Trojan source code leak poised to spur new online banking attacks

The source code for a new Trojan program that targets banking services has been published online, offering an easy way for unskilled cybercriminals to launch potent malware attacks against users.

Nuclear Bot will serve as a framework for other malware.

The Trojan is called Nuclear Bot and first appeared for sale on underground cybercrime forums in early December for $2,500. It can steal and inject information from and into websites opened in Mozilla Firefox, Internet Explorer and Google Chrome and can also open a local proxy or hidden remote desktop service.

These are all features commonly seen in banking Trojans, as they’re used by attackers to bypass the security checks of online bank websites to perform fraud. For example, the proxy and remote desktop functionality allows hackers to initiate rogue transactions through the victims’ browsers after they have been tricked into providing the second authentication factor.

What’s interesting about Nuclear Bot is the failure of its author to market it properly to other cybercriminals. According to researchers from IBM, who have closely monitored the Trojan’s history, over the course of several months the Nuclear Bot creator broke many of the unwritten rules of the cybercriminal community, which resulted in his losing all credibility and being flagged a scammer. For example, the program’s author did not not provide test versions of the software to forum admins or potential buyers and used different names when advertising the malware  on different forums.

Even though it did not attract any buyers, the Trojan did turn out to be real and quite potent. And in order to prove his legitimacy as a malware coder, it appears that the Nuclear Bot author took the unusual step of releasing the Trojan’s source code himself.

The source code for other banking Trojans, including Zeus, Gozi and Carberp, has been released in the past, but usually as a result of unintentional leaks. Regardless of the reason, whenever something like this happens, it’s never good news for the rest of the internet.

“Publicly available source code makes for more malware,” the IBM researchers said in a blog post. “This is often incorporated into existing projects. X-Force researchers noted that NukeBot is likely to see the same process take place in the wild, especially since its code is not copied from other leaked malware, per the developer’s claims.”

At the very least, source code availability puts new malware into the hands of cybercriminals who don’t have the resources to build something themselves or to buy a ready-made solution from someone else.

Newegg has dropped the price of a G.Skill 32GB RAM kit to $174

RAM is priced at a premium these days and may not get any better for a few months yet. So when a RAM deal shows up, it’s best to jump on it if the modules suit your setup. Right now, folks waiting to snag a good chunk of DDR4 RAM are in luck: Newegg is selling four G.Skill Ripjaws V Series 8GB 288-pin DDR4/3000 RAM modules for $174.

gskillram 2

The RAM comes in red only, and for those into overclocking, this 1.35V kit supports Intel’s XMP 2.0.

The G.Skill RAM modules are designed with the Intel Z170 “Skylake” chipset in mind, but it’s DDR4, so it should work just fine with the newer Z270 chipset for Kaby Lake. It may also work with Ryzen, but you’ll have to dig deeper to double check, as RAM support is a little chaotic with AMD’s new chips right now.

 RAM prices for PCs are high thanks to the focus on producing RAM for mobile, as well as servers, with desktops being last on the priority list. That state of affairs isn’t expected to get better until later in 2017.

Newegg’s sale ends on Friday.

gskill ripjaws ddr4 3000

Microsoft’s Surface Book and Surface Studio will ship in more markets

Microsoft has been cautious about making its Surface product line available worldwide. It tests devices in specific markets, sees how they do, and if the response is good, ships them to those areas.

surface studio 2 edited

The company appears to have have received a strong response, in particular, to its Surface Studio, Surface Book devices and Surface Dial, which will soon be available in many Asian and European countries.

The expanded availability of these devices was announced on the same day Microsoft said it would release Windows 10 Creators Update on April 11.

The Surface Book with Performance Base, one of the devices that will be more broadly available, is a high-performance laptop that can also be a tablet. The screen pops out from the keyboard base to be a tablet. In a review, PC World concluded the device was powerful and easy to use, but had some design issues and was heavy.

The device — priced starting at $1,499 in the U.S. — will begin shipping to new markets on April 20 and users will be able to order it through Microsoft’s website. The Surface Book with Performance Base will be available in Austria, China, Denmark, Finland, France, Germany, Hong Kong, Japan, the Netherlands, Norway, Sweden, Switzerland and the U.K., according to a Microsoft blog post. Pricing information wasn’t immediately available.

The Surface Studio, meanwhile, is an all-in-one desktop designed for artists. The device has a 28-inch touchscreen that can be angled to be more like an artists’ canvas, and a powerful GPU to handle heavy-duty graphics. The battery-powered Surface Dial is an controller that can be placed on the screen to make it easier to create artwork, much like how a stylus can be used to take notes on tablets. The Studio and Dial will ship on April 20 in Australia, Canada and New Zealand. Pricing wasn’t immediately available.

Google Calendar finally comes to the iPad

Google’s Calendar app is making a long-awaited move to a new device: Apple’s iPad. You read that right: Until Wednesday, the tech titan hadn’t optimized its marquee calendar application to run on Apple’s tablets.

gsuite calendar ipad

The app provides users with a view of the calendars that they have and that are shared with them through Google’s service. In addition, they get a handful of features Apple’s native calendar app doesn’t have, like the ability to more easily find time and space for a meeting with other people inside their organizations.

Making iPad users wait for a native Calendar app is hardly a surprise coming from Google, considering that it’s the company behind Android, and frequently ships new features first to apps for devices running its mobile operating system.

That’s not to say Google Calendar was completely unavailable for iPad users for the past several years. The iPhone app for Calendar could run on Apple’s tablets, but it wasn’t optimized for use on those devices.

The move is a part of Google’s continuing push to make its G Suite productivity services useful to as broad a set of people as possible. Google is working aggressively to get customers to switch to its productivity suite from their current systems, which in many cases, revolve around Microsoft Office. Microsoft offers its own calendar app for the iPad in the form of Outlook for iOS, which has supported Apple’s tablet since its launch in 2015.

Google has more iOS-specific features planned, including a Today widget that will let users see their upcoming events in an iPad’s Notification Center, according to a blog post by Calendar product manager Sharon Stovezky.

China Oceanwide completes its purchase of IDG

The sale of tech publishing pioneer International Data Group to China Oceanwide Holdings Group and China-based IDG Capital is final.

International conglomerate China Oceanwide Holdings has closed its acquisition of IDG.

The deal for China Oceanwide Holdings Group to acquire a majority stake in International Data Group was first announced in January. Tech analyst firm IDC and venture capital firm IDG Ventures are included in the deal.

China Oceanwide hosted an event in Bejing Wednesday to announce the closing of the deal. The companies did not disclose the terms of the sale.

 China Oceanwide has said it will focus on growth at IDG and IDC.

IDG publishes PCWorld, Computerworld, CIO, CSO Macworld, InfoWorld, CSO, Network World, IDG.tv, and hundreds of other publications worldwide. IDG, which operates in 97 countries, is also the parent company of the IDG News Service.

IDG was founded in 1964 by Patrick McGovern, who died in March 2014. Since then, the company has been run by a board of directors, which has been seeking a buyer for about a year.

China Oceanwide is a privately held international conglomerate founded by Chairman Zhiqiang Lu in 1985. The company operates businesses in the financial services, real estate assets, media, technology, and strategic investment markets, and it has more than 12,000 employees globally.

The company purchased a stake in Lenovo’s parent company, Legend Holdings, in 2009. It has continued to expand globally and in October last year, it agreed to buy U.S.-based insurance firm Genworth Financial for US$2.7 billion in cash.

IDG Capital is an independently operated investment management partnership, with IDG as one of many limited partners. It was formed in 1993 as China’s first technology venture investment firm.

China Oceanwide will be the controlling shareholder of IDG’s operating businesses, including IDC and IDG Communications, while IDG Capital will become the controlling shareholder of the IDG venture business.

IDG will continue to be headquartered in Boston, Massachusetts, and managed by its current team.

Tested: Microsoft Edge is the only browser to run Netflix in 4K

In 2016, Microsoft made headlines by boasting that Microsoft Edge was the only major browser to run Netflix in 1080p. As part of the Windows 10 Creators Update’s blitz of new features, Edge has now made the jump to 4K, and it’s the first major PC browser to do so.

To test the feature, we fired up Netflix within Chrome, Opera, Firefox, and Edge. Edge—as well as the Windows 10 Netflix app that you can download from the Microsoft Store—appears to be the only way to run 4K Netflix content on your PC.

Still, there’s a catch: Besides the fact that you’ll need either an external 4K monitor or native laptop display, your PC or laptop will need to have an Intel Kaby Lake CPU. Fortunately, we have such a laptop: the lovely HP Spectre x360 15, with a Core i7-7500U chip inside and a true 3840×2160 display.

netflix 4k in edge edit Windows 10 Creators Update

IDG / Mark Hachman

Using the diagnostic tools within Netflix, we can see that Edge is streaming in 4K. (Unfortunately, it seems that DRM or other technical limitations block screenshots, so we used a camera instead.) Click the picture to zoom in.

When properly configured, Netflix will fill that display with some truly beautiful pixels. Just make sure you’ve upgraded your Netflix account to a plan capable of 4K, which costs $11.99 per month instead of the usual $8.99/mo.

And if you choose not to run Edge? Well, then it’s back to a lowly 720p experience for you, sorry to say. In our tests, using the hidden menu options within Netflix, I was able to confirm that Chrome, Opera, and Firefox all rendered Netflix, but only at a maximum resolution of 1280×720.

opera in 720p in Netflix

IDG / Mark Hachman

Though Netflix is still feeding the browser 4K levels of throughput, Opera, Chrome, and Firefox are only able to output Netflix at 720p.

 Edge skeptics should note, however, that Microsoft’s browser has continued to improve. I’ve personally gone from being critical of Edge to now seeing it as a competent-to-good browser. (See more about my Edge assessment in our Windows 10 Creators Update review.) Fortunately, you don’t have to do a single thing to get Microsoft Edge—if you own Windows 10, you automatically own the browser.

Why this matters: Microsoft has worked hard to convince users that Edge’s early performance problems were an anomaly. Microsoft Rewards will “pay” you for using Edge, Cortana’s baked right in to the browser, and Edge now supports e-reading EPUB books, too. Providing 4K Netflix support is just the latest way Microsoft hopes to convince you to switch browsers. Sure, Chrome, Firefox, and Opera have their own advantages. But these sorts of “exclusives” probably help Edge’s reputation the most.

Trump extends Obama executive order on cyberattacks

U.S. President Donald Trump is extending by one year special powers introduced by former President Barack Obama that allow the government to issue sanctions against people and organizations engaged in significant cyberattacks and cybercrime against the U.S.

3234554

Executive Order 13694 was introduced on April 1, 2015, and was due to expire on Saturday, but the president sent a letter to Congress on Wednesday evening informing it of his plans to keep it active.

“Significant malicious cyber-enabled activities originating from, or directed by persons located, in whole or in substantial part, outside the United States, continue to pose an unusual and extraordinary threat to the national security, foreign policy, and economy of the United States,” Trump wrote in the letter. “Therefore, I have determined that it is necessary to continue the national emergency declared in Executive Order 13694 with respect to significant malicious cyber-enabled activities.”

The executive order gave the U.S. new powers to retaliate for hacking of critical infrastructure, major denial of service attacks or large scale economic hacking.

It was expanded in December 2016 to include election-related systems and used to sanction Russian agents and organizations for their alleged role in a series of attacks during the presidential election.

In that action, Obama named the Russian military intelligence agency, the GRU, and the federal security service, the FSU, as responsible for the election-related attacks. It also named three organizations and four Russian individuals for their alleged role.

The extension of the existing executive order is one of the first actions President Trump has taken publicly that addresses cybersecurity. In February, he had been due to sign an executive order that addressed the issue but it was canceled at the last minute.

The order, as it stood to be signed, largely addressed cybersecurity in the federal government by placing responsibility for cyber risk at the head of each department. It also would have asked the Department of Commerce and Department of Defense to work on cyberdefense of critical infrastructure.

But, after meeting with some of his national security staff and representatives from the National Security Agency, the order was never signed. The White House never explained why that didn’t happen.

Before suing Uber, Waymo initiated action against former engineer

Uber is asking a federal court that most of the claims of a lawsuit filed by rival self-driving car developer Waymo should be settled through arbitration, a process that is usually private, and cheaper and faster than a federal lawsuit.

160914 uber selfdriving 2

The ride-hailing company is referring to Waymo’s own arbitration proceedings against a former engineer who later joined Uber as the basis for its argument in favor of arbitration to resolve the dispute.

Waymo filed a suit last month in the U.S. District Court for the Northern District of California, alleging that the former employee Anthony Levandowski stole trade secrets relating to self-driving cars before leaving to start Otto, a self-driving trucking company that was later acquired by Uber. Other former Waymo employees who left for Uber and Otto were also found downloading sensitive files, Waymo alleged.

 “Waymo’s trade secret and unfair competition claims must be referred to arbitration because they arise out of, relate to, and result from Levandowski’s employment,” Uber has submitted in a filing on Wednesday. The employment agreements Waymo signed with Levandowski require arbitration of all disputes “with anyone” that arise out of, relate to, or result from Levandowski’s employment, according to the filing.

Levandowski has been mentioned frequently by name in Waymo’s filings including its amended complaint and his alleged conduct as a Waymo employee is the core for the Alphabet unit’s trade secrets and unfair competition claims, according to the filing.

Waymo does not name Levandowski as a defendant even though it has brought the arbitration claims against him, aiming instead to litigate them in the court, Uber said.

The Alphabet unit has alleged in its complaint that Uber got a head start by pilfering its technology, building its own comparable LiDAR system within nine months. Before he quit, Levandowski led a team of Waymo engineers who developed LiDAR technology for its self-driving car project, according to court documents.

Waymo also alleged in the suit that Uber has infringed two of its patents.

Waymo could not be immediately reached for comment after business hours. The self-driving vehicles unit was set up as separate company from Google under the Alphabet umbrella in December last year.

In October 2016, Waymo filed two arbitration demands against Levandowski, claiming that he took and improperly used Waymo’s confidential information to assist Uber, the ride-hailing company claims in its filing. One of the demands related to the alleged use by Levandowski of confidential employee salary information to make targeted offers to Waymo’s employees, while the second held that Levandowski improperly used Waymo’s confidential information to induce its employees to join a competitor.

Basing its action on the arbitration provisions in Levandowski’s employment agreements, Uber plans to initiate this week arbitration proceedings, seeking a declaratory judgment that Waymo’s claims that Uber misappropriated trade secrets and violated unfair competition law are without merit.

Uber has asked the court to stay Waymo’s trade secret and unfair competition claims if it decides they have to be settled by arbitration, but should let the remaining claims such as the patent infringement charges proceed in the court.

VMware patches critical virtual machine escape flaws

VMware has released critical security patches for vulnerabilities demonstrated during the recent Pwn2Own hacking contest that could be exploited to escape from the isolation of virtual machines.

VMware

The patches fix four vulnerabilities that affect VMware ESXi, VMware Workstation Pro and Player and VMware Fusion.

Two of the vulnerabilities, tracked as CVE-2017-4902 and CVE-2017-4903 in the Common Vulnerabilities and Exposures database, were exploited by a team from Chinese internet security firm Qihoo 360 as part of an attack demonstrated two weeks ago at Pwn2Own.

The team’s exploit chain started with a compromise of Microsoft Edge, moved to the Windows kernel, and then exploited the two flaws to escape from a virtual machine and execute code on the host operating system. The researchers were awarded $105,000 for their feat.

Pwn2Own is an annual hacking contest organized by Trend Micro’s Zero Day Initiative (ZDI) program that runs during the CanSecWest conference in Vancouver, Canada. Researchers receive cash prizes for demonstrating zero-day — previously unknown — exploits against browsers, operating systems and other popular enterprise software programs.

This year, the contest organizers added prizes for exploits in hypervisors like VMware Workstation and Microsoft Hyper-V and two teams stepped up to the challenge.

The second team, made up of researchers from the Keen Lab and PC Manager divisions of internet services provider Tencent, exploited the two other flaws patched by VMware this week: CVE-2017-4904 and CVE-2017-4905. The latter is a memory information leak vulnerability that is rated only as moderate, but which could help hackers pull off a more serious attack.

Users are advised to update VMware Workstation to version 12.5.5 on all platforms and VMware Fusion to version 8.5.6 on macOS (OS X). Individual patches are also available for ESXi 6.5, 6.0 U3, 6.0 U2, 6.0 U1 and 5.5, where applicable.

Virtual machines are often used to create throw-away environments that pose no threat to the main operating system in case of compromise. For example, malware researchers execute malicious code and visit suspicious URLs inside virtual machines to observe their behavior. Companies also run many applications inside virtual machines to limit the potential impact if they’re compromised.

One of the main goals of hypervisors like VMware Workstation is to create a barrier between the guest operating system that runs inside the virtual machine and the host OS where the hypervisor runs. That’s why VM escape exploits are highly prized among hackers.

Here’s proof that Ryzen can benefit from optimized game code

If you’re skeptical whether “optimizations” can truly improve gaming performance on the disruptive new Ryzen CPU, AMD has a message for you: They really can.

amd is ryzen

On Thursday the company released benchmark results from a beta version of Ashes of the Singularity that showed a sizable increase in performance from just a few weeks of tuning for the company’s new CPU.

Why this matters: When AMD’s Ryzen launched with bat-out-of-hell application performance but somewhat slower gaming performance than Intel’s rival CPUs, it spawned an Unsolved Mysteries-like search for the cause of such a puzzling disparity. Many theories later (including one that has absolved Microsoft), the only one that seems to be standing are the games themselves.

   [ Further reading: These 20 absorbing PC games will eat days of your life ]

AMD’s numbers show that patching Ashes of the Singularity: Escalation with Ryzen optimization could increase performance 26 to 34 percent, a significant boost for Ryzen.

Here’s your independent verification, too: AMD officials gave PCWorld early access to a beta that features the Ryzen optimizations, which we tested under our control.

ashesofthesingularity

AMD/Newegg

Ashes of the Singularity was able to squeeze almost a third more performance out of Ryzen.

 How we tested

For our original Ryzen review, we tested using four DDR4/2133 modules, which is the maximum clock speed for RAM when the memory controller is fully loaded. Because AMD says Ryzen performance can be improved using higher-clocked memory, we stripped out two modules, bringing the system to 16GB, and upped the speed to DDR4/2933. We also updated the BIOS on our Asus Crosshair VI Hero motherboard to the latest publicly available. The same GeForce GTX 1080 GPU handled the graphics chores.

The beta game executable was downloaded from Steam directly and not provided by AMD. Our Ryzen review actually used the original Ashes of the Singularity, but for this test, the beta required using the Ashes of the Singularity: Escalation expansion pack version.

The result? AMD’s not fronting. Our own tests found that running Ashes of the Singularity: Escalation gave a 20- to 28-percent boost in our testing conditions.

ryzen ashes of the singularity escalation amd beta 2

IDG

Game optimization can, indeed make a difference for Ryzen, as these results from a beta version of Ashes of the Singularity: Escalation indicate.

 We also conducted CPU-centric testing, which puts more objects on the screen with more AI and physics to stress more cores. The bump wasn’t quite as significant, but there’s still a healthy increase in performance from just tweaking the game code.

The good news is, you can test it too. A patched version of the game containing the Ryzen optimizations should be immediately available on Steam for you to download and test.

ryzen ashes of the singularity escalation amd beta cpu centric

PCWorld

The CPU-focused test shows a little less performance boost when code is optimized for Ryzen but Oxide said there’s far more work to be done.

 But what about Intel?

Of course, you’re wondering how this optimization helps Ryzen compete with Intel’s chips, such as the Core i7-7700K. The patch helps, but it doesn’t make it as fast. In the first chart, for example, a stock-clocked Core i7-7700K would be pushing 92 frames per second. Some of that clearly comes from the Kaby Lake’s higher clock speed (which generally runs at 500MHz faster or more), but some of it also comes from games optimization.

In fact, that’s why I featured the same Ryzen CPU in our charts above. Developers tell PCWorld Ryzen tuning is still in its infancy, and it’s somewhat unfair to pit the two chips against other right now with the code as it is.

“Every processor is different on how you tune it, and Ryzen gave us some new data points on optimization,” Oxide’s Dan Baker told PCWorld. “We’ve invested thousands of hours tuning Intel CPUs to get every last bit of performance out of them, but comparatively little time so far on Ryzen.”

Baker said Oxide wanted to get the beta out to the world so users could at least see the potential. Oxide’s CEO also said (in a statement released by AMD), “as good as AMD Ryzen is right now—and it’s remarkably fast—we’ve already seen that we can tweak games like Ashes of the Singularity to take even more advantage of its impressive core count and processing power. AMD Ryzen brings resources to the table that will change what people will come to expect from a PC gaming experience.”

Oxide isn’t the only one starting to tune for Ryzen. Bethesda also said it had formed a partnership with AMD to optimize and support the company’s CPUs and GPUs.

What this all means: When AMD CEO Lisa Su addressed the gaming disparity just after Ryzen’s launch by saying “vital optimizations” will only make it better, I have to admit I was in the skeptical column. That’s because promised optimizations are basically the tech industry’s version of “the check is in the mail.” But with Oxide squeezing out so much more performance in just a few short weeks of tuning, there’s probably a lot more to come from Ryzen.