Q3 2009 Threat Summary
Leaner Operating Systems
Broadband Internet access continues to increase but computing resources have not kept pace with software demands. As a result, lighter software and optimized performance have become a major focus for the software industry. Both Microsoft and Apple “realized that the pile-on-features model is unsustainable” , wrote David Pogue in the New York Times in August. “Both are releasing new versions of their operating systems that are unapologetically billed as cleaned-up, slimmed-down versions of what came before.”
Apple | The August release of Mac OSX 10.6 Snow Leopard showed the way with an installation that left 7GB more free space on the hard drive than its predecessor. It also included some antivirus functions against trojans.
Microsoft | Microsoft’s Windows 7 operating system, to be released in October, is also set to be leaner and more secure than its predecessor Windows Vista. Vista’s insistent user access control feature actually prompted many users to turn it off completely.
Google | Google is also developing its own Google Chrome OS which is an “open source, lightweight operating system that will initially be targeted at netbooks”, according to the official Google Blog.
More Secure Browsing
During this quarter, Firefox introduced its new private browsing feature and Firefox 3.5.3 introduced a notification for outdated versions of Adobe Flash Player.
According to the Mozilla Security Blog, “Old versions of plugins can cause crashes and other stability problems, and can also be a significant security risk.” Mozilla is also promising to work with other plugin vendors to provide similar checks for their products in the future.
- Labs Weblog: Firefox Advice
Search Engine Competition Good for Security
At the end of July Microsoft and Yahoo signed a 10-year deal whereby the Yahoo search engine will be replaced by Bing in a bid to challenge Google’s dominance of the search-based advertising business. Microsoft hopes to compete with Google by offering new features in Bing, such as adult content filtering. Safe search results are now an important feature for consumers.
According to Tom Krazit from CNET, “Microsoft has tweaked the search filters on its new Bing search engine following criticism that its smart motion video feature allowed Web surfers to watch porn without visiting adult Web sites.”
Search Engine Optimization Attacks
The deaths of Michael Jackson, Farrah Fawcett and Patrick Swayze were quickly exploited by criminals through Search Engine Optimization (SEO) attacks, often pointing people to rogue antivirus products. The H1N1 flu has also been used as an emotional "hook" to lead Internet users to scam sites.
F-Secure’s web analysts saw the first wave of celebrity spam within hours of the reported death of movie star Patrick Swayze, which was followed by fake videos that came up in Google's search results for his funeral. Clicking on the ‘video’ took the victim to a different website and another video, where a click downloaded a rogue AV.
Social Media and Networks Under Attack
Facebook | As Facebook reached 300 million accounts in September, social networks and social media have continued to attract criminal and political interest.
Personal networking connections offer trusted authentication and accounts compromised by criminals have been used to abuse that powerful trust by linking to malicious sites. F-Secure reminds Internet users about the importance of strong passwords and that Facebook passwords should be different from the primary e-mail used to logon to Facebook.
Twitter | As Twitter has grown in popularity, it has been increasingly targeted by worms, spam and account hijacking.
In August it also emerged that Twitter has been used to direct botnets. According to a report in The Register, a security analyst accidentally stumbled across a Twitter account being used by botherders as a cheap and effective way of directing infected computers to websites where they can get further instructions. This appears to be the first time Twitter has been used as part of a botnet's command and control structure.
Twitter accounts are also being used to push rogue AV products. All the tweets sent by these accounts are auto-generated, either by picking up keywords from Twitter trends or by repeating real tweets sent by humans. The links eventually lead to fake websites trying to scare you into purchasing a product you don't need.
- Labs Weblog: Mass-Generating Fake Twitter Accounts for Profit
Politically Motivated DDoS Attacks
In August, the Twitter, Facebook, LiveJournal, Google Blogger and YouTube accounts of a Georgian blogger called Cyxymu were jammed by a politically motivated DDoS attack, as reported by Elinor Mills on CNET.
Launching DDoS attacks against services such as Facebook is the equivalent of bombing a TV station because you don't like one of the newscasters. The amount of collateral damage is huge. Millions Twitter, Livejournal and Facebook users experienced problems because of this attack. Whoever was behind this attack had significant bandwidth available.
- Labs Weblog: Silence Cyxymu
In another coordinated DDoS attack during Malaysia’s National Day on August 31st, hackers targeted a Malaysian-based web host and defaced over 100 websites, including those belonging to Malaysia’s national institutes, universities, media and business.
- Labs Weblog: Cyber Attacks on Malaysian Websites
Mobile Threats Make A Comeback
In the world of mobile phone security, this quarter witnessed the re-emergence of the SMS worm Yxe (aka Sexy View), now in the form of Sexy Space, which performs much like the original. The new variant Yxe.D is Symbian Signed with a certificate from a different company in China than the earlier version.
- Labs Weblog: Q & A on "Sexy View" SMS worm
The old ‘missed call scam’ is also making a comeback. This involves a call from an unknown international number which is immediately dropped when answered. When the curious person calls back to the number, he hears a ‘busy tone’ audio file, when in fact the call is being charged at a premium rate. F-Secure recommends a Google or WhoCallsMe search on any unusual numbers before calling back in order to avoid nasty surprises in the phone bill.
- Labs Weblog: Received an SMS message from a service number with link in it?
- Labs Weblog: Missed Call Scammers Are on the Move