Two weeks ago AVG announced its LinkScanner software for the Mac platform designed to keep "Mac users safe from increasing intensity and sophistication of Web attacks." Perhaps the Mac faithful didn't take too kindly to the release, as AVG felt compelled to follow-up the announcement with some sobering statistics for Mac users.
"It’s a well known fact that most computer users believe that owning a Mac means that you are somewhat immune to the malicious threats that lurk within cyberspace," AVG starts out. "In fact, this belief has become so strong that many Mac owners do not have, or feel the need to have, antivirus software installed on their machines.
AVG goes on to say that the iServices B Trojan crippled an additional 5,000 machines, and pointed out that other outbreaks, like the Tored-A and Jahlav-C viruses, also cause their share of headaches in the Apple community.
"Flaws were also discovered in the Safari Web browser, iTunes, and PDF program," AVG continues. "Worse still is the fact that last month reports were issued around an unpatched vulnerability in the Safari 4.0 Web browser! So, it would appear that Macs are no longer as shielded as they once were."
Australians who plan to traverse the Web better make sure they have antivirus and firewall software installed on their PCs, because if they don't, they risk being cut off from the Internet. And if they do manage to get an infection, they can expect their ISPs to disconnect service until they can prove a clean bill of health.
These recommendations come as part of a new plan being kicked around Australia's House of Representatives Standing Committee on Communications. In a report titled "Hackers, Fraudsters, and Botnets: Tackling the Problem of Cyber Crime," the committee spent 260 pages outlining 34 recommendations on how to deal with the growing threat of cyber crime, everything from the above scenario to holding companies financially responsible who release IT products with security vulnerabilities.
"In the past decade, cyber crime has grown from the nuisance of the cyber smart hacker into an organized transnational crime committed for vast profit and often with devastating consequences for its victims," said committee chair Belinda Neal.
Is Australia's House of Representatives on to something here, or are they off their rocker? Hit the jump and sound off.
With all the damage hackers are capable of inflicting on your system, you might be under the impression that they're using the most sophisticated software tools on the planet. You'd be wrong, security experts say.
On the contrary, researchers claim that many of the malware kits out in the wild are filled with security holes, sort of a software version of Swiss cheese. And as it turns out, these same bugs can be used not only to identify who it is on the other side of the attack, but also to launch a counter-attack, researchers say.
There are some cyber criminals who code their own software, but the majority of them just go out and grab one of the many available malware kits. Laurent Oudot, a French security expert from Tehtri Security, took apart several of the more popular kits and found a bunch of loopholes he says are relatively easy to exploit, which would allow researchers to "hack the web hackers."
The downside? Doing so might "lead to legal issues," Oudot admits.
The tech media has gone into full "told you so" mode after it was discovered that hackers managed to plant a Trojan in the popular Unreal IRC server, proving that Linux users need to worry about malware too.
"This is very embarrassing... We found that the Unreal220.127.116.11.tar.gz file on our mirrors has been replaced quite a while ago with a version with a backdoor (Trojan) in it," an announcement on the Unreal IRC forum states. "This backdoor allows a person to execute ANY command with the privileges of the user running the ircd. The backdoor can be executed regardless of any user restrictions (so even if you have passworded server or hub that doesn't allow any users in)."
While a single outbreak doesn't constitute an insecure OS platform by any stretch of the imagination, perhaps the media has a point. The announcement goes on to state that the "replacement of the.tar.gz occurred in November 2009 (at least on some mirrors," which means it took nearly a year for it to be noticed. What most of the write-ups are insinuating -- and we'll just come out and say it -- is that perhaps this was left unnoticed in the Linux community because of an arrogance that suggests the open source OS is impenetrable. Obviously that isn't the case, but despite reports you may read elsewhere, the opposite isn't true either -- Linux users needn't worry that the sky is falling because of one high profile outbreak.
Microsoft has the unfortunate reputation of being more vulnerable than most when it comes to security exploits, so I'm sure the boys in Redmond were cringing just a bit more than usual when they discovered that malware was infecting Windows Mobile phones as well. According to Cnet, the applications "3D Anti-Terrorist game, PDA Poker Art, and Codec pack for Windows Mobile 1.0" all contain an auto dialer program that makes calls to random numbers in countries such as Somalia and the South Pole.
Microsoft representatives were understandably concerned about the news, but even we are forced to admit that it's not really their fault since users are voluntarily downloading and installing the infected applications. "Users need to be aware of what they are downloading and make sure it is a reputable source and from a reputable developer." While we don't know the exact number of users who were infected, even Microsoft was forced to admit that it could be the beginning of a trend. "What took 15 years for malware to evolve on the desktop is accelerated on the mobile platform." "We're seeing it move from early proof-of-concept (malware) to things that are driving profit."
Of course this also points out the ideological differences between platforms such as Windows Mobile and Android that allow you to download any application you want, and the iPhone approach where each app is tested an analyzed prior to approval. Do you think mobile platforms should be locked down the way Steve Jobs envisions, or do people who download apps from shady sources deserve what they get?
Here's a scary thought - you may soon have to worry about security on your smartphone just as you do on your PC. Up to this point, cell phone security has almost been an afterthought, at least in the public's eye, but that's about to change. Two researchers from Trustwave -- Nicholas J. Percoco and Christian Papathanasiou - are scheduled to demo a rootkit running on an Android-based smartphone at the Defcon security conference in Las Vegas next month.
"We have developed a kernel-level Android rootkit in the form of a loadable kernel module. As a proof of concept, it is able to send an attacker a reverse TCP over 3G/WIFI shell upon receiving an incoming call from a 'trigger number'. This ultimately results in full root access on the Android device. This will be demonstrated (live)," the two researchers wrote.
As the security duo point out, "the implications of this are huge." With full rootkit access, attackers would be able to read all SMS messages on the phone, drive up long distance phone bills, and could even hunt down the owner's exact GPS location. The flexible rootkit can be installed over-the-air or alongside a rogue app, the researchers says.
Percoco and Papathanasiou didn't say exactly how they were able to bypass Android's security measures to install the rootkit in the first place, but did say why they zeroed in on Android.
"Android forms a perfect platform for further investigation due to its use of the Linux kernel and the existence of a very established body of knowledge regarding kernel-level rootkits in Linux," they wrote.
Application whitelisting company Bit9 is saying something IT admins already know: corporate and government PC users need to do a better job of protecting their computers from malware.
Bit9 surveyed 1,282 IT professionals and found that many enterprise and government desktops are littered with unauthorized software ranging from P2P software, to toolbars, Trojans, spyware, and ransomware, among other digital cruft.
"The results from our survey once again underscore the need for companies to adopt a more proactive approach to endpoint security to prevent unauthorized software from being downloaded and running in their organizations," said Tom Murphy, Chief Strategy Officer, Bit9. "Rather than scrambling to react to the latest malicious piece of software – costing time and money – IT administrators need to ensure that only approved software will run in their enterprise. This is a business critical need confirmed by the large amount of respondents that are dealing with malware across their networks."
A solution may not be so easy to come by. Even though 68 percent of IT staff surveyed said they have software restrictions in place, 45 percent said they still found unauthorized software running on more than half of their computers.
Here's something that will help you sleep a little less soundly at night. According to the cybersecurity intelligence division of VeriSign, hourly botnet rentals can be had for less than $9. The average price of a 24-hour rental runs $67.20.
VeriSign said it launched an online investigation into 25 botnet operators back in February, zeroing in on botnet services advertised on three web forums. The services offered a range of attack vectors, including ICMP, SYN, UDP, HTTP, HTTPS, and Data. What's more, these services came advertised through forums and banner ads, just like a legitimate business would.
"While these attacks are becoming increasingly sophisticated, the criminals targeting your business may not be," said VeriSign iDefense director of intelligence Rick Howard in a statement.
Howard's chilling scenario has already played out, and at these prices, there's no reason to believe this won't be a common theme for a long time to come. For example, it was just two months ago that three men were arrested and accused of operating the Mariposa botnet. None of these men had any significant programming background, yet the Mariposa botnet was comprised of some 12.7 million PCs and stole credit card and bank log-in data from about half of the Fortune 1000 companies and over 40 banks.
Be on the lookout for a rogue program masquerading as a piece of software that helps users determine whether or not PCs are compatible with Windows 7, warns security firm BitDefender.
"This actually works because of the interest in Windows 7," said Catalin Cosoi, the head of BitDefender's Online Threats Lab.
BitDefender first discovered the threat on Sunday. At this point, the Trojan is not yet widespread, though BitDefender notes it has been receiving reports of about three installs per hour from its users in the US, Infoworld reports. Like many viruses, this one requires proactive steps on the part of the user, which the malware writers have been able to elicit with the following email:
"Find out if your PC can run Windows 7," the emails read. "This software scans your PC for potential issues with your hardware, devices, and installed programs, and recommends what to do before you upgrade."
Once installed, hackers have free reign over your system, Cosoi warns.
Software security researchers at matousec.com say they've devised a way to bypass protection built into several of the most popular desktop antivirus products, including those offered by Avast, AVG, Avira, BitDefender, Comodo, Kaspersky, McAfee, Norton, Trend Micro,and several others. The way it works is by exploiting the driver hooks AV apps bury inside Windows. By sending a sample of benign code, they're able to bypass security checks, but before code is executed, it's replaced with malicious data.
"We have performed tests with [most of] today's Windows desktop security products," the researchers wrote. "The results can be summarized in one sentence: If a product uses SSDT hooks or other kind of kernel mode hooks on similar level to implement security features it is vulnerable. In other words, 100 percent of the tested products were found vulnerable."
So far the researchers have tested their method on 34 security products, all of which were found vulnerable. Time permitting for more tests, "the list would be endless," the researchers say. If that wasn't frightening enough, the exploit apparently works just as well on accounts with limited privileges.
The question is, should you be concerned? Not yet. The exploit requires a large amount of code to be loaded onto the victim's PC, rendering it all but useless for shellcode-based attacks or those which rely on speed and stealth. In addition, the attacker must already have the ability to run a binary on the target PC for this exploit to work.