Security Products
Showing results for 
Search instead for 
Do you mean 

Malware from a universe far, far away

stuarthatto ‎01-23-2014 12:55 PM - edited ‎09-16-2015 04:46 PM

In 1977, the world (well, the “geeky” part of it) was invited to watch a movie that has since become a cult series of 6. That movie was Star Wars, since known as Episode IV: A New Hope. During the opening of Star Wars, we watched as Princess Leia hid the plans for the Empire’s Battle Star in a cute, whistling droid, called R2-D2. (I’ll bet you still try to whistle like it!)


A trick R2-D2 had was the ability to ‘interface’ with the Empire’s computer systems and gain access through locked doors, and also download plans for space stations. Quite the little guy! That was 1977—today, we would call him a hacker, but he also seems to have become part of a collective and trained his furry and more aggressive colleague, Chewbacca, to do the same!



Ok, maybe it’s a stretch of an analogy to call R2-D2 and Chewbacca hackers—but look at what they did! They hid information from scrutiny, they accessed systems that should have been barred to them, and they exfiltrated secrets.


In 2013 and early 2014, a malware variant attacked a number of high-profile organisations in the United States and exfiltrated "secrets, "or as we call them,  credit card details. The malware was given the name “Chewbacca” and it used the TOR (The Onion Router Network) to both hide and spread, and also to exfiltrate the credit card details.


There is no good reason why any commercial organisation should allow TOR access, in or out of its organisation—I can see a possible argument for academic networks—but commercial networks should have this locked right down.


HP TippingPoint has had protection in its filters for many years to prevent TOR access, and also an emergency filter was written to detect the malware. This filter is now in our mainstream protection that we call Digital Vaccine. We also have the data exfiltration IP addresses in our ReputationDV service which, if an organisation does become compromised, will help in the blocking of communication and removal of your secrets. These IP addresses are scored very high, they are malicious, and they should be blocked.


The protection is automatic with both TippingPoint’s mainstream filter and with our ReputationDV service—it will block this malware and its communication with almost zero touch required from a security administrator.


The alternative is to employ Stormtroopers. It may give you a sense of well-being and protection but ultimately, you know the Jedi’s will win, and not all Jedis are on the side of good and right.


About the Author


EMEA Product Manager, TippingPoint

Leave a Comment

We encourage you to share your comments on this post. Comments are moderated and will be reviewed
and posted as promptly as possible during regular business hours

To ensure your comment is published, be sure to follow the Community Guidelines.

Be sure to enter a unique name. You can't reuse a name that's already in use.
Be sure to enter a unique email address. You can't reuse an email address that's already in use.
Type the characters you see in the picture above.Type the words you hear.
1-3 December 2015
Discover 2015 London
Discover 2015 in London, the ultimate showcase technology event for business and IT professionals to learn, connect, and grow.
Read more
November 2015
Software Online Expert Days
Join us online to talk directly with our Software experts.
Read more
View all