abwaters 2.0 » Malware

Google opens up malware blacklist API

digg — Thu, 21 Jun 2007 13:54:28 +0000

Google employees Brian Rakowski and Garrett Casto from the Antiphishing and Antimalware Teams have announced that the company is opening up its Safe Browsing API to the public. The Safe Browsing API allows easy access to Google’s updated blacklist of suspected phishing and malware-infested web pages.

OS X Security

Bryan Waters — Thu, 23 Nov 2006 19:36:58 +0000

Another vulnerability has been found in OS X related to their disk image format. This is on an operating system that openly thumbs its nose at Windows for being insecure. There is even a commercial poking fun at the viruses that plague so many Windows users but seem to ignore the Mac.But the irony is that Windows is a victim of its success. Regardless of whether you like Windows or not, the fact of the matter is that it is the dominant operating system. According to the MarketShare service by Net Applications, the market share for Windows was 94% compared to 5% for the Mac for general usage.

The same way that software developers tend to develop for platforms that allow them to reach the largest possible audience, hackers and virus writers target systems for maximum return. It is simply human nature. People do not expend effort to receive minimal returns. For this reason, IE and Windows have both been heavily targeted where for the time being, the Mac is simply a curiousity for malware authors.

Please understand that i’m not making a statement about whether one operating system is more or less secure than the other. I make my living developing software for both platforms and enjoy the unique features of each. I’ve enjoyed the rivalry between the two companies and believe that the users have thoroughly benefited from the constant one-upmanship. What I am saying is that the state of security for each is not relevant. As long as humans use computers, there will be a way to exploit systems and take advantage of their users.

Currently, there are hundreds of viruses with thousands of variants for Windows operating systems. For the Mac, every single individual vulnerability makes the news partly because there are so few and partly because the Mac is marketed as a much more secure operating system.

I predict that the number of viruses, exploits, spyware and other security problems experienced by the Mac will be directly correlated to its market share.

Customer Support and Email Worms

Bryan Waters — Mon, 20 Nov 2006 18:38:29 +0000

This morning, I received a spam email with a worm attached that actually made it past my spam filters and I have to admit, it is pretty clever. In fact, the thing that impresses me is the amount of social engineering and creativity that goes into these attacks.

The one I received this morning has the subject line: “Mail server report.” Here is the text of the email.

Mail server report.Our firewall determined the e-mails containing worm copies are being sent from your computer.Nowadays it happens from many computers, because this is a new virus type (Network Worms).

Using the new bug in the Windows, these viruses infect the computer unnoticeably. After the penetrating into the computer the virus harvests all the e-mail addresses and sends the copies of itself to these e-mail addresses

Please install updates for worm elimination and your computer restoring.

Best regards,
Customers support service

This email was accompanied by an attachment named: Update-KB984-x86.zip. This was infected with…well, an email worm. They actually told me what it was in their own email…by claiming to protect me from the thing they were sending me in the email.

Turns out the attachment was a ‘Worm.Stration’ variant. Evidently, the Stration Worm (also know as the Warezov worm) is fairly new although it does the same old thing that worms have been doing for years. The difference is that these new guys are able to survive in a world with multilayered spam filters and triple-decker anti-virus, anti-spyware, firewalled systems.

According to a Microsoft blog, McAfee, Symantec and Microsoft’s own antivirus didn’t detect this one. As malware goes, this one doesn’t do much but it is spreading extremely rapidly due to its ability to avoid detection and the use of social engineering.