Posts Tagged ‘malware’

Network World has a good summary of the latest zero-day vulnerability in Internet Explorer. The article states that:

Exploiting the flaw allows hackers to execute code — in other words, plant malware on a machine — and opens Windows XP, Vista and Windows 7 to drive-by attacks that only require getting victims to visit a malicious or compromised website.

That means that:

  1. if you use an unpatched version of Internet Explorer (and at the time of this writing that would be all versions since the patch hasn’t been issued) and
  2. if you visit a web site designed to exploit this vulnerability …

you could end up with malware being downloaded to your system without your knowledge.

Clearly, when the patch comes out, you should apply it. Better still, turn on Windows Update and let it do the dirty work automatically.

In the meantime you can either choose to use another web browser such as Firefox or Chrome or just be really careful which web sites you visit.

In fact, you should do that last bit every day anyway. The problem, of course, with that is that you can’t really know for sure which sites might infect you but you can, however, lower the odds considerably by not visiting unknown or dodgy sites.

Just as in the physical world, sticking to the well traveled streets rather than veering off into the alleyways in bad neighborhoods and you will be safer but, crime can happen anywhere.

That advice holds for any web browser, for that matter too. So, while this particular attack won’t affect you if you use Firefox, there’s no guarantee that the next similar attack won’t. Still, at the end of the day, one argument for using Firefox rather than IE is NoScript plug-in that allows you to turn off Java and JavaScript by default for web sites you don’t know whether you should trust or not. That’s one of the best defenses against drive by attacks.

It can be a pain at times as some sites won’t render correctly without these features turned on but at least it puts you more in control of the situation and that can me the difference between dodging or taking a direct hit on the next drive-by browser attack.

 

 

Here’s a link to a Raleigh News & Observer Stump the Geeks column where I was asked to comment on a user’s recurring nightmare with pop-up ads.

For the most part, pop-ups of the sort described be the unlucky soul submitting this question are the result of downloading stuff you shouldn’t. A search bar, a freeware tool, an email attachment of dubious origins — any of these could result in a surreptitious placement of parasites on your computer that will nag you incessantly to visit some web site whose claims are best categorized with the 2:00 am infomercial ilk.

Ironically, many of these ads promise to speed up a lagging computer that is infested with spyware — the very stuff that likely caused the barrage of pop-ups in the first place. Best not to go down that rabbit hole …

Water is still wet

Posted: July 2, 2012 in Uncategorized
Tags: , , ,

Here’s a good CNET article on the adjustment Apple made recently to their public statement regarding OS X and malware…

http://news.cnet.com/8301-13579_3-57460041-37/apple-adjusts-its-tune-on-security-in-os-x/

 

As I mentioned in a previous post, Apple has previously indicated that Mac users didn’t have to worry about viruses and implied that this was due to some basic invulnerability within the operating system. They have wisely started to back off of that position but may not have really gone far enough just yet.

Where they once used to say that:

“A Macisn’t susceptible to the thousands of viruses plaguing Windows-based computers”

a statement which is misleading since Macs are, in fact, vulnerable to other malware (albeit many fewer instances). Now the wording is:

“Built-in defenses in OS X keep you safe from unknowingly downloading malicious software.”

This is better but still leaves the impression that Macs are inherently safe, which they aren’t. In fact, no computer is.

As long as software contains bugs, a certain percentage of those bugs will be security-related and someone is bound to eventually discover these vulnerabilities and try to exploit them.

That was true then and it’s true now and it always will be regardless of which OS you choose to use.

And in other news, water is still wet …

By now you’ve probably heard the news reports of the recent discovery of the Flame malware that seems to be targeting systems in Iran (and possibly other locations in the Middle East). While there are some similarities with the Stuxnet worm, there are probably even more differences.

At this point it appears that Stuxnet was designed for sabotage — specifically targeted at Iranian nuclear facilities — while Flame seems to be built for espionage. In other words, it’s a software-based spy.

The press has picked up on this aspect as well and has been reporting that Flame can eavesdrop on unsuspecting users through the built-in microphone in their computer, turn on a webcam for remote viewing, take periodic screen captures and store keystrokes. Scary stuff to be sure but it’s not new. Not by a long shot.

In fact, I wrote about a similar threat a dozen years ago in my book, Inside Internet Security: What Hackers Don’t Want You to Know,  in discussing a piece of malware making the rounds then called “Back Orifice.” See if anything in this excerpt sounds familiar…

NetBus control panel – a contemporary of Back Orifice

Among other things [Back Orifice] can:

  • monitor and store keystrokes entered by the user (including ‘hidden’ fields often indicated by a string of asterisks);
  • look over the user’s shoulder by capturing screen images;
  • execute commands of their choosing on the user’s system;
  • rename, copy and delete files on the user’s system;
  • connect to other systems via telnet or FTP;
  • open and close the CD-ROM drive (just for kicks!).

And if that wasn’t scary enough, they can even turn the victim’s machine into their own remote surveillance system. If a microphone or video camera is attached to the user’s system, hackers can turn these devices on and then sit back, listen in, and watch what their victim is doing.

So, not to diminish the seriousness of this latest malware (for those relatively few systems that are infected with it), but try not to get caught up in the hype that would lead you to believe that this is some sort of new quantum leap in the threatscape. In reality, this threat has existed for more than a decade. Most people simply didn’t know about it. But now you do … 🙂

So just as I start up my new security blog on WordPress with a video where I talk about some of the risks (including malware) of social media, guess what shows up?

You got it! A story about 30,000 WordPress blogs being infected to distribute none other than malware. Here’s a link to the story:

http://www.pcworld.com/article/251374/30000_wordpress_blogs_infected_to_distribute_rogue_antivirus_software.html#tk.nl_dnx_t_crawl

This is really nothing new, of course. Drive-by download attacks have been around in various forms for years. I wrote about the risk in my book a dozen years ago when most users assumed that the mere act of browsing a web site was safe.

Unfortunately, as long as we have browsers with bugs, some of those bugs will result in security vulnerabilities and some of those vulnerabilities will be exploited.

No defense is 100% foolproof but one of the better ones in this area is the NoScript add-on for the Firefox browser. NoScript prevents mobile code such as JavaScript, Java and Flash (inherently avoids the exposure of ActiveX that exists in Internet Explorer) from being downloaded and executed by your browser for untrusted sites.

It does result in some pages not being rendered correctly but you can either temporarily override the block or add the site to your trusted list to get around this issue. It’s more trouble, but well worth the effort in my opinion.