Experts use internet routers to protect web from Angler malware's lures ...

Delays from The Conversation meant that this article took ages to be published - not good really.

It may not be a household name like Microsoft, Apple or Sony, but Cisco Systems is almost the same size. Cisco is the world’s largest supplier of networking equipment such as routers and switches which plug together the various networks that make up the internet. This puts them in the position of being able to use the enormous distribution of their equipment to disable a major ongoing malware attack, Angler.

The Angler exploit kit is software used by hackers to breach and take control of computer systems, known as a tool kit. There have been many such kits over the years, for example in the 1990s the notorious Back Orifice (a pun on Microsoft Backoffice) offered hackers easy to use tools to remotely control Windows computers. Angler is one of the most advanced and widespread today.

Creating a tool kit and distributing it freely on the internet provides expert tools to wannabe hackers – known as “script kiddies” – who don’t necessarily have the skills themselves nor the opportunity to access systems to practice and hone their own hacking techniques. Angler is such a kit, used to create back doors by taking advantage in flaws in popular browser plug-ins such as Flash and Java. Remote access and control of a PC gives hackers the opportunity to take the computers hostage and demand ransom money from their victims, or to steal personal data to be used for fraud or sale.

The security experts investigating Angler estimated that it targeted around 90,000 computers a day, with an estimated fraudulent income of US$30m. As tool kits can be updated, their creators can usually provide work-arounds for each defence created by security software companies, which makes preventing the attacks difficult. While security firms are excellent at spotting variants and updating their database definitions to ensure antivirus software recognises them, not everyone updates in time (or at all) and there is always a new attack being developed.


Cisco’s intervention

Cisco helped solve this problem, together with major internet service provider Level 3 Communications, by collecting and analysing Angler’s network traffic to discover where it was headed and to tackle the problem at its source. The researchers discovered that the code that compromised targeted computers was located on an exploit server, to which the tool kit installed on compromised computers communicated via a network of proxy servers designed to hide and protect it.

Angler tool kit connects to exploit server via many proxies to hide its route. TalosIntel

By tracing where Angler’s traffic was headed, Cisco and the researchers were able to release updates for its network equipment in use worldwide that would block Angler’s attempts to communicate with its servers. The team also contacted the hosting companies with what they’d learned, which then shut down the rogue servers. Cisco has done an outstanding job, as this will make it difficult to use Angler in its current form. However it’s unlikely this will be the last we hear it – Angler’s creators and maintainers will have to work hard to adapt it to work around the blocks installed on millions of routers worldwide, but will inevitably do just that. The game of cat and mouse will continue.

Of course, however much security companies or police and investigators work to try to combat malware and hacking attacks, it’s up to you to make sure your antivirus software is installed and up-to-date. If your computer is ever held to ransom, don’t provide any financial information – it’s better to wipe your computer and start again than to hand your financial details to unknown criminals to be exploited. And of course having back-ups of essential data, such as on cloud services, means it’s easier to recover in a worst-case scenario.

The Conversation
Andrew Smith, Senior Lecturer in Networking, The Open University
This article was originally published on The Conversation. Read the original article.

Comments

Post a Comment

Popular posts from this blog

Losing our presence - how the latest @OpenUniversity #location "consultation" is utter madness ...

After reading a considered write up from colleague Ray Corrigan  and support from Cory Doctorow  I feel that here is one decision from our senior management, that for the first time in seven years made me wonder about the state of mind within the Open University (OU). One of the primary reasons I joined the OU is that it was a organisation I could get behind - irrespective of its many eccentricities. It's mission to enable whomever that tried; to reach for higher education - this was something I could easily get behind. We do need to look at how we use the different offices - but to cull them in such a manner and looking at the outcomes of the location analysis. Strikes me that whomever was given the job - did little to review each location and approached this from a purely numerical perspective. Having worked hard to develop a community of Cisco Academies, Vendor interests and interventions in the Computing and Network Engineering teaching communities. I have used thes...
Read more

So, what do you think about simulation ...

Ok, this is not a scientific study, the audience participation is likely to be from a self selecting group etc. So lets call this a poll amongst friends, followers and like minded. A question that is structural to my research is ... Do you think simulation can replace real hardware, when teaching networking? To remain fair, I am not going to share my opinion as it is biased and please don't try and answer this to please me (as I really don't know who will be answering and if you know me, you will know that it won't). Please take a look at the top left of this blog and based on your personal opinion, answer either yes or no. You do not have to be an expert, or an academic or even a teccie, everyone's opinion in this context counts. The opinions below are valid view points, but must not contribute to your own independent decision, please complete the question before reading these. =================================...
Read more

Slow are the wheels that maketh the #Linux NAL ...

Image
The wheels at my university are renowned for being slow and cumbersome. However, getting a simple prepackaged course from a 3rd party with no rights issues out there has been nothing short of escargot'esqe. As of the 1st of May 2017 - we have our first Linux NAL - following the model of the relevant knowledge courses that once occupied the students of the Open University. Offering Linux is not a new notion - having offered for three years a short course in Linux that was at the time ahead of most in reaching a distance learning population. In this short time, we engaged with over 2400 students giving them all a taste of Linux. Now, with the maturity of HTML5 and some considerable insight from NDG and LPI in collaboration with Cisco Systems. We are able to offer a fully remote Linux experience. With the Linux operating system running as a web browser based cloud instance. Our first presentation of this course will have all the hallmarks of a discovery experience - while ...
Read more