Good Day Dearest One Dear !! I am Madam.Sonia Zuru I am a widow being that I lost my husband,my husband was a serving director of the Cocoa exporting board until his death.He was assassinated by the rebels following the political uprising, before his death he made a deposit of Six Million Five Hundred Dollars ($ 6,500,000.00) here in Ouagadougou Burkina Faso in one of the Security Company,he intended to buy a Cocoa processing Machine with the fund.I want you to help me for us to retrieve this fund and transfer it to your account in your country or any safer place as you will be the beneficiary and recipient of the fund which we will use for joint investment in your country.I have plans to do investment in your country, like real estate and industrial production.This is my reason for writing to you. Please if you are willing to assist me and my only Daughter Linda Zuru, Telephone REMOVED Thanks and best regards . Madam Sonia ZuruI've never priced a cocoa processing machine, but something tells me over $6 million is a little excessive. I'm also kinda disappointed. $6.5 million is pocket change compared to the scams I used to receive. I know the economy is tough right now, but it's not like these scammers are actually offering real money. Add a few more zeros to that and you might perk my interest.
The scammers just keep getting dumber...
Got this email today:
Surely this is a legit lottery email and not a scam...
This email just showed up in my inbox...
Surely this is a legitimate email, right?
Subject: .YOUR EM,AIL HAS WON,N
Date: Wed, 18 Apr 2012 20:55:19 +0200
It has finally come to our notice that you have not claimed your winning price. We want to verify if truly you are the owner of the email address that has won the 2012 Microsoft Email lottery draw. Because we have sent the winning notification to your address but you did not write back.
If you are the owner of the email address that has won the Email lottery, we advice you claim your winning price as quick as possible to avoid losing it, as the lottery program might come to an end within the next seven days or next week.
Best Regards.
Dr. Clinton W. E. Bateman (Coordinator M.S. Lotto)
Tel: +44-703-184-1863 +441212880874
EMAIL: infomsloto@mslot-agent.info.ms
Surely this is a legitimate email, right?
What if your hardware was infected with a virus?
It's not becoming uncommon to see viruses once again infecting the boot sector of a hard disk, in order to maintain their infection of a system. There have even been reports of viruses infecting the BIOS, capable of maintaining infection after a full harddisk wipe.
But what if your actual hardware had an infection permanently programmed in? It's not unheard of for consumer electronics such as digital photo frames to be manufactured and sold with malware installed at the factory. What if the actual hardware design included a piece of malware designed to fail at a certain date/time or even phone home?
While the chances of this occurring are unlikely, it's still a possibility. Chances are that if a piece of hardware were modified that significantly, it would most likely be deliberate actions of a well funded organization, with malware rivaling that of Stuxnet or Duqu. This organization would need to do a lot more than just infect a USB stick - the organization would need someone on the inside of the manufacturing process to implement any hardware based malware, and most likely would be government funded. This malware would be well beyond the complexity of Stuxnet or Duqu, as it would be malware written at the physical hardware layer, incorporated into the equipment.
The applications for such a piece of malware are very limited. While espionage would be a likely candidate, it would be ill advised - any malware which would "phone home" from the physical layer would be detected by network monitoring tools, and the hardware would be taken out of service. Once the physical "defect" was uncovered by researchers, a bulletin would be issued worldwide to discontinue use of that device.
A more likely application of hardware based malware would be sabotage. Deliberately design a device to fail at a specified date/time. Consider this scenario for a minute...what would happen if half the switches running the Internet backbone would fail simultaneously? Communication would be severely crippled. Then apply this one step further to hardware such as digitally controlled water pumps, generators, dam controls... Simultaneous failure of multiple components on a nationwide or global scale could have disastrous consequences.
While the likelihood of this being detected at a manufacturer level is relatively high, thanks to quality control processes, if a hardware based piece of malware were missed by a manufacturer, or intentionally introduced by a manufacturer under direction of its government, once a piece of hardware leaves the factory, hardware based malware would be near impossible to detect until it was too late.
Ultimately, this raises the question of "how well do you trust your manufacturers?" Are you having a local, trusted manufacturer you've dealt with for years build your equipment, or do you outsource your manufacturing to the cheapest supplier overseas who you've never even met face-to-face?
In a world where best practices such as configuration management and configuration standardization are becoming key, should a piece of hardware based malware be created, configuration standardization may ultimately be our own downfall.
Unfortunately, much like Stuxnet and Duqu, it's no longer a question of "if" hardware based malware will appear, but "how soon"...
But what if your actual hardware had an infection permanently programmed in? It's not unheard of for consumer electronics such as digital photo frames to be manufactured and sold with malware installed at the factory. What if the actual hardware design included a piece of malware designed to fail at a certain date/time or even phone home?
While the chances of this occurring are unlikely, it's still a possibility. Chances are that if a piece of hardware were modified that significantly, it would most likely be deliberate actions of a well funded organization, with malware rivaling that of Stuxnet or Duqu. This organization would need to do a lot more than just infect a USB stick - the organization would need someone on the inside of the manufacturing process to implement any hardware based malware, and most likely would be government funded. This malware would be well beyond the complexity of Stuxnet or Duqu, as it would be malware written at the physical hardware layer, incorporated into the equipment.
The applications for such a piece of malware are very limited. While espionage would be a likely candidate, it would be ill advised - any malware which would "phone home" from the physical layer would be detected by network monitoring tools, and the hardware would be taken out of service. Once the physical "defect" was uncovered by researchers, a bulletin would be issued worldwide to discontinue use of that device.
A more likely application of hardware based malware would be sabotage. Deliberately design a device to fail at a specified date/time. Consider this scenario for a minute...what would happen if half the switches running the Internet backbone would fail simultaneously? Communication would be severely crippled. Then apply this one step further to hardware such as digitally controlled water pumps, generators, dam controls... Simultaneous failure of multiple components on a nationwide or global scale could have disastrous consequences.
While the likelihood of this being detected at a manufacturer level is relatively high, thanks to quality control processes, if a hardware based piece of malware were missed by a manufacturer, or intentionally introduced by a manufacturer under direction of its government, once a piece of hardware leaves the factory, hardware based malware would be near impossible to detect until it was too late.
Ultimately, this raises the question of "how well do you trust your manufacturers?" Are you having a local, trusted manufacturer you've dealt with for years build your equipment, or do you outsource your manufacturing to the cheapest supplier overseas who you've never even met face-to-face?
In a world where best practices such as configuration management and configuration standardization are becoming key, should a piece of hardware based malware be created, configuration standardization may ultimately be our own downfall.
Unfortunately, much like Stuxnet and Duqu, it's no longer a question of "if" hardware based malware will appear, but "how soon"...
Subscribe to:
Posts (Atom)