Graham Cluley’s blog
From anti-flappertanknibbles to zombies. Get inside the head of a computer security expert. If you like.
Startups exposed after $100 million iPhone fund data leak
A $100 million venture capital investment fund that was designed to help companies develop programs for the Apple iPhone and iPod Touch platforms has been left with egg on its face. The reason? A database containing information about 588 startup firms seeking funding was accidentally leaked onto the internet.
Startup companies applied for a slice of the Kleiner Perkins Caufield & Byers (KPCB) $100 million iFund by submitting their business plans, financial information, senior management biographies and demos.
According to reports, KPCB’s former hosting provider Meteora has been blamed for accidentally making the SQL database of applicants public, which was subsequently sucked up by the Google search engine.
This is obviously embarrassing for the VC firm, but you can’t help but think that they’re just as much a victim of this as the poor startup companies who shared their information in good faith in the hope of raising some dollars. After all, it wasn’t them who exposed the data but a company who was helping them with their web presence.
This isn’t a time for any other firms to feel smug at the misfortune of the companies embroiled in this incident, but a chance for all businesses to ask themselves if this could possibly happen to them too.
How could this problem have been avoided? By recognising that this data was sensitive, and ensuring that it was properly encrypted of course. We can only hope that no-one unscrupulous was able to get hold of the data.
Posted on December 4th, 2008 by Graham Cluley, SophosFiled under: Apple, Data leakage
Email malware flying high
Cybercriminals are spamming out a new malicious email campaign, posing as airline tickets.
In an attack which is similar to the contract malware we saw earlier this week and last week, the dangerous messages have a ZIP file attached to them (in this case named print-ticket.zip) which if opened will infect Windows users with a Trojan horse.
The emails claim that the recipient has registered an account with a well-known airline and that their credit card has been debited for hundreds of dollars.
Here is a typical example of one of the emails:
As well as US Airways, malicious emails have also been seen pretending to come from the likes of Virgin America, Sun Country Airlines, Delta Airlines, JetBlue Airways, Spirit Airlines, Hawaiian Airlines, AirTran Airways, Alaska Airlines, Northwest Airlines, Frontier Airlines, USA3000 Airlines, Midwest Airlines, American Airlines and Continental Airlines.
The danger is that if you receive an email claiming that your credit card has been stung without your permission, you may rush to open the file for more information without engaging your brain first. These hackers are relying on the red mist of fury to blind you from common sense.
You should always be suspicious of unsolicited email attachments, and keep your anti-virus software up-to-date. Sophos detects the malware in this latest campaign as Troj/Invo-Zip and Mal/EncPk-GH.
This isn’t the first time that hackers have disguised their malware as airline tickets. For instance, back in the middle of 2008 there was a widespread campaign using a similar tactic. We made a movie at the time showing how the labs were able to protect against it.
Posted on December 4th, 2008 by Graham Cluley, SophosFiled under: Malware, Spam
Mac anti-virus support advice disappears off Apple website
Now this is very curious.
As you may have seen, there has been a flurry of stories today pointing out that Apple actually told the world that running anti-virus software on their Macs was a good idea back in mid 2007.
Somehow, some Mac lovers have turned this into a debate into whether journalists and bloggers were lazy in not checking their facts. That’s a reasonable discussion to have of course. But some of the message boards and blogs are getting clogged up with Mac fans apparently using the “this wasn’t news” argument as a smokescreen from the fact that Apple *has* been reminding their customers to use anti-virus software for some time.
Whether it be to protect against Mac malware, or to be a responsible member of the internet community, and stop them from passing Windows malware on to their friends and colleagues, it makes sense to protect your Mac from hackers and malware.
What’s curious now is that Apple has zapped the support advisory which started this entire debate off its website. All you get now is a “not found” message if you follow the link:
Furthermore, an Apple spokesperson has been quoted in the press saying:
“We have removed the KnowledgeBase article because it was old and inaccurate. The Mac is designed with built-in technologies that provide protection against malicious software and security threats right out of the box.” - Apple spokesman Bill Evans, Macworld, 3 December 2008.
The only possible inaccuracies I saw in the original Apple support article was that poorly chosen language could be interpreted as advising that Mac users use multiple anti-virus products on the same computer, and that the list of security vendors was not comprehensive.
So I’m disappointed to see that the support advisory has been withdrawn after 18 months, rather than had some minor fixes.
Although I agree with Bill that the Apple Mac does include some cool built-in technology to help protect against security threats, these can be circumvented through simple social engineering tricks that we see used by Windows malware every day.
The danger isn’t in the operating system so much, but in the user.
To his credit, Bill does go on to say:
“Since no system can be 100% immune from every threat, running anti-virus software may offer additional protection.”
Although I would probably say “can” or “will” rather than “may”.
If you have any thoughts on why Apple has withdrawn the advisory, or have a strong opinion about the need or otherwise of running anti-virus software on your Mac, why not drop me a line?
I’ll publish a representative selection of the best responses I get, and send an exclusive Sophos t-shirt to the first one I pull out of the hat.
Posted on December 3rd, 2008 by Graham Cluley, SophosFiled under: Apple, Malware
Apples, viruses and internet snowballs
Whoops.
I’m sorry for not realising this myself when I wrote about whether you really need anti-virus on your Mac on the blog yesterday.
It turns out that Apple’s advice for the millions of Mac users out there to run anti-virus software is not new advice at all. If you dig around on the internet archive’s Wayback machine at web.archive.org, you can find evidence that Apple originally published this advice (albeit in a slightly different form, and at a different url) as far back as June 2007.
The reason for so much media attention was simply because Apple imported the advice into their new support knowledgebase system, and updated some of the details of the listed anti-virus products.
This is a fascinating example of how the internet can get carried away with itself - and a fairly harmless change on a website can turn into one of the day’s top technology stories discussed by the geeks of the world. There must have been befuddled faces in Apple’s support department! Maybe one day someone will have the time to look into how stories like this snowball into an avalanche, and the effect that blogs and social media have on this.
But it’s clear that what shouldn’t have been a surprise at all to the Apple fans is that their favourite computer maker does recommend they use an anti-virus program, and actually have been for some time. Some of the fervent views expressed on the net would make you think that this is heresy, but actually the boys from Cupertino have been quietly saying it for a while.
Apple’s advice, by the way, is given using rather strange language. At first reading (and indeed, second and third) they appear to be suggesting that Mac users should be running “multiple antivirus utilities”. In fact this isn’t a good idea. Running more than one anti-virus on your computer can result in conflicts, and system slow-down.
In reality what they’re trying to say - but being accidentally ambiguous in their language - is that they are not going to recommend an anti-virus product from a single vendor above other vendors. And the reason for that, they’re attempting to explain, is that hackers would find it easier to circumvent defences if everyone in the Mac community used the same anti-virus product…
..rather than um.. nearly everyone in the Mac community using nothing.
So yes, the news that Apple is urging people to run anti-virus software isn’t actually news… apart from for the people who didn’t realise they had to run anti-virus software on their Apple Macs! Which seems to be quite a lot.
If you have a strong opinion about the need or otherwise of running anti-virus software on your Mac, why not drop me a line?
I’ll publish a representative selection of the best responses I get, and send an exclusive Sophos t-shirt to the first one I pull out of the hat.
Posted on December 3rd, 2008 by Graham Cluley, SophosFiled under: Apple, Malware
Do you really need anti-virus on your Apple Mac?
It started with just a small pebble being dropped into a pond. Apple updated one of its support advisories on 21 November, informing its customers that they are recommended to run anti-virus software.
Most people would never have noticed this announcement. I didn’t at first. I only heard about it when I saw the guys from Intego mention it on their Apple security blog on 25 November. A couple of days later, recovering from a bout of man-flu, I blogged about a new piece of Apple malware and mentioned in passing that Apple were now recommending their customers run anti-virus software.
Today, however, that small pebble dropped by Apple has turned into a tidalwave of commentary - and we’re seeing lots of news stories about Apple urging Mac users to protect themselves with anti-virus.
So, do you really need anti-virus on your Apple Mac?
Lets look at the facts.
Fact one: Mac malware is being written and distributed
We have seen more activity on the Macintosh malware front this year. For instance, in August Troj/RKOSX-A was discovered - a Mac OS X tool to assist hackers create backdoor Trojans, which can give them access and control over your Mac.More recently, and more seriously, we discovered the OSX/Jahlav-A Trojan horse which has been deliberately planted on websites waiting for Mac users to visit.
This is not a proof-of-concept threat. It is real, and regular Mac users can get themselves infected.
(Sidebar: Learn more about the history of Apple Mac malware)
Fact two: Mac malware uses the same tricks as Windows malware
Apple Mac malware has been planted on websites, posing as a program to allow you to watch a saucy video. Guess what? When you install it, the malware downloads additional malicious components from a third party server.That’s exactly the same way so many Windows attacks work. You visit a website thinking you’re going to watch a naked video of Paris Hilton, Angelina Jolie or some other hollywood celebrity and it tells you you don’t have the right codec, or the right version of Adobe Flash to watch the movie. And when you upgrade yourself - BAM! - you’ve been infected.
Fact three: Mac users are just as human as Windows users
Wearing a dark polo-neck sweater and drinking cappuccino does not make you any less susceptible to social engineering tricks than Windows users. Mac users are just as keen to view a pornographic video as Windows users are.Some Mac users in the past have argued that on Mac OS X you need to enter your system administrator username and password to install software, and that this is a defence.
Guess what? If you want to install a codec to watch a porn video, you will enter your username and password.
Fact four: There aren’t as many Mac malware threats as Windows threats
Not by a long shot. The Mac malware threat is still a raindrop in a thunderstorm compared to the problem of Windows viruses, Trojans and worms. But it does exist, and we are seeing some hacking gangs writing malware for both platforms, and planting their attacks on webpages in such a way as to serve up a Mac threat when Apple users visit, and a Windows attack when PC users surf by.Fact five: Mac users have been more complacent about security
There has been a higher level of security complacency in the Apple user community than amongst Windows users. This is a consequence of Apple users having less threats to worry about (see fact four above), and been exposed to less danger, simply because most hackers have targeted their attacks at Windows.With many Apple users incorrectly believing that they are somehow immune from the problem of internet security threats, there is the risk that Mac users are making themselves a soft target for future hacker attacks.
Fact six: Windows threats can infect Macs too
The use of Intel-based chips in Apple Mac hardware has made use of Windows on Macs more common, so Macs are more likely than before to be harbouring and spreading Windows malware.Fact seven: Apple market share is growing
2008 saw record sales of Apple Mac computers, with some users undoubtedly switching from the PC camp to Apple because of a disgruntlement with Windows Vista. As the market share for Apple Macs increases, it is likely to become more tempting for hackers to target the platform.
So, back to my original question, do you really need anti-virus on your Apple Mac?
The answer is yes.
Even though the problem isn’t as big as the Windows problem, your data, your identity, your Mac computer is too valuable to put at risk by not protecting it with anti-virus software.
PS. Will we continue to see TV adverts like this from Apple?
If you have a strong opinion about the need or otherwise of running anti-virus software on your Mac, why not drop me a line?
I’ll publish a representative selection of the best responses I get, and send an exclusive Sophos t-shirt to the first one I pull out of the hat.
Posted on December 2nd, 2008 by Graham Cluley, SophosFiled under: Apple, Malware
Sophos wins VB100 award for Windows Vista x64
The good people of Virus Bulletin magazine have just published information about their latest round of anti-virus product tests.
VB, as it is known in the industry, has been published since 1989 and is an independent journal which includes detailed technical examinations of malware threats as well as standalone reviews of products and bake-offs.
In its December 2008 issue, VB reveals that Sophos Anti-Virus 7.6.1 out-performed a number of rivals and successfully detected all of the viruses in-the-wild without a false alarm problem. As a result it was one of several products to successfully achieve the VB100 award in this indepth comparative test, which was carried out on the Windows Vista x64 platform.
According to the folks at Virus Bulletin, “[Sophos’s] product impressed our tester with its speed of installation, well laid out interface and depth of configuration…”
This is the 44th occasion that Sophos has won a VB100 award, and it seems like only yesterday (well, January 1998 on Windows 95) that we won the first.
Why are we still participating in the VB100 tests almost 11 years later? Well, because it’s important for customers to know if their anti-malware product is consistent in its performance. Tests against malware from the “in-the-wild” list are not the be-all and end-all when it comes to determining which is the best security product, but it definitely provides a useful standard that vendors need to be able to keep on top of.
In 2009, however, we can expect to see VB and other testing agencies getting even more rigorous in the tests that they put anti-virus products through - and that has to be good news for all of us.
Posted on December 1st, 2008 by Graham Cluley, SophosFiled under: Malware, Shameless plug
ShamWow infomercial mutates into spam
Have you seen the ShamWow infomercial?
I must admit, I wasn’t aware of the ShamWow internet phenomenon until today. But a quick search of YouTube revealed that it is a low budget television advert for an absorbent towel that is building a cult-like following. A surprising number of people have been spending their spare time making spoofs of the strangely captivating advert, and its finely coiffured presenter Vince Offer.
Clu-blog-reader Pete has now pointed out to me this piece of spam he has received, promoting the Shamwow:
I was going to open a competition, inviting readers to think of the best use they could think of for a ShamWow absorbent mopping-up towel, but I was worried some of you might make a connection with the last blog post I wrote..
Posted on December 1st, 2008 by Graham Cluley, SophosFiled under: Spam
Any room for spam after your Thanksgiving meal?
If you’re American you may be feeling bloated and stuffed after over-indulging over the Thanksgiving holiday. That may explain the timing of one of the spam campaigns I saw in our traps here at SophosLabs this morning. It doesn’t try and mince its words about how exactly it’s going to help you achieve your weight loss.
Of course, spam about losing weight is something we see all year round, but there is usually a surge in its popularity after a major holiday like Christmas. It wouldn’t be a surprise if we see the same thing in January 2009 - the number of people receiving weight loss schemes in their email probably mirroring the number who enthusiastically buy themselves gym memberships.
Before then though, we can expect to see spam campaigns trying to sell “luxury” goods in the run-up to December 25. Those looking for a bargain amid the credit crunch might be tempted by the wave of replica and fake “brand-name” watches that we are already seeing touted in large numbers by the spammers.
Just remember - the only reason that spammers bombard our inboxes is because people buy the goods that they are selling. Don’t encourage them - don’t buy, don’t try, don’t reply.
Posted on December 1st, 2008 by Graham Cluley, SophosFiled under: Spam
More contract malware spammed out
The start of a new week has brought some minor variations to the contract malware I warned you about on Friday.
The malicious messages that are being spammed out are pretending to be changes to a contract - some related to business activities with well known firms like Johnson & Johnson, Starbucks or Google, and others pretending to be connected with a retirement plan.
Here are a couple of examples:
The dangerous files attached to these emails in the samples we’re seeing in our traps are called contract.zip or New_Contract.zip. Sophos intercepts them as Troj/Invo-Zip.
If you use other vendors’ products, make sure that they are properly updated and capable of stopping these threats.
Posted on December 1st, 2008 by Graham Cluley, SophosFiled under: Malware, Spam
Facebook data loss fiasco
When it arrived in my inbox it looked so phishy, but it isn’t.
Facebook has emailed users admitting to the most enormous blunder. Somehow, someone at Facebook managed to lose users’ settings controlling when they should be emailed.
Now, this isn’t like having information about users’ identities or credit cards stolen or leaked out onto the net, and there’s no suggestion that there is anything criminal going on here, but this is monumentally embarrassing for the social networking giant.
Because they really did _lose_ information. Permanently. Which means a software engineer on their team must have accidentally damaged or overwritten entries in their database beyond repair. Millions of Facebook users, potentially, will need to go in an reset their settings because of a simple mistake.
Of course, when any normal company has an accident like this they can just restore from a backup and get back to where they were before the accident took place.
But err.. this doesn’t seem to be happening in this case. Instead, Facebook has sent out an email to its users apologising profusely, and asking that Facebook fanatics log in to the system and reset their settings to avoid being bombarded with messages every time they’re poked, bitten by a vampire, or asked to participate in talk like a pirate day.
So, what can you learn from this? Well, you should have learnt that you cannot necessarily rely on web companies like Facebook to look after your data. If it can happen to your email notification settings, it can happen to other information about you. If you have data that you don’t want to be permanently lost (like your photos for instance), make sure you’re not relying on a website like Facebook to look after them.
Of course, this isn’t the first time that Facebook has been careless with its members’ data.
What also worries me is that Facebook don’t seem to have thought through their response to this with security in mind.
The email they’ve sent out includes a link for people to log in to the site. Hackers could create a copycat email which contained a clickable link which actually took users to one of the many bogus Facebook webpages we encounter these days, designed to phish login details from the unwary.
Wouldn’t it have been better if Facebook had just told users to log in to the site (without providing the link), and then confirmed at login that the notification settings had to be looked at once again?
It would probably have been useful if they had talked about this incident on the Facebook blog too, just to reassure internet users that the messages were legitimate.
Posted on December 1st, 2008 by Graham Cluley, SophosFiled under: Web 2.0
RSS feeds
Archives
- December 2008
- November 2008
- October 2008
- September 2008
- August 2008
- July 2008
- June 2008
- May 2008
- April 2008
