Religious websites riskier than porn for online viruses: study

Religious websites riskier than porn for online viruses: study – Raw Story

Web wanderers are more likely to get a computer virus by visiting a religious website than by peering at porn, according to a study released on Tuesday.

“Drive-by attacks” in which hackers booby-trap legitimate websites with malicious code continue to be a bane, the US-based anti-virus vendor Symantec said in its Internet Security Threat Report.

The same article, or variations on the theme have been have been run by many news/technology venues such as InformationWeek, NYDailyNews, WallStreetJournal Blogs, CSO Online, PCWorld, etc. Many created their own stories from the report, so well worth a read.

Where did all this information come from:
Symantec Internet Security Threat Report – 2011
Symantec Logo - Confidence in a Connected World - Click to view Malicious Code Threat Report 2011

Malware in 2011
By analyzing malicious code we can determine which threats types and attack vectors are being employed. The endpoint is often the last line of defense, but it can often be the first-line of defense against attacks that spread using USB storage devices, insecure network connections and compromised, infected websites. Symantec’s cloud-based technology and reputation systems can also help to identify and block new and emerging attacks that haven’t been seen before, such as new targeted attacks employing previously unknown zero-day exploits. Analysis of malware activity trends both in the cloud and at the endpoint can help to shed light on the wider nature of threats confronting businesses, especially from blended attacks and threats facing mobile workers.

Corresponding to their large internet populations, the United States, China and India remained the top sources for overall malicious activity. …

The reference about religious sites?

Moreover, religious and ideological sites were found to have triple the average number of threats per infected site than adult/pornographic sites. We hypothesize that this is because pornographic website owners already make money from the internet and, as a result, have a vested interest in keeping their sites malware-free – it’s not good for repeat business.

And here’s just one more small area of the report:

Exploiting the Web: Attack toolkits, rootkits and social networking threats

Attack toolkits, which allow criminals to create new malware and assemble an entire attack without having to write the software from scratch, account for nearly two-thirds (61%) of all threat activity on malicious websites. As these kits become more widespread, robust and easier to use, this number is expected to climb. New exploits are quickly incorporated into attack kits. Each new toolkit version released during the year is accompanied with increased malicious Web attack activity. As a new version emerges that incorporates new exploit functionality, we see an increased use of it in the wild, making as much use of the new exploits until potential victims have patched their systems. For example, the number of attacks using the Blackhole toolkit, which was very active in 2010, dropped to a few hundred attacks per day in the middle of 2011, but re-emerged with newer versions generating hundreds of thousands of infection attempts per day towards the end of the year.
On average, attack toolkits contain around 10 different exploits, mostly focusing on browser independent plug-in vulnerabilities like Adobe Flash Player, Adobe Reader and Java. Popular kits can be updated every few days and each update may trigger a wave of new attacks.
They are relatively easy to find and sold on the underground black market and web forums. Prices range from $40 to $4,000. …

The whole report is well worth a read! There is only so much you can put into an article.

Much more in the report!

Advertisements

Oracle Java SE Update – Critical Update

Oracle Java SE Update – Security Garden

Oracle Java released an update to Java SE 6 and Java SE 7.

Edited to clarify:  Included in the Oracle updates are eighty-eight (88) new critical security fixes across numerous Oracle products, listed in the Oracle Critical Patch Update Advisory.  It is strongly advised that the update be installed for those products as soon as possible due to the thread posed by a successful attack.

More in the article.

Time to start checking Java.com for updates from Oracle that fix the latest Bugfixes for Java for your Windows, Solaris, and Linux operating systems. Linux users can also check their distros for these updates, and Mac users should start checking rigorously for updates to Java SE 6 from Apple.

NOTE: As of 10:37 AM EDT today, April 28, 2012, the Java website still shows Java SE 6, Update 31.

You will want to check the download links on Security Garden’s posting for the most recent updates. Or here on Oracle’s download page for Java SE Runtime Environment 6 Update 32 for Linux, Solaris, Windows (mainstream version that works with most applications). Mac OS X users still need to get their Java SE 6, Update 32 from Apple, so please keep checking!

Thanks for keeping us updated on Oracle’s Java status, Security Garden!

New, sneakier Flashback malware infects Macs

New, sneakier Flashback malware infects Macs – Computerworld

A new, sneakier variant of the Flashback malware was uncovered yesterday by the French security firm Intego.

Flashback.S, which Intego described Monday, uses the same Java vulnerability as an earlier version that has infected an estimated 820,000 Macs since its appearance and still plagues over 600,000 machines.

But unlike Flashback.K, the variant that first surfaced last month and has caused consternation among Mac users, Flashback.S never asks the victim to enter an administrative password for installation, but instead relies only on the silent exploit of the Java bug to sneak onto the system.

“The differences are very subtle,” Peter James, a spokesman for Intego, said in an interview Tuesday. “There’s no password request [by Flashback.S].”

Much more in the two page article.

Apple will likely need to update their seek and destroy tool very quickly to help users stay free of this new variant.

If you think you are beginning to need an antivirus/antimalware solution, there are quite a few out there. Below are just a few:


Sophos Anti-Virus for Mac Home Edition
– Sophos has a worthy product out there and it is nice that they make their money on corporate/business computers and offer the home version for free.

ClamXav The Free Anti-Virus Solution for Mac OS X It uses the popular open source ClamAV engine as it’s back end and has the ability to detect both Windows and Mac threats.

There are other options as well for the Pay to Play crowd.

ESET Cybersecurity for Mac

And others from Intego Virus Barrier for Mac free and Pro versions available in the Mac App Store. Intego as noted above found this newest FlashBack in the wild). Other Mac antivirus firms Symantec/Norton, and many more.

Many of these come with a heavy CPU usage hit that is very annoying considering the small number of actual threats out there for the Mac. Of course some users may feel that the ones that provide real time protection are the way to go, some may feel it is worth it if their Macs are speedy enough and they have enough RAM.

For those who don’t think they need a Mac antivirus just yet, if you don’t use Java or none of your programs use Java, you could go to the ~/Applications/Utilities/Java Preferences.app and disable Java until you actually need it and then re-enable it as needed. It’s a very easy thing to do really.

Or you could set up AppleScript to monitor areas where malware might inject itself so it will alert you.

Monitor OS X LaunchAgents folders to help prevent malware attacks – CNET

Some additional locations to add can be found at MrAnderson.info here.

Also installing Piriform CCleaner for Mac is a great idea and can be run as needed very quickly every day even.

Certainly less of a system resource hit and one could still have a non-resident antivirus and scan at your convenience and respond if the Applescript tells you something is going on that you didn’t instigate by installing a program, etc.

The Applescript monitoring locations that you can set up is built with Mac OS X which is light on resources and free. The Applescript monitoring does a similar thing as WinPatrol does in Windows – but of course in a very small area comparatively. WinPatrol does so much more but the key similarity is the monitoring for changes to areas that malware can hit a Windows PC.

What we need for people who are not very savvy about these things is a MacPatrol app like WinPatrol.

Call Starkist

New version of Mac OS X Trojan exploits Word, not Java

New version of Mac OS X Trojan exploits Word, not Java – ZDNET

A second variant of the Mac OS X Trojan referred to as Backdoor.OSX.SabPub.a or SX/Sabpab-A is exploiting a Microsoft Word security hole, not the usual Java vulnerabilities used before.

Just a few days ago, a new Mac OS X Trojan was spotted in the wild that exploited Java vulnerabilities and required no user interaction to infect your Apple Mac, just like the Flashback Trojan. Kaspersky referred to it as “Backdoor.OSX.SabPub.a” while Sophoscalled it at “SX/Sabpab-A.” Now, both security firms have confirmed a different variant of this new Trojan that infects Macs by exploiting Microsoft Word, not Java.

Sophos detects the malicious Word documents as Troj/DocOSXDr-A and points to the following Microsoft Security Bulletin: MS09-027. Kaspersky meanwhile points to this security bulletin for the same Microsoft Word security hole: CVE-2009-0563.

So, it looks like uninstalling Java or disabling it is not the biggest threat afterall. 😉 Now you need to upgrade your Microsoft Office software to protect you from this.

Very important to do, and updating your Java is very important too through Apple Software Updates as Apple put out another update that not only fixed the problem, it also removed the malware infection if found.

Better late than never? Apple has released the third Java update in a week for Mac OS X, and this one contains the tool to remove the Flashback malware from infected systems. Beneath the belated fix to help users eradicate the threat, Apple has introduced a proactive approach to reducing security risk, and other vendors should take note.

Java update for OS X patches Flashback malware exploit

Java update for OS X patches Flashback malware exploit – CNET:

Following the recent Flashback malware developments for OS X where unpatched vulnerabilities in the latest Java runtime for OS X were being exploited, Apple has issued an update that brings Java up-to-date and patches these vulnerabilities.

The patch is available via Software Update for systems that have Java installed, but can also be downloaded from the following Apple support Web pages. The update is available only for OS X 10.6 and 10.7, since Apple has stopped supporting prior versions of OS X.

Java for Mac OS X 10.6 Update 7
Java for OS X Lion 2012-001

EDIT:

Mac Botnet Infects More Than 600,000 Apple Computers – eWeek

Apple’s security code of silence: A big problem – CNET
:

Security industry insiders have long known the Mac platform has its holes. The Flashback Trojan is the first in-the-wild issue that’s confirmed this, and big-time. More will follow unless Apple steps up its game.


Secure your Mac from Flashback infection – USAToday
:

Flashback is technically not a trojan-horse application at all, but a “drive-by download” that infects computers by exploiting a vulnerability in Web software.

That makes it much worse than a trojan: You just need to visit a malicious site, without downloading the wrong app or entering an admin password, to have this program silently take command of your Mac and begin altering the content of Web pages.

Find Out if Your Mac Has the Flashback Trojan — the Fast and Easy Way – Mashable – Two quick Applescript scripts if you are squeemish about running commands in a commandline terminal. I have not used them as I checked in commandline. Use at your own risk.

..

It is tragic that for all the online virus/malware scanners that are out there for Windows users, there do not appear to be any for Mac OS X. Now that is tragic.

BleepingComputer Mac Rogue Remover Tool

[tweetmeme source=”franscomputerservices” only_single=false]Introducing the BleepingComputer Mac Rogue Remover Tool (BleepingComputer Forums)

BleepingComputer has been a great source for Windows users since 2005 for removal instructions and removal tools for rogue anti-spyware programs. They have helped so many! I often find myself doing research at their site.

In keeping with their past dedication and commitment in helping Windows users get rid of this malware plague with removal guides and removal tools, they have also started posting removal instructions for Mac Defender, Mac Security, Mac Protector, and even the new more nasty MacGuard which doesn’t need a password to install like the others that was just released into the wild (at least if you are using Safari configured to Open “safe” files after downloading).

Grinler, an Admin at BleepingComputer forums posted an excellent summary of the history of these rogue anti-spyware programs on Windows PCs, and now on the Mac. This summary is also where you can find the updated removal guides and Mac Rogue Remover Tool.

Currently, BleepingComputer’s Mac Rogue Remover Tool will remove the following:

Mac SecurityMac Security Removal Guide
Mac DefenderMac Defender Removal Guide
Mac ProtectorMac Protector Removal Guide
Mac GuardMac Guard Removal Guide

If you have any questions on these guides and tools, Grinler ask that you post in their forums here.

Thanks to Corrine (Security Garden) for posting this information at Scot’s Newsletter Forums.

Newest MacDefender installs without password

[tweetmeme source=”franscomputerservices” only_single=false]Newest MacDefender scareware installs without a password (Computerworld)

Criminals ‘give Apple the finger,’ says security researcher, by releasing new version just hours after Apple warned of fake AV software

Joy…This just hours after Apple decided to finally help users defend against these fake AV scams, as well as provide a way to rid the Mac of the problem.

The article notes given the name of the new malware and the timing of its release, they definitely think it does seem like a reactionary message.

And the worst part … now no password needed. Or maybe the worst part will be the new spammer’s URL shortening scheme?

Spammers establish their own fake URL-shortening services (Help Net Security)
:

Under this scheme, shortened links created on these fake URL-shortening sites are not included directly in spam messages. Instead, the spam emails contain shortened URLs created on legitimate URL-shortening sites.

These shortened URLs lead to a shortened-URL on the spammer’s fake URL-shortening Web site, which in turn redirects to the spammer’s own Web site.


Mac malware authors release a new, more dangerous version (ZDNet)
:

Yesterday, 25 days after the Mac Defender malware began to appear in the wild, Apple finally responded. In a technical support note, “How to avoid or remove Mac Defender malware,” the company posted instructions for users to follow if they’ve encountered this malware specimen in the wild. It also promised a security update to remove infections automatically.

File that memo under, “Too little, too late.”

Yes….it does seem so.

If you want to keep your money Apple, you should be thinking about protecting your users a whole lot quicker than this from now on.

God help all Apple users, the gloves are off…be on your guard for MacGuard…