Protect Your Assets
Showing results for 
Search instead for 
Do you mean 

Malware from a universe far, far away

stuarthatto ‎01-23-2014 12:55 PM - edited ‎09-16-2015 04:46 PM

In 1977, the world (well, the “geeky” part of it) was invited to watch a movie that has since become a cult series of 6. That movie was Star Wars, since known as Episode IV: A New Hope. During the opening of Star Wars, we watched as Princess Leia hid the plans for the Empire’s Battle Star in a cute, whistling droid, called R2-D2. (I’ll bet you still try to whistle like it!)


A trick R2-D2 had was the ability to ‘interface’ with the Empire’s computer systems and gain access through locked doors, and also download plans for space stations. Quite the little guy! That was 1977—today, we would call him a hacker, but he also seems to have become part of a collective and trained his furry and more aggressive colleague, Chewbacca, to do the same!


Ok, maybe it’s a stretch of an analogy to call R2-D2 and Chewbacca hackers—but look at what they did! They hid information from scrutiny, they accessed systems that should have been barred to them, and they exfiltrated secrets.


In 2013 and early 2014, a malware variant attacked a number of high-profile organisations in the United States and exfiltrated "secrets, "or as we call them,  credit card details. The malware was given the name “Chewbacca” and it used the TOR (The Onion Router Network) to both hide and spread, and also to exfiltrate the credit card details.


There is no good reason why any commercial organisation should allow TOR access, in or out of its organisation—I can see a possible argument for academic networks—but commercial networks should have this locked right down.


HP TippingPoint has had protection in its filters for many years to prevent TOR access, and also an emergency filter was written to detect the malware. This filter is now in our mainstream protection that we call Digital Vaccine. We also have the data exfiltration IP addresses in our ReputationDV service which, if an organisation does become compromised, will help in the blocking of communication and removal of your secrets. These IP addresses are scored very high, they are malicious, and they should be blocked.


The protection is automatic with both TippingPoint’s mainstream filter and with our ReputationDV service—it will block this malware and its communication with almost zero touch required from a security administrator.


The alternative is to employ Stormtroopers. It may give you a sense of well-being and protection but ultimately, you know the Jedi’s will win, and not all Jedis are on the side of good and right.


0 Kudos
About the Author


EMEA Product Manager, TippingPoint

27 Feb - 2 March 2017
Barcelona | Fira Gran Via
Mobile World Congress 2017
Hewlett Packard Enterprise at Mobile World Congress 2017, Barcelona | Fira Gran Via Location: Hall 3, Booth 3E11
Read more
Each Month in 2017
Software Expert Days - 2017
Join us online to talk directly with our Software experts during online Expert Days. Find information here about past, current, and upcoming Expert Da...
Read more
View all