by Constantine von Hoffman

Weekly Cybersecurity Roundup: Tinba Trojan v Flame Malware; Obama’s Cyber Attacks on Iran; and More

Jun 01, 20123 mins

This week's cybersecurity roundup has stories on the Tinba Trojan and Flame malware; increased U.S. cyber attacks on Iran; a popular tool meant to provide online anonymity that's installing spyware on users' machines; and more.

Tiny Trojan May Pose More of a Threat Than the Giant Flame
: Lots of attention has been focused on the Flame spyware this week, but a small program called Tinba is probably a bigger threat to most of us. Although Flame is a giant with 20 MB of code, Tinba uses just 20 KB and a number of well-worded man-in-the-browser tricks to defeat two-factor authentication. CSIS in Denmark says the malware doesn’t bother with any encryption or packing, and it is slipping past a lot of desktop defenses. Tinba injects itself into a number of common processes, including firefox.exe, explorer.exe and svchost.exe. It is designed to steal online-banking and credit-card information from compromised computers, and it makes each infected machine part of a botnet that reports to one of four known command-and-control servers. Flame is more powerful, but it has so far been found on very few computers.

Obama Increases Cyber Attacks on Iran: President Obama has significantly increased cyber attacks against Iran since he first took office, according to the New York Times. The attacks, which started under President Bush, target the computer systems that run Iran’s main nuclear enrichment facilities. Obama ordered the attacks to continue “even after an element of the program accidentally became public in the summer of 2010 because of a programming error that allowed it to escape Iran’s Natanz plant and sent it around the world on the Internet.” That program was identified by security experts who named it Stuxnet.

Chinese-Made Silicon Chip Could be Threat to U.S. Defense: A Chinese-manufactured chip used by the U.S. government has a hardware defect that could let attackers tamper with sensitive applications related to national security. University of Cambridge researchers found a secret access point in a field-programmable gate array, a device which can be configured by users to add custom functionality. The Actel ProASIC3 (AP3) chip used by California-based defense contractor Microsemi is used in weapons, flight controls, power distribution and nuclear power plants, according to a study.

Spyware Targets Iranian, Syrian Dissidents: The popular proxy tool Simurgh, used to circumvent censorship efforts, is also being used to install spyware aimed at Iranian and Syrian Web users. A team at the University of Toronto said installation software for Simurgh also installs keylogging spyware. Simurgh, designed to make Web use anonymous and give access to blocked sites, had a Trojan added to it which sends data from victims’ PCs to a site registered with a Saudi Arabian ISP. The data can include the computer operators’ usernames and machine names, as well as every window clicked and every keystroke entered. Visitors to the website of Simurgh’s developers are now warned that versions of the software installer downloaded from the file sharing service 4shared have been compromised.