Tom Raftery’s Social Media

There is a great deal of chatter on TechMeme this morning because a trojan has emerged which infects Apple’s OS X!

The trojan is found in pornographic sites masquerading as a video codec.

It isn’t a huge threat because to become infected you need to go through several steps:

When the users arrive on one of the web sites, they see still photos from reputed porn videos, and if they click on the stills, thinking they can view the videos, they arrive on a web page that says the following:

Quicktime Player is unable to play movie file.
Please click here to download new version of codec.

After the page loads, a disk image (.dmg) file automatically downloads to the user’s Mac. If the user has checked Open “Safe” Files After Downloading in Safari’s General preferences (or similar settings in other browsers), the disk image will mount, and the installer package it contains will launch Installer. If not, and the user wishes to install this codec, they double-click the disk image to mount it, then double-click the package file, named install.pkg.

If the user then proceeds with installation, the Trojan horse installs; installation requires an administrator’s password, which grants the Trojan horse full root privileges. No video codec is installed, and if the user returns to the web site, they will simply come to the same page and receive a new download.

The trojan takes over the Mac’s DNS settings and from time-to-time re-directs the Mac to phishing or pornographic websites.

According to Intego, the security company reporting this trojan:

The best way to protect against this exploit is to run Intego VirusBarrier X4 with its virus definitions dated October 31,2007. Intego VirusBarrier X4 eradicates the malicious code and prevents the Trojan horse from being installed

Right - I can see why they are talking it up then! Stlll, if you do find you Mac bringing you to websites you didn’t ask for and you (or someone using your Mac - ahem!) have recently installed a video codec, maybe you should look into this further.

This is the first major malware reported which is specifically targeted at OS X since the operating system was released in 2001. I guess it is a sign of OS X’s increasing popularity.

If you enjoyed this post, make sure you subscribe to my RSS feed!

I wrote a post over a year ago about how I deal with PCs which have become infected with malware (viruses/trojans/worms/rootkits, etc.):

what I do, is to re-install the OS - more often recently it is XP, turn off System Restore, install XP SP2, Microsoft Anti Spyware, Spybot, Adaware, and AVG… or consider formatting the PC.

It seems that I was on the money with that advice - eWeek are reporting today that Mike Danseglio, program manager in the Security Solutions group at Microsoft said at an InfoSec conference in Florida yesterday:

When you are dealing with rootkits and some advanced spyware programs, the only solution is to rebuild from scratch. In some cases, there really is no way to recover without nuking the systems from orbit

Malware is becoming more difficult to detect because malware writing has become a big business. The people who write these malware programs now do so for profit. They write programs which allow them to use infected machines (to send spam, for instance) and they sell their services to companies who want use infected machines. The more machines they control, the more money they can make. It is therefore in the malware writer’s interest that the malware be as unobtrusive and difficult to detect as possible.

Danseglio said:

We’ve seen the self-healing malware that actually detects that you’re trying to get rid of it. You remove it, and the next time you look in that directory, it’s sitting there. It can simply reinstall itself,

This is similar to my observation that malware can hide in the System Restore volume and can re-install themselves after a scan is run.

The one place where Danseglio and I disagree fundamentally is in the apportioning of blame. Danseglio said:

Social engineering is a very, very effective technique. We have statistics that show significant infection rates for the social engineering malware. Phishing is a major problem because there really is no patch for human stupidity

Personally, I believe that if the software allows people to be fooled into clicking on a phishing link (and some of the phishing emails I have received have been extremely convincing), then it is the software which is stupid and not the user.

If you enjoyed this post, make sure you subscribe to my RSS feed!

I received an Alpha invite to try out Riya the other day. I have posted about Riya previously and it does sound like it will be an exciting application - it is an online photo application (like Flickr) but it has facial recognition software built-in. This means that once you upload a photo and tell Riya who is in the photo, it will recognise them in any other photos you upload. This will help enormously when you want to search for pictures subsequently as currently there is no real way to search for images unless they have meta-information attached.

But when I went to Riya, I was unable to upload any pictures as the uploader is Windows XP only - this meant I was unable to test any of the applications features

However bad it is not having a Mac uploader, how difficult would it have been having a couple of test images in Alpha testers accounts so that if they couldn’t upload images they could, at least play with the test ones?

If you enjoyed this post, make sure you subscribe to my RSS feed!

The BBC are running a story about Microsoft starting an anti-virus and security service for PC users.

According to the BBC’s site

The service is designed to automatically patch-up security holes, as well as beef up anti-virus and spyware protection. It will also help maintain the health of a user’s PC generally

Is it just me, or does anyone else see a conflict of interest here? Why would Microsoft want to create secure software incapable of being infected by viruses if they are selling anti-virus services. It would be bound to be in Microsoft’s interest for non-customers to become virus infected and thereby require Microsoft’s anti-virus services.

To anyone who is tired of viruses/malware and spyware infecting their PCs I say - buy a Mac (or a linux based PC). I don’t have any anti-virus or anti-spyware software on my Macs (I do on my PCs) because I don’t require it. There are simply no viruses or spyware for Mac.

If you enjoyed this post, make sure you subscribe to my RSS feed!

Fred Langa has written one of the most misleading and ill-informed articles I have read on the web in quite some time.

In this misleading and ill-informed article, Fred posits that

changing to Firefox–or Mozilla, or any similar software–because “it’s more secure” is a dangerous misconception; and demonstrably false

Incredibly, Fred is trying to tell us that Firefox is not more secure than Internet Explorer!

To back up his claims, Fred very carefully chooses quotes from the US-CERT site

In most cases in the more recent issues, you’ll see the list of IE’s vulnerabilities are fewer than those for Firefox, Mozilla, and the other alternate browsers

and from the Symantec Internet Security Threat Report

Between July 1 and Dec. 31, 2004, Symantec documented 13 vulnerabilities affecting Microsoft Internet Explorer. This is notably lower than the 21 vulnerabilities affecting each of the Mozilla browsers that were documented during the same period

All sounds pretty damning, right? Yes, until you do a little bit of research.

Firstly, Fred conveniently neglects to mention what classification the vulnerabilities have (high/medium/low) i.e. how potentially risky they are for your computer.

Compare the two graphs below (from Secunia) to see that for Internet Explorer 6.x - 42% of its bugs are highly dangerous or above whereas only 7% of Firefox bugs are highly dangerous.

Secondly, US-CERT - the site Mr. Langa choses to take some of his information from, explicitly advise people not to use Internet Explorer

IE is integrated into Windows to such an extent that vulnerabilities in IE frequently provide an attacker significant access to the operating system. It is possible to reduce exposure to these vulnerabilities by using a different web browser

For an unbiased review of vulnerabilities in both browsers, see the Vulnerability Reports on the Secunia website for IE 6.x and Firefox 1.x. Scroll down on these pages to see that Internet Explorer currently has 19 unpatched (some of which are highly critical and have been unpatched for more than a year) and 10 partially fixed vulnerabilities whereas Firefox has 4 unpatched (none of which are even moderately critical).

Finally and from a purely personal perspective - I frequently get support calls from clients infected by spyware and malware of all sorts. I have never had one of these calls from a client I have migrated to Firefox - it is always the IE users who get infected.

With this level of inaccuracy in his piece, you have to wonder about the motivation behind writing such a dangerous and misleading article…

If you enjoyed this post, make sure you subscribe to my RSS feed!

I note a story on the BBC Technology site which says Spyware and Malware authors have copped on to the popularity of blogs and are now using them as vectors to host spyware and malware to infect people lured to the blog.

I’m surprised it took so long for them to come up with this.

Of course I can be smug - I use a Mac so I don’t have to worry about Spyware and Malware!

If you enjoyed this post, make sure you subscribe to my RSS feed!