Archive for May, 2012

Iran: ‘Flame’ virus fight began with oil attack

At the time, Iranian officials described it as a data-siphoning blitz on key oil networks.

On Wednesday, they gave it a name: A strike by the powerful “Flame” malware that experts this week have called a new and highly sophisticated program capable of hauling away computer files and even listening in on computer users. Its origins remain a mystery, but international suspicion quickly fell on Israel opening another front in its suspected covert wars with archenemy Tehran.

“This virus penetrated some fields. One of them was the oil sector,” said Gholam Reza Jalali, who heads an Iranian military unit in charge of fighting sabotage. “Fortunately, we detected and controlled this single incident.”

The Flame virus – a mix of cyberspy and hard-drive burglar – has been detected across the Middle East recently. But Iran’s linkage to the oil network attack in April could mark its first major infiltration and suggests a significant escalation in attempts to disrupt Iran’s key commercial and nuclear sites. Iran is one of the world’s leading oil producers.

Two years ago, a virus called Stuxnet tailored to disrupt Iran’s nuclear centrifuges caused some setbacks within its uranium enrichment labs and infected an estimated 16,000 computers, Iranian officials say. At least two other smaller viruses have been detected in nuclear and industrial centers.

The Flame program, however, is widely considered as a technological leap in break-in programming. Some experts also see the same high level of engineering shared by Stuxnet, which many suspect was the work of Israeli intelligence.

“It is very complex and very sophisticated,” said Marco Obiso, cybersecurity coordinator at the U.N.’s International Telecommunication Union in Geneva. “It’s one of the most serious yet.”

Israel, a world leader in computer security, has never confirmed or denied any involvement in Stuxnet or other viruses that have hit Iranian networks nationwide.

Israel fears that Iran’s nuclear program is geared toward developing a weapon that might be turned against it and Israel itself is believed to have nuclear weapons.

Israeli leaders have repeatedly said that “all options are on the table,” a phrase that is widely interpreted as meaning the possibility of a military strike and other measures that could include cyberwarfare.

Already, Iran and Israel have traded accusations of carrying out clandestine hits and attack conspiracies in locales stretching from the Baku to Bangkok.

Iran claims Israeli agents are behind the slayings of at least five nuclear scientists and researchers since 2010. Earlier this month, Iran hanged a man convicted of carrying out one of the killings after allegedly being trained by Israel’s Mossad spy agency. Israel denied any role.

Authorities in several countries, meanwhile, are investigating possible Iranian links to bombings and plots against Israeli targets and others, including a wide-ranging probe in Azerbaijan’s capital Baku.

On the cyber front, Iran says it has sharply boosted its defenses by creating special computer corps to protect crucial online infrastructure. Iran also claims it seeks to build its own Internet buffered from the global web, but experts have raised serious questions about its feasibility.

Iran’s Deputy Minister of Communications and Information Technology Ali Hakim Javadi was quoted by the official IRNA news agency Wednesday as saying that Iranian experts have produced an anti-virus program capable of identifying and removing Flame.

“The anti-virus software was delivered to selected organizations in early May,” he said.

That would have been at least two weeks after officials say it penetrated Iran’s Oil Ministry and related sites. Within hours, technicians decided to close off the Internet connections to the ministry, oil rigs and the Khark Island oil terminal, the jump off point for about 80 percent of Iran’s daily 2.2 million barrels of crude exports.

Gholam Reza Jalali, who heads an Iranian military unit in charge of fighting sabotage, told state radio that the oil industry was the only governmental body seriously affected and that all data lost were later retrieved.

“This virus penetrated some fields. One of them was the oil sector. Fortunately, we detected and controlled this single incident,” Jalali said.

Obiso, whose agency is helping to direct the international response to Flame, said the virus first came to the group’s attention in mid-April and researchers have been working on unraveling its code since.

“We still think Flame has much more to show,” he said.

The Russian Internet security firm Kaspersky Lab ZAO said the Flame virus has struck Iran the hardest, but has been detected in the Palestinian territories, Sudan, Syria, Lebanon, Saudi Arabia and Egypt.

It also has been found in Israel – leading some Israeli security officials to suggest the virus could be traced to the U.S. or other Western nations.

Experts describe it as a multitasking mole. It can wipe data off hard drives, but also be a tireless eavesdropper by activating audio systems to listen in on Skype calls or office chatter. It also can also take screenshots, log keystrokes and – in one of its more novel functions- steal data from Bluetooth-enabled mobile phones.

Israeli’s vice premier on Tuesday did little to deflect suspicion about the country’s possible involvement.

“Whoever sees the Iranian threat as a significant threat is likely to take various steps, including these, to hobble it,” Moshe Yaalon told Army Radio when asked about Flame. “Israel is blessed with high technology, and we boast tools that open all sorts of opportunities for us.”

Iran says is has previously discovered one more espionage virus, Duqu, but that the malware did no harm Iran’s nuclear or industrial sites. Jalali said Flame is the third.

Dozens of unexplained explosions also have hit the country’s gas pipelines in the past two years. Officials have not linked them to cyberattacks, but authorities have not closed the books on the investigations.

Murphy reported from Dubai, United Arab Emirates. Associated Press writers Raphael Satter in London and Josef Federman in Jerusalem contributed to this report.

Article source: http://www.ocala.com/article/20120530/API/1205300621

, ,

No Comments

Iran: ‘Flame’ virus fight began with oil attack

At the time, Iranian officials described it as a data-siphoning blitz on key oil networks.

On Wednesday, they gave it a name: A strike by the powerful “Flame” malware that experts this week have called a new and highly sophisticated program capable of hauling away computer files and even listening in on computer users. Its origins remain a mystery, but international suspicion quickly fell on Israel opening another front in its suspected covert wars with archenemy Tehran.

“This virus penetrated some fields. One of them was the oil sector,” said Gholam Reza Jalali, who heads an Iranian military unit in charge of fighting sabotage. “Fortunately, we detected and controlled this single incident.”

The Flame virus – a mix of cyberspy and hard-drive burglar – has been detected across the Middle East recently. But Iran’s linkage to the oil network attack in April could mark its first major infiltration and suggests a significant escalation in attempts to disrupt Iran’s key commercial and nuclear sites. Iran is one of the world’s leading oil producers.

Two years ago, a virus called Stuxnet tailored to disrupt Iran’s nuclear centrifuges caused some setbacks within its uranium enrichment labs and infected an estimated 16,000 computers, Iranian officials say. At least two other smaller viruses have been detected in nuclear and industrial centers.

The Flame program, however, is widely considered as a technological leap in break-in programming. Some experts also see the same high level of engineering shared by Stuxnet, which many suspect was the work of Israeli intelligence.

“It is very complex and very sophisticated,” said Marco Obiso, cybersecurity coordinator at the U.N.’s International Telecommunication Union in Geneva. “It’s one of the most serious yet.”

Israel, a world leader in computer security, has never confirmed or denied any involvement in Stuxnet or other viruses that have hit Iranian networks nationwide.

Israel fears that Iran’s nuclear program is geared toward developing a weapon that might be turned against it and Israel itself is believed to have nuclear weapons.

Israeli leaders have repeatedly said that “all options are on the table,” a phrase that is widely interpreted as meaning the possibility of a military strike and other measures that could include cyberwarfare.

Already, Iran and Israel have traded accusations of carrying out clandestine hits and attack conspiracies in locales stretching from the Baku to Bangkok.

Iran claims Israeli agents are behind the slayings of at least five nuclear scientists and researchers since 2010. Earlier this month, Iran hanged a man convicted of carrying out one of the killings after allegedly being trained by Israel’s Mossad spy agency. Israel denied any role.

Authorities in several countries, meanwhile, are investigating possible Iranian links to bombings and plots against Israeli targets and others, including a wide-ranging probe in Azerbaijan’s capital Baku.

On the cyber front, Iran says it has sharply boosted its defenses by creating special computer corps to protect crucial online infrastructure. Iran also claims it seeks to build its own Internet buffered from the global web, but experts have raised serious questions about its feasibility.

Iran’s Deputy Minister of Communications and Information Technology Ali Hakim Javadi was quoted by the official IRNA news agency Wednesday as saying that Iranian experts have produced an anti-virus program capable of identifying and removing Flame.

“The anti-virus software was delivered to selected organizations in early May,” he said.

That would have been at least two weeks after officials say it penetrated Iran’s Oil Ministry and related sites. Within hours, technicians decided to close off the Internet connections to the ministry, oil rigs and the Khark Island oil terminal, the jump off point for about 80 percent of Iran’s daily 2.2 million barrels of crude exports.

Gholam Reza Jalali, who heads an Iranian military unit in charge of fighting sabotage, told state radio that the oil industry was the only governmental body seriously affected and that all data lost were later retrieved.

“This virus penetrated some fields. One of them was the oil sector. Fortunately, we detected and controlled this single incident,” Jalali said.

Obiso, whose agency is helping to direct the international response to Flame, said the virus first came to the group’s attention in mid-April and researchers have been working on unraveling its code since.

“We still think Flame has much more to show,” he said.

The Russian Internet security firm Kaspersky Lab ZAO said the Flame virus has struck Iran the hardest, but has been detected in the Palestinian territories, Sudan, Syria, Lebanon, Saudi Arabia and Egypt.

It also has been found in Israel – leading some Israeli security officials to suggest the virus could be traced to the U.S. or other Western nations.

Experts describe it as a multitasking mole. It can wipe data off hard drives, but also be a tireless eavesdropper by activating audio systems to listen in on Skype calls or office chatter. It also can also take screenshots, log keystrokes and – in one of its more novel functions- steal data from Bluetooth-enabled mobile phones.

Israeli’s vice premier on Tuesday did little to deflect suspicion about the country’s possible involvement.

“Whoever sees the Iranian threat as a significant threat is likely to take various steps, including these, to hobble it,” Moshe Yaalon told Army Radio when asked about Flame. “Israel is blessed with high technology, and we boast tools that open all sorts of opportunities for us.”

Iran says is has previously discovered one more espionage virus, Duqu, but that the malware did no harm Iran’s nuclear or industrial sites. Jalali said Flame is the third.

Dozens of unexplained explosions also have hit the country’s gas pipelines in the past two years. Officials have not linked them to cyberattacks, but authorities have not closed the books on the investigations.

Murphy reported from Dubai, United Arab Emirates. Associated Press writers Raphael Satter in London and Josef Federman in Jerusalem contributed to this report.

Article source: http://www.ocala.com/article/20120530/API/1205300621

, ,

No Comments

Tackling Mobile Deposit Risks So the Underbanked Aren’t Underserved

Prepaid card users may have smaller incomes than mainstream bank customers, but they deposit larger checks and they demand their funds in real time, making mobile check capture a riskier proposition for this audience.

Later this year, Plastyc plans to add mobile check capture to its growing list of mobile services for its prepaid card users. And just this month, Mitek Systems announced a variant of its technology designed for prepaid card users.

These companies have different approaches to handling the risk. (Mitek says the companies are not working together. Plastyc would not name its vendors.)

For Mitek, the biggest issue in designing a system for prepaid card users is competing with check-cashing stores, which provide customers with cash in real time. To reduce the risk of providing instant funds, Mitek allows prepaid card issuers to request a scan of the customer’s driver’s license with every check.

“It really mimics the process that you have when you walk into a check casher,” says James DeBello, Mitek’s president and chief executive.

“A bank would have a different process” for checking-account customers, he says. “A bank would not provide instant funds.”

For Plastyc, a major consideration is whether scammers are trying to use its prepaid card accounts to double-dip on check deposits.

“In our case, we’d probably be exposed to more fraud attempts than these bigger banks, and so we want to take more precautions,” says Patrice Peyret, Plastyc’s chief executive.

Banks that offer mobile check capture have protections in place to block duplicate deposits, and they typically limit the dollar amount that can be deposited this way.

The dollar limit is not an issue for bank customers, since their biggest checks — their paychecks — are often sent by direct deposit. This is not the case with the underbanked audience.

“We serve a lot of people who … do not have the luxury of receiving direct deposit,” Peyret says. Their employers are often small merchants who do not have a direct deposit program, and thus pay their employees by check.

DeBello says the underbanked go to check-cashing stores with checks in the four- to five-digit range, whereas retail bank customers deposit less than $500 for the average check.

To deter customers from making a mobile deposit and then cashing the same check at a store moments later, Plastyc plans to require that its customers deposit checks only from home, Peyret says. Plastyc will compare data from the phone’s GPS to the address it already has on file for that user.

Further, “we will reserve the right to call people on a smartphone while they are depositing a check,” Peyret says. “We will do that randomly.”

This is a practice borrowed from providers of prepaid phone minutes. Some banks also do this for large transfers on corporate accounts, Peyret notes.

For fraudsters, “the last thing you want is to be called” during a fraud attempt, he says.

Mobile devices provide some security to go along with the risk, Peyret says. Because it is harder to install a virus on an iPhone or similar smartphone, “in a sense, they are more secure than PCs,” he says.

Mitek encourages its clients to also require that consumers add a line to their endorsement to indicate that the check is being deposited with a mobile device. This should indicate to a check-casher that the check was already used.

Mitek’s strategy is more focused on adding security through the process of capturing images, DeBello says.

Article source: http://www.americanbanker.com/issues/177_105/Mitek-adds-security-feature-mobile-deposit-1049779-1.html

, ,

No Comments

Tackling Mobile Deposit Risks So the Underbanked Aren’t Underserved

Prepaid card users may have smaller incomes than mainstream bank customers, but they deposit larger checks and they demand their funds in real time, making mobile check capture a riskier proposition for this audience.

Later this year, Plastyc plans to add mobile check capture to its growing list of mobile services for its prepaid card users. And just this month, Mitek Systems announced a variant of its technology designed for prepaid card users.

These companies have different approaches to handling the risk. (Mitek says the companies are not working together. Plastyc would not name its vendors.)

For Mitek, the biggest issue in designing a system for prepaid card users is competing with check-cashing stores, which provide customers with cash in real time. To reduce the risk of providing instant funds, Mitek allows prepaid card issuers to request a scan of the customer’s driver’s license with every check.

“It really mimics the process that you have when you walk into a check casher,” says James DeBello, Mitek’s president and chief executive.

“A bank would have a different process” for checking-account customers, he says. “A bank would not provide instant funds.”

For Plastyc, a major consideration is whether scammers are trying to use its prepaid card accounts to double-dip on check deposits.

“In our case, we’d probably be exposed to more fraud attempts than these bigger banks, and so we want to take more precautions,” says Patrice Peyret, Plastyc’s chief executive.

Banks that offer mobile check capture have protections in place to block duplicate deposits, and they typically limit the dollar amount that can be deposited this way.

The dollar limit is not an issue for bank customers, since their biggest checks — their paychecks — are often sent by direct deposit. This is not the case with the underbanked audience.

“We serve a lot of people who … do not have the luxury of receiving direct deposit,” Peyret says. Their employers are often small merchants who do not have a direct deposit program, and thus pay their employees by check.

DeBello says the underbanked go to check-cashing stores with checks in the four- to five-digit range, whereas retail bank customers deposit less than $500 for the average check.

To deter customers from making a mobile deposit and then cashing the same check at a store moments later, Plastyc plans to require that its customers deposit checks only from home, Peyret says. Plastyc will compare data from the phone’s GPS to the address it already has on file for that user.

Further, “we will reserve the right to call people on a smartphone while they are depositing a check,” Peyret says. “We will do that randomly.”

This is a practice borrowed from providers of prepaid phone minutes. Some banks also do this for large transfers on corporate accounts, Peyret notes.

For fraudsters, “the last thing you want is to be called” during a fraud attempt, he says.

Mobile devices provide some security to go along with the risk, Peyret says. Because it is harder to install a virus on an iPhone or similar smartphone, “in a sense, they are more secure than PCs,” he says.

Mitek encourages its clients to also require that consumers add a line to their endorsement to indicate that the check is being deposited with a mobile device. This should indicate to a check-casher that the check was already used.

Mitek’s strategy is more focused on adding security through the process of capturing images, DeBello says.

Article source: http://www.americanbanker.com/issues/177_105/Mitek-adds-security-feature-mobile-deposit-1049779-1.html

, ,

No Comments

Was flame virus written by gamers? Code similar to apps such as Angry Birds

  • Cyber experts refute claims that code is spy tool
  • Same ‘simplistic’ language used in video games
  • Suggestion that virus could have come from Israel
  • Spyware is too big to be stealth tool say some experts

By
Phil Vinter

10:11 EST, 31 May 2012

|

11:04 EST, 31 May 2012

There is confusion over who developed a new computer super-virus after some programmers today reportedly said the coding was the same relatively simple language as found in video games like Angry Birds.

The suggestion contradicts theories put forward by other experts who only yesterday said the virus, known as The Flame, was so sophisticated it had to have been developed by some of the world’s top brains at the U.S.’s National Security Agency.

To guard against the virus the United Nations is issuing its ‘most serious warning’, but now some say element of the virus – known as malware –  are baffling.

Simplistic: Experts have today raised question marks over the sophistication of new computer bug Flame, saying sections of the code used to produce it are the same as that used in video games like Angry Birds

Simplistic: Experts have today raised question marks over the sophistication of new computer bug Flame, saying sections of the code used to produce it are the same as that used in video games like Angry Birds

According to msnbc reporter Bob Sullivan the program requires 20 megabytes – a comparably large size for a computer virus and an indicator of sluggish coding.

Furthermore unlike the computer bug Stuxnet, Flame has so far failed to make a security breach comparable to hacking into a nuclear power plant.

Most notably sections of the code were used the Lua programming language which is almost whollly used to create video games such as the hugely popular Angry Birds.

Warnings have previously been put out claiming that the virus has the capability to cripple nations and the bug has been used to hack into computers in Iran.

The sophisticated spyware – said to be about 100 times the size of most malicious software – also hacked other machines in the Middle East, including Sudan, Saudi Arabia, Lebanon and Egypt.

Lua, which was developed in Brazil, is generally considered to be a simple computer language, developed for the primary purpose of scripting video games.

According to an Israeli programmer, quoted by msnbc, it was ‘weird’ to imagine the Lua language being used as a tool for spying. He said the code was so ‘ordinary’ it looked like the efforts of an ‘average programmer’.

Dangerous? This screen grab taken shows a section of code from the computer virus known as The Flame. program of the computer virus known as Flame

Dangerous? This screen grab taken shows a section of code from the computer virus known as The Flame. program of the computer virus known as Flame

The language was named Lua after the Portuguese word for moon and reflects the idea of it being used as a subsidiary form of coding to attach satellite projects to bigger bits of software.

Marcus Carey, who worked as a security analyst at the National Security Agency for eight years, said Lua was quite commonly used to power mobile applications such as Angry Birds.

Mr Carey dismissed suggestions that the virus had been released by a government to spy on other nations.

However, this view is contradicted by those such as Moscow-based
internet security firm Kaspersky Lab ZAO who has claimed that Flame was crafted at the
behest of a national government.

Finger-pointing in Israel’s direction, fuelled by the fact that the majority of cases so far discovered were in Iran, have not been strongly disputed as yet, but some believe the middle-east nation lacks the capacity to launch such an cyber attack.

The argument appears to boil down to two schools of thought.

Some say Flame’s authors were being exceedingly clever by using an unusual programming language to develop a deadly piece of malware in an attempt to confuse hi-tech security systems.

Others say those behind the superbug were amateurs who did little to do much to cover their tracks.

Article source: http://www.dailymail.co.uk/news/article-2152757/Was-flame-virus-written-gamers-Code-similar-apps-Angry-Birds.html?ito=feeds-newsxml

, ,

No Comments

Was flame virus written by gamers? Code similar to apps such as Angry Birds

  • Cyber experts refute claims that code is spy tool
  • Same ‘simplistic’ language used in video games
  • Suggestion that virus could have come from Israel
  • Spyware is too big to be stealth tool say some experts

By
Phil Vinter

10:11 EST, 31 May 2012

|

11:04 EST, 31 May 2012

There is confusion over who developed a new computer super-virus after some programmers today reportedly said the coding was the same relatively simple language as found in video games like Angry Birds.

The suggestion contradicts theories put forward by other experts who only yesterday said the virus, known as The Flame, was so sophisticated it had to have been developed by some of the world’s top brains at the U.S.’s National Security Agency.

To guard against the virus the United Nations is issuing its ‘most serious warning’, but now some say element of the virus – known as malware –  are baffling.

Simplistic: Experts have today raised question marks over the sophistication of new computer bug Flame, saying sections of the code used to produce it are the same as that used in video games like Angry Birds

According to msnbc reporter Bob Sullivan the program requires 20 megabytes – a comparably large size for a computer virus and an indicator of sluggish coding.

Furthermore unlike the computer bug Stuxnet, Flame has so far failed to make a security breach comparable to hacking into a nuclear power plant.

Most notably sections of the code were used the Lua programming language which is almost whollly used to create video games such as the hugely popular Angry Birds.

Warnings have previously been put out claiming that the virus has the capability to cripple nations and the bug has been used to hack into computers in Iran.

The sophisticated spyware – said to be about 100 times the size of most malicious software – also hacked other machines in the Middle East, including Sudan, Saudi Arabia, Lebanon and Egypt.

Lua, which was developed in Brazil, is generally considered to be a simple computer language, developed for the primary purpose of scripting video games.

According to an Israeli programmer, quoted by msnbc, it was ‘weird’ to imagine the Lua language being used as a tool for spying. He said the code was so ‘ordinary’ it looked like the efforts of an ‘average programmer’.

Dangerous? This screen grab taken shows a section of code from the computer virus known as The Flame. program of the computer virus known as Flame

Dangerous? This screen grab taken shows a section of code from the computer virus known as The Flame. program of the computer virus known as Flame

The language was named Lua after the Portuguese word for moon and reflects the idea of it being used as a subsidiary form of coding to attach satellite projects to bigger bits of software.

Marcus Carey, who worked as a security analyst at the National Security Agency for eight years, said Lua was quite commonly used to power mobile applications such as Angry Birds.

Mr Carey dismissed suggestions that the virus had been released by a government to spy on other nations.

However, this view is contradicted by those such as Moscow-based
internet security firm Kaspersky Lab ZAO who has claimed that Flame was crafted at the
behest of a national government.

Finger-pointing in Israel’s direction, fuelled by the fact that the majority of cases so far discovered were in Iran, have not been strongly disputed as yet, but some believe the middle-east nation lacks the capacity to launch such an cyber attack.

The argument appears to boil down to two schools of thought.

Some say Flame’s authors were being exceedingly clever by using an unusual programming language to develop a deadly piece of malware in an attempt to confuse hi-tech security systems.

Others say those behind the superbug were amateurs who did little to do much to cover their tracks.

Article source: http://www.dailymail.co.uk/news/article-2152757/Was-flame-virus-written-gamers-Code-similar-apps-Angry-Birds.html?ito=feeds-newsxml

, ,

No Comments

To Spread, Nervous System Viruses Sabotage Cell, Hijack Transportation

Herpes and other viruses that attack the nervous system may thrive by disrupting cell function in order to hijack a neuron’s internal transportation network and spread to other cells.

Princeton University researchers made the first observation in neurons that common strains of the herpes virus indirectly take control of a cell’s mitochondria, the mobile organelles that regulate a cell’s energy supply, communication with other cells, and self-destruction response to infection. The team reports in the journal Cell Host and Microbe that viral infection elevates neuron activity, as well as the cell’s level of calcium — a key chemical in cell communication — and brings mitochondrial motion to a halt in the cell’s axon, which connects to and allows communication with other neurons.

The authors propose that the viruses then commandeer the proteins that mitochondria typically use to move about the cell. The pathogens can then freely travel and reproduce within the infected neuron and more easily spread to uninfected cells. When the researchers made the mitochondria less sensitive to calcium the viruses could not spread as quickly or easily.

These findings reveal a previously unknown and highly efficient mechanism that some of the most common strains of herpes viruses in humans may use to proliferate in the nervous system, said lead author Tal Kramer, a doctoral student in the lab of the paper’s co-author Lynn Enquist, the Henry L. Hillman Professor of Molecular Biology and chair of Princeton’s molecular biology department.

Kramer and Enquist used rat neurons to study two herpes viruses in the alpha-herpes virus subfamily: pseudorabies virus (PRV), a model alpha-herpes virus that infects animals, and herpes simplex virus 1 (HSV-1), an extremely common human virus that causes cold sores and other lesions. Other human alpha-herpes viruses are responsible for causing diseases such as chicken pox and shingles.

“No one before has looked carefully at mitochondrial motion during alpha-herpes virus infection in neurons. We provide new insight into how these viruses damage cells in the nervous system in ways that are important for the virus to propagate,” Kramer said.

“If mitochondria are stopped in their tracks and can’t go anywhere, that is potentially very bad,” he said. “They are not only the power plants of the cell, but regulate important processes. The virus likely acts to interfere with many of those processes.”

Beyond herpes, the Princeton findings present a possible explanation for how other neurotropic viruses such as rabies, West Nile and polio attack and disrupt the nervous system, Kramer said. Although these viruses are different from the herpes family, the fact that HSV-1 and PRV had a similar effect on mitochondrial motion and function suggests that other pathogens could corrupt mitochondria in the same way, he said.

In addition, the paper lays out the implications of distorted mitochondrial function on neuron health. Mitochondrial malfunction is a known factor in non-infectious neurodegenerative conditions such as Alzheimer’s disease and Parkinson’s disease, Kramer said, though the pathway to this disruption is not entirely known.

“Our model raises some new and exciting possibilities for future research on other important human viruses that can invade the nervous system and cause disease,” Kramer said.

“And the fact that alpha-herpes infection damages the same key cellular function as neurodegenerative disorders also is striking,” he said. “Understanding how viral infection damages neurons might give us insight into how diseases like Alzheimer’s do the same. The viruses we study hijack well-studied cellular pathways that might make an effective target for future therapeutic strategies.”

In a healthy neuron, mitochondria move throughout the cell’s elongated, tree-like structure to provide energy for various processes that occur throughout the cell. For the strenuous task of long distance intercellular communication, mitochondria move along the axon and synapses, sites of cell-to-cell contact where signaling occurs.

Calcium plays a key role in this cell communication, Kramer explained. A neuron experiences a spike in calcium levels in the axon and synapses when it receives a signal from another neuron. Though a natural rover, mitochondria contain a protein called Miro that detects this rush of calcium and stops the organelles in the synapse. The mitochondria then provide energy as the cell passes a signal along to the next neuron.

Through live-cell imaging of neurons grown in the Enquist lab, Kramer and Enquist observed how this process becomes corrupted by HSV-1 and PRV — and how the viruses need the process to spread.

The chaos begins when the virus ramps up the neuron’s firing of electrical signals, as was first reported in a 2009 paper published in the journal PLoS Pathogens by Enquist; first author Kelly McCarthy, a past member of Enquist’s lab who received her doctoral degree from Princeton in 2011; and David Tank, the Henry L. Hillman Professor of Molecular Biology and co-director of the Princeton Neuroscience Institute.

In the latest research, Kramer and Enquist found that this spike in electrical activity floods the axon and synapses with calcium. As a consequence, the Miro proteins detect the increase in calcium and stop mitochondrial motion. The virus’ control over the cell immediately dropped off, however, when Kramer and Enquist interfered with Miro’s ability to respond to the uptick in calcium levels. Though the viral infection was not completely disrupted, it could not spread within or to other cells with the same efficiency.

Based on these observations, Kramer and Enquist suggest that viruses such as HSV-1 and PRV may bring mitochondria to a standstill in order to hijack their transportation. Mitochondria move about the neuron on the backs of motor proteins dynein and kinesin-1. During viral infection, mitochondria shed these proteins to stop moving when Miro detects an upsurge in cellular calcium.

Previous research has shown that HSV-1 and PRV also use kinesin-1 specifically for transport within an infected cell. Thus, Kramer said, his and Enquist’s work suggests that it is very likely that the viruses disrupt mitochondrial motility so that they can hitch themselves to the now available kinesin-1 proteins and move through the nervous system more efficiently.

James Alwine, a University of Pennsylvania professor of cancer biology, said that the Princeton research is a significant contribution to a growing body of research that describes how viruses seize cellular motor proteins such as kinesin-1.

While the findings have therapeutic potential — particularly in helping show how balancing cellular calcium might subdue viral infection — the demonstration that viruses can move through an infected cell with the ease of something as essential as mitochondria is notable in itself, said Alwine, who is familiar with the research but had no role in it.

“Determining the specific mechanism by which Miro function is abrogated may provide additional therapeutic avenues, but this also is marvelous basic research that does not have to be justified by its therapeutic potential,” he said.

“To disrupt the loading of mitochondria to motor proteins so that virions [complete virus particles] can load instead is a clever way for a virus to be transported and is a great new idea provoked by this data,” Alwine said. “While other neurotropic viruses would have to be tested specifically, movement in nerve cells is required by all of them. Thus, this observation provides a starting place and a model mechanism for research with those other pathogens.”

Source: Princeton University

Article source: http://www.biosciencetechnology.com/News/2012/05/To-Spread,-Nervous-System-Viruses-Sabotage-Cell,-Hijack-Transportation/

, ,

No Comments

To Spread, Nervous System Viruses Sabotage Cell, Hijack Transportation

Herpes and other viruses that attack the nervous system may thrive by disrupting cell function in order to hijack a neuron’s internal transportation network and spread to other cells.

Princeton University researchers made the first observation in neurons that common strains of the herpes virus indirectly take control of a cell’s mitochondria, the mobile organelles that regulate a cell’s energy supply, communication with other cells, and self-destruction response to infection. The team reports in the journal Cell Host and Microbe that viral infection elevates neuron activity, as well as the cell’s level of calcium — a key chemical in cell communication — and brings mitochondrial motion to a halt in the cell’s axon, which connects to and allows communication with other neurons.

The authors propose that the viruses then commandeer the proteins that mitochondria typically use to move about the cell. The pathogens can then freely travel and reproduce within the infected neuron and more easily spread to uninfected cells. When the researchers made the mitochondria less sensitive to calcium the viruses could not spread as quickly or easily.

These findings reveal a previously unknown and highly efficient mechanism that some of the most common strains of herpes viruses in humans may use to proliferate in the nervous system, said lead author Tal Kramer, a doctoral student in the lab of the paper’s co-author Lynn Enquist, the Henry L. Hillman Professor of Molecular Biology and chair of Princeton’s molecular biology department.

Kramer and Enquist used rat neurons to study two herpes viruses in the alpha-herpes virus subfamily: pseudorabies virus (PRV), a model alpha-herpes virus that infects animals, and herpes simplex virus 1 (HSV-1), an extremely common human virus that causes cold sores and other lesions. Other human alpha-herpes viruses are responsible for causing diseases such as chicken pox and shingles.

“No one before has looked carefully at mitochondrial motion during alpha-herpes virus infection in neurons. We provide new insight into how these viruses damage cells in the nervous system in ways that are important for the virus to propagate,” Kramer said.

“If mitochondria are stopped in their tracks and can’t go anywhere, that is potentially very bad,” he said. “They are not only the power plants of the cell, but regulate important processes. The virus likely acts to interfere with many of those processes.”

Beyond herpes, the Princeton findings present a possible explanation for how other neurotropic viruses such as rabies, West Nile and polio attack and disrupt the nervous system, Kramer said. Although these viruses are different from the herpes family, the fact that HSV-1 and PRV had a similar effect on mitochondrial motion and function suggests that other pathogens could corrupt mitochondria in the same way, he said.

In addition, the paper lays out the implications of distorted mitochondrial function on neuron health. Mitochondrial malfunction is a known factor in non-infectious neurodegenerative conditions such as Alzheimer’s disease and Parkinson’s disease, Kramer said, though the pathway to this disruption is not entirely known.

“Our model raises some new and exciting possibilities for future research on other important human viruses that can invade the nervous system and cause disease,” Kramer said.

“And the fact that alpha-herpes infection damages the same key cellular function as neurodegenerative disorders also is striking,” he said. “Understanding how viral infection damages neurons might give us insight into how diseases like Alzheimer’s do the same. The viruses we study hijack well-studied cellular pathways that might make an effective target for future therapeutic strategies.”

In a healthy neuron, mitochondria move throughout the cell’s elongated, tree-like structure to provide energy for various processes that occur throughout the cell. For the strenuous task of long distance intercellular communication, mitochondria move along the axon and synapses, sites of cell-to-cell contact where signaling occurs.

Calcium plays a key role in this cell communication, Kramer explained. A neuron experiences a spike in calcium levels in the axon and synapses when it receives a signal from another neuron. Though a natural rover, mitochondria contain a protein called Miro that detects this rush of calcium and stops the organelles in the synapse. The mitochondria then provide energy as the cell passes a signal along to the next neuron.

Through live-cell imaging of neurons grown in the Enquist lab, Kramer and Enquist observed how this process becomes corrupted by HSV-1 and PRV — and how the viruses need the process to spread.

The chaos begins when the virus ramps up the neuron’s firing of electrical signals, as was first reported in a 2009 paper published in the journal PLoS Pathogens by Enquist; first author Kelly McCarthy, a past member of Enquist’s lab who received her doctoral degree from Princeton in 2011; and David Tank, the Henry L. Hillman Professor of Molecular Biology and co-director of the Princeton Neuroscience Institute.

In the latest research, Kramer and Enquist found that this spike in electrical activity floods the axon and synapses with calcium. As a consequence, the Miro proteins detect the increase in calcium and stop mitochondrial motion. The virus’ control over the cell immediately dropped off, however, when Kramer and Enquist interfered with Miro’s ability to respond to the uptick in calcium levels. Though the viral infection was not completely disrupted, it could not spread within or to other cells with the same efficiency.

Based on these observations, Kramer and Enquist suggest that viruses such as HSV-1 and PRV may bring mitochondria to a standstill in order to hijack their transportation. Mitochondria move about the neuron on the backs of motor proteins dynein and kinesin-1. During viral infection, mitochondria shed these proteins to stop moving when Miro detects an upsurge in cellular calcium.

Previous research has shown that HSV-1 and PRV also use kinesin-1 specifically for transport within an infected cell. Thus, Kramer said, his and Enquist’s work suggests that it is very likely that the viruses disrupt mitochondrial motility so that they can hitch themselves to the now available kinesin-1 proteins and move through the nervous system more efficiently.

James Alwine, a University of Pennsylvania professor of cancer biology, said that the Princeton research is a significant contribution to a growing body of research that describes how viruses seize cellular motor proteins such as kinesin-1.

While the findings have therapeutic potential — particularly in helping show how balancing cellular calcium might subdue viral infection — the demonstration that viruses can move through an infected cell with the ease of something as essential as mitochondria is notable in itself, said Alwine, who is familiar with the research but had no role in it.

“Determining the specific mechanism by which Miro function is abrogated may provide additional therapeutic avenues, but this also is marvelous basic research that does not have to be justified by its therapeutic potential,” he said.

“To disrupt the loading of mitochondria to motor proteins so that virions [complete virus particles] can load instead is a clever way for a virus to be transported and is a great new idea provoked by this data,” Alwine said. “While other neurotropic viruses would have to be tested specifically, movement in nerve cells is required by all of them. Thus, this observation provides a starting place and a model mechanism for research with those other pathogens.”

Source: Princeton University

Article source: http://www.biosciencetechnology.com/News/2012/05/To-Spread,-Nervous-System-Viruses-Sabotage-Cell,-Hijack-Transportation/

, ,

No Comments

Flame Malware’s Ties To Stuxnet, Duqu: Details Emerge

Three of the most high-profile pieces of malware to have been discovered in the past two years have been Stuxnet, Duqu, and as of this week, Flame. Now, researchers are suggesting that whoever commissioned Stuxnet and Duqu also ordered up Flame.

“We believe Flame was written by a different team of programmers but commissioned by the same larger entity,” Roel Schouwenberg, a security researcher at Kaspersky Labs, told The New York Times. But he declined to name the larger entity–or nation states–that he thought had commissioned Duqu.

If the three different malicious applications share a common origin, each appears to have been designed for a different purpose. Duqu, for example, was cyber-espionage malware created “to act as a backdoor into the system and facilitate the theft of private information,” said Kaspersky Lab security researcher Ryan Naraine in a blog post. The private information in question, according to Kaspersky Lab, included nuclear facility blueprints and industrial control system schematics. Duqu was first discovered in September 2011.

[ What do we know about Flame? See Flame FAQ: 11 Facts About Complex Malware. ]

According to Kaspersky Lab, Duqu’s developers appeared to keep to Jerusalem time, and notably didn’t work on the Jewish Sabbath–occurring between Friday evening and Saturday evening–in which some Jews observe a day of rest, The New York Times reported Wednesday.

Meanwhile, Stuxnet–first discovered in June 2010–was designed to sabotage the high-frequency convertor drives used in a single uranium enrichment facility in Iran. Notably, the malware adjusted the speed of the drives to run at very high and low frequencies, while reporting normal behavior via the industrial control system software interface that ran the machines. The result was destroyed centrifuges and uranium that hadn’t been enriched.

Kaspersky Lab researchers last year had already noted that Stuxnet and Duqu appeared to have been developed by the same team, on the same platform, which appears to have been used between 2007 and 2011. Furthermore, they suspected that additional malware–even if it hadn’t yet been found–would have also been created using the platform. Timing-wise, according to AlienVault, Flame fits into that scenario, as at least one component in Flame was first compiled in 2008, while later modules date from 2009, 2010, and 2011.

While the Stuxnet malware was designed to spread automatically, the Duqu Trojan would only infect PCs when ordered to do so via its command-and-control channel. Likewise, the Flame malware–which may have infected just 1,000 PCs–only spread to designated PCs, which made it tough for security vendors to spot or stop. “Flame has been operating under the radar for at least two years, which counter-intuitively may partially be attributed to its large size,” according to a blog post from Websense.

Another similarity between the three pieces of malware is that while they might be complex, and all targeted known zero-day vulnerabilities–which can be purchased on the black market–they used coding capabilities that had been seen before. (Although in the case of Stuxnet, no one had ever seen such capabilities being used by malware to cause physical damage.) “While it really doesn’t do anything we haven’t seen before in other malware attacks, what’s really interesting is that it weaves multiple techniques together and dynamically applies them, based on the capabilities of the infected system,” according to Websense.

Researchers are continuing to study Flame to unravel how it works, and the task is made difficult by the malware’s size. Notably, it starts out with an initial infection that’s between 900 K and 6 MB in size, but which can grow to 20 MB after additional modules have been loaded onto a PC. “This is a lot of code, and a lot of possibility,” said Bob Reny, a systems engineer at network access control vendor ForeScout Technologies, via email.

“The number of different components in W32.Flamer is difficult to grasp,” according to an analysis from Symantec. “The threat is a well-designed platform including, among other things, a Web server, a database server, and secure shell communications. It includes a scripting interpreter which allows the attackers to easily deploy updated functionality through various scripts. These scripts are split up into ‘apps’ and the attackers even appear to have something equivalent to an ‘app store’ from where they can retrieve new apps containing malicious functionality.”

Another interesting new Flame finding suggests that its builders may have been native English speakers. According to an analysis from Alexander Gostev at Kaspersky Lab, units in various modules sport names such as Beetlejuice (discovers nearby Bluetooth devices), Microbe (records audio), Infectmedia (infects USB drives), Euphoria (launches Flame), Limbo (creates backdoor on system), Frog (infects predefined accounts on machine), Weasel (lists the computer’s directory), Gator (connects to CC server), and Suicide (removes all files connected to Flame). Meanwhile, the purpose of other discovered units in modules, sporting with names such as Bunny, Driller, Headache, and Gadget, has yet to be determined.

Security information and event monitoring technology has been available for years, but the information can be hard to mine. In our SIEM Success report, we provide a step-by-step guide to make the most of your SIEM system. (Free registration required.)

Article source: http://feeds.informationweek.com/click.phdo?i=c2fd68175516998cfe477cda15a80113

No Comments

Flame Malware’s Ties To Stuxnet, Duqu: Details Emerge

Three of the most high-profile pieces of malware to have been discovered in the past two years have been Stuxnet, Duqu, and as of this week, Flame. Now, researchers are suggesting that whoever commissioned Stuxnet and Duqu also ordered up Flame.

“We believe Flame was written by a different team of programmers but commissioned by the same larger entity,” Roel Schouwenberg, a security researcher at Kaspersky Labs, told The New York Times. But he declined to name the larger entity–or nation states–that he thought had commissioned Duqu.

If the three different malicious applications share a common origin, each appears to have been designed for a different purpose. Duqu, for example, was cyber-espionage malware created “to act as a backdoor into the system and facilitate the theft of private information,” said Kaspersky Lab security researcher Ryan Naraine in a blog post. The private information in question, according to Kaspersky Lab, included nuclear facility blueprints and industrial control system schematics. Duqu was first discovered in September 2011.

[ What do we know about Flame? See Flame FAQ: 11 Facts About Complex Malware. ]

According to Kaspersky Lab, Duqu’s developers appeared to keep to Jerusalem time, and notably didn’t work on the Jewish Sabbath–occurring between Friday evening and Saturday evening–in which some Jews observe a day of rest, The New York Times reported Wednesday.

Meanwhile, Stuxnet–first discovered in June 2010–was designed to sabotage the high-frequency convertor drives used in a single uranium enrichment facility in Iran. Notably, the malware adjusted the speed of the drives to run at very high and low frequencies, while reporting normal behavior via the industrial control system software interface that ran the machines. The result was destroyed centrifuges and uranium that hadn’t been enriched.

Kaspersky Lab researchers last year had already noted that Stuxnet and Duqu appeared to have been developed by the same team, on the same platform, which appears to have been used between 2007 and 2011. Furthermore, they suspected that additional malware–even if it hadn’t yet been found–would have also been created using the platform. Timing-wise, according to AlienVault, Flame fits into that scenario, as at least one component in Flame was first compiled in 2008, while later modules date from 2009, 2010, and 2011.

While the Stuxnet malware was designed to spread automatically, the Duqu Trojan would only infect PCs when ordered to do so via its command-and-control channel. Likewise, the Flame malware–which may have infected just 1,000 PCs–only spread to designated PCs, which made it tough for security vendors to spot or stop. “Flame has been operating under the radar for at least two years, which counter-intuitively may partially be attributed to its large size,” according to a blog post from Websense.

Another similarity between the three pieces of malware is that while they might be complex, and all targeted known zero-day vulnerabilities–which can be purchased on the black market–they used coding capabilities that had been seen before. (Although in the case of Stuxnet, no one had ever seen such capabilities being used by malware to cause physical damage.) “While it really doesn’t do anything we haven’t seen before in other malware attacks, what’s really interesting is that it weaves multiple techniques together and dynamically applies them, based on the capabilities of the infected system,” according to Websense.

Researchers are continuing to study Flame to unravel how it works, and the task is made difficult by the malware’s size. Notably, it starts out with an initial infection that’s between 900 K and 6 MB in size, but which can grow to 20 MB after additional modules have been loaded onto a PC. “This is a lot of code, and a lot of possibility,” said Bob Reny, a systems engineer at network access control vendor ForeScout Technologies, via email.

“The number of different components in W32.Flamer is difficult to grasp,” according to an analysis from Symantec. “The threat is a well-designed platform including, among other things, a Web server, a database server, and secure shell communications. It includes a scripting interpreter which allows the attackers to easily deploy updated functionality through various scripts. These scripts are split up into ‘apps’ and the attackers even appear to have something equivalent to an ‘app store’ from where they can retrieve new apps containing malicious functionality.”

Another interesting new Flame finding suggests that its builders may have been native English speakers. According to an analysis from Alexander Gostev at Kaspersky Lab, units in various modules sport names such as Beetlejuice (discovers nearby Bluetooth devices), Microbe (records audio), Infectmedia (infects USB drives), Euphoria (launches Flame), Limbo (creates backdoor on system), Frog (infects predefined accounts on machine), Weasel (lists the computer’s directory), Gator (connects to CC server), and Suicide (removes all files connected to Flame). Meanwhile, the purpose of other discovered units in modules, sporting with names such as Bunny, Driller, Headache, and Gadget, has yet to be determined.

Security information and event monitoring technology has been available for years, but the information can be hard to mine. In our SIEM Success report, we provide a step-by-step guide to make the most of your SIEM system. (Free registration required.)

Article source: http://feeds.informationweek.com/click.phdo?i=c2fd68175516998cfe477cda15a80113

No Comments