Skip to main content

Thursday Threat Report: Whispering malware, 2 million leaked passwords, and malware coming to the home thanks to Linux

Welcome to ITProPortal's Thursday Threat Report, where we round up the three greatest security threats facing Internet users, smooth-running enterprise, and occasionally even the survival of the world as we know it. Hold onto your hats - things are about to get scary.

Whispering malware

German scientists have successfully designed a form of malware that uses high-frequency sound to transmit information between infected computers that have no connection to the Internet.

The researchers developed several ways to use ultrasound to transmit data between two laptops using only the built-in mics and speakers. This "whispering" technique is capable of transmitting data between machines as much as 19.7m apart, and could be used by viruses to jump the so-called "air-gap".

The research acts as a proof-of-concept for claims made by security researcher Dragos Ruiu, who is believed to have discovered just such a virus in the wild, and dubbed it "badBIOS."

For high-security networks, the researchers advised employing audio filtering that blocks high-frequency ranges that could be used to transmit data.

2 million passwords leaked online

According to researchers, scammers have scooped up more than two million passwords for sites like Facebook, Google, and Yahoo - but it appears that the data was stolen via malware-infected machines rather than a hack of those companies' systems.

Trustwave's SpiderLabs dug into source code from the Pony botnet, which was recently made public, and made some startling discoveries. The botnet managed to steal credentials for 1.58 million websites, 320,000 email accounts, 41,000 FTP accounts, 3,000 remote desktops, and 3,000 secure shell accounts.

Looking at the domains from which those passwords were stolen, Facebook was the most popular victim, accounting for 318,121, or 57 per cent. Yahoo came in second with about 60,000, followed by Google Accounts (54,437), Twitter (21,708), and (16,095). Also on the list was LinkedIn (8,490 passwords) and payroll provider ADP (7,978), which Trustwave said was surprising.

"Facebook accounts are a nice catch for cyber criminals, but payroll services accounts could actually have direct financial repercussions," the firm wrote in a blog post.

Malware's coming home

Researchers have honed in on a Linux worm capable of infecting all manner of Internet-connected home devices, including routers, set-top boxes, security cameras, thermostats and smoke alarms, among others.

Upon execution, the worm generates IP addresses randomly, accesses a specific path on the machine with well-known ID and passwords, and sends HTTP POST requests, which exploit the vulnerability. If the target is unpatched, it downloads the worm from a malicious server and starts searching for its next target.

The worm, dubbed Linux.Darlloz, only infects devices that run on Intel x86 CPUs, but as a proof-of-concept malware, signals a worrying vulnerability in the increasing spread of the Internet of things.

Symantec researcher Kaoru Hayashi wrote on his blog last week that "Although no attacks against these devices have been found in the wild, many users may not realize they are at risk, since they are unaware they own devices that run Linux."