X SEO

The Flashback malware threat that recently plagued Mac computers opened a lot of eyes to the fact that Apple’s computers may not be secure as their users have always believed. The Flashback malware attacked users’ Macs by means of a flaw in Java that allowed it to install on users’ computers without their knowledge. Apple ultimately dealt with the problem by releasing a tool that would remove it from infected computers, but not before the malware netted its creators as much as $10,000 per day in stolen ad revenue.

The result of the Flashback threat has been to draw increased attention to the security situation of Mac computers. One recent study found that as many as 20% of Macs are carriers for Window-targeted malware, while security firm Kapersky Labs recently claimed that Apple was a decade behind Microsoft in terms of security.

The situation apparently got Apple’s attention, as well. According to Computing, Apple has asked Kapersky to analyze the security of OS X and make recommendations to improve it. Nikolai Grebennikov, Kapersky’s CTO, said that OS X is “really vulnerable,” and that Apple “doesn’t pay enough attention to security,” noting that the Java vulnerability that allowed Flashback to infect Macs had been patched by Oracle months before the outbreak, and Apple hadn’t bothered to release an update for OS X.

For the moment, Kapersky will only be working on OS X, though Grebennikov foresees similar security issues with iOS in the next year or so, unless Apple takes further steps to secure the platform.

Blue Coat Systems, the provider of web security and speed optimization solutions, released a mid-year web security report earlier this month, which, among other things, examined the current state of malware ecosystems, and detailed the growing size and reach of malware delivery networks.

Malware and malicious software have been around for years, but malware networks are becoming increasingly dynamic and continue to wreak havoc on search engines, email, and everything in between. No, my computer has not been infected by visiting this site, and, no, I will not download your antivirus software, Malware bot.

Larger malware networks have begun swallowing smaller malware entities, and they’re now serving up their web landmines at astonishing rates. Apple even seems to have reached the tipping point, with enough market share that malware networks have begun targeting Apple OSes. It’s not quite the “explosion of malware on Macs” many forecasted, but it’s still a much larger problem than it was a year ago. And it’s not just desktops and laptops that are affected, malware has gone mobile, too. Android appears to becoming more vulnerable, as security firm, Kaspersky Lab, identified 70 different malware on Google’s mobile OS in March.

Hide yo wife, hide yo kids, etc.

Building on top of Blue Coat’s midyear report, Chris Larsen, a senior malware researcher, has put together a nifty little infographic detailing the shape and heft of the malware ecosystem and what areas in particular pose the biggest threats. Larsen told me that, as one might expect, if you’re a malware provider, you want to be where the crowds are, setting your traps in the most highly trafficked areas of the Web.

He also said that the most common form of malware is the invitation to download fake antivirus software, but there’s also the age-old “Take this survey!” malware, and the or that which comes disguised as a PDF or office document file. And users can be infected by malware or spam without even downloading a file, Larsen says, as a form of drive-by downloading makes it possible to ply your browser for vulnerabilities and dive in when they see the opportunity.

According to Larsen and team’s research, search engines have become breeding grounds for malware. And though Google does a good job of identifying poisonous text links, image search is currently “the most dangerous activity” one can engage in on the Web. Part of the problem is that the design of Google’s image search is such that you may be clicking on an image cached by Google that is coming from one of a malware network’s many phony websites. You’ve already clicked through to the image before you know you’re cooked.

Malware networks don’t traditionally come with names, as one might expect, but Larsen said that the security industry has now been tracking the biggest malware offenders for long enough that they’ve been able to identify trends. Traditionally, he said, malware has been identified by particular attacks (and named accordingly), but the reality, he said, is that some networks have grown so large that they have their hands in many different scams at once.

They might be gaming you on Twitter, offering you fake antivirus software in a Google image search, and trying to sneak into Apple OS X through the backdoor all at the same time. Blue Coat has begun employing a naming system for the top malware networks, using plays on mythical tricksters to give these malicious networks an identifier.

And they need names, because these networks are fast, and they’re slippery. The average number of unique host names per day for the top 10 malware delivery networks is 4,107, and an average of over 40,000 users make unwitting requests to malware networks each day. With the highly covered attacks Lulzsec and Anonymous have made in recent months using DDoS attacks and simple SQL injections, the vulnerability not only of the average web user to malware, Trojans, and viruses, but high profile networks and websites has been pushed to the fore as well.

It should be noted that we need to be careful of taking an alarmist stance (just when you thought it was safe to back in the water!); we don’t exactly need one more thing to worry about in our daily web activities, but it is important to be aware of the areas of the Web that malware networks are targeting as entry points. Many of us have had our own Facebook or Twitter accounts hijacked by link-disseminating malware — or at least know someone who has. Shoppybag anyone?

What’s more, Symantec released its own intelligence report today that this new form of rapidly changing malware is leading to a rise in sophisticated, socially-engineered attacks. In terms of spam, the report found that the global ratio of spam in email traffic rose to 77.8 percent, an increase of 4.9 percentage from last month.

Symantec also found that an average of 6,797 Web sites each day harbor malware and other malicious programs, an increase of 25 percent from last month.

For more, check out the infographic below:

Excerpt image courtesy of MaximumPC.

Google announced today that some users will see a message at the top of their search results telling them that their computer is infected, after the company discovered some unusual search activity. “As we work to protect our users and …

A word of caution from Google: Beware, Windows Google users. The company says perhaps more than a million computers have been infected with a strain of malware that affects Google search results. The malicious software infiltrates PCs using scams offering anti-virus software via download.

Google discovered the malware only after noting irregular search patterns for a large number of its users during a routine maintenance check. The malware reportedly sends traffic destined for Google through proxy servers, where the malware’s creators manipulate search results before sending them back to users.

The company said it would warn users whose computers have been infected and help them update their antivirus software. Google began issuing a notification alongside search results stating "your computer appears to be infected," including a link directing the user to troubleshooting resources. The intended purpose of the malware is not yet known.

Mobile devices today are used for just about everything. From gaming to social networking to banking to office tasks – nearly anything you need to do, you can do it on your mobile device. It’s funny to think about, but the phone features are almost secondary with some users.

MacDefender, MacProtector ,and MacSecurity are the names for a fraudulent “anti-virus software” that is the subject of recent phishing campaigns targeting Mac users. It affects users of Mac OS X 10.4, Mac OS X 10.6, and Mac OS X 10.5.

Apple will be putting out a Mac OS X update that will automatically find and remove the malware and its known variants in the coming days. This will include a warning that appears when it is downloaded.

The company also put out some step-by-step instructions for the prevention of installing the malware and for its removal. To avoid installing it, the company says:

If any notifications about viruses or security software appear, quit Safari or any other browser that you are using. If a normal attempt at quitting the browser doesn’t work, then Force Quit the browser.

1. Go into the Downloads folder or your preferred download location.
2. Drag the installer to the Trash. 
3. Empty the Trash.

To actually remove it once it’s been installed:

▪ Move or close the Scan Window
▪ Go to the Utilities folder in the Applications folder and launch Activity Monitor  
▪ Choose All Processes from the pop up menu in the upper right corner of the window
▪ Under the Process Name column, look for the name of the app and click to select it; common app names include: MacDefender, MacSecurity or MacProtector
▪ Click the Quit Process button in the upper left corner of the window and select Quit
▪ Quit Activity Monitor application
▪ Open the Applications folder
▪ Locate the app ex. MacDefender, MacSecurity, MacProtector or other name
▪ Drag to Trash, and empty Trash

Apple says the malware also installs a login item in your account in System Preferences, which you can remove by opening System Preferences, going to Accounts, and Login items, selecting the name of the app you removed, and clicking the minus button. Removal of this isn’t necessary, the company says.

The OS update aspect of this is a pretty helpful move on Apple’s part. It will be interesting to see if the company addresses similar issues this way more often going forward.

We also have to wonder if the Mac OS, which has presented far fewer security issues than Windows over the years, will begin seeing a greater amount of threats.

As smartphone and tablet use rises steadily, people may not be fully aware of the security risks for those devices. Enterprise and consumer devices are confronted with a record number of security threats, according to a new study by Juniper Networks.

For years, the main focus on protection has been the computer. But according to the study, hackers and malware distributors are turning their sights on mobile devices – and it’s particularly alarming because the majority of users don’t have proper security measures in place.

The headlining news from the report is that Android malware attacks increased 400% from the summer of 2010.

But its not just Android users who need to worry. The study found that basically any device with downloadable apps is at heightened risk. Apparently the top way for malware to make it onto your device are through apps.

The report also mentions the Wi-Fi attacks are on the rise, giving attackers easy access to email and social networking information. 17% of attacks came through SMS, where trojans sent messages to premium rate numbers, costing the unwitting consumer.

“These findings reflect a perfect storm of users who are either uneducated on or disinterested in security, downloading readily available applications from unknown and unvetted sources in the complete absence of mobile device security solutions,” said Dan Hoffman, chief mobile security evangelist at Juniper Networks.

“App store processes of reactively removing applications identified as malicious after they have been installed by thousands of users is insufficient as a means to control malware proliferation. There are specifics steps users must take to mitigate mobile attacks. Both enterprises and consumers alike need to be aware of the growing risks associated with the convenience of having the Internet in the palm of your hand.”

Although this information may seem rather alarming, the sky isn’t exactly falling. There are things you can do. Juniper suggests these steps for consumers:

• Install an on-device anti-malware solution to protect against malicious applications, spyware, infected SD cards, and malware-based attacks on the device
• Use an on-device personal firewall to protect device interfaces
• Require robust password protection for device access
• Implement anti-spam software to protect against unwanted voice and SMS/MMS communications
• For parents, use device usage monitoring software to oversee and control pre-adult mobile device usage and protect against cyberbullying, cyberstalking, exploitative or inappropriate usage, and other threats

I’m as guilty as the next person of failing to realize the new mobile threat. I guess we all have to start thinking of smartphones as what they actually are – little pocket computers.

Ten days ago Google discovered that apparently innocuous Android apps were in fact infested with “DroidDream” malware that included an Android rootkit, with the apparent intent of creating a smartphone botnet. It infected more than a quarter of a million devices before Google intervened. The thriller writer in me immediately began to wonder what would happen if black hats built a wildly popular game that doubled as a botnet beachhead. Imagine if Angry Birds was secretly the world’s biggest botnet: even without root access to its install base, those hypothetical black hats could grab private data from tens millions of people, and/or probably DDoS every wireless network in the developed world, especially if it ran as a background service with location access.

That will never happen, of course: it’s what security guru Bruce Schneier calls a “movie-plot threat.” But it does illustrate that you couldn’t stop a Trojan app like that in advance. Android Market security is based on permission requests when an app is installed: such requests are routinely ignored, since nowadays almost every app asks for full Internet and SD card access. Ah, you might say, if only Android apps were vetted in advance, like Apple’s! In which case you should really stop kidding yourself. Most apps seem to be reviewed in an hour or less (after days in the queue.) Apple appears to check the libraries they link against, and maybe they can decompile to the original source code, too – though I doubt it – but iOS apps are written in Objective-C, which includes support for C itself, a language for which labyrinthine obfuscation has become an art form. Any developer worth his/her salt could write an iOS app that includes code whose use only becomes apparent when the app receives a secret signal.

Once upon a time, not so long ago, people talked about how “walled gardens” (like AOL and CompuServe, back in the day) would inevitably lose out to the free, wild, open Internet – and most software was preinstalled, shrink-wrapped, or downloaded from a trusted site. But nowadays users download potentially untrustworthy software from trusted sites. (See also: the Mac App Store.) That’s why providers need the remote kill switch that Google used on DroidDream; that Apple has had for years, and is ready to use on “unauthorized” iOS users as well as apps; and that Intel is now building in at the hardware level, so that phones (and computers) running Intel chips can be killed with a simple encrypted SMS.

Ten years ago people were horrified at the notion of Intel adding a unique ID to all of its processors. Today every phone has a unique ID, and yours is probably uploaded to apps’ servers multiple times a day. Not so long ago, people were outraged that Amazon could and did arbitrarily delete books from users’ Kindles; last week they clamored for Google to exercise essentially the same power. Giving all that power and control to Amazon, Apple, Google and Intel in exchange for security may ultimately be a reasonable and necessary tradeoff — but that kind of centralization of control still makes me more than a little uneasy.

As the developing world adopts smartphones as their first and only computers, Android and iOS will increasingly dominate all Internet traffic. (What about RIM and Windows Phone? I expect they both have kill switches too, but really, who cares; wake me up when one of them has won next year’s war for third place.) Android is a walled garden just like iOS, subtler but no less forbidding. And you can’t even escape the app garden via your browser, because your browser is, in and of itself, an app. While we weren’t looking, the walled garden won.

Photo credit: James Whitesmith, Flickr

Google announced that it has taken several new steps to keep Android users out of harm’s way with regards to malicious applications. The announcement came a few days after a few such apps were discovered in the market.

Google says the apps in question were removed “within minutes” after discovery, but they would have allowed the attackers to access other data. Not good.

Google lists the following four steps:

1. We removed the malicious applications from Android Market, suspended the associated developer accounts, and contacted law enforcement about the attack.
2. We are remotely removing the malicious applications from affected devices. Thisremote application removal feature is one of many security controls the Android team can use to help protect users from malicious applications.
3. We are pushing an Android Market security update to all affected devices that undoes the exploits to prevent the attacker(s) from accessing any more information from affected devices. If your device has been affected, you will receive an email from android-market-support@google.com over the next 72 hours. You will also receive a notification on your device that “Android Market Security Tool March 2011” has been installed. You may also receive notification(s) on your device that an application has been removed. You are not required to take any action from there; the update will automatically undo the exploit. Within 24 hours of the exploit being undone, you will receive a second email.
4. We are adding a number of measures to help prevent additional malicious applications using similar exploits from being distributed through Android Market and are working with our partners to provide the fix for the underlying security issues.

Security firm Symantec told CIOL that attacks aimed at Android users look to steal info, download malicious code, or send text messages to premium numbers. “Some of the information that malware on Android devices have been observed to compromise include the phone’s coordinates based on GPS, the phone’s unique IMEI number, administrative rights and screen shots of the phone,” Abhijit Limaye, Director, Development at Symantec is quoted as saying. “Some malicious code can also silently pull additional malware into the phone as a background service, or hook the device on to a mobile botnet. Malware that steals data from the Android device is also a possibility – with many of us using phones for banking or social networking, these details are valuable for attackers.”

Apple’s app approval process has drawn plenty of criticism over the years, but this is certainly one area where it may appear more attractive to users.

Verizon said today it is partnering with the nonprofit organization StopBadWare to help protect Internet users from security threats like spyware, viruses and other malware.

During the next three years, the organizations will work together on issues ranging from educating small businesses about badware to developing approaches to help smartphone phone users protect their handsets.

StopBadware has previously worked to develop transparency, educational resources and an appeals process for websites blacklisted for having badware content. The organization also will soon release a set of best practices to help Web-hosting providers address reports of badware on their networks.

“We at StopBadware are eager to combine our own expertise with Verizon’s  to better defend Internet users,” StopBadware said in a blog post.

“We’re particularly excited about drawing on Verizon’s resources and knowledge to bolster conversation surrounding the mobile malware threat and innovative ways to combat it, like identifying new approaches to securing mobile handsets.”

Other companies that support StopBadWare include Google, Mozilla, PayPal, and Nominum.