Itskok
Jr. Member
Offline
Activity: 54
Merit: 4
|
|
April 15, 2015, 11:19:22 PM |
|
Well i must say that it's really nice and creative way to inject malicious, but still the "Victim" must have another malicious object on his machine to run this idea on,exactly like lots of other examples that relevant in other technological environments, not a big surprise. The problem is that "everyone" need to "download" the blockchain in order to use Bitcoin,and then its like half way through for the "Hacker",the second half still has the same challenges that we know,how to interact with your "Victim" and give him the second peas of the cake.. Its not a big news at all, Let the speculators play with the technology,i think its good for all of us...
|
|
|
|
|
|
|
|
In order to achieve higher forum ranks, you need both activity points and merit points.
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
|
samson
Legendary
Offline
Activity: 2097
Merit: 1068
|
|
April 16, 2015, 06:22:36 AM |
|
Well i must say that it's really nice and creative way to inject malicious, but still the "Victim" must have another malicious object on his machine to run this idea on,exactly like lots of other examples that relevant in other technological environments, not a big surprise. The problem is that "everyone" need to "download" the blockchain in order to use Bitcoin,and then its like half way through for the "Hacker",the second half still has the same challenges that we know,how to interact with your "Victim" and give him the second peas of the cake.. Its not a big news at all, Let the speculators play with the technology,i think its good for all of us...
There are a lot of ways to get specific information from the blockchain without having Bitcoin installed.
|
|
|
|
dewdeded
Legendary
Offline
Activity: 1232
Merit: 1011
Monero Evangelist
|
|
April 17, 2015, 05:23:50 AM |
|
OP_RETURN could be used to announce new C&C servers to victim computers. Making the botnet pretty resistant vs. goverment downtakes. Seams like a solid alternative vs. classic DGAs.
|
|
|
|
tzpardi
Member
Offline
Activity: 66
Merit: 10
|
|
April 17, 2015, 11:35:22 AM |
|
Its pretty simple how they did it. They created a malicous application that fetches data from the blockchain. If you run said malicious application malicious things might happen. Bottom line? Dont run anything from Kaspersky? their "demo" -> https://www.youtube.com/watch?v=FNsqXHbeMcoThat's the usual approach from the so called security experts: execute a malicious application with admin right and then, no wonder, the application with the admin right can steal data or cause damage to the machine. As you said, to avoid such problems don't get the malicious application to your computer in the first place.
|
|
|
|
ca333
|
|
April 17, 2015, 12:58:50 PM |
|
OP_RETURN could be used to announce new C&C servers to victim computers. Making the botnet pretty resistant vs. goverment downtakes. Seams like a solid alternative vs. classic DGAs. "nice" idea. haven't thinked about this option to use the blockchain.. but if such data is not encoded properly goverments could start to fetch bc-data too and look out for "bad" infos..
|
this space is available (free) for humanitarian nonprofit organizations - please contact me
|
|
|
Raize
Donator
Legendary
Offline
Activity: 1419
Merit: 1015
|
|
April 19, 2015, 01:59:41 AM |
|
It occurred to me the other day why this may be considered a big deal for Kaspersky.
A lot of AV software is signature-based and still relies on identifying hostile programs before they execute by analyzing the code. A program that contains code that relies on hidden data in the blockchain may be able to evade AV detection slightly easier, especially for users who already have the blockchain stored on their computer. By making it look like the blockchain is what is responsible for this ease-of-evading, they might be attempting to gain empathy from regulators in parts of Europe/Russia that are hostile to Bitcoin.
That said, nothing of what they have brought up is particularly new. And like I mentioned earlier, it presumes that the hostile agent is already capable of executing code on an end user's device.
|
|
|
|
Hyena (OP)
Legendary
Offline
Activity: 2114
Merit: 1011
|
|
April 19, 2015, 10:48:44 AM |
|
It occurred to me the other day why this may be considered a big deal for Kaspersky.
A lot of AV software is signature-based and still relies on identifying hostile programs before they execute by analyzing the code. A program that contains code that relies on hidden data in the blockchain may be able to evade AV detection slightly easier, especially for users who already have the blockchain stored on their computer. By making it look like the blockchain is what is responsible for this ease-of-evading, they might be attempting to gain empathy from regulators in parts of Europe/Russia that are hostile to Bitcoin.
That said, nothing of what they have brought up is particularly new. And like I mentioned earlier, it presumes that the hostile agent is already capable of executing code on an end user's device.
they may also be worried because of the false positives their AV will give because someone has saved a virus signature in the block chain.
|
|
|
|
DeboraMeeks
|
|
April 21, 2015, 08:45:37 AM |
|
This is like saying that HTTPS is insecure because I've written a program that just executes whatever response it receives to an HTTPS request.
|
|
|
|
|