Tag Archives | Malware

The Mac’s Malware Problem Just Got A Lot Worse

Apple may have thought that its statement yesterday would get the Mac Defender mess under control. But the malware is back under a new name–MacGuard–and in a more dangerous form.

ZDNet blogger Ed Bott, who’s known more for his reporting on Microsoft than on anything Apple, has been hot on this story since the get go. He reported Wednesday that as if on cue the Mac Defender creators have released a new version of the malware application that requires no password at all to install.

See, Mac users -including myself–have accurately pointed out that basically all attempted malware for the Mac required the user to enter the administrative password. If you did that, it was your own stupid fault for getting infected. With MacGuard, it’s completely different.

Continue Reading →


Cybercrooks use Amazon to Run Botnet

Robert McMillan of the IDG News Service is reporting that cyber criminals gained access to an Amazon Web Services (AWS) account, and used Amazon’s cloud infrastructure to manage and run its botnet. Expect more cloud-based attacks such as this one in the future.

The botnet was a Zeus bot (Zbot) variant. The Zeus trojan is a  program that criminals use to gather personal and financial data from its victims.

Hackers that create trojans such as Zeus are becoming increasingly organized and function like corporations, according to a security recent report published by Microsoft. That structure enables regular malware release schedules, and gives criminals the ability to exploit complex vulnerabilities in software–even as operating systems become more secure.

Law enforcement has made some progress toward shutting down the data centers that criminals use to host their infrastructure, but the crooks are seemingly one step ahead, and have now migrated to Web-based services. IDG reports that unnamed law enforcement officials have begun to worry that stolen credit cards could be used to purchase cloud computing services such as AWS.

That’s a given. I hope that cloud providers take action to discover malware on their server, and have the capacity to shut it down before serious damage can be done. They have a responsibility to do so.

No comments

Malware Inc.: The Criminals Behind the Attacks

Malware makers–the criminals responsible for viruses and worms –have become increasingly organized and sophisticated, according to a Microsoft security report that was released today. Gamers, the gullible, USB drive users, and people who don’t patch their PCs are their biggest targets.

Cybercriminals are organized like corporations, and follow regular software release cycles, said Jeff Williams, principal group program manager for the Microsoft Malware Protection Center: “They are working for monetary gain.”

The report, entitled, Microsoft Security Intelligence Report Volume 7, is based upon data collected worldwide from January through June 2009. The data was obtained through Microsoft’s security products, Hotmail, and Windows Update, Williams said. “It shows differences from region to region, and provides a comprehensive view of the threat landscape.”

Globally, Microsoft found that the number of trojan downloaders has fallen markedly over the past year; although, they did remain the most common threat. That gain was offset by a rise in instances of worms, password stealers and monitoring tools, according to the report.

Malware has been increasingly targeting online gamers, and there has been a major uptake in fraudulent security software, Williams said. Criminals create trojan software that purports to protect users from malware, but does nothing more than steal personal information and obtain credit card information through false premise.

Criminals have also begun the practice of bundling malware, and making “pay for play” arrangements with one another, Williams said. Another trend Williams noted is the misuse of autoplay in Windows, and using removable media like USB jump drives as an attack vector to get inside of protected enterprise environments.

Microsoft recommends that customers should use trusted anti virus software, a Web browser with anti-phishing technology, and keep their operating systems up-to-date. Security software, combined with increased industry and government cooperation, has helped Microsoft better protect customers over the past year, Williams said.

However, Microsoft is playing a game of multidimensional chess against an opponent that is profit-driven. Improvements in security have induced cyber criminals to exploit more complex software vulnerabilities, and those vulnerabilities have become the new chosen mechanisms for propagating worms of worms, Williams acknowledged.

“They left a note in a worm telling us that they would take more direct action in the future. Criminals are becoming more aggressive,” Williams said. Simply put, when one door closes, they find another.

With Windows becoming more secure, third party applications are being targeted with rising frequency, Williams noted. To combat that threat, Microsoft has delivered free security tools to developers, along with documentation on the steps that it takes internally to create secure software.

Thankfully, other major software companies including HP and IBM have bought security firms, and are making efforts to secure their software. A lot of the industry still lags, but steady progress is being made.

A security expert once told me that hackers were the highwaymen of our century. Highwaymen were thieves that preyed upon travelers during the Elizabethan era. They became obsolete when society created toll roads–closing off their route of escape–and increased police patrols. The crime was not worth the time.

Software is exceedingly more complex than road building, and modern operating systems are some of the most advanced things man has ever created. It’s not really possible to make software that is entirely secure. Even still, I have confidence that enough progress will be made to raise the risks and reduce the gains of cybercrime.


All Your Apple Belong To Us: First Mac Botnet?

Ryan Naraine at ZDNet has a shocker: Symantec has said it has evidence of the first known Botnet comprised of Mac computers that are attempting to launch denial-of-service attacks. The root cause appears to be a cracked copies of iWork ’09 and Adobe Photoshop CS4 that also includes an additional payload with the Botnet code.

These applications are apparently making the rounds on BitTorrent. Moral of the story here? Stop using pirated apps.

OSX.Iservice and OSX.Iservice.B are the names of the files, which essentially obtain the password of the Mac machine allowing the hackers to take control. Estimates of affected Macs number in the thousands, Symantec estimates.

So much for the ‘Macs are immune’ meme. While this doesn’t point to an actual vulnerability just yet, it indicates that Macs like every other computer can be used for malicious purposes.

Of course the Apple faithful will be quick to yell this down, but I don’t think dismissing this is a good idea. So suck it up people and download a Mac virus scanner. Yes, you do need it.

I think the above is enough proof that the threat is real, no?

Update: Commenter Dave Barnes brought up another good program for detecting unwanted outgoing data: Little Snitch.


Malware is Messing with Facebook Users

A rogue application has struck Facebook for the second time within a week, reports Trend Micro’s Malware Blog. The malware uses social engineering to hoodwink Facebook users into installing it, and then proceeds to harvest their personal information. But don’t panic yet – it’s not that easy to do.

When a user installs the application, it propagates itself by spamming their friends profiles with fake but official sounding notices that they have violated the Facebook terms of service. In order to avoid “penalties,” the user is instructed to install the application. If the would-be victim falls for it, the cycle repeats.

Trend Micro has pointed out the obvious: Facebook should review its application hosting policy. The firm also recommended that users take responsibility for what they are installing, and to do some research beforehand.

One possible solution is a verification process for applications, but the problem would have to be more prevalent to justify its costs, said Caleb Sima, an HP executive that is the former co-founder and CTO of SPI Dynamics.

“Really, I don’t have much to say about this as I have been expecting it for a while. Its no different then email. I send you a link to a program you allow it to install it takes your contacts list and spams it out. There is nothing new here. Its just applied as a Facebook app or message.”

He also predicted that malware could start arising with any type of ‘app stores.’

The silver lining is that Faceobok applications are much harder to write and distribute than e-mails are, so it won’t be as big of a problem, Sima explained. Vigilance is the best course of action, he added. “Ultimately I don’t think there is much that Facebook can do about it besides act quickly to remove rogue apps when they are reported.”


Parking Ticket Scam Leads to Malware

Give these hackers some credit: this malware scam takes an offline world incovenience — the parking ticket — and turns it into a way to dupe users into installing malware on their computers.

These fake parking tickets have begun appearing on cars around Grand Forks, North Dakota, which directed users to a website.

The yellow flier reads:

PARKING VIOLATION This vehicle is in violation of standard parking regulations. To view pictures with information about your parking preferences, go to [website redacted]

Once on the website, pictures of cars in the area are shown, with the license plate information removed of course (oh, what nice hackers, eh?). In order to “find” your vehicle, the site asks the user to download a toolbar.

A trojan horse is installed by the toolbar, which directs information to childhe.com. That domain has already been fingered as malicious by several antivirus companies, including Symantec.

From here the user would get several fake infection warnings, which then would prompt for the install of even more malware. You got to give these folks credit: this is probably the most ingenious scam I’ve seen yet when it comes to virus and malware trickery.


Fox News: Pentagon Target of Cyber Attack

Fox News is reporting that the Pentagon was the target of a cyber attack so severe that it has now banned the use of all external memory devices, such as flash drives and the like. Apparently, some type of worm or virus has been unleashed on the agency’s computer network, and is quickly spreading throughout the system.

Officials are not specifing what type of worm or virus it may be, only saying an alert had been posted for it, and that it was “taking steps to mitigate the virus.” The computers affected are part of the Global Information Grid, or GIG, and for security reasons the Pentagon does not speak on the specifics of intrusions to that system.

A guess as to what the malware may be could be gleaned from a post to the Symantec Security Response blog from Wednesday. It warns of an increase in USB-based malware attacks, and listed several different viruses and worms known to be using removable drives as a way to propogate themselves.

No comments

Die, Scareware, Die! Microsoft Takes on Windows Scammers

Maybe I’ve been living under a rock or something, but I never heard the term scareware until today. But without knowing the name, I’ve sure seen a lot of the stuff over the years–utilities that use questionable tactics such as fake error messages to lead you think you’ve got a computer problem in order to lure you into buying them. Then they do little or nothing that makes your PC any better–assuming that they don’t do anything that actively screws it up, intentionally or unintentionally.

Such products are a scourge for Windows users–I’m not sure, incidentally, whether there’s such a thing as Mac scareware–and they must be a headache for Microsoft, too, since they’re one of the barnacles that degrades the experience of using Windows.

Continue Reading →

No comments