Sadmin Revisited - It's OK, the NSA Should Have a Copy
Following on from speculation in the 'Exploits Ahoy!' post, timely reporting on the discovery of a cross-platform Proof of Concept (PoC) virus has rattled a few cages amongst the security community. In its current form, the PoC demonstrates that Linux ELF binaries and Windows .exe files can be potentially infected by the same source. Although only targeting Windows and Linux systems at the moment, the move to Intel hardware by Apple could see an evolution of the PoC targeting OS X systems as well.
Historically, a worm dubbed 'sadmin' is one of the few pieces of malware to actually target multiple platforms, specifically Windows and Solaris. Internet worms (PHP and Perl focussed) are generally regarded as being different again. This new PoC has been dubbed 'Bi' by a number of antivirus companies and is expected to eventually carry a malicious payload designed to cause havoc on affected systems.
ClamAV has issues
Cross platform anti-virus tools are likely to be updated in a timely manner, but there have been a range of vulnerabilities discovered with the Open-Source ClamAV anti-virus solution, including integer overflows, format string handling and out of bounds memory access. Possible effects range from denial of service, through to arbitrary code execution. These issues are considered critical and concerned users should update as soon as possible to address potential risks to their systems.
NSA loves AT&T
In court documents filed by the Electronic Frontier Federation (an online and electronic rights advocacy group), claims have been made that US telecommunications giant, AT&T, has been forwarding all Internet traffic that passes through their network to the National Security Agency (NSA) for undetermined uses (go on, take a wild guess what they might use it for). The practical application of filtering terabytes (exabytes?) of transitory data is probably not all that difficult to an organisation that is said (humorously or otherwise) to measure computing power in terms of square miles. Perhaps this traffic handoff is part of ongoing communications intercepts and processing, and could serve to help refine the effectiveness of those programs, such as the now largely abandoned Carnivore.
Of concern to many is what could happen to the data outside of that scope. There have been cases where the US Government has been accused of using communication intercept data to engage in industrial espionage on behalf of US companies, in particular a case where Airbus accused Boeing of being supplied confidential Airbus pricing estimates on projects that both consortia were bidding for. This data originated from intercepts captured by various US Government communication intercept efforts.
The information before the court is currently sealed, and AT&T has five days to provide justification why their internal documents relating to the matter should not be made public. Pessimists are conjecturing that the US Government will take an active interest and suppress release of the data on 'National Security' grounds.
Just how deep is the rabbit hole?
Analysts who have linked this to illegal wiretapping efforts that the current US President supported suggest that AT&T isn't the only company to have supplied this data, they claim that all ISPs may have supplied equivalent data to the NSA. When it is considered just how far the AT&T network reaches, nearly all Internet users in the United States are likely to have been impacted by this program.
For example, AT&T are part owners of the trans-Atlantic data communications cables, and their networks are likely to make up at least some of the hops between a user and the website they are trying to reach. Recent mergers amongst the 'Baby Bells' that were created following the breakup of the original AT&T have also raised concerns that the telecommunications giant is going to reestablish itself, stronger than before.
It is doubtful that the complete story behind the current claims will ever be known, as conspiracy theorists and the paranoid have a field day, claiming that the truth will be suppressed by PSYOPS operatives either by not publishing it or by releasing disinformation, but there are enough cases in history to suggest that it is possibly true.
9 April 2006
Do you like how we cover Information Security news? How about checking out our company services, delivered the same way our news is.
Let our Free OS X Screen Saver deliver the latest security alerts and commentary to your desktop when you're not at your system.Comments will soon be available for registered users.