The name “Project Sauron” came from code contained in one of the malware’s configuration files. (credit: Kaspersky Lab) Security experts have discovered a malware platform that’s so advanced in its design and execution that it could probably have been developed only with the active support of a nation state. The malware—known alternatively as “ProjectSauron” by researchers from Kaspersky Lab and “Remsec” by their counterparts from Symantec—has been active since at least 2011 and has been discovered on 30 or so targets. Its ability to operate undetected for five years is a testament to its creators, who clearly studied other state-sponsored hacking groups in an attempt to replicate their advances and avoid their mistakes. State-sponsored groups have been responsible for malware like the Stuxnet- or National Security Agency-linked Flame , Duqu , and Regin . Much of ProjectSauron resides solely in computer memory and was written in the form of Binary Large Objects, making it hard to detect using antivirus. Because of the way the software was written, clues left behind by ProjectSauron in so-called software artifacts are unique to each of its targets. That means that clues collected from one infection don’t help researchers uncover new infections. Unlike many malware operations that reuse servers, domain names, or IP addresses for command and control channels, the people behind ProjectSauron chose a different one for almost every target. Read 8 remaining paragraphs | Comments
See the original post:
Researchers crack open unusually advanced malware that hid for 5 years
An anonymous reader writes:Whoever said crime doesn’t pay didn’t know about the booming ransomware market. A case in point, the latest version of the scourge known as CryptXXX, which raked in more than $45, 000 in less than three weeks. Over the past few months, CryptXXX developers have gone back and forth with security researchers. The whitehats from Kaspersky Lab provided a free tool that allowed victims to decrypt their precious data without paying the ransom, which typically reaches $500 or more. Then, CryptXXX developers would tweak their code to defeat the get-out-of-jail decryptor. The researchers would regain the upper hand by exploiting another weakness and so on. Earlier this month, the developers released a new CryptXXX variant that to date still has no decryptor available. Between June 4 and June 21, according to a blog post published Monday by security firm SentinelOne, the Bitcoin address associated with the new version had received 70 bitcoins, which at current prices is valued at around $45, 228. The figure doesn’t include revenue generated from previous campaigns. Read more of this story at Slashdot. 
An anonymous reader quotes a report from Phys.Org: Using a new satellite-based method, scientists at NASA, Environment and Climate Change Canada, and two universities have located 39 unreported and major human-made sources of toxic sulfur dioxide emissions. A known health hazard and contributor to acid rain, sulfur dioxide (SO2) is one of six air pollutants regulated by the U.S. Environmental Protection Agency. The 39 unreported emission sources, found in the analysis of satellite data from 2005 to 2014, are clusters of coal-burning power plants, smelters, oil and gas operations found notably in the Middle East, but also in Mexico and parts of Russia. In addition, reported emissions from known sources in these regions were — in some cases — two to three times lower than satellite-based estimates. Altogether, the unreported and underreported sources account for about 12 percent of all human-made emissions of sulfur dioxide — a discrepancy that can have a large impact on regional air quality, said Chris McLinden, an atmospheric scientist and lead author of the study. The co-author of the study, Nickolay Krotkov, says quantifying the sulfur dioxide bull’s-eyes is a two-step process that would not have been possible without an improvement in the computer processing that transforms raw satellite observations from the Dutch-Finnish Ozone Monitoring Instrument aboard NASA’s Aura spacecraft into precise estimates of sulfur dioxide concentrations, and the ability to detect smaller concentrations using a new computer program that precisely detects sulfur dioxide that had been dispersed and diluted by winds. Read more of this story at Slashdot. 
An anonymous reader writes: The Turkish downing of the Russian SU-24 jet last November saw a predictable series of statements from each side claiming complete innocence and blaming the other entirely. Social media was a key battleground for both sides — the Turkish and Russian governments, along with their supporters — as each tried to establish a dominant narrative explanation for what had just happened. In the midst of the online competition, a little-observed, funhouse mirror of an online hoax was brilliantly perpetrated, one with consequences likely exceeding the expectation of the hoaxster. The Russian Ministry of Defense was duped by a fake image that Russian state media itself had circulated more than a year earlier, as a way to deny Moscow’s involvement in the downing of Malaysia Airlines Flight 17. Read more of this story at Slashdot. 
lpress writes: Sci-Hub is a Russian site that seeks to remove barriers to science by providing access to pirated copies of scientific papers. It was established in 2011 by Russian neuroscientist Alexandra Elbakyan, who could not afford papers she needed for her research and it now claims to have links to 48 million pirated and open papers. I tried it out and found some papers and not others, but it provides an alternative for researchers who cannot afford access to paid journals. After visiting this site, one cannot help thinking of the case of Aaron Swartz, who committed suicide as a result of prosecution for his attempt to free scientific literature. Read more of this story at Slashdot.