Posts Tagged ‘virus’

Windows users learned (the hard way) a long time ago that their PC could be infected with viruses, Trojan horses, worms and the like without their knowledge. Anti-virus vendors have made a mint off of capitalizing on the concerns that grew from that basic fact. Eventually, Microsoft decided it was in their best interest to make available free security tools that could help limit the threat and mitigate some of the PR hits their brand kept taking with each new outbreak of malware.

As discussed in this blog before, there is nothing about Linux, UNIX or OS X that makes those platforms inherently immune to virus attacks either, although, the sheer number of known malware instantiations is lower. Mobile devices, which are, after all, nothing more than miniaturized computers that also happen to have built-in cameras, MP3 players and telephony features are vulnerable as well. In fact, the first mobile malware was first spotted 10 years ago, if you can believe it. Clearly, none of this is a new problem.

Well, guess what? You know that WiFi access point you installed in your home a few years back or the ones you never see but freely use at the local coffee shop could be infected as well? How about the possibility that the wireless in your doctor’s office waiting area is as sick as the patients sitting next to you?

Yep, malware for WiFi is the latest unfortunate turn of the technological crank and, once again, we shouldn’t be surprised. Routers and access points are, after all, just special purpose computers and, in most cases, ones that have never been patched since the day they were installed.

One recent study found that:

Using the top 50 selling home routers for sale on Amazon, the firm detected software vulnerabilities in three quarters with a third of these having publically documented flaws open for any attacker to exploit. Common problems included vulnerable management interfaces and dodgy authentication.

So that’s 75% of the most popular devices are vulnerable. Great. But the hits just keep coming

Researchers at the University of Liverpool have shown for the first time that WiFi networks can be infected with a virus that can move through densely populated areas as efficiently as the common cold spreads between humans. 

The team designed and simulated an attack by a , called “Chameleon”, and found that not only could it spread quickly between homes and businesses, but it was able to avoid detection and identify the points at which WiFi access is least protected by encryption and passwords.

So let’s review…

  • WiFi access points can be attacked
  • Most have never been patched
  • Most are vulnerable to exploitation
  • Some could be attacked by malware that spreads from access point to access point

I don’t know that WiFi access point anti-virus tools are waiting just around the corner.  However, I do know that it would be a good idea to take another look at the access points you can control and review the security settings and update the firmware. Don’t say I didn’t warn you …

If you thought your choice of operating system, hardware platform, middleware stack or applications would shield you from malware, think again. If it’s operational, it can be hacked. Period. Certainly some configurations are more vulnerable than others but there’s no such thing as a “secure” system — just varying degrees of INsecurity.

I remember a protracted email debate I had with a colleague many years ago on this subject. His claim, essentially, was that the security model of Linux made it immune to malware. As a security guy, I knew better.

At the time Windows was being ravaged by viruses and Linux was emerging as a more stable, secure alternative. Some were speculating that it would supplant Windows as the leading desktop OS within a few years. Of course, that didn’t happen — at least not yet. Linux has some very clear advantages. Some derive from a kernel for which secure design was not an afterthought and yet others from the collective talents and contributions of the open source community.

Still it isn’t perfect as this story from PCWorld shows. In what is just the latest development in the never ending malware saga, the “Hand of Thief” Trojan, which specifically targets Linux, is starting to pop up. As the article says…

Hand of Thief operates a lot like similar malware that targets Windows machines—once installed, it steals information from web forms, even if they’re using HTTPS, creates a backdoor access point into the infected machine, and attempts to block off access to antivirus update servers, virtual machines, and other potential methods of detection.

Clearly, there are far more instances of malware for Windows than Linux — far more — but equally clearly, Linux is not immune. Neither is Mac OX nor Android nor iOS nor any other OS you’d like to name. In fact, the first malware I personally ran across infected the VM operating system on mainframes back in 1987. Yes, 1987. Years before the press would start reporting on the latest virus scare and long before commercial anti-virus tools even existed and all of this on a platform that was considered quite secure and unlikely to be compromised easily.

The article goes on to say…

Historically, desktop Linux users have been more or less isolated from the constant malware scares that plague Windows, which is at least partially a function of the fact that their numbers represent a tiny fraction of the Windows installed base.

That last phrase is important. It basically is saying that part of the reason Linux hasn’t had a lot of malware really has nothing to do with the merits of it’s innate security capabilities, but rather, due to the fact that it simply hasn’t had as big of a bull’s eye painted on it. Mac OS has historically benefitted from the same “security by obscurity” model but it’s not one you want to bank on. Not surprisingly as Mac’s have become more popular in the marketplace, they have also become more popular in the malware threatspace. Ditto for Linux. Ditto for iOS and Android.

Call it the price of success. If a platform becomes popular it can’t hide from hackers as easily. So, the best thing to do is to take prudent precautions regardless of what OS you’re running on because, as Motown figured out a long time ago,  there really is “nowhere to run to, nowhere to hide…”