Top web-based malware in 2007.
Posted on 01/22/2008 10:01:00 PM PST by Swordmaker
Mac users targeted by financially-motivated hackers for the first time
IT security and control firm, Sophos, has published its Security Threat Report 2008 examining the threat landscape over the previous twelve months, and predicting emerging cybercrime trends for 2008. The report reveals that in 2007 organised criminal gangs for the first time arrived at Apple's doorstep with the intention of stealing money. With proof that hackers are extending their efforts beyond Windows, Sophos is warning computer users of all operating systems not to be complacent about security.
Sophos experts note that malware for Macs has been seen before, but until recently, organised criminal gangs have not felt the need to target Mac users when there are so many more poorly protected Windows PCs available. However, late 2007 saw Mac malware not just being written by researchers demonstrating vulnerabilities or showing off to their peers, but by financially-motivated hackers who have recognised there is a viable and profitable market in infecting Macs alongside Windows PCs. For example, many versions of the malicious OSX/RSPlug Trojan horse, first seen in November 2007, were planted on websites designed to infect surfing Apple Mac computers for the purposes of phishing and identity theft.
"No-one should underestimate the significance of financially-motivated malware arriving for Apple Macs at the end of 2007. Although Macs have a long way to go in the popularity stakes before they overtake PCs,particularly in the workplace, their increased attractiveness to consumers has proven irresistible to some criminal cybergangs," said Graham Cluley, senior technology consultant at Sophos. "Mac users have for years prided themselves on making smarter decisions than their PC cousins - well, now's the chance to prove it. The Mac malware problem is currently tiny compared to the Windows one, so if enough Apple Mac users resist clicking on unsolicited weblinks or downloading unknown code from the web then there's a chance they could send a clear message to the hackers that it's not financially rewarding to target Macs. If they fail to properly defend themselves, however, there's a chance that more cybercriminals will decide it's worth their while to develop more malware for Mac during 2008."
Sophos experts are now discovering 6000 infected webpages every day - one every 14 seconds. 83 percent of these webpages actually belong to innocent companies and individuals, unaware that their sites have been hacked. Websites of all types, from antique dealers to ice cream manufacturers to wedding photographers have hosted malware on behalf of virus writers.
Cybercriminals can target any computer user by spamming out emails containing links to the poisoned webpages, directing unsuspecting victims to the malicious code. The website can determine if the visiting computer is a Mac or a PC, and delivers malware custom-written for the surfer's operating system.
Wi-Fi presents cybercriminals with more avenues to explore As computer users wise up to traditional malware attacks, such as email-borne worms, Sophos's Security Threat Report 2008 also reveals that the wider use of new mobile technologies and Wi-Fi enabled devices, like Apple's iPhone and iPod Touch, may be opening up new vectors of attack for hackers. Flaws have been found in the mobile email program and Safari browser installed on such devices - but while uptake remains limited cybercriminals seeking large returns are unlikely to exploit these avenues on a major scale in the near future. However, as personal Wi-Fi devices grow in popularity, the risks will no doubt increase. Sophos experts also note that the low cost ultra-mobile PCs, such as the popular Linux-based ASUS EEE laptop, are likely to gain the attention of the cyber underworld as sales continue to grow.
"The ultra-mobile ASUS EEE laptop, like many others, comes pre-installed with Unix, making it automatically immune to the vast majority of spyware and malware attacks," said Cluley. "However, it's still possible to lose money through phishing and identity theft on any device with an internet connection. As it becomes more common for people to use a Wi-Fi enabled device which carries personal information, the greater the temptation for hackers to take advantage with malware in the future."
State-sponsored cybersnooping and cybercrime claims predicted to rise During 2007, it became more common for countries to openly accuse each other of engaging in cybercrime, despite the fact that it can be extraordinarily difficult to prove where an attack originated and if it is government-sponsored or purely a lone hacker acting independently.
In April 2007, a large-scale distributed denial-of-service (DDoS) attack against websites in the Baltic state of the Estonia was blamed on Moscow, while in December 2007, it was revealed that MI5, the British secret service, believed that the Chinese government was behind electronic espionage against British firms designed to give China a commercial advantage. However, neither claim has been proved.
"2008 is likely to bring more accusations, but so far there has been no actual evidence of state sponsored cyberspying," said Cluley. "While spying has been happening for centuries, it is important to remember that hackers are experts at covering their tracks, making it difficult to determine the exact source of an attack. There is no doubt, however, of the importance of securing critical computers inside government organisations from hackers, no matter whether they are motivated by politics, espionage or simply money."
Mal/Iframe remains dominant malware threat in 2007 Web threats continued to be the preferred vector for malware attack in 2007.
The top ten list of malware found on the web in 2007 reads as follows:
Top web-based malware in 2007.
China is the number one country hosting malware in 2007 In 2006, China was responsible for hosting just over 30 percent of all web-based malware, and held second place after the US. However, in 2007 this position was reversed with China hosting more than half of all infected webpages.
The top ten list of malware-hosting countries in 2007 reads as follows:
Top malware-hosting countries in 2007.
"We would like to see China making less of an impact on the charts in the coming year. Chinese computers, whether knowingly or not, are making a disturbingly large contribution to the problems of viruses and spam affecting all of us today," explained Cluley.
For more information, including statistics on email threats, detection techniques and spam-relaying countries, please download the Sophos Security Threat Report 2008 from:
About Sophos
Sophos enables enterprises all over the world to secure and control their IT infrastructure. Sophos's network access control, endpoint, web and email solutions simplify security to provide integrated defenses against malware, spyware, intrusions, unwanted applications, spam, policy abuse, data leakage and compliance drift. With over 20 years of experience, Sophos protects over 100 million users in nearly 150 countries with its reliably engineered security solutions and services. Recognized for its high level of customer satisfaction and powerful yet easy-to-use solutions, Sophos has received many industry awards, as well as positive reviews and certifications.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com
"Sophos experts are now discovering 6000 infected webpages every day - one every 14 seconds. 83 percent of these webpages actually belong to innocent companies and individuals, unaware that their sites have been hacked. Websites of all types, from antique dealers to ice cream manufacturers to wedding photographers have hosted malware on behalf of virus writers."
... without telling their readers that the malware found is WINDOWS malware, not Mac malware. I wonder what they are intending to imply by this factual omission. It's FUD.
Why would Sophos be spreading Fear, Uncertainty and Doubt?
Could it be because they SELL Mac Anti-Virus software? Nah... they wouldn't do that...
... would they?
If you want on or off the Mac Ping List, Freepmail me.
ITWeek - "Lock Down Your Macs, Firms Warned
Boston Business Journal - "Sophos: Hakers Targeted Macs in 2007"
IT Business - "More Mac Malware Attacks Expected"
VNUNet - "Criminal Hackers Turn On Macs"
There are a lot more... and there will be more tomorrow... all from a FUD press release from company that has said exactly the same thing before...
All of this based on two, count 'em TWO, discoveries of a trojan horse application to be pretending be a Safari Plug-In to display porn movie files... that require no less than FOUR instances of the user ignoring warnings from the system that it isn't what it purports to be... and requires the user to install it himself.
One other thing I've noticed. I have a .Mac account, and practically never receive spam on it, despite it being my primary email account. I also have a gmail account, which I've never given to anyone, and it gets spam all the time. Possibly webbots have guessed my gmail account name, but I suspect that Google sells their email lists, and Apple does not.
Good point. The least secure part of a Mac is the user. That is absolutely not true for the PC.
Hey, be glad, Macs are a growth area for the fleece seekers. ;’)
The OS can’t protect you if you agree to install a trojan. If Apple market share increases, it will include dumber users. If people fall for Nigerian bank scams, they will install malware. It’s just a matter of time.
no one is disputing trojans, thats not an os problem its a user problem. When there is a code red or nimda which spreads *by itself* over an unpatched vulnerability ping me will ya’ in the mean time this article is nothing but FUD..
Absolutely, and no virus protection program will protect you from willingly installing programs on your computer. On the other hand, there’s little profit in advising people to be careful. It’s much more profitable to persuade them to purchase a package that does little good and increases system overhead.
I monitor about 50 PCs and haven’t seen a virus get past a reasonably secured computer since 1998.
I will grant that securing a PC is a pain in the butt, but it doesn’t cost anything if you pay attention to reviews in magazines like Maximum PC.
The biggest problem in the computer world is spam being sent by zombies, many of which I bet have pirated copies of windows. Zombie spam could could to an end in half an hour if Internet providers blocked ordinary users from acting as email relays, by default. This could be a simple switch in the cable or DSL modem that could be overridden by anyone who actually wants to have an email server.
“I monitor about 50 PCs and haven’t seen a virus get past a reasonably secured computer since 1998.”
Then youre not looking hard enough when code red hit there was no measure short of a really good firewall to keep it from getting to your box (that was 1999 or 2000 I think) anti virus software came out rather quickly to counter it but the thing spread like wildfire for a reason.
When you have a virus that can do that in the mac community (spread with *no* user interaction) give me a jingle..
“Zombie spam could could to an end in half an hour if Internet providers blocked ordinary users from acting as email relays, by default.”
Nope not so... Most spam zombies don’t relay spam the are the origin of spam! So blocking outgoing port 25 would do little if anything to alleviate the problem. I could without using port 25 on my end connect to your mail system and send a mail, now its up to your mail server to make sure Im from an ‘ok’ node of the net to mail from.
Many big ISP’s (like AOL) do a reverse DNS check on the connection which will cut down significantly but that up to the mail servers not the network providers.
“This could be a simple switch in the cable or DSL modem that could be overridden by anyone who actually wants to have an email server.”
Thats not how email works, without being a server I can send a message to you all I need to do it telnet to your mail server on *remote 25* and put in a few smtp strings and its away. All zombies do it perform this in the background.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.