This Week in MalWare
There have been several interesting malware stories in the news this week.
There’s a new worm circulating the social network called Koobface. Basically, you get a message from on of your friends that says something along the lines of, “I found this video with you in it, check it out,” and then you click on the link and the website tells you to update your Flash player. Of course, this isn’t an update to Flash, but rather a worm that steals passwords and account information. McAfee’s Avert Labs has a good piece of advice that everyone should follow to stay safe on the web:
Do not follow any unexpected hyperlinks you receive over the Web, Email, or IM, even if they are received from someone you know. It’s best to ask for confirmation from the sender; that they intentionally sent such a link.
On the other end of hyperlinks, it’s best to install software and updates from the source (such as adobe.com in this case) rather than trusting the content from a third-party website.
There’s also a new trojan that is specifically targeting the Firefox add-ons system and masquerading as a legitimate extension called Greasemonkey. The trojan gets installed through traditional means (codecs, flash update, etc) and installs into the add-ons and extensions folder. Once it’s been installed, it runs as a normal add on would, and watches what websites get visited. It looks for about 100 different sites, ranging from gaming to banking sites. Once it finds a site that it knows, it records the user name and password and reports back to the attacker. The piece of malware takes advantage of what I believe is a major design flaw in Firefox; any extension has complete access to everything the browser gets. This is a major reason way IT departments are reluctant to deploy FF on their networks. You really need to be careful when you are installing extensions, and make sure that they from a trusted source. If browsing a local intranet page with confidential information, it is a best practice to either use a clean FF with no add-ons, or Internet Explorer.
Thirdly, Apple found itself in the malware spotlight after someone found an old support article in which the company recommended running anti-virus software on OSX. This sort opinion sort of flies in the face of their advertising campaign that says that OSX is immune to viruses due to it’s superior architecture. The controversy really started to mount with Apple quietly pulled that article from their support database and did a complete 180 on the issue. I think Apple is doing it’s users a disservice by acting so defiant about the issue. Suggesting that it’s users protect themselves with a modern anti-virus client which does more than just protect against viruses (it helps mitigate damage from trojans, phishing scams, and general data loss) does not mean that their product is flawed, or somehow inferior, it just means they care about their users. Throughout all of this debate though, people seemed to lose sight of the real reason why OSX users should have AV clients on their machines – they can still receive and forward Windows viruses! So please, if you’re on a shared open network, be courteous, and run an AV client.
Here are some of the links