Caribbean News Now!

About Us Contact Us

Countries/Territories

Jump to your country or territory of interest

Advertise with us

Reach our daily visitors from around the Caribbean and throughout the world. Click here for rates and placements.

Contribute

Submit news and opinion for publication

Subscribe

Click here to receive our daily regional news headlines by email.

Archives

Click here to browse our extensive archives going back to 2004

Also, for the convenience of our readers and the online community generally, we have reproduced the complete Caribbean Net News archives from 2004 to 2010 here.

Climate Change Watch

The Caribbean is especially vulnerable to rising sea levels brought about by global warming. Read the latest news and information here...

Follow Caribbean News Now on Twitter
Connect with Caribbean News Now on Linkedin
Instagram



News from the Caribbean:




Technology
Prev    Next
Thousands of computers possibly infected after visiting Cuban government website
Published on September 5, 2016Email To Friend    Print Version

acn_screenshot.jpg
Screenshot of the acn.cu website showing the security warning message

By Caribbean News Now contributor

GEORGETOWN, Guyana -- After several weeks of analysis, it has been determined that the Cuban government information website (acn.cu) is dispensing a dangerous clipboard virus that aims to steal information from the computers of unsuspecting visitors to that site.

The analysis of the infection was done by the Guyana-based cyber security firm and regional anti-virus producer Computer Care, with some assistance from the international cyber security community.

Their analysis revealed that the virus launches a permission pop up (on the ACN website) that seemingly gives users an option to either allow it to control their computer clipboard data or to refuse permission. However, it is hoped that most users would instinctively click the “Don’t allow” option button.

But the team of analysts that examined the infection told Caribbean News Now that the virus can still be passed on to a computer even in cases where a user clicks the “Don’t allow” option, since the virus developer seems to have placed a reversed coding action on that option that will provoke a force install via vulnerable browsers.

The virus, which is unique in its programming structure, is functionally similar to other previously deployed clipboard infections, except that it uses more tricky options to take unauthorized control of a computer clipboard. Thereafter, it quickly creates a backdoor on a computer so as to allow for captured information to be sent out to a remote server, in the same way that internet traffic flows in.

It basically copies entries made by the user, including passwords, typed messages, and other data, and then funnels this back to a server, where the information can be accessed and processed by the unknown third party.

And because the infection uses and exploits a few known vulnerabilities of certain JavaScript functions, it is generally difficult for most anti-virus programs to locate and remove it from a computer.

The research, which was headed by Guyana-born software security analyst, Dennis Adonis, who is also the lead anti-virus developer and owner of Computer Care - Guyana, found that the infection could have either been planted by another foreign government or rogue group as part of a cyber warfare strategy or by Cuban cyber intelligence experts themselves.

But whoever has infected the website seems to have the ability to turn the infection on and off at will, ironically to the ignorance of the site owner, which happens to be the government of Cuba.

Questioned on why the virus may be hard for most anti-virus software to pick up, Adonis said that it will be foolhardy for anyone to believe that an anti-virus can actually protect against every infection on a computer.

He stressed that it is practically impossible for every virus to be identified as such because all anti-virus software relies on virus signatures in order to isolate and eliminate an infection.

And since virus planters and hackers are now engaging stealth technology to deploy infections, quite a handful of them were able to make a mockery of most anti-virus software by encrypting their virus signatures.

As in the case of the infection on the Cuban government website, Adonis explained that the virus was very complex to contain, since his initial attempts has showed that the virus immediately tries to replicate itself once you attempt to break into its algorithms.

This, he said, has shown the degree of intelligence that has been deployed into its algorithms, and the level of challenges that the infection can actually create for the average antivirus software.

The website in question generally attracts thousands of visitors’ daily; a percentage of whose browsers may fall into the vulnerability category.

Nonetheless, there is uncertainty surrounding the number of computers that may actually be infected as a result of visiting the website.
 
Reads : 17039






Click here to receive daily news headlines from Caribbean News Now!



Back...

Comments:

Vinciman:
Contributor, do you have a specific date when this analysis by Dennis Adonis was done, and is there a link to the "analysis" page? Were any other browser used in the analysis for comparison purposes, or only Internet Explorer?

I did not get the same results (security warning pop-up) as mentioned, when I accessed the site using Firefox, Chrome or Microsoft Edge browsers. Moreover, after “several weeks of analysis” I don’t see how the experts could not have done the same. If they did, there was no mention of it in the article. It took me less than two minutes to conclude that the bug lies within Internet Explorer itself.

This amounts to nothing more than a cheap shot at Cuba and its Cuban News Agency (ACN).

Editor's Note:
First of all, we do not know of any case where McAfee, Avast or any other anti-virus service provider would actually publish a link with their analysis. This information is usually confidential for at least two core reasons, out of fifty.

Publishing an analysis would help the virus designer to see where and how the virus is stopped; and therefore determined how to better design their malicious codes. This sort of process and information costs money and time. People do not give the processes and intricate data away for free. Instead, companies use it to improve the performance of their anti-virus programs.

So a request from the Cuban government for a link to the data would be a non-starter.

If a browser is properly updated it would more than likely be immune to the infection. On the other hand, Internet Explorer is heavily reliant on JavaScript, hence the problem will be more prevalent for users of that browser... a mere ten percent of our three million page views a year.

Is the reader saying that the clipboard bug (virus) lies within Microsoft Internet Explorer itself? Then probably Microsoft is incapable of solving it?

The reader in question certainly has no other choice but to clutch at straws because the article itself would certainly be a total displeasure to his/her bosses in Havana. Hence they would do all that it takes to discredit the merits of the article.

Vinciman:

Anti-virus companies like McAfee, Avast, AVG, Norton, etc do publish their finding and give specific names to viruses accompanied by a fix.

Nevertheless, I asked for the link to Dennis Adonis’s page (Computer Care) where he published his findings in conjunction with the other international security firms, which you spoke of in your article, but it doesn't exist. On the other hand the statement of “a request from the Cuban government for a link to the data…” is a somewhat outta' place and malicious interjection that has no relevance to this discussion. Totally unnecessary!

I checked the Computer Care web site hoping I might get more details about their findings but came up empty handed. I wasn’t aware that this was a confidential matter to be disseminated only by CaribbeanNewsNow.

Taking the threat issues a bit further, and only for self clarification, I downloaded and installed five relatively unknown browsers (Avant, Sea Monkey, Maxthon, DeepNet Explorer and Flock) and disabled my anti-virus and java script, and then opened the Cuban site but they all came up negative. No security warning pop-ups. Then I went back to Internet Explorer and did the same and I got the pop ups. Okay, the flaw or bug (not virus) exist in Internet Explorer and is not only restricted to the Cuban web site, but existed long before on other such web sites like Joomla web-design sites or even Webmail OAS (Outlook Web Access).com sites. No big deal. Furthermore, I’ll ignore that last statement about “…bosses in Havana…” crap. We already know what you’re about.

However for your and everybody else information, there is a simple fix to this whole contrived hullabaloo about “a dangerous clipboard virus that aims to steal information from the computers of unsuspecting visitors to that (the Cuban) site”. Nonsense! This vulnerability always existed in the use of the clip board app',even on cell phones.

One just has to go into the Internet Explorer option page / Security/ Custom/ and under Scripting disable the clip board programmatic access. No more pop-up, no more at risk anything! No need for any high tech cyber surveillance analysis of the sought.

No one wants to discredit your article Contributor. What “clutch at straw” you‘re talking about? Rubbish! Vinciman just want you to come clean and stop showing your bias towards Cuba and Venezuela, and be the real journalist that CNN and its readership can depend on for fairness and accuracy in reporting, and not someone fool of a gossiping stooge.

loly:

Cuban News Agency refutes accusation of spreading internet virus

Edda Diz Garces, director of the Cuban News Agency, described as slander a report published by the Caribbean News Now website stating the agency´s website was, allegedly, ¨dispensing a dangerous virus¨ to steal information.

Diz Garces said that, upon the release of the report, Cuban IT experts carried out a throughout research to determine the presence of such virus within the ACN website, and came out with negative results.
Further search in the archives confirmed no virus of any kind were to be found, and people that access www.acn.cu might not fear the information could be stolen.

Diz Garces pointed out that it was suspicions that the smear campaign was started by a Guyanese antivirus developer, Dennis Adonis, who owns a company, Computer Care-Guyana, that provides products to fight these viruses.
Mister Adonis failed to come forward with a name for the virus or a report to back up his allegations, as it is common practice for companies similar to his, like McAfee, Norton, AVG, Avast and Kaspersky.

Maybe, the Guyanese entrepreneur mistook for a virus the anti-copy extension provided by the open source software Joomla, that ACN news agency uses to protect the unauthorized dissemination of its contents, said the director.

Diz Garces stated there were many tools in the web that could have shown no abusive behavior or unauthorized data transmission had originated from the Cuban News website, as the test carried out by the Cuban experts proved, before publishing that damaging report.

As a person commented in the Caribbean News Now website ¨ This amounts to nothing more than a cheap shot at Cuba and its Cuban News Agency (ACN), ¨ Diz Garces said.

thelastsoulja:

http://cubasi.cu/cubasi-noticias-cuba-mundo-ultima-hora/item/54964-desmiente-agencia-cubana-de-noticias-presencia-de-virus-en-su-webhttp://cubasi.cu/cubasi-noticias-cuba-mundo-ultima-hora/item/54964-desmiente-agencia-cubana-de-noticias-presencia-de-virus-en-su-web

thelastsoulja:

The problem was that this site tried to copy part of the news page of Cuba and what came out was a window where you are informed about this. It is a Joomla CMS plugin that allows or not the copy of the information on a page. At all you can be considered a virus . What it can be considered as a virus is little experience of caribbeannewsnow and show bad faith. Guyana has serious problem with the cibernetic security.

Editor's note:
The security warning in question has got nothing whatsoever to do with trying to copy part of the news page (which in any event is in Spanish). The warning pops up AS SOON as the browser loads the page, without doing anything else.

Vinciman:

Editor, the ACN page is in four languages.Spanish, English, French and Russian, which allows access change at the top right hand corner of the page.


Back...

Send us your comments!  

Send us your comments on this article. All fields are required.

For your contribution to reach us, you must (a) provide a valid e-mail address and (b) click on the validation link that will be sent to the e-mail address you provide.  If the address is not valid or you don't click on the validation link, it will be a waste of your time typing your submission because we will never see it!

Your Name:

Your Email:

(Validation required)

Comments:
Enter Code *

 


Prev    Next

 






Other Headlines:



Regional Sports: