• Trials & Downloads
  • Personal / Home Office products
  • Business Products
  • Malware Cleaner
  • Installers
• • Corporate
  • Norge
  • France
  • Deutschland
  • Sverige
  • Danmark
  • Suomi
  • Nederland
  • Schweiz
  • España
  • United States
  • United Kingdom
  • Italia
• About Norman
  • Vision & Values
  • Management Team
  • Our Technology
  • Awards & Certifications
  • Customer Cases
  • Press & Media Center
  • Events
  • Careers
  • Subscribe to newsletter
  • Contact Us

Security Center

Cybercriminals focus on new targets

2011-05-06 [Malware discussion, Social engineering, Spreading mechanisms, Trends & predictions]

Introduction

Computers running Microsoft Windows operating systems have traditionally been the main focus for cybercriminals. The reasons for targeting particular devices and software are several, which we have discussed in previous security articles.

In our security article one year ago - Systems prime for exploitation? - we discussed two different approaches malware writers may use in determining how to carry out attacks.

One tactic is to create malware with potential to reach many users (the success in large number approach). This of course requires that the system that is attacked has a substantial number of users.

The abovementioned security article predicted that handheld devices (e.g. smartphones) had reached a level of propagation that made them an interesting target for cybercriminals. The number of reported security issues related to handheld devices so far this year, seems to indicate that our prediction comes true.

However, some recent news items suggest that another type of device is also in the cybercriminals sight.

Apple computers targeted by malware

Two recent incidents suggest that cybercriminals are increasing their activity against users of Apple computers running Mac OS X operating system.

The fake antimalware MACDefender 

Fake antimalware is among the most common types of malware targeting the Windows platform. An example of this type of malware, called MACDefender, has now been observed - in the wild - for Mac OS X.

MACDefender's main spreading mechanism seems to be via search engine optimization (SEO) poisoning. Excellent information about this spreading technique is available from Internet Storm Center's Down the RogueAV and Blackhat SEO rabbit hole part 1 and part 2.

When a user clicks on a poisoned web page, he is transferred to a web site that displays a fake malware scan, which results in telling that the user is infected. A file is then downloaded. If the user runs the file and finalizes the installation procedure, the fake antimalware product is installed. This functions in "the normal way"; the user may purchase the full version by using a credit card, etc. Web pages of a pornographic character are also automatically opened on the infected user's computers.

Users, who have enabled Open Safe files after downloading in their Safari browser, may experience auto-installation of the malware when downloading.

Selected further information about MACDefender:

• More on MAC OSX Malware - MACDefender Fake Antivirus (SANS' Internet Storm Center) 
• New 'MACDefender' Malware Threat for Mac OS X (MacRumors.com)
• Intego Security Memo – MAC Defender Fake Antivirus Program Targets Mac Users (The Mac Security Blog from Intego)
• MAC Defender rogue anti-virus analysis and removal (Help Net SEcurity)

The crimeware kit Weyland-Yutani BOT

The Danish security company CSIS reported a few days ago about a the crimeware kit for Mac OS X, Weyland-Yutani BOT.

This "Do-it-yourself" (DIY) kit offers functionality to create custom malware. This malware makes infected computers into parts of a botnet. Weyland-Yutani BOT has currently form-grabbing functionality for Chrome and Firefox browsers.

It is said to be interchangeable with the banking trojans ZeuS and SpyEye, and Mac users may therefore as of now be more susceptible for banking fraud.

The price for this crimeware kit is stated to be USD 1 000.

Selected further information about Weyland-Yutani BOT

• Crimekit for MacOSX launched (CSIS)
• ‘Weyland-Yutani’ Crime Kit Targets Macs for Bots (KrebsonSecurity)

Malware targeting new devices

Users of the operating system Mac OS X have so far been quite safe from malware infections compared to those who have chosen Windows as the operating system platform. One reason may be that the operating system itself is presumed to be more secure.

In our view, however, another at least as likely explanation is that the Mac OS X platform has not received enough attention from malware authors. The two examples above may be an indication that this is about to change.

Since Mac OS X users traditionally have felt safe from malware, it is probable that their awareness against this threat is lower than similar Windows users. We have said it repeatedly in our security articles:

Whenever malware authors find new vehicles to spread their malware, the probability for success increases immensely. One reason is that our automatic defense mechanisms do not immediately recognize the social engineering techniques used.

One may expect that Mac OS X users are no different, and that this platform's users will experience an increase in cybercrime.

• Privacy policy
• License agreement
• Trademarks
• Sitemap
• Contact Us

© Norman ASA