simultaneously, as if there's a figher in the air it will detect and attack the submarrine. On the other hand, use fighters to distract the air-defense firing at them while your ICBMs pass through and reach their target.

If I were to descibe the WarGames simulation in two words, that would be, tense and very addictive. Moreover, you don't need a multi-million game or movie budget to make an impression, as this game, and "The Day After" do. Goodbye Europe -- alliances are a powerful force given you convince some AIs to ally with you, but at the end there could be only one winner.

Face Recognition on 3G Cell Phones

Face recognition isn't just done at home courtesy of MyHeritage.com, but on-the-go with yet another release of face recognition authentication for cell phones by a leading mobile operator in Japan :

"Security features include biometric authentication (user's face) and compatibility with DoCoMo's Omakase Lock™ remote locking service, as well as the Data Security Service™ for backing up phonebooks and other important data on a network server. The model can function as an e-wallet, timecard and personal identification card for accessing restricted areas."

The concept has been around for quite some time, but with Japan representing one of the most mature markets for mobile devices -- right after South Korea -- the feature would briefly gain popularity and acceptance. The interesting part is the security vs usability issue as if the face recognition doesn't provide perfect results in every environment and under external factors such as darkness or even brightness, by the time the technology matures, a secret question to further authenticate or good old PIN code would do the work.

Here's a very well sorted library of various research on the topic, and an interesting service that's sharing a stolen phone's photos.

Real-Time Spam Outbreak Statistics

Following my previous posts on "Real-Time PC Zombie Statistics", and "Email Spam Harvesting Statistics", you may also find WatchGuard's recently released real-time spam outbreak statistics entertaining :

"Once in a while as I'm getting flooded with some particularly repititious spam bomb, I wonder whether other networks are receiving the same dumb stuff. And occasionally, I wonder where it originated from.

Both questions are readily answered with a nifty Web utility provided by the CommTouch Detection Center. [Full disclosure: WatchGuard's spamBlocker product is powered by a license with CommTouch.] The utility shows a map of the world, with red spots indicating the approximate location of new spam outbreaks. If you hover your cursor over any of the red zones, a popup box shows the subject lines of the most recently detected spam. It's an easy, instant way to verify whether an email you received is part of a spampaign."

Naturally, the stats are only limited to the vendor's sensor network worldwide, whereas you still get the chance to feel the dynamics of spam outbreaks worldwide. I often speculate -- and got the case studies proving it -- that the more pressure is put on spammers, phishers and malware authors, the higher would their consolidation become. For the time being, spammers are mostly utilizing the cost-effective one-to-many communication model, and their ROI -- where the investment is in renting infected zombie PCs -- is positive by default without them even segmenting, targeting and actually reaching the most gullible audience. If spammers change this model, it would mean a much faster email services worldwide, but for the time being, number of messages sent compared to basic marketing practices seems to be the benchmark.

Spammers got the "contact points", malware authors the platform and the payload, and phishers the social engineering "know-how", I find spammers missing so badly these days -- the trade off for delivering the spam through content obfuscation is the quality of the message itself. Trouble is, they'll soon realize that marriage is better than the divorce and unite forces given the pressure.

UPDATE: "Bot nets likely behind jump in spam" discusses the consolidation, or the possibility for services on demand. Via Sunbelt's blog.

ShotSpotter - Gunshot Sensors Network

ShotSpotter is :

"a network of noise sensors that identifies and pinpoints gunfire. Over the past few weeks, the technology has guided police to three homicides in Southeast Washington, and in one case officers got there rapidly enough to make an arrest.

ShotSpotter complements 48 surveillance cameras installed in many city neighborhoods. But unlike the cameras, which are checked after the fact, ShotSpotter gets word to police as soon as bullets start flying -- in many cases before anyone has a chance to call 911. Over the past two months, the sensors, roughly the size of coffee cans, have been hidden atop buildings in many sections of Southeast Washington."

Innovative, but how well is it performing when it comes to filtering a three cars synchronized gangsta rap music, and the not so fashionable, but adaptive use of silencers? It makes me think on the possibility of disinformation by criminals knowing someone's listening and responding to gunshots. On the other hand, it could have ever wider acceptance in a war zone acting as an early warning system.

UPDATE: Techdirt's comments on the system.