Issue No. 08 - August (2011 vol. 44)
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MC.2011.249
Experts Say Rapidly Spreading Botnet Will Be Tough to Stop
A security vendor says the current version of a rootkit that has infected 4.52 million computers and formed them into a massive botnet in just three months this year is highly sophisticated and will be difficult to defeat.
Kaspersky Lab said the TDL-4 rootkit's operators use the botnet to plant adware, keystroke loggers, additional malware, and other problematic software on PCs.
The operators earn money by renting their botnet to other hackers for purposes such as distributed denial-of-service, spam, and phishing attacks. Researchers say customers who want to anonymize their communications can pay hackers to use one of the botnet's machines as an Internet traffic proxy.
TDL-4 spreads via Trojans, which affect users with vulnerable systems who visit infected pornography and file-sharing sites.
Researchers recently found that the rootkit also creates a Dynamic Host Configuration Protocol server that directs users to a malicious DNS server, which then redirects them to infected webpages.
TDL-4 is the fourth version of a rootkit that debuted in 2008 and has also been called Alureon and TDSS. Security experts say the rootkit has always been well designed and that its operators have added dangerous new features to its current iteration.
For example, TDL-4 uses an advanced custom encryption-scheme that keeps victims' network-monitoring tools from intercepting and deciphering commands and other transmissions between the hackers' control servers and infected machines.
The rootkit can transmit commands and updates via a private communications system, as most botnets do. Law enforcement officials frequently try to fight botnets by taking down their private command-and-control systems. TDL-4 combats this by also being able to employ the public Kad peer-to-peer file-sharing network.
In its attacks, the rootkit infects a PC's master boot record, which lets it run before the OS boots up and anti-malware software kicks in.
TDL-4 includes features that delete 20 other types of malware from infected computers and blacklist the addresses of the command-and-control servers these other malicious programs use. Disabling these programs reduces the chance that security systems will scan infected machines and possibly find TDL-4.
Kaspersky researchers have found a flaw in the rootkit's code. They used one of these flaws to spy on its databases, which they hope will help their investigation.
ICANN Increases the Number of Top-Level Domains
The Internet Corporation for Assigned Names and Numbers has approved a major expansion of generic top-level domains in a step that marks a big change in Internet operations.
During recent meetings, ICANN's board of directors voted to let generic top-level domains—the letters following the last dot in a Web address, such as.com, .net, and .org—to end in almost any word in any language. Previously, there were only 22 gTLDs.
The new plan would, for example, let companies and other organizations turn their names into top-level domains. In addition, said ICANN president and CEO Rod Beckstrom, "[The] decision respects the rights of groups to create new top-level domains in any language or script."
The organization says it expanded gTLDs to increase choice, innovation, and marketing opportunities.
ICANN plans to accept applications for new gTLDs during an initial period from 8 January to 12 April 2012 and to charge about $185,000 for evaluating each proposed domain's application. There will be additional application periods in the future.
When more than one organization applies for the same gTLD, ICANN will use an established process to select the recipient. ICANN also has processes that let third parties object to a top-level domain because, for example, a gTLD represents another organization's trademarked name.
In the near future, ICANN says, it will start a campaign to educate people about the changes and opportunities the new system offers.
The topic of gTLDs has often been controversial. For example, ICANN and several national governments have argued over how much influence governments and trademark owners should have over the domain-name-creation process.
Eight gTLDs—.com, .net, .org, .edu, .gov, .int, .mil, and .arpa—existed before ICANN's creation in 1998. The organization created seven more in 2000 and another seven in 2004.
ICANN is responsible for various Internet-governance tasks, such as managing IP addresses, assigning address blocks to the five regional Internet registries—like the American Registry for Internet Numbers—and managing TLDs.
MIT Microchips Could Revolutionize Healthcare
MIT researchers are developing energy-efficient microchips that could operate within wearable or implantable devices that monitor medical patients for health problems. Scientists in the university's Microsystems Technology Laboratory (MTL) are working on tiny chips for biomedical devices that could help diagnose or monitor multiple medical issues, including heart problems.
This approach could radically change the nature and cost of health-care, according to MIT visiting scientist Dennis Buss.
"Microelectronics have the potential to reduce the cost of health care in the same way they reduced the costs of computing in the 1980s and communications in the 1990s," said Buss.
A key to the MIT approach is developing low-power chips to run biomedical monitoring systems and handle their communications.
The MTL researchers are currently working on an electrocardiogram system and hope to develop one that can measure other vital signs, including breathing rate, blood pressure and oxygenation, pulse, and body temperature.
Patients could wear a device during their everyday activities, rather than just when they're in medical offices, and still provide the ongoing vital-sign measurements critical for diagnoses and other purposes, said physician and MIT associate professor Collin Stultz.
The prototype MTL heart monitor is L-shaped and 4 inches long on each side. It sticks to the chest and has no external wiring. The device stores two weeks of data in flash memory and uses just two milliwatts of electricity.
Stultz and his colleagues designed an algorithm that uses data the device gathers to determine a patient's risk of death. Currently, this analysis occurs only after data is downloaded from the monitor. The researchers are working on ways to incorporate their algorithm into the chip, which would enable an automatic notification of impending problems.
The MTL scientists hope to begin testing their system on patients in the near future. They also want to build chips that can draw energy from the patient's body, eliminating the need for a battery.
Other MIT researchers are working on implantable medical-monitoring devices, which would have to run with a battery that doesn't require recharging.
Associate professor Joel Dawson is working on a device that stores energy in an ultracapacitor, an electrochemical capacitor with high energy-density levels.
IBM Advances Ultrafast Memory Technique
IBM says that it has made important research advances into a potentially important ultrafast memory approach and that the technology could be ready for use in servers by 2016. Proponents contend that phase-change memory could increase computer performance in ways that flash memory hasn't been capable of achieving.
PCM stores the ones and zeros of binary data via the heating of chalcogenide glass, which changes the material's electrical properties. When chalcogenide cools quickly, its molecules stay in an amorphous state and the material doesn't conduct electricity well. However, when chalcogenide cools slowly, its molecules line up in a way that transmits electricity more effectively. Measuring the electrical resistance after the heating process determines whether stored bit is a one or zero.
Researchers have discussed PCM for about 40 years. Progress has been slower on using the technology in servers than in other devices. For example, PCM chips for cellular phones are already available, replacing flash memory. However, manufacturers see servers as perhaps the most lucrative PCM market.
Servers have been increasingly using flash memory, in the form of solid-state disks. However, these flash disks are costly and wear out faster than users would like. Enterprise-level flash starts to lose effectiveness after 30,000 write cycles. PCM can maintain performance to at least 10 million cycles.
IBM says it anticipates that rather than replace the faster dynamic RAM, PCM will work with DRAM, perhaps by caching data for reuse.
Company researchers say one of their big PCM advances is finding a practical multilevel storage approach that increases memory density.
With multilevel storage, a PCM system cools cells at various rates so that there are four different molecular states, which enables each cell to store two data bits rather than one as in the past. This doubles memory density and halves memory costs. IBM is working to increase density because flash memory can already store three bits of data in each cell.
IBM said it made the multilevel approach practical by avoiding drift, a problem that can increase error rates. With drift, a memory cell's electrical resistance changes over time, making consistent measurement difficult and potentially corrupting data.
IBM's approach measures the relative, rather than absolute, resistance of each cell, which, company researchers say, reduces errors to acceptable levels.
The company also wants to make PCM, which is potentially less expensive than flash, more cost-effective by building it with newer manufacturing processes that offer smaller feature sizes. Currently, IBM is using an older 90-nanometer process for PCM.
IBM says it doesn't plan to make PCM chips itself but instead will license its approach to other manufacturers.
Numerous chip makers—including Hynix, Micron, and Samsung—as well as various academics, are working on phase-change approaches.
Microsoft Technique Identifies Unused Wireless Frequencies
Microsoft researchers have developed a technique to determine whether users are transmitting over their licensed radio frequencies at any given time so that, when they're not doing so, unlicensed devices could utilize the spectrum.
Approaches such as Microsoft's SpecNet could become important as wireless usage grows rapidly. This is a particular problem because much of the wireless spectrum is owned by license holders, who control the resource whether they're utilizing it or not.
SpecNet would measure and then map where spectrum is and isn't being utilized. Unused frequencies could then be made available with the cooperation of the spectrum holders,
Microsoft's technique would employ a network of spectrum analyzers run by servers that issue commands via XML remote procedure calls over HTTP. The servers would be controlled by a master server that oversees data collection throughout the network.
Researchers designed the system to conduct frequency scans rapidly and efficiently and to balance the workload among spectrum analyzers.
A major challenge for SpecNet is that spectrum owners would have to agree to participate in the project. Also problematic is the high price of the analyzers, which can cost up to $40,000 apiece. Microsoft researchers have said perhaps organizations with analyzers that aren't always in operation could donate their use for assigned time periods.
Another obstacle is that the US is the only country so far to approve the utilization of unused licensed wireless spectrum.