Where Do You Wear Your Malware?

The London Stock Exchange, Android phones and even the impenetrable Mac have all been malware targets recently.  If you’re connected to the internet, you are at risk.  It is no surprise that the crooks will go after whatever device people are using to conduct their life – mobile for example, along with trying to achieve that great financial heist….’if we can just get this one big score, then we can hang up our botnets and retire!’  Perhaps Homer Simpson said it best, ‘Ooh, Mama!  This is finally really happening.  After years of disappointment with get-rich-quick schemes, I know I'm gonna get Rich with this scheme...and quick!’  Maybe we call this the Malware Mantra!

Malware has been around for a while, has changed and evolved over the years and we seem to have accepted it as part of the landmines we face when navigating the internet.  I would guess that we might not even think about malware until it has hit us….which is typical when it comes to things like this.  Out of sight, Out of mind.  I don’t think ‘absence makes the heart grow fonder’ works with malware.  We certainly take measures to guard ourselves, anti-virus/firewall/spoof toolbars/etc, which gives us the feeling of protection and we click away thinking that our sentinels will destroy anything that comes our way.  Not always so.

It was reported that the London Stock Exchange was delivering malvertising to it’s visitors.  The LSE site itself was not infected but the pop-up ads from the site delivered some nice fake warnings saying the computer was infected and in danger.  This is huge business for cybercriminals since they insert their code with the third-party advertiser and never need to directly attack the main site.  Many sites rely on third-party ads so this is yet another area to be cautious of.  One of the things that Web 2.0 brought was the ability to deliver or feed other sites with content.  If you use NoScript with Firefox on your favorite news site (or any major site for that matter), you can see the amazing amount of content coming from other sources.  Sometimes, 8-10 or more domains are listed as content generators so be very careful as to which ones you allow.

With the success of the Android platform, it also becomes a target.  This particular mobile malware looks and acts like the actual app.  The problem is that it also installs a backdoor to the phone and asks for additional permissions.  Once installed, it can connect to a command server and receive instructions; including sending text messages, add URL’s/direct a browser to a site along with installing additional software.  The phone becomes part of a botnet.  Depending on your contract, all these txt can add up leading to a bill that looks like you just bought a car.  In fact, Google has just removed 21 free apps from the Android Market saying its malware designed to get root access to the user’s device.  They were all masquerading as legitimate games and utilities.  If you got one of these, it’s highly recommended that you simply take your phone back to the carrier and swap it for a new one, since there’s no way of telling what has been compromised.  As malware continues to evolve, the mobile threat is not going away.  This RSA2011 recap predicts mobile device management as the theme for RSA2012.  And in related news, F5 recently released our Edge Portal application for the Android Market – malware free.

Up front, I’m not a Mac user.  I like them, used them plenty over the years and am not opposed to getting one in the future, just owned Windows devices most of my life.  Probably due to the fact that my dad was an IBM’r for 30 years.  Late last week, stories started to appear about some beta malware targeting Macs.  It is called BlackHole RAT.  It is derived from a Windows family of trojans and re-written to target Mac.  It is spreading through torrent sites and seems to be a proof-of-concept of what potentially can be accomplished.  Reports say that it can do remote control of an infected machine, open web pages, display messages and force re-boots.  There is also some disagreement around the web as to the seriousness of the threat but despite that, criminals are trying.

Once we all get our IPv6 chips installed in our earlobes and are able to take calls by pulling on our ear, a la Carol Burnett style, I wonder when the first computer to human virus will be reported.  The wondering is over, it has already happened.

ps

Resources:

• London Stock Exchange site shows malicious adverts
• When malware messes with the markets
• Android an emerging target for cyber criminals
• Google pulls 21 apps in Android malware scare
• More Android mobile malware surfaces in third-party app repositories‎
• Infected Android app runs up big texting bills
• Ignoring mobile hype? Don't overlook growing mobile device threats
• "BlackHole" malware, in beta, aims for Mac users
• Mac Trojan uses Windows backdoor code
• I'll Believe Mac malware is a problem when I see it
• BlackHole RAT is Really No Big Deal
• 20 years of innovative Windows malware
• Edge Portal application on Android Market