MacDefender Update

May 25, 2011

Apple is planning to release an update in the near future specifically to deal with the MacDefender malware that’s been making the rounds for the last couple of weeks. There’s blood in the water now, though – I wouldn’t be surprised to see significant amounts of new malware on OS X in the near future, now that it’s a proven target.


May 4, 2011

Macintosh users – welcome to the fake antivirus party.

A new piece of malware called “Macdefender” has been seen in the wild. It is a Javascript installation inside of a compressed ZIP folder, which means that users running as administrators with “Open Safe Files After Download” checked in Safari will launch and install it automatically. Some users are reporting that they were not even prompted for a confirmation password on the installation.

Individual Security

March 29, 2011

Are the days of individual computer security behind us? The president of the Australian Internet Industry Association seems to think so.

While security was once implemented on a per-machine basis, new threats require countermeasures at the network and protocol levels. Nowhere is this more obvious than in hosted applications and other SaaS implementations. Man-in-the-middle attacks, session hijacks, even attacks against “cloud” providers are all beyond the capabilities of an individual user to handle.

Brave new world.


Rustock Takedown

March 23, 2011

Brian Krebs has done his usual excellent job outlining the Microsoft takedown of the Rustock botnet. Because of the resiliency of the architecture, a combination of technical and legal maneuvers were employed to seize the control structure of the botnet and render the compromised clients ineffective.

Autorun Update

March 3, 2011

Microsoft is now pushing out Autorun Update from their Automatic Updates repository. This means that home and SOHO users who are patching their machines from Microsoft, without benefit of WSUS or other management platforms, will have their Autoplay restricted to CDs and DVDs. Since the autoplay of USB keys and other volumes was being badly abused by malware, this is a good thing – just keep it in mind for when your less computer savvy friends call to ask why they aren’t getting that neat popup menu any more when they put in the SD card from their camera.

This update affects WinXP and newer systems.

Applications Pulled from Android Market

March 2, 2011

Google has just removed 21 malicious applications from the Android market – they were all pirated knock-offs of other software, loaded with malware and intended to compromise the handset they were installed upon. Despite their quick action, 50,000 copies had already been downloaded.

New Android Spyware

February 27, 2011

Two new pieces of spyware for the Android smartphone platform have shown up this week – unlike past threats, these are spreading in the US and not just in the Chinese market.

SW.SecurePhone looks especially nasty, recording both data within in the phone and sounds in the physical environment and uploading them to a remote server every twenty minutes.


February 22, 2011

A new trojan, named OddJob, has been discovered. It surreptitiously hijacks a web banking session, cutting off “logoff” attempts and allowing the criminals who operate the trojan remotely to access victims’ accounts.

This is a nasty one.

Credit Union Breach

January 24, 2011

The Pentagon Federal Credit Union, the third-largest Credit Union in America, has suffered a security breach exposing the personal data of an unknown number of members. Their explanation is malware brought in on an infected laptop.

There was a time when you could depend on a firewall to protect your network, when data and work would stay in one place and something like this couldn’t happen. There was also a time when a city had a huge wall around it, with one or two gates. Now people have locks on their individual houses, but apparently, the computing world hasn’t caught up yet.

Resume of a Trojan Horse

January 24, 2011

The Internet Crime Complaint Center has a cautionary tale for prospective employers. An email attachment on a response to an online job posting was actually a Trojan Horse program, used to steal the financial credentials of the hiring company and defraud them of over a hundred thousand dollars.

It might be wise to have a dedicated machine or VM for handling untrusted attachments like that; at the very least, make sure that your antivirus software is up-to-date and use it to explicitly scan unknown attachments before opening.