Malware Via Mainstream Ads (and lifehacking, long update)

Computer security guy gets to deal with a ransomware infection — and finds out the malware came via malicious ads served up by a mainstream website.

The link makes an interesting point, too, in the guy’s solution to the problem. It wasn’t to install more software… he solved the problem by just blocking all ads. For the whole network.

Which goes to show that resiliency/robustness/survivability have a hidden benefit: in bouncing back from an attack, you can put yourself in a better position than you were before. The disruption can even point out problems you didn’t know you had, and provide a convenient opportunity to solve them. And don’t forget the things you wouldn’t normally want to interrupt your work for — but since it’s already interrupted, might as well clean house.

Lifehacking updates–
(Pink noise, sleep hacking, and research-in-progress on an electronic substitute for a Faraday cage)

Pink noise is awesome!

I built an LM386 audio amplifier chip (just about the simplest to use, cheapest, and most widely available speaker amp) into the pink noise generator. I’ve found that working with the pink noise generator driving a speaker behind my desk has increased my ability to concentrate on work. This is particularly true for stuff where I’m a bit bored and tend to get distracted by other thoughts (good or bad).

The benefits not just in productivity but in (massively!) improved quality of work are remarkable. Highly worth trying!

However, this is not without its disadvantages. The pink noise seems to suppress inner dialogue, and that can be enormously helpful in spotting and avoiding life’s pitfalls. Going for a walk outside seems to clear this state, and indeed walking about has probably let me see around more (metaphorical) corners than any other activity.

(The additional focus brought by the pink noise source is also noticeably more draining after many hours of it.)

Sleep hacking: Still no 8 hours-in-30 minutes 😦 However, I’ve discovered that

a) the Neurophone is wickedly effective at brainwave entrainment.

b) Photic entrainment (bright blinking lights in front of closed eyes) is perhaps oldest and scientifically best-proven method of brainwave entrainment, but it’s not without a few gotchas. Driving the bulbs with a square-wave signal produces effects more associated with /double/ the driving frequency*, even after the incandescents’ inherent low-pass filtering. Evidently there’s some pretty serious high-pass filtering going on between the optic nerve and the bits of the brain getting synchronized by the signal.

* based on — note the disclaimers!

c) Unintentional lucid dreaming may be triggered by an entrainment signal consisting of an ~8Hz pulse train gated at 2Hz/ ~50% duty cycle. (See note on the end for why I’m not doing any more research on this angle)

Subjectively, this consisted of moments where I realized “I don’t like an aspect of this dream” and all of a sudden stuff started happening, sometimes big stuff. (This was not what I was referring to with my earlier ‘Inception’ reference, for the record. But certain things did remind me of it.)

This occurred on at least one night, with the signal delivered through the Neurophone and the 2Hz component delivered also through photic stimulation (blinking lights, so perhaps an effective 4Hz).

To additionally complicate things, the Neurophone’s part of the signal was delivered so as to modulate the input of the Neurophone’s output stage, as the Neurophone’s input was the signal from a pink noise generator.

The pink noise generator’s signal was also delivered (simultaneously) acoustically via a speaker, as an electromagnetic field (detailed earlier), and directly as an electric potential via electrodes into the body. (As part of an attempt to duplicate the effects of a Faraday cage without needing a Faraday cage, though the jury is very much still out on whether or not this works. See below)

However, 2Hz — or, perhaps, 4Hz, if the frequency-doubling aspect of b) is correct — proved too close to waking for good sound sleep, and nights where I tried this I ended up waking up very easily and sleeping comparatively poorly.

Portable Faraday cage: Delivering a pink noise signal through electrodes into the skin may replicate some of the effects of a physical Faraday cage, without the absurd bulk and fiddly-ness. Presumably whatever method by which nerves pick up electric(?) fields has a low enough dynamic range to be swamped by the applied signal, so that they then only respond to proper nerve signals.

The setup to do this is as follows: A pink noise generator feeding a computer speaker amplifier, whose output (meant to drive ~4 ohm speakers) goes into the _output_ (4-10Ohm) side of an audio output transformer. The “input” (40Ohm to 1k ohm) side is connected to electrodes which I taped to my chest after applying electrode gel, and adjusted the ‘volume’ control on the amp so it was just below the threshold of perception.

This carries the severe disadvantage of reducing the signal-noise ratio of the electromyogramm readings by a lot, but the reduction in RF-triggered sleep disturbances (now that I know what to look for, besides massive waveforms on the EMG recording) can also be subjectively assessed.

“This time, it was ransomware: malicious software that disguises itself as “security software” but actually holds the system hostage to trick the user into paying money to the software’s handlers. […]

I had my team perform a root-cause analysis to find out where the infection came from. What they found was interesting. Based on the Web filtering logs and the alerts generated by our intrusion-detection and behavioral monitoring systems, we were able to determine that the infection came from a Web advertisement on the front page of a major news service. The website for the news service was fine, but it links to a series of rotating ads, one of which was compromised. When the compromised ad appears on the news service’s Web page, it infects the unlucky browser using JavaScript code — a drive-by download of malware that doesn’t require the user to do anything. No need to click “yes” or “continue” to any prompts — the JavaScript code executes automatically as soon as the ad appears.[…]

We were lucky — only two users got infected by the compromised ad. The news service displays lots of ads in a rotation, so the chances of getting the compromised one are pretty small, at least on a single visit.[…]

I decided the best way to get rid of this particular nuisance is to block the category of all Web advertisements.”


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: