Researchers uncover new espionage malware preying on Mac users

Researchers have discovered at least two new pieces of malware in the wild that subject Mac users to advanced surveillance campaigns designed to surreptitiously siphon confidential data from their machines.

According to blog posts from Kaspersky and Sophos, malware identified as SabPub arrives in a booby-trapped Microsoft Word document that exploits a critical vulnerability that was patched three years ago. The APT, or advanced persistent threat, appears to have similarities to an espionage campaign that Ars reported last month, which targets employees of several pro-Tibetan non-governmental organizations. Kaspersky Lab Expert Costin Raiu said two new strains of SabPub are noteworthy because of their ability to stay hidden until now.

“SabPub is different from MaControl, another bot used in APT attacks in February 2012,” Raiu wrote. “SabPub was more effective because it stayed undetected for more than 1.5 months.”

The discovery comes a couple weeks after researchers from Kaspersky and other security firms confirmed a botnet of more than half a million Macs infected by the Flashback malware. Like SabPub, Flashback was effective because it hijacked machines without requiring the user to type an administrative password. Flashback achieved this coup by exploiting a vulnerability in the Java software framework that Oracle had patched earlier in 2012, but that Apple hadn’t yet distributed to its end users. Meanwhile, the SabPub malware exploits a Word vulnerability that Microsoft patched in 2009, but that many people—particularly those using pirated versions of the application—haven’t bothered to install.

Flashback is a piece of opportunistic malware that’s designed to get installed on as many machines as possible so that its operators can profit from click fraud and similar scams. Now that Apple has released a Java patch and third-party software makers have issued detection and removal tools, the number of infected machines has reportedly plummeted.

The developers of SabPub, by contrast, are highly selective about those they target, since the malware is designed to download confidential documents relating to pro-Tibetan activities. Indeed, shortly after Kaspersky researchers infected a lab machine with SabPub, they witnessed someone manually checking it for material of interest. Researchers with antivirus provider ESET also witnessed manual intruders in their discovery last month of Mac-based APT software. Kaspersky said the command and control server their infected Macs reported to has been shut down.

The APT threat is using IP addresses that have been known to wage similar attacks on Windows users, Kaspersky said.

View the original article here

Researchers make alternatives to DNA and RNA – Los Angeles Times

DNA and RNA molecules are the basis for all life on Earth, but they don’t necessarily have to be the basis for all life everywhere, scientists have shown.

Researchers at the Medical Research Council in Cambridge, England, demonstrated that six synthetic molecules that are similar to — but not exactly like — DNA and RNA have the potential to exhibit “hallmarks of life” such as storing genetic information, passing it along and undergoing evolution. The man-made molecules are called “XNAs.”

“DNA and RNA aren’t the only answers,” said Vitor Pinheiro, the postdoctoral researcher who led the study, which was published this week in the journal Science.

Manipulating XNAs to behave like DNA and RNA could help scientists design better drugs, Pinheiro said.

It could also shed light on how life emerged on Earth, and on what living things might look like if they exist beyond our planet.

“Everyone wants to know what aliens would use for DNA,” said Steven Benner, a biochemist at the Foundation for Applied Molecular Evolution in Gainesville, Fla., who has synthesized artificial DNA but was not involved in the new study. “Lab experiments tell you about the possibilities in the universe.”

In natural life on Earth, the nucleic acids DNA and RNA are formed by sugar molecules — deoxyribose in DNA and ribose in RNA — that link to phosphates to form a backbone onto which the four nucleotide bases attach to form a chain.

Genetic information is stored in the order in which the bases — known by the chemical letters A, C, G and T — are strung along the chain.

DNA forms the template that holds all the information needed to create an organism. RNA takes that information and translates it into proteins, the basic building blocks of biology. (Viruses, which some scientists consider to be a life form, use only RNA.)

To build alternatives to DNA and RNA, scientists often fiddle with one component or another and see how the changes affect genetic function.

Pinheiro and his team worked with six molecules that use different sugars or sugar-like groups in place of deoxyribose and ribose. Something called CeNA, for instance, employs a ring-shaped structure called cyclohexene. Another variant called HNA used a group of atoms called anhydrohexitol.

Collectively, the scientists refer to the group as XNAs. The X stands for “xeno-,” the Greek prefix meaning “strange,” “foreign” or “alien.”

The researchers started with molecules that were already synthesized in other labs or sold by companies. The new part was demonstrating that the molecules were capable of passing along their genetic code. To do this, they had to engineer a group of enzymes that could read information stored in XNAs and write it onto DNA. After making make a bunch of copies of that DNA, they then used the enzymes to write those copies back to XNAs.

The group then showed that HNA was capable of evolution by making lots of copies of it, selecting out the ones with desired characteristics — in this case, the ability to bind to certain proteins — creating more copies of those, selecting out the best ones again, and so on.

“It’s domesticated breeding of molecules,” said Dr. Gerald Joyce, a researcher at the Scripps Research Institute in La Jolla, Calif., who was not involved in the study.

Joyce, who wrote an editorial for Science about the research, said the techniques Pinheiro and his colleagues used could some day make it easier for scientists to build nucleic acid-based medicines and diagnostic tests.

Today such products rely on RNA or DNA — both of which degrade quickly when exposed to enzymes called nucleases.

“If you take RNA and put it in a dish and breathe heavy, the RNA is a goner,” Joyce said.

With an XNA alternative, scientists could produce tests or therapies that are impervious to nucleases, potentially speeding the drug development process, Pinheiro said.

As for XNAs’ possible role in the evolution of life, Joyce said that scientists believe life on Earth probably was RNA-based before it became DNA-based — and could have been based on an even simpler XNA, such as TNA (made with a sugar called threose), before that.

“Some molecules developed the ability to replicate their own information, then we were off to the Darwinian races,” he said.

eryn.brown@latimes.com

View the original article here

Researchers ID Gene for Neck Disorder

FRIDAY, March 9 (HealthDay News) — The first gene linked to an often painful neck disorder has been identified by researchers.

Adult-onset primary cervical dystonia, which is characterized by involuntary twisting of the neck, occurs in about 30 of every 100,000 people, previous research has reported.

In this new study, researchers conducted a genetic analysis of a patient with the condition, his identical twin whose neck also twisted and family members, some of whom also had the disorder. The investigators pinpointed a mutation in the CIZ1 gene, which produces a protein expressed in certain nerve cells in the brain and appears to be involved in cell cycle activities.

However, the researchers did not identify the cellular mechanism associated with cervical dystonia.

The study findings were released online in advance of publication in an upcoming print issue of the Annals of Neurology.

While the researchers believe that CIZ1 is one genetic cause of the disorder, it’s likely that other genes linked to cervical dystonia will be found, according to Dr. Ryan Uitti, a neurologist at the Mayo Clinic in Jacksonville, Fla.

There are a number of treatments for cervical dystonia. The most common is botulinum toxin injections, which incapacitate the nerve in the affected muscle and eliminate chronic pain and muscle pulling/contraction.

But some people with the condition don’t realize that it is unusual and that they should seek medical help, Uitti noted.

“They think they slept wrong at some point, or, because the twisting might straighten out with another maneuver, such as walking backwards, they might actually [not be taken seriously],” Uitti said in a Mayo Clinic news release.

More information

We Move has more about cervical dystonia.

View the original article here