Bluvector Threat Report Q1 2018

Total Page:16

File Type:pdf, Size:1020Kb

Bluvector Threat Report Q1 2018 BluVector Threat Report Q1 2018 While 2018 began with the massive revelation of Meltdown and Spectre, news about any malware threats that specifically target these CPU vulnerabilities has not yet been reported or confirmed. However, the first quarter has shown that while malware prevention solutions are improving for known threats, adversaries continue to evolve their craft to create attacks that circumvent these solutions. As the financial reward for attackers increases, we expect money to remain the primary driving force throughout the year. Which leads directly into Threat Report’s new category… TABLE OF CONTENTS 3 Threat Report Q1 2018 Threat Chart RANSOMWARE Q1 2018 4 Summary 16 RANSOMWARE: AVCrypt APTs Q1 2018 17 RANSOMWARE: BitPaymer/FriedEx APT: HackingTeam RANSOMWARE: GlobeImposter & 5 18 GandCrab 6 APT: OceanLotus 19 RANSOMWARE: SamSam 7 APT: PZChao 8 APT: Slingshot NOTABLE Q4 2017 THREATS TROJANS Q1 2018 TROJANS Q4 2017 9 TROJAN: AndroRAT 21 TROJAN: ExpensiveWall & Hancitor 10 TROJAN: Dridex 22 TROJAN: Iced Id 11 TROJAN: GhostTeam 23 TROJAN: Marcher 12 TROJAN: LockPOS 24 TROJAN: Orcus Rat 13 TROJAN: OylmpicDestroyer 25 TROJAN: Scarab 14 TROJAN: Snojan RANSOMWARE Q4 2017 MINERS Q1 2018 26 RANSOMWARE: Bad Rabbit RANSOMWARE: DoubleLocker 15 MINER: Smominru 27 Android Threat Report Q1 2018 APTs BitPaymer/ GlobeImposter PZChao 51 Months FriedEx in advance 19 Months 29 Months HackingTeam in advance in advance 21 Months in advance Slingshot Double 34 Months SamSam Locker in advance 12 Months 10 Months in advance in advance OceanLotus 10 Months Scarab in advance 11 Months GandCrab in advance 15 Months in advance AVCrypt RANSOMWARE 50 40 30 20 10 5 Months MONTHS MONTHS MONTHS MONTHS MONTHS in advance Bad Rabbit THREAT FIRST 10 Months PUBLICLY in advance Expensive Wall IDENTIFIED 11 Months AndroRat in advance 7 Months in advance Snojan TROJANS 14 Months in advance Marcher GhostTeam 11 Months 9 Months in advance in advance Orcus Rat OlympicDestroyer 11 Months 14 Months in advance in advance MINERS Smominru 32 Months in advance IcedID 36 Months in advance Hancitor 35 Months Dridex in advance 32 Months in advance LockPOS 48 Months in advance BluVector runs all discovered malware samples through historical classifiers to identify when our machine learning engine would have first detected the named threat. BluVector currently supports over 35 file-specific machine learning classifiers. © 2018 BluVector, Inc. 3 SUMMARY Mining for Malware of Atlanta was also hit by a highly publicized SamSam ransomware attack in March, which As predicted, Q1 2018 saw the continued rise was still not completely resolved a month later, in prominence of crypto-mining, as the topic of costing $2.7 million to that point. The Baltimore cryptocurrencies remains the focus of the media 9-1-1 Computer Aided Dispatch system was also and the general public. Huge financial incentives knocked offline for approximately 17 hours in late and a lack of regulation continue to draw the March by unnamed ransomware. attention of attackers. Due to the volatility in the values of differing cryptocurrencies, miners have APTs and Trojans: Still Kicking moved away from Bitcoin toward Monero. The most damaging threat comes from the However, crypto-mining is far from the greatest two categories that allow attackers to stealthily threat facing organizations, as reflected by the compromise a network and extract credentials fact that only one Threat Report blog in Q1 dealt and other data: trojans and their stealthier with miner malware, and it was only the use of the cousins, Advanced Persistent Threats (APTs). EternalBlue exploit that made the Smominru miner Cumulatively, they accounted for over 63% of noteworthy. We have added a Miner category to Threat Reports in Q1. Trojans and APTs are highly our Threat Report chart as we expect that there likely to be responsible for – or a large component will be further miner threats in the coming year. of – successful breaches. In January 2018, the Japanese-based cryptocurrency exchange Ransomware Hit List Coincheck was breached, resulting in the theft of a colossal $534 million in the relatively unknown As stated in one of our Q1 Threat Report blogs, NEM coin cryptocurrency. In March, Under Armour the death of ransomware in the face of the announced that data was compromised from 150 popularity of cryptominers has been greatly million accounts related to its MyFitnessPal app. exaggerated. Ransomware continues to pose a significant threat to organizations, with victims Conclusion facing both high monetary and reputational costs as the result of a successful attack. There were To put the relentlessness of attacks and the several high-profile attacks during Q1 which attackers perpetrating them into perspective, it amply demonstrate these impacts. has been reported that the global cybercrime economy generates an annual profit of $1.5 trillion The threat ransomware continues to pose is or roughly the same as Russia’s GDP. To use an demonstrated by ransomware accounting for old cybersecurity adage, attackers only need over 30% of Threat Report blogs in Q1. In February, to succeed once to compromise your network, SamSam ransomware infected 2,000 Colorado defenders need to succeed every time. These Department of Transport (CDOT) systems. A facts and the events of Q1 2018 reinforce the reality week later, once CDOT had 20% of systems back that threat actors have no intention of scaling back online, another SamSam variant reinfected those their attacks. It is important not to be distracted systems, resulting in the staff’s return to pen and by coverage given to one attack vector or class paper. Six weeks after the initial infection, CDOT of attack – distraction has been a powerful tool in reported it had only returned to 80% of its pre- the arsenals of attackers for centuries… just think infection functionality. It stated that recovery costs about why malware trojans are so named. may reach US$1.5 million, which includes the cost of temporarily expanding its core IT team from 25 to 150 “during the peak of the incident.” The City © 2018 BluVector, Inc. 4 APT: HackingTeam What Is It? to spoof an executable file as a PDF. HackingTeam is an Italian-based purveyor of So far these new variants have been detected in spyware which became notorious for selling its 14 unnamed countries. There is no valid reason main surveillance tool, Remote Control System for these samples to be present on a corporate (RCS), to nation states with a dubious record network, and their presence may indicate of human rights issues, as well as various industrial espionage or other compromise. intelligence and law enforcement agencies. In July 2015, HackingTeam itself was hacked, How Does It Propagate? resulting in the release of over 400GB of internal The malware does not self-propagate. It has been data, including emails, customer lists and RCS’s observed attached to spear phishing emails as source code. The hackers also gained access to an executable file, attempting to appear as a the official HackingTeam Twitter account, which PDF file. This again highlights the importance of they used to publicly announce the hack and user education and awareness programs as a provide links to the data. The data revealed that component of overall security protections. HackingTeam’s employees used poor passwords including “P4ssword”. When/How Did BluVector Detect It? In the wake of the data breach, HackingTeam Nine samples are publicly available and was forced to request its customers discontinue BluVector’s patented Machine Learning Engine using the RCS product, which cast doubt on the (MLE) detected all of them. Regression testing has continuing viability of the company. Research shown all samples would have been detected by done by Slovakia-based security company ESET all previous MLE models. Owing to differing times describes samples of RCS that were created the samples have been available in the wild, they between September 2015 and October 2017 would have been detected between 21 and 50 and run on Microsoft Windows. Similarities in months prior to their release. coding style and other factors, which they have chosen not to make public, led ESET to be “fully convinced” that these new variants are from HackingTeam and not created by other actors utilizing the previously released source code. The samples make use of VMProtect, which describes itself as “software protection against reversing and cracking.” ESET found no major advances in functionality when compared to earlier variants, which include capabilities for extracting files, intercepting emails and instant messages and covertly activating webcams and microphones. In at least two cases, they found the samples attached to emails where the filename utilized multiple file extensions in order to attempt © 2018 BluVector, Inc. 5 APT: OceanLotus What Is It? file. This well-established malicious technique is known as DLL side-loading. It works by placing Since 2014, the OceanLotus Advanced Persistent the malicious DLL file in the same directory Threat (APT) group, also referred to as APT32 as the legitimate, signed DLL and then having and APT-C-00, has been targeting governments the legitimate DLL load the malicious DLL into and corporations in various industries located memory. This appears less suspicious as the in Southeast Asia, especially Vietnam, Laos, loading is performed by a signed, trusted Cambodia and the Philippines. The group is application. believed to be Vietnamese. The backdoor then encrypts its Command and The group’s goal is to install a backdoor allowing Control (C2) traffic. However, if detected and for full access to a system and the data it contains. captured, this traffic can be decrypted, owing to Recently, Slovakian-based security company the fact the encryption key is actually part of the ESET described the latest malware from traffic. OceanLotus. Though previously OceanLotus has utilized backdoor malware running on Macs, How Does It Propagate? these samples run on Microsoft Windows.
Recommended publications
  • Free Virtual Cd/Dvd Drive
    Free virtual cd/dvd drive The emulation software allows users to run a CD/DVD image directly from a hard disk after mounting the image to a virtual disk drive. This works the same as or ​Gizmo Drive · ​MagicDisc · ​Virtual CloneDrive. DAEMON Tools Lite, free and safe download. DAEMON Tools Lite latest version: An excellent virtual CD/DVD drive emulator. DAEMON Tools lets you create. WinCDEmu is an open-source CD/DVD/BD emulator - a tool that allows you to mount optical disc images by simply clicking on Supports unlimited amount of virtual drives. WinCDEmu is free for any kind of use - it is licensed under LGPL ​Download · ​How to Mount ISO Files · ​WinCDEmu Tutorials · ​How to Install. SlySoft's Virtual CloneDrive is a free tool that creates up to 15 virtual CD and DVD drives in Windows. You can copy your CDs and DVDs to your hard drive as. MagicDisc is freeware. It is very helpful utility designed for creating and managing virtual CD drives and CD/DVD discs. For anyone who deals with CD-based. Here are my top 10 list of software that allows you to mount ISO CD or DVD images as a virtual drive for free. This is very useful for you to. Download MagicISO Virtual CD/DVD-ROM. MagicDisc is freeware. It is very helpful utility designed for creating and managing virtual CD drives. Virtual CloneDrive works and behaves just like a physical CD, DVD, to use - just double-click an image file to mount as a drive; Virtual CloneDrive is freeware. If you're using Microsoft Windows 8, Windows and Windows 10, you do not need to download 3rd party ISO mounting software.
    [Show full text]
  • Internet Security Threat Report Volume 24 | February 2019
    ISTRInternet Security Threat Report Volume 24 | February 2019 THE DOCUMENT IS PROVIDED “AS IS” AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID. SYMANTEC CORPORATION SHALL NOT BE LIABLE FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES IN CONNECTION WITH THE FURNISHING, PERFORMANCE, OR USE OF THIS DOCUMENT. THE INFORMATION CONTAINED IN THIS DOCUMENT IS SUBJECT TO CHANGE WITHOUT NOTICE. INFORMATION OBTAINED FROM THIRD PARTY SOURCES IS BELIEVED TO BE RELIABLE, BUT IS IN NO WAY GUARANTEED. SECURITY PRODUCTS, TECHNICAL SERVICES, AND ANY OTHER TECHNICAL DATA REFERENCED IN THIS DOCUMENT (“CONTROLLED ITEMS”) ARE SUBJECT TO U.S. EXPORT CONTROL AND SANCTIONS LAWS, REGULATIONS AND REQUIREMENTS, AND MAY BE SUBJECT TO EXPORT OR IMPORT REGULATIONS IN OTHER COUNTRIES. YOU AGREE TO COMPLY STRICTLY WITH THESE LAWS, REGULATIONS AND REQUIREMENTS, AND ACKNOWLEDGE THAT YOU HAVE THE RESPONSIBILITY TO OBTAIN ANY LICENSES, PERMITS OR OTHER APPROVALS THAT MAY BE REQUIRED IN ORDER FOR YOU TO EXPORT, RE-EXPORT, TRANSFER IN COUNTRY OR IMPORT SUCH CONTROLLED ITEMS. TABLE OF CONTENTS 1 2 3 BIG NUMBERS YEAR-IN-REVIEW FACTS AND FIGURES METHODOLOGY Formjacking Messaging Cryptojacking Malware Ransomware Mobile Living off the land Web attacks and supply chain attacks Targeted attacks Targeted attacks IoT Cloud Underground economy IoT Election interference MALICIOUS
    [Show full text]
  • Cyber Threat Metrics
    SANDIA REPORT SAND2012-2427 Unlimited Release Printed March 2012 Cyber Threat Metrics Mark Mateski, Cassandra M. Trevino, Cynthia K. Veitch, John Michalski, J. Mark Harris, Scott Maruoka, Jason Frye Prepared by Sandia National Laboratories Albuquerque, New Mexico 87185 Sandia National Laboratories is a multi-program laboratory managed and operated by Sandia Corporation, a wholly owned subsidiary of Lockheed Martin Corporation, for the U.S. Department of Energy's National Nuclear Security Administration under contract DE-AC04-94AL85000. Approved for public release; further dissemination unlimited Issued by Sandia National Laboratories, operated for the United States Department of Energy by Sandia Corporation. NOTICE: This report was prepared as an account of work sponsored by an agency of the United States Government. Neither the United States Government, nor any agency thereof, nor any of their employees, nor any of their contractors, subcontractors, or their employees, make any warranty, express or implied, or assume any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, apparatus, product, or process disclosed, or represent that its use would not infringe privately owned rights. Reference herein to any specific commercial product, process, or service by trade name, trademark, manufacturer, or otherwise, does not necessarily constitute or imply its endorsement, recommendation, or favoring by the United States Government, any agency thereof, or any of their contractors or subcontractors. The views and opinions expressed herein do not necessarily state or reflect those of the United States Government, any agency thereof, or any of their contractors. Printed in the United States of America. This report has been reproduced from the best available copy.
    [Show full text]
  • Annexe 2 – Le Marché De L'animation En 2018
    les études du CNC Le marché juin 2019 de l’animation en 2018 Cette étude a été réalisée conjointement par la Direction de l’audiovisuel et de la création numérique et la Direction des études, des statistiques et de la prospective. Les données sur l’emploi sont reprises de l’étude publiée par Audiens sur la production de films d’animation et d’effets visuels. Centre national du cinéma et de l’image animée 12, rue de Lübeck 75784 Paris cedex 16 Tél : 01.44.34.38.26 Fax : 01.44.34.34.55 www.cnc.fr Nicolas Besson, Sophie Cheynet, Benoît Danard, Sylvain Dandine, Sophie Jardillier, Laurence Peyré, Ivan Piccon, Cindy Pierron, Danielle Sartori, Jérôme Tyl, Linda Zidane. 2 Le marché de l’animation en 2018 Sommaire Synthèse .............................................................................................................................. 5 1. Cinéma ............................................................................................................................. 8 1.1. La production française de longs métrages d’animation ............................................. 9 1.2. La distribution............................................................................................................17 1.3. Les résultats des films d’animation en salles .............................................................25 1.4. Le public des films d’animation en salles ...................................................................30 2. Audiovisuel ....................................................................................................................34
    [Show full text]
  • French Cinema Saw International Box Office Receipts Shrink, but Retained Its Place in Foreign Markets and Festivals
    23 rd RENDEZ-VOUS WITH FRENCH FILMS ON THE INTERNATIONAL MARKETPLACE FRENCH AND AT FESTIVALS CINEMA IN 2020 PARIS / JANUARY 13 - 15 2021 RESULTS FOR FRENCH FILMS ON THE INTERNATIONAL MARKET PLACE IN 2020 13.7* 86.6* MILLION MILLION ADMISSIONS EUROS down 69.8%* compared to 2019 IN RECEIPTS Note: In France, French films generated down 68.6%* compared to 2019 29.2** million admissions in 2020, down 60.7%** compared to 2019 IN 2020, FRENCH CINEMA SAW INTERNATIONAL BOX OFFICE RECEIPTS SHRINK, BUT RETAINED ITS PLACE IN FOREIGN MARKETS AND FESTIVALS » 9.5* million admissions (69.5%* of the total) for majority-French productions (38 million in 2019, down 75%*) » 10.6* million admissions (77.6%* of the total) for French-language films (26.9 million in 2019, down 60.6%*) » 611* French films on release in foreign theaters (869 in 2019, down 29.7%*) » 1,398* releases of French films (2,836 in 2019, down 50.7%*) » 2* French films sold more than 1 million tickets abroad (7 in 2019) » 28* French films drew more than 100,000 spectators abroad (68 in 2019) » Russia becomes the leading territory in terms of admissions for French films in 2020, ahead of Spain and Italy* » 163 French films were selected across 8 major international film festivals*** and accounted for 19.5% of the films presented (199 and 19% in 2019, down 18.1% and up 2.6%) Note: *The figures given in this brochure are provisional and non-exhaustive. The definitive figures will be available in the fall and will inevitably be higher.
    [Show full text]
  • FOLIVARI, LITTLE BIG STORY, SCARLETT PRODUCTION Lauréats Du 24E PRIX DU PRODUCTEUR FRANÇAIS DE TÉLÉVISION
    communiqué de presse - 26 mars 2018 FOLIVARI, LITTLE BIG STORY, SCARLETT PRODUCTION lauréats du 24e PRIX DU PRODUCTEUR FRANÇAIS DE TÉLÉVISION La 24ème édition du Prix du producteur français de télévision dont la cérémonie s’est tenue en soirée le 26 mars 2017 au Trianon et à L’Elysée Montmartre à Paris, a décerné les Prix du Producteur français de télévision à FOLIVARI dans la catégorie Animation, à la LITTLE BIG STORY dans la catégorie Documentaire, à SCARLETT PRODUCTION dans la catégorie Fiction. Plus de 900 professionnels ont assisté à la soirée. Lors de cette même soirée ont également été remis les Prix export de TV France International. Le jury était présidé cette année par la comédienne Alix Poisson. Après avoir souligné la grande qualité des sociétés nommées à l’issue du vote en ligne de présélection, le jury a récompensé au titre de Producteur français de télévision 2018 dans la catégorie Animation, la société FOLIVARI (Didier et Damien Brunner), pour la variété et qualité de sa politique éditoriale, que ce soit en matière d’adaptations ou de créations originales, et la capacité des producteurs à accompagner leurs auteurs tout en faisant émerger de nouveaux talents. FOLIVARI est notamment producteur de « Chien Pourri » (52 x 13’ de D. Durand, V. Patar et S. Aubier pour France Télévisions et la RTBF), du « Grand Méchant Renard et autres contes » (long métrage cinéma de Benjamin Renner issu d’un projet de série TV), et de « Ernest & Célestine, la collection » (26 x 13’ de J.C. Roger & J. Cheng pour France Télévisions). Le jury a par ailleurs récompensé au titre du Producteur français de télévision 2018 dans la catégorie Documentaire, la société LITTLE BIG STORY (Valérie Montmartin), dont le jury a relevé l’ambition des projets, leur portée internationale, en soulignant la prise de risque et l’audace de leur productrice.
    [Show full text]
  • Containing Conficker to Tame a Malware
    &#4#5###4#(#%#5#6#%#5#&###,#'#(#7#5#+#&#8##9##:65#,-;/< Know Your Enemy: Containing Conficker To Tame A Malware The Honeynet Project http://honeynet.org Felix Leder, Tillmann Werner Last Modified: 30th March 2009 (rev1) The Conficker worm has infected several million computers since it first started spreading in late 2008 but attempts to mitigate Conficker have not yet proved very successful. In this paper we present several potential methods to repel Conficker. The approaches presented take advantage of the way Conficker patches infected systems, which can be used to remotely detect a compromised system. Furthermore, we demonstrate various methods to detect and remove Conficker locally and a potential vaccination tool is presented. Finally, the domain name generation mechanism for all three Conficker variants is discussed in detail and an overview of the potential for upcoming domain collisions in version .C is provided. Tools for all the ideas presented here are freely available for download from [9], including source code. !"#$%&'()*+&$(% The big years of wide-area network spreading worms were 2003 and 2004, the years of Blaster [1] and Sasser [2]. About four years later, in late 2008, we witnessed a similar worm that exploits the MS08-067 server service vulnerability in Windows [3]: Conficker. Like its forerunners, Conficker exploits a stack corruption vulnerability to introduce and execute shellcode on affected Windows systems, download a copy of itself, infect the host and continue spreading. SRI has published an excellent and detailed analysis of the malware [4]. The scope of this paper is different: we propose ideas on how to identify, mitigate and remove Conficker bots.
    [Show full text]
  • Seventh Annual Children's Film Showcase
    e CENTER for the HUMANITIES Seventh Annual Children’s Film Showcase: An Exploration of Children’s Films and Their Audience Friday, November 19, and Saturday, November 20, 2010 he Center for the Humanities at Washington University, in conjunction with the Program in Film and Media Studies of Washington University and Cinema St. Louis, will host a two-day festival of Children’s Film on November 19th and 20th, 2010. e Showcase will include lectures, film screenings, and Q&A sessions with film directors or producers after the shows. Te Children’s Film Showcase will be held in Washington University’s Brown Hall Audi torium. Friday, November 19 7 pm, An Illustrator In The World Of Moving Images by Serge Bloch French illustrator, children’s book author and animator Serge Bloch will give a keynote address. A sampling of his work in animation for children and adults, discussion, and book sale follow the talk. Serge Bloch is one of the most prolific and talented living French illustrators (over 300 books illustrated). He has an instantly recognizable voice and appears regularly in e New York Times , e Wall Street Jour - nal and Time Magazine. His work is humorous, heartfelt, and has a deceptively childlike simplicity that has made him a highly sought-after illustrator. His TV show SamSam is distributed by Universal Pictures. He is also co-creator of the animated series Toto . His lat - est books include Reach for the Stars and Other Advice for Life's Journey and You Are What You Eat and Other Mealtime Hazards . Bloch's artwork has been exhibited in Italy, France, and the United States.
    [Show full text]
  • Archive and Compressed [Edit]
    Archive and compressed [edit] Main article: List of archive formats • .?Q? – files compressed by the SQ program • 7z – 7-Zip compressed file • AAC – Advanced Audio Coding • ace – ACE compressed file • ALZ – ALZip compressed file • APK – Applications installable on Android • AT3 – Sony's UMD Data compression • .bke – BackupEarth.com Data compression • ARC • ARJ – ARJ compressed file • BA – Scifer Archive (.ba), Scifer External Archive Type • big – Special file compression format used by Electronic Arts for compressing the data for many of EA's games • BIK (.bik) – Bink Video file. A video compression system developed by RAD Game Tools • BKF (.bkf) – Microsoft backup created by NTBACKUP.EXE • bzip2 – (.bz2) • bld - Skyscraper Simulator Building • c4 – JEDMICS image files, a DOD system • cab – Microsoft Cabinet • cals – JEDMICS image files, a DOD system • cpt/sea – Compact Pro (Macintosh) • DAA – Closed-format, Windows-only compressed disk image • deb – Debian Linux install package • DMG – an Apple compressed/encrypted format • DDZ – a file which can only be used by the "daydreamer engine" created by "fever-dreamer", a program similar to RAGS, it's mainly used to make somewhat short games. • DPE – Package of AVE documents made with Aquafadas digital publishing tools. • EEA – An encrypted CAB, ostensibly for protecting email attachments • .egg – Alzip Egg Edition compressed file • EGT (.egt) – EGT Universal Document also used to create compressed cabinet files replaces .ecab • ECAB (.ECAB, .ezip) – EGT Compressed Folder used in advanced systems to compress entire system folders, replaced by EGT Universal Document • ESS (.ess) – EGT SmartSense File, detects files compressed using the EGT compression system. • GHO (.gho, .ghs) – Norton Ghost • gzip (.gz) – Compressed file • IPG (.ipg) – Format in which Apple Inc.
    [Show full text]
  • Tinjauan Identiti Dan Bahasa Hibrid Dalam Kalangan Samsam, Baba Nyonya Dan Jawi Peranakan Di Utara Semenanjung Malaysia
    Sari - International Journal of the Malay World Noriahand Civilisation Mohamed 28(2) & Omar (2010): Yusoff 35 - 6135 Tinjauan Identiti dan Bahasa Hibrid dalam Kalangan Samsam, Baba Nyonya dan Jawi Peranakan di Utara Semenanjung Malaysia NORIAH MOHAMED & OMAR YUSOFF ABSTRAK Makalah ini meninjau dan membincangkan identiti dan bahasa tiga kelompok yang dianggap memaparkan ciri hibrid (kacukan). Kelompok tersebut ialah Samsam, Baba Nyonya dan Jawi Peranakan yang terdapat di kawasan utara Semenanjung Malaysia. Data untuk penulisan ini diperoleh daripada tinjauan pustaka dan temu bual tidak berstruktur yang dilaksanakan menerusi kajian lapangan terhadap informan ketiga-tiga kelompok. Huraian data pula bersifat deskriptif kualitatif. Secara umum, tinjauan ini mendapati bahawa hibrid atau kacukan ialah konsep yang memperlihatkan sifat sesuatu sistem yang terbentuk daripada gabungan beberapa subsistem atau bahagian yang berbeza. Konsep hibrid ini digunakan untuk menjelaskan identiti ketiga-tiga kelompok yang dimaksudkan. Dari sudut bahasa pula, walaupun bahasa yang dituturkan oleh ketiga-tiga kelompok ini memperlihatkan ciri hibrid, namun begitu pengelasan dari sudut linguistik memperlihatkan bahawa sistem pertuturan Samsam dan Jawi Peranakan dianggap dialek, manakala sistem pertuturan Baba Nyonya pula berstatus kreol. Makalah ini membincangkan juga aspek pengelasan linguistik sebagaimana yang dimaksudkan bagi sistem pertuturan ketiga-tiga kelompok ini. Hasil penulisan ini berguna kerana menerusinya kita dapat menelusuri sejarah tiga kelompok hibrid yang boleh dianggap tertua yang wujud di Malaysia.. Kata kunci: Identiti, bahasa, hibrid, Samsam, Baba Nyonya, Jawi Peranakan ABSTRACT This paper reviews and discusses the identity and language of three groups that were considered to display the hybrid (half-breed) feature. The group is Samsam, Baba Nyonya and Jawi Peranakan that reside in the northern part of West Malaysia.
    [Show full text]
  • Techniques of Adware and Spyware
    Techniques of Techniques and Adware Spyware Eric Chien SecuritySymantec Response From theauthor. proceedingsthe of permission with Used of the VB2005 Conference. WHITE PAPER: SYMANTEC SECURITY RESPONSE White Paper: Symantec Security Response Techniques of Adware and Spyware Contents Abstract.......................................................................................................................................6 Background................................................................................................................................. 6 Delivery vectors...........................................................................................................................8 Social engineering banner ads...................................................................................................8 Drive by Downloads.................................................................................................................... 9 Automatic refresh....................................................................................................................... 9 Active X........................................................................................................................................10 Continual Prompting...................................................................................................................11 Bundled and chained installs..................................................................................................... 11 Peer to peer installation............................................................................................................
    [Show full text]
  • Buyers and Financiers of the Wilmar Group
    Buyers and financiers of the Wilmar Group A research paper prepared for Milieudefensie (Friends of the Earth Netherlands) by Profundo july 2007 Credits Research and text: Jan Willem van Gelder Cover photo: Milieudefensie ©Amsterdam, July 2007 Profundo Van Duurenlaan 9 1901 KX Castricum The Netherlands Tel: +31-251-658385 Fax: +31-251-658386 E-mail: [email protected] Website: www.profundo.nl This research paper is prepared for Milieudefensie Milieudefensie (Friends of the Earth Netherlands) Campaign Globalisation & Environment P. O. box 19199 1000 GD Amsterdam, The Netherlands Tel. + 31 20 6262 620 [email protected] www.milieudefensie.nl/english The forest campaign of Milieudefensie is partly financed by the dutch Ministry of Foreign Affairs, the Dutch Ministry of Housing, Spatial Planning and the Environment, Oxfam Novib, Hivos and from the Ecosystems Grants Programme from IUCN Netherlands. Contents Summary 1 Chapter 1. Short profile of the Wilmar Group 8 1.1. Background of the Wilmar Group 8 1.2 Oil palm plantation holdings 8 1.3 Oil palm holdings of the Ganda Group 10 1.4 Take-over and merger plan 10 Chapter 2. Financiers of the Wilmar Group 12 2.1 Financial structure of Wilmar International 12 2.2 Shareholders 12 2.3 Bank loans 12 2.4 Investments banking services 14 2.5 Other forms of financing 15 Chapter 3. Buyers of the Wilmar Group 16 3.1 List of main costumers 16 3.2 Essent 16 3.3 Electrawinds 16 3.4 Unilever 17 Appendix 1 References 18 Summary Profile Wilmar International is one of the largest global players in the edible oil sector.
    [Show full text]