Thursday, August 12, 2010

Virus threat increases for phones, PCs & Macs

Computer and smartphone users are increasingly at risk from viruses with many failing to take adequate precautions to prevent attacks. On Tuesday this week it was revealed that Eastern European cyber criminals had been targeting British bank accounts using sophisticated computer viruses to drain funds amounting to hundreds of thousands of pounds. Up to 30,000 computers had been compromised with the Zeus botnet, according to security firm Trusteer. "It looks like criminal gangs are focused on the UK market and are specialising in UK banks," Trusteer chief executive Mickey Boodaei said on Friday last week. Boodaei declined to name the banks, saying only that customers of all of the major institutions had been targeted.

Zeus, also known as Zbot, steals data by installing a keystroke logger on the victim's machine. People who click on a link in an infected email or compromised website could end up exposing their online banking credentials.

Trusteer said it gained access to the command-and-control servers of the botnets, and this allowed it to pinpoint the location of the zombie computers from their IP addresses. The company then analysed attack commands from the servers to determine the targets of the Zeus variants.

Traditional anti-virus software has been slow at identifying the threat. Boodaei said that international antivirus companies may not detect the Trojans due to their localised nature. Antivirus companies normally deploy a network of sensors, including computers designed specifically to capture malware samples, in networks called 'honeynets'. But the Trojans may not be hitting these sensors, Boodaei said.

Bradley Anstis, vice president of technical strategy at M86, told The Times, "This is an extremely sophisticated version of the virus and it cannot be detected by traditional security software". The experts also warned that such viruses are no longer confined to "red light district" sections of the web, such as gambling and pornography sites, but can be found on popular search engines, blogs and news websites. Last year for example, attackers placed a virus in an advertisement on the New York Times website.

M86 Security said that online banking customers had transferred the virus from legitimate websites onto their computers through "security holes" in either Microsoft's Internet Explorer browser or Adobe Reader software [ZDNet / Telegraph / CNETSky]

Failure to take precautions

However, many people have opened themselves up to attacks by opening unsolicited spam email posing as official bank communications. This despite continued warnings from banks, security firms and media not to follow links sent via email.

Despite continued warnings in the media and by anti-virus software firms, millions of Internet users are falling victim to scams that leave them open to hacking and identity theft, Internet security firm Symantec said last October. In particular more than 40 million Internet users have in the last year fallen victim to criminals targeting them with fake security software.

Symantec says such downloads are not only harmful but allow criminals to obtain the victim's credit card details or other private information. The firm has identified 250 versions of what it terms 'scareware' which may earn criminals more than 1.2 million U.S. dolllars every year.

The fake software is often distributed through the use of pop-up advertisements which are deliberately designed to look legitimate, using the same typefaces as Microsoft and other well-known software providers. Falsely warning that a computer's security has been compromised, Internet users are duped into downloading the software for a fee of around $100.

Con Mallon, from Symantec, warned the purchase had two major risks. "Obviously, you're losing your own hard-earned cash up front, but at the back end of that, if you're transacting with these guys online you're offering them credit card details, debit card details and other personal information," he said. "That's obviously very valuable because these cyber criminals can try to raid those accounts themselves or they can then pass them on or sell them to others who ultimately will try to use that information to their benefit not yours."

Symantec says that some criminals were also extorting money from victims. "[They] could hold your computer to ransom where they will stop your computer working or lock up some of your personal information, your photographs or some of your Word documents," Mallon said, "They will extort money from you at that point. They will ask you to pay some additional money and they will then release your machine back to you."

Internet search giant Google has also warned of the growing risk of fake anti-virus software being downloaded by unsuspecting computer users. Millions of computer users are being duped in to installing the software which they think will protect them online but which actually leaves their computer more vulnerable to hackers. Over a period of 13 months Google analysed more than 240 million web pages and found that fake antivirus programs accounted for 15% of all the malicious software it detected online.

Cyber criminals are using increasingly sophisticated tactics to trick unsuspecting computer users into downloading and installing software laced with malicious code. When activated the software allows hackers to obtain "back door" access to a computer. This in turn could allow criminals to use the machine to send spam emails, or to try and capture personal information and login details for online banking and email accounts.

"The fake antivirus threat is rising in prevalence, both absolutely and relative to other forms of web-based malware," said Google in its findings. "Clearly, there is a definitive upward trend in the number of new fake antivirus domains that we encounter each week. "Surprisingly, many users fall victim to these attacks and pay to register the fake antivirus software. To add insult to injury, fake antivirus programs are often bundled with other malware, which remains on a victim's computer, regardless of whether a payment is made."

Google said that although it uses special tools to filter out websites containing malicious code from its search results, cyber criminals often moved their sites from one location to another in order to thwart efforts to stop their activity. Security experts have advised computer users to ensure they only install legitimate antivirus programs from reputable companies, such as Norton and McAfee, and not to click on any unsolicited pop-ups that claim to have detected a virus, and offer tools to remove it.

Apple Macs also at risk

But many people still fail to follow simple rules online. Apple Mac users in particular leave themselves and others at risk. Apple is not so readily targeted by viruses due to its low user base. As such many Mac users fail to use anti-virus software, leaving themselves open to a potential attack and making their computers a host to malicious software which might be passed on to PC users.

Apple first began to advise users to use anti-virus software in late 2008 [Register]. But even in 2010 some still question the need for such software on the Mac [Guardian]. But the risk does exist as Graham Cluley explains in a video posted on YouTube.

The risks highlighted by Cluley include that of hitting shortened URLs, much used in Twitter to condense an otherwise long web address to only a few characters. Users must ask themselves whether it is safe to click these links. Most will be safe, but some may link to sites embedded with malware. Google actively scans many websites and those using Google Chrome will be familiar with the red warning page warning that a site may damage your computer. But not all browsers display this.

One way to find whether a link is legitimate is to use a URL lengthener, such as Longurl which allows users to see where a particular link goes. Such services have also proved useful in countries such as China where some URL shortening services such as bit.ly are blocked.

Phones now at risk

With mobile phones becoming ever more complex, the risk of being hit by viruses is growing too. This week several reports showed that attacks on the Android mobile operating system had been discovered. Malware posing as a movie player had been found to send premium-rate text messages. Google have responded saying that users should exercise caution when downloading and installing apps. "Our applications permissions model protects against this type of threat. When installing an application, users see a screen that explains clearly what information and system resources the application has permission to access, such as a user's phone number or sending an SMS," the company said. "Users must explicitly approve this access in order to continue with the installation, and they may uninstall applications at any time. We consistently advise users to only install apps they trust. In particular, users should exercise caution when installing applications outside of Android Market." [ZDNet / Guardian]

The risks posed to users of Android smartphones has prompted several security firms to release anti-virus software. Symantec have released a beta version of Norton for Android, and Avast and Mobile Defense have also issued similar products [Androidandme].

Owners of iPhones may be smirking, but the Apple iPhone is not imune from software attacks. In November last year a new worm was identified which redirected iPhone users from a legitimate banking website to a counterfeit website potentially run by cybercriminals. The worm which was identified by security experts at F-Secure, predominantly affected Dutch iPhone users attempting to log on to their ING bank accounts on the device. Users visiting the legitimate home page of the bank were unwittingly redirected to an imitation site by the worm, leaving them vulnerable to cybercriminals, who could capture their username and password and use the information to commit fraud.

Only so-called "jailbroken" iPhones were identified as being vulnerable to the worm attack. "Jail-breaking" is a process whereby a user removes Apple's protection mechanisms in order to allow the use of non-Apple compliant software. However, by doing so it has left some users open to such attacks. Up to 10% of all iPhones and iPod touch devices are believed to have been tampered in this way.

Security experts at F-Secure warned that the worm could effectively turn infected iPhones into a "botnet", a network of compromised computers which could be accessed or controlled by hackers or cybercriminals. The worm can be transferred from one jailbroken iPhone to another if they are using the same wireless internet connection or hot spot according to F-Secure.

The discovery of the latest worm came just weeks after the first ever iPhone worm was discovered. That worm, written by Ashley Towns, "rickrolled" the iPhone's owner by changing the phone's wallpaper to show a picture of pop singer Rick Astley and displaying the message "ikee is never going to give you up". The 21-year-old hacker said he had made the program to raise the issue of security.

While the Rick Astley worm was not particularly harmful it was a clear warning that other more malicious worms might follow. "The creator of the (Rick Astley) worm has released full source code of the four existing variants of this worm," Mikko Hypponen of security firm F-secure said at the time. "This means that there will quickly be more variants, and they might have nastier payload than just changing your wallpaper."

Hypponen's analysis appears to have been proved correct with the discovery of the first malicious iPhone virus. "There's a clear financial motive behind it," Hypponen told the BBC at the time. "It's fairly isolated and specific to the Netherlands, but it is capable of spreading."

And the threats continue with Germany's Federal Office for Information Security warning that Apple's iPhone, iPad and iPod Touch have potentially serious security problems [Chosun Ilbo]. And this week the BBC showed the ease at which hackers could exploit mobile phones by writing malware.

User beware

Makers of software and devices must of course make sure their products are as secure as possible. But consumers must also take responsibility too. If you don't lock your car and leave the keys in the ignition, one can hard blame the motor manufacturer if it stolen. Computer and smartphone users must educate themselves and be aware of the risks of the online world and protect themselves accordingly.

tvnewswatch, London, UK

No comments: