Tagged with:
 

Mac users are getting pwned too

Trojan Virus affects thousands of pirated copies of Apple’s iWork ‘09 Suite

Malware masquerading as part of Apple’s iWork ‘09 suite has targeted unsuspecting Mac users foolish enough to illegally download and install the pirated version of the software commonly found on warez sites around the Web.

Once iWork ‘09 is downloaded and installed, the trojan horse named OSX.Trojan.iServices.A, obtains unrestrained root access, which it immediately uses to connect to a remote server over the Internet. A secondary download installs malware that makes victims part of a botnet army that is said to be attacking undisclosed websites. According to Mac antivirus software maker Intego, this is the latest reminder of the growing popularity of Apple’s OS X and virus & malware developers. Over the past year, a mix of trojans and exploits have been targeting OS X at increasing rates.

It is believed that more than 20,000 50,000 people have already downloaded the rogue installer. The pirated software does however contain a fully functional version of iWork.

more

Tagged with:
 

Parking ticked = Malware ticket

Parking ticket leads to a virus

Cars in the US had traffic violation tickets placed on the windscreen, which then directed users to a website.

The website claimed to have photos of the alleged parking violation, but then tricks users into downloading a virus.

source

Genuine method i must admit.

“Attackers continue to come up with creative ways of tricking potential victims into installing malicious software.

“Merging physical and virtual worlds via objects that point to websites is one way to do this. I imagine we’ll be seeing such approaches more often.”

Very true indeed. Such type of attacks are really dangerous for the uninitiated and unsuspecting.

I shall start something like this too, but with something smaller like for eg. i am pretty sure you know what happens if you write your phone number in college student campuses bathrooms?!!? That’s right, what about writing a website on the walls or doors in the following emo form:

http://www.stupidprofessor.com/professor_X_NAKED/ – OMG xD xD OMFG Profesor X naked webcam pictures! xD xD xD UNBLVBL…the truest thing :X:X:X >:)

What about fake student organization promotion, party announcements, homework websites, job offers, surveys,etc… etc… Although many of these methods are kinda’ overkill if done in not so crowded places, since the same, if not even more targets could be allured with online methods rather than physical real life ones.

Anyway it’s an interesting special case of social engineering(in the sense that it doesn’t require you to interact directly with a person) to know about. 😛

Tagged with:
 

I’ve received the following comments on two of my posts and they look like this:

Charles Norrie said…
7:25 pm – February 1st, 2009

But it exploits vulnerabilities in Windows systems, so if you install a Linux system like Ubuntu Intrepid Ibex you won’t suffer malware problems again!

On Downadup/Conficker botnet estimated at 8.9 million according to f-secure

Charles Norrie said…
2:19 pm – February 1st, 2009Ubuntu is quite wonderful. Please reply to all news articles mentioning the Conficker virus saying that if users installed Ubuntu, they’d never have to patch their computers again.

Get the message out. We all benefit by persuading people to move to Linux!

On Backtrack 4 will be a full blown distribution

Now i originally wanted to reply with another comment but since the comment ended up a little bigger than i intended and because it expresses a lot of my views on this issue  i made a post out of it, so here it goes:

I have to disagree with you, because persuading people into using Linux just because it is a less prone to malware platform then Windows, is not the solution for the current security issues that exist nowadays. Malware does exist for Linux but it is not that abundant as for security bugs if we take only Windows in discussion and no other third party application then i really can’t say which one is more buggy, a Linux distro or Windows?Because i’ve seen all sorts of bugs in all kinds of places in both operating systems. And i say a Linux distro because it’s not fair to compare Windows with just the Linux kernel, because Linux is only the kernel after all, a Linux distro is what you can call an OS. Plus that the Linux kernel had and it currently has lots of bugs all over the places and new ones are discovered all the time.  Moreover if we make a comparison of security bugs that were discovered both in only the Linux kernel and the Windows kernel i can assure you that the Linux kernel had way more flaws then the Windows kernel afaik. To sum it up let’s say that a vast amount of the masses start shifting over night to Linux, just as you want, and then Linux becomes the leader in the OS market share, what happens then?All of the guys writing malware will shift their attention to Linux and then you will see the same flow and abundance of malware for Linux. Because it’s the same security unaware target audience, the same buggy code, the same people writing new code with the same security flaws, the same security mistakes made in software logic and design, etc…

Linux for the moment, in my opinion, has these advantages when it comes to being a primary target for malware:

  1. low desktop market share
  2. vast amount of distributions
  3. a big percentage of Linux users are tech savvy

Now let’s dissect those 3 advantages:

1.The market share that Windows currently has means only one thing: Way more people are working, banking, e-mailing, chatting and doing stuff on Windows thus a bigger profit is to be gained from targeting Windows users…it’s all business. And if it’s not business than it’s fun and let me tell you that it’s not fun to spend one week writing a piece of malware for Linux that works on at least 5 most used distros. What is fun, in the script kiddie mentality that flourished out there, is to use a lame .vbs *All in one – Virus Maker* and then share it on file sharing networks and watch people getting pwned. What about binding something like Turkojan on a stupid “Undress me” poker game and sharing it too?!? That is fun nowadays. Oh and if it’s not about fun than it is about 5th grade pride and proving that you are the best l33t haxxor out there. Which only lead to this defacement explosion in the past few years. If you can deface a website than you are a haxor. If you can deface a bunch of websites that your are a leet haxxor. But if you can deface Microsoft’s website while defacing 50 others in the other 50 browser tabs you have opened then you really are the most l333tzoor h@xx out there. Well let me tell you one thing, people who deface in those reasons are just plain stupid. They don’t realise or know how many things can be done with a boxen after pwning it(especially a high profile target :roll:) with a lame public for months exploit ,so they just resume at replacing index.html/.php/.asp with their own “I am teh skillzor and admin sucks! L33t Haxor skeelz pwned your boxen. Secure you website. Gritz to acid_piss, no_life and toilet_face!!!” .html defacement page.

2.The vast amount of Linux distributions out there make it hard to write a portable piece of malware that *works on linux* and that’s about it. Different kernel versions and modules, different library and program versions and choices, design and architectural differences all contribute with a certain level of skill required to write a good portable malware piece.

3.You probably guessed yourself, a big % of Linux users being tech savvy makes it not so easy to target them.

In conclusion “Use Linux and you’re malware and pwn free” is not the solution nor entirely true. I hate it when people push this kind of things to the public and it’s the same with the recently flowing bullshit that “Linux just works now!” or “Ubunt jost works!”. Bullshit. It doesn’t, unless you are a hacker(in the good sense) and like to get down with stuff. For the average human beeing that doesn’t know or want to know about computers or how they work  and they just want things like chatting and browsing and file sharing then Linux might actually stay in their way and make them unhappy and uncomfortable and thinking they’re stupid. If we take Ubuntu’s case then “Ubuntu is just working” is only bandwagon fantasia bullshit and not even Mark Shuttleworth has the courage to say that relating to the desktop market. So just leave it at that…Linux is Linux and Windows is Windows each one with it’s ups and downs. 🙂

Tagged with: