Malware from a universe far, far away

In 1977, the world (well, the “geeky” part of it) was invited to watch a movie that has since become a cult series of 6. That movie was Star Wars, since known as Episode IV: A New Hope. During the opening of Star Wars, we watched as Princess Leia hid the plans for the Empire’s Battle Star in a cute, whistling droid, called R2-D2. (I’ll bet you still try to whistle like it!)

 

A trick R2-D2 had was the ability to ‘interface’ with the Empire’s computer systems and gain access through locked doors, and also download plans for space stations. Quite the little guy! That was 1977—today, we would call him a hacker, but he also seems to have become part of a collective and trained his furry and more aggressive colleague, Chewbacca, to do the same!

 

526-Chewbacca.jpg

Ok, maybe it’s a stretch of an analogy to call R2-D2 and Chewbacca hackers—but look at what they did! They hid information from scrutiny, they accessed systems that should have been barred to them, and they exfiltrated secrets.

 

In 2013 and early 2014, a malware variant attacked a number of high-profile organisations in the United States and exfiltrated "secrets, "or as we call them,  credit card details. The malware was given the name “Chewbacca” and it used the TOR (The Onion Router Network) to both hide and spread, and also to exfiltrate the credit card details.

 

There is no good reason why any commercial organisation should allow TOR access, in or out of its organisation—I can see a possible argument for academic networks—but commercial networks should have this locked right down.

 

HP TippingPoint has had protection in its filters for many years to prevent TOR access, and also an emergency filter was written to detect the malware. This filter is now in our mainstream protection that we call Digital Vaccine. We also have the data exfiltration IP addresses in our ReputationDV service which, if an organisation does become compromised, will help in the blocking of communication and removal of your secrets. These IP addresses are scored very high, they are malicious, and they should be blocked.

 

The protection is automatic with both TippingPoint’s mainstream filter and with our ReputationDV service—it will block this malware and its communication with almost zero touch required from a security administrator.

 

The alternative is to employ Stormtroopers. It may give you a sense of well-being and protection but ultimately, you know the Jedi’s will win, and not all Jedis are on the side of good and right.

 

Labels: HP| security
Leave a Comment

We encourage you to share your comments on this post. Comments are moderated and will be reviewed
and posted as promptly as possible during regular business hours

To ensure your comment is published, be sure to follow the Community Guidelines.

Be sure to enter a unique name. You can't reuse a name that's already in use.
Be sure to enter a unique email address. You can't reuse an email address that's already in use.
Type the characters you see in the picture above.Type the words you hear.
Search
Showing results for 
Search instead for 
Do you mean 
About the Author
EMEA Product Manager, TippingPoint
Featured


Follow Us
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.