Connect with us

Cyber Security

Can Malware Go Undetected? How Viruses Hide From You – MUO – MakeUseOf

Avatar photo

Published

on

Antivirus programs are an essential tool for staying safe online, but are there threats that even they can’t spot? Let’s find out.
When you think a virus has hit your computer, the solution seems simple enough; just run a virus scan and see if it finds anything. If the antivirus doesn’t pick anything up, that must mean there are no viruses, guaranteed… right?
Unfortunately, it’s not as simple as that. While modern-day antivirus programs have become highly effective at stopping viruses, there are times where malware can go undetected. Let’s explore the ways how.
As we cover this topic, we’re going to talk about “virus definitions” a lot. As such, it’s best that we square away what a virus definition is first, and why it’s important here.
When your antivirus looks for malware, it needs a guide on what’s a virus and what’s not. To do this, it needs virus definitions that tell it what’s bad and what's good. Antivirus programs usually receive definition updates from the developer on a regular basis, so that it knows all the newly-discovered viruses and what they look like.
You can imagine these definitions as the antivirus equivalent of a criminal mugshot. The definitions tell the antivirus what the virus looks like and how to defend against it. As such, the strength of an antivirus is in its virus definition library and how it uses it.
Because virus definitions are so essential for an antivirus, malware developers strive to find ways to dodge these definitions by one method or another. So, what are these methods?
First off, if you don’t allow your antivirus to update itself, it doesn’t know all the latest virus definitions. This, in turn, means that new viruses will slip past your defenses without getting caught.
That’s why it’s really important to keep your antivirus updated. If it wants to download new definitions, don’t put it off for another day. Grab them ASAP and let it do its work. By doing so, you allow your antivirus to do its job properly when protecting your PC.
…but even if you do keep your antivirus up-to-date, it’s not perfect. After all, there are viruses out there that the antivirus companies have yet to encounter yet. And because of that, there are no published virus definitions to combat it. This kind of malware is what’s known as a “zero-day virus.”
Related: What Is a Zero Day Exploit and How Do Attacks Work?
Zero-day viruses spread across the internet on the “zeroth day” of their release. The term describes a virus that is brand-new and has just begun its siege on the internet.
Going back to our criminal mugshot example, a zero-day virus is like a criminal who has committed a crime that hasn’t been reported yet. In the window between committing a crime and the police issuing a search for them, the criminal can walk around like a regular citizen without getting arrested.
In a similar vein, a brand-new virus doesn’t have any definitions set for it, because the antivirus companies don’t even know it exists yet. And before it’s caught, the virus can slip onto PCs without alerting the antivirus.
This is why you may see your antivirus updating its definitions very frequently. As researchers spot these viruses in the wild, it's essential to create a definition and push it to people's antiviruses as quickly as possible to negate the zero-day threat.
If a malware developer knows that an antivirus will identify their code, they still have a few tactics up their sleeves to prevent detection.
One of them is a trick called “obfuscation.” This is when a malware developer cleverly hides their malicious code so an antivirus won’t find it. For example, they may deploy a program that automatically encrypts and decrypts the bad parts, or change the code of the virus itself so it looks different every time it infects someone.
By changing how it looks, it keeps the antivirus on its toes. An antivirus is looking for a specific "signature" that identifies a specific strain of malware for what it is, so if the malware developer can hide this signature, it can dodge an antivirus scan better.
The sneakiest kind of malware is the kind that isn’t actually malware whatsoever. It’s a program that acts as a staging ground for future virus infections and attacks, but it itself is completely innocent-looking.
For example, a malware developer can make a program that can download files from a remote server. Perhaps the developer explains this away as an update service or a way for the user to download more files for their program.
The program itself doesn’t have any malicious code in it, so the antivirus allows it in. However, the malware developer can then use that remote server connection to sneak in malware through the backdoor. And because the program was innocuous to begin with, there's a greater chance that your antivirus won't catch it downloading viruses onto your PC.
Fortunately, despite the threat that these undetectable attacks pose, it doesn't mean your computer is just a sitting duck waiting to get attacked. The absolute best antivirus on the market right now is your common sense, and if you use it well, you can avoid an attack.
If you're taking care to download files from legitimate sources, and you're not opening suspicious attachments in weird-looking emails, you're already doing a lot to protect yourself. We've covered a huge list of security tips to protect yourself online, but even if you apply the bare basics, you should be okay. Don't forget; an antivirus-dodging malware can only do its work if you let it!
The above exploits are all huge problems that antivirus developers have to work around daily. However, they all share one thing in common: they exploit weaknesses in the virus definition model.
Right now, an antivirus program can’t tell what’s a virus and what isn’t by just watching it. It needs a definition given to it to identify what’s bad and what’s not. However, advances in machine learning and AI will change that in the future.
Related: These Antivirus Tools Are Using AI to Protect Your System
Eventually, we may have antivirus systems that don’t wholly depend on virus definitions. Sure, it may still use them as a quick and convenient way to identify a virus in the wild, but it would also be equipped with AI that can look at a file or program and identify that it’s a virus based on what it’s trying to do.
While threats such as zero-day attacks and obfuscation sound terrifying, they're not internet-breaking by any means. The best way to avoid antivirus-dodging malware is to ensure it never gets onto your PC in the first place, so be sure to stay vigilant and don't fall prey to the huge number of threats on the internet.
AI-based cybersecurity is a really interesting topic, and it's well worth exploring if you have a passion for how an antivirus works. Who knows; perhaps one day the humble virus definition will make way for an intelligent system that can catch a virus purely on what it's doing, and not how it's coded.
A Computer Science BSc graduate who has been writing about technology since 2014, and using Windows machines since 3.1. After working for an indie game studio, he found his passion for writing and decided to use his skill set to write about all things tech.
Join our newsletter for tech tips, reviews, free ebooks, and exclusive deals!

source

Continue Reading
Advertisement
Click to comment

Business

Prosecutors seek from 40 to 50 years in prison for Sam Bankman-Fried for cryptocurrency fraud

Avatar photo

Published

on

Prosecutors seek from 40 to 50 years in prison for Sam Bankman-Fried for cryptocurrency fraud

By LARRY NEUMEISTER

NEW YORK (AP) — FTX founder Sam Bankman-Fried’s orchestration of one of history’s largest financial frauds in his quest to dominate the cryptocurrency world deserves a prison sentence of 40 to 50 years, federal prosecutors on Friday told a federal judge.

Prosecutors made the recommendation in papers filed in Manhattan federal court in advance of a March 28 sentencing, where a judge will also consider a 100-year prison sentence recommended by the court’s probation officers and a request by defense lawyers for leniency and a term of imprisonment not to exceed single digits.

Bankman-Fried, 32, was convicted in November on fraud and conspiracy charges after his dramatic fall from a year earlier when he and his companies seemed to be riding a crest of success that had resulted in a Super Bowl advertisement and celebrity endorsements from stars like quarterback Tom Brady and comedian Larry David.

Some of his biggest successes, though, resulted from stealing at least $10 billion from investors and customers between 2017 and 2022 to buy luxury real estate, make risky investments, dispense outsized charitable donations and political contributions and to buy praise from celebrities, prosecutors said.

 

FILE - Sam Bankman-Fried leaves Manhattan federal court in New York on Feb. 16, 2023. Bankman-Fried's lawyers are seeking leniency next month at the FTX founder's sentencing for cryptocurrency crimes. The lawyers filed presentence arguments late Monday, Feb. 26, 2024, in Manhattan federal court. (AP Photo/Seth Wenig, File)

 

“His life in recent years has been one of unmatched greed and hubris; of ambition and rationalization; and courting risk and gambling repeatedly with other people’s money. And even now Bankman-Fried refuses to admit what he did was wrong,” prosecutors wrote.

Advertisement
Submit your 2022 Austin Neighborhood Feedback

“Having set himself on the goal of amassing endless wealth and unlimited power — to the point that he thought he might become President and the world’s first trillionaire — there was little Bankman-Fried did not do to achieve it,” prosecutors said.

They said crimes reflecting a “brazen disrespect for the rule of law” had depleted the retirement funds and nest eggs of people who could least afford to lose money, including some in war-torn or financially insecure countries, and had harmed others who sought to “break generational poverty” only to be left “devastated” and “heartbroken.”

“He knew what society deemed illegal and unethical, but disregarded that based on a pernicious megalomania guided by the defendant’s own values and sense of superiority,” prosecutors said.

Bankman-Fried was extradited to the United States in December 2022 from the Bahamas after his companies collapsed a month earlier. Originally permitted to remain at home with his parents in Palo Alto, California, he was jailed last year weeks before his trial after Judge Lewis A. Kaplan concluded that he had tried to tamper with trial witnesses.

In their presentence submission, prosecutors described Bankman-Fried’s crimes as “one of the largest financial frauds in history, and what is likely the largest fraud in the last decade.”

“The defendant victimized tens of thousands of people and companies, across several continents, over a period of multiple years. He stole money from customers who entrusted it to him; he lied to investors; he sent fabricated documents to lenders; he pumped millions of dollars in illegal donations into our political system; and he bribed foreign officials. Each of these crimes is worthy of a lengthy sentence,” they wrote.

They said his “unlawful political donations to over 300 politicians and political action groups, amounting to in excess of $100 million, is believed to be the largest-ever campaign finance offense.”

And they said his $150 million in bribes to Chinese government officials was one of the single largest by an individual.

“Even following FTX’s bankruptcy and his subsequent arrest, Bankman-Fried shirked responsibility, deflected blame to market events and other individuals, attempted to tamper with witnesses, and lied repeatedly under oath,” prosecutors said, citing his trial testimony.

Advertisement
Submit your 2022 Austin Neighborhood Feedback

Two weeks ago, Bankman-Fried attorney Marc Mukasey attacked a probation office recommendation that their client serve 100 years in prison, saying a sentence of that length would be “grotesque” and “barbaric.”

He urged the judge to sentence Bankman-Fried to just a few years behind bars after calculating federal sentencing guidelines to recommend a term of five to 6 1/2 years in prison.

“Sam is not the ‘evil genius’ depicted in the media or the greedy villain described at trial,” Mukasey said, calling his client a “first-time, non-violent offender, who was joined in the conduct at issue by at least four other culpable individuals, in a matter where victims are poised to recover — were always poised to recover — a hundred cents on the dollar.”

Mukasey said he will respond to the prosecutors’ claims in a filing next week.

Read More

Continue Reading

Cyber Security

Biden to create cybersecurity standards for nation’s ports as concerns grow over vulnerabilities

Avatar photo

Published

on

Biden to create cybersecurity standards for nation’s ports as concerns grow over vulnerabilities

WASHINGTON (AP) — President Joe Biden on Wednesday signed an executive order and created a federal rule aimed at better securing the nation’s ports from potential cyberattacks.

The administration is outlining a set of cybersecurity regulations that port operators must comply with across the country, not unlike standardized safety regulations that seek to prevent injury or damage to people and infrastructure.

“We want to ensure there are similar requirements for cyber, when a cyberattack can cause just as much if not more damage than a storm or another physical threat,” said Anne Neuberger, deputy national security adviser at the White House.

Nationwide, ports employ roughly 31 million people and contribute $5.4 trillion to the economy, and could be left vulnerable to a ransomware or other brand of cyberattack, Neuberger said. The standardized set of requirements is designed to help protect against that.

The new requirements are part of the federal government’s focus on modernizing how critical infrastructure like power grids, ports and pipelines are protected as they are increasingly managed and controlled online, often remotely. There is no set of nationwide standards that govern how operators should protect against potential attacks online.

The threat continues to grow. Hostile activity in cyberspace — from spying to the planting of malware to infect and disrupt a country’s infrastructure — has become a hallmark of modern geopolitical rivalry.

For example, in 2021, the operator of the nation’s largest fuel pipeline had to temporarily halt operations after it fell victim to a ransomware attack in which hackers hold a victim’s data or device hostage in exchange for money. The company, Colonial Pipeline, paid $4.4 million to a Russia-based hacker group, though Justice Department officials later recovered much of the money.

Ports, too, are vulnerable. In Australia last year, a cyber incident forced one of the country’s largest port operators to suspend operations for three days.

Advertisement
Submit your 2022 Austin Neighborhood Feedback

In the U.S., roughly 80% of the giant cranes used to lift and haul cargo off ships onto U.S. docks come from China, and are controlled remotely, said Admiral John Vann, commander of the U.S. Coast Guard’s cyber command. That leaves them vulnerable to attack, he said.

Late last month, U.S. officials said they had disrupted a state-backed Chinese effort to plant malware that could be used to damage civilian infrastructure. Vann said this type of potential attack was a concern as officials pushed for new standards, but they are also worried about the possibility for criminal activity.

The new standards, which will be subject to a public comment period, will be required for any port operator and there will be enforcement actions for failing to comply with the standards, though the officials did not outline them. They require port operators to notify authorities when they have been victimized by a cyberattack. The actions also give the Coast Guard, which regulates the nation’s ports, the ability to respond to cyberattacks.

Read More

Continue Reading

Business

Why Was Sam Altman Fired? Possible Ties to China D2 (Double Dragon) Data from Hackers

Avatar photo

Published

on

Theories are going around the internet why Sam Altman was fired. On an insider tech forum (Blind) – one person claims to know by third-hand account and how this news will trickle into the media over the next couple of weeks.

It’s said OpenAI had been using data from D2 to train its AI models, which includes GPT-4. This data was obtained through a hidden business contract with a D2 shell company called Whitefly, which was based in Singapore. This D2 group has the largest and biggest crawling/indexing/scanning capacity in the world 10x more than Alphabet Inc (Google), hence the deal so Open AI could get their hands on vast quantities of data for training after exhausting their other options.

The Chinese government became aware of this arrangement and raised concerns with the Biden administration. As a result, the NSA launched an investigation, which confirmed that OpenAI had been using data from D2. Satya Nadella, the CEO of Microsoft, which is a major investor in OpenAI, was informed of the findings and ordered Altman’s removal.

There was also suggestion that Altman refused to disclose this information to the OpenAI board. This lack of candor ultimately led to his dismissal and is what the board publicly alluded to when they said “not consistently candid in his communications with the board.”

To summarize what happened with Sam Altman’s firing:

1. Sam Altman was removed from OpenAI due to his ties to a Chinese cyber army group.

2.OpenAI had been using data from D2 to train its AI models.

3. The Chinese government raised concerns about this arrangement with the Biden administration.

Advertisement
Submit your 2022 Austin Neighborhood Feedback

4. The NSA launched an investigation, which confirmed OpenAI’s use of D2 data.

5. Satya Nadella ordered Altman’s removal after being informed of the findings.

6. Altman refused to disclose this information to the OpenAI board.

 

We’ll see in the next couple of weeks if this story holds up or not.

Continue Reading