Threats targeting the Macintosh platform are much less common than those targeting Windows. The same can be said about video games, where Windows is the dominate platform of the two. Combining games and malware has happened before, but a Mac game performing malicious activities? That’s something relatively new.
Takashi Katsuki, one of our Tokyo engineers, came across just that today. The game looks to be a throw-back to the classic Space Invaders/Galaga style of games from the early 1980s. However, what brings this game into the realm of malicious code is that for every alien ship you destroy, the game deletes a file from your home directory.
In Security Response, our primary objective is to provide virus definitions and firewall signatures to protect our customers from threats in the wild. On the flip side of the coin is Symantec’s Support organization, where we help customers install and configure their security software and, in cases where the worst has happened, help remove threats from a computer or network.
Symantec’s Support organization often receives requests to provide threat outbreak information. In some cases the request is for content aimed at a management level, detailing what their security teams have to do in these cases, which they could use to explain the situation at say, the next board meeting. In other cases the requests come from small business folks who are not necessarily IT or Security managers, but may be the office “computer guy/girl” put in charge of cleaning up an outbreak.
It can be difficult to comprehend what’s happening when a computer is...
It seems that the Downadup family of worms is gone but not forgotten. Or is it the other way around?
Media attention for Downadup has waned since early April. The last variant of the threat, W32.Downadup.E, included a “self-destruct sequence” effectively deleting itself as of May 3, 2009. Has the death toll for Downadup chimed, effectively moving it to the historical annals of malicious code?
Not in the least—Downadup is still very much alive and kicking around out there. While the threat is no longer spreading with the same fervor as it did at the beginning of the year, its infection numbers are not falling off as you would expect if we were looking at the cleanup period of a has-been threat. Let’s take a look at some rough data that we’ve collected here in Security Response.
For the last couple weeks, all’s been pretty quiet on the Downadup/Conficker front. While we’re still performing our ‘daily patrols’ here in Security Response, watching for signs of something new, quiet moments like this give us a chance to reflect on what has come to pass so far.
What we’ve discovered looking back is that there has been some confusion about the different Downadup variants—what each one does and how they interrelate. It’s not surprising, given that a feature present in one version is often absent in another. Some largely stand on their own, some install other risks, and others largely seem to exist in order to update their siblings. Try describing how each works and you’re likely to find yourself reminded of an Abbott and Costello routine.
In order to connect the dots between Downadup variants, we’ve developed a...
Earlier this week, researchers from the University of Toronto published a paper about a botnet called Ghostnet that had infiltrated a large number of computers located in various government agencies around the world. While smelling of espionage—the circumstantial evidence shows particular organizations were targeted—no solid evidence has linked the attack it to any one government organization.
However, there do appear to be a few hacker organizations actively involved in the development and dissemination of the toolset used to create the back door used in Ghostnet. This threat, named Backdoor.Ghostnet, can easily be created by just about anyone who can work their way around the toolset—and the toolset is built to be very easy to use. Just fill out a...
If you’re one of those people with a passing knowledge of Linux, you might see it as something used exclusively by network admins, developers, and hobbyists. What you may not realize is that these admins, devs, and hobbyists have taken this versatile OS and ported it to all sorts of devices over the years. While some of these ports were for fun (epitomizing the “because I could” attitude of many hardware enthusiasts), Linux slowly began to appear on everyday devices. Today you can find the operating system on anything from phones to cameras to PVRs. Even if you’re not a gadget geek, you may have Linux-embedded device yourself without even knowing it.
While this swell in usage is great news for open-source advocates, it also brings with it unwanted attention. As we’ve seen time and again—as software gains in popularity it becomes more of a target for malicious code. Over the last few months,...
How do you summarize the functionality of a threat like Downadup? It sounds like the sort of challenge taken up only by folks that can solve a Rubik’s Cube in 30 seconds or less. If someone asked me do so in a sentence, here’s how I’d do it:
“Yeah, right.”
Then again, I was that kid who solved his Rubik’s Cube with a screwdriver. Downadup isn’t one of those types of threats that lend themselves to an in-a-nutshell summary. It happens to be one of the most complex threats we’ve seen in the history of malicious code. Still, let’s give it another try:
“Downadup is a worm.”
True, but this glosses over so, so much. Third time’s the charm?
“Downadup is a worm that spreads by exploiting a vulnerability without DoSing the network with traffic (as well as removable and network drives, by bruteforcing network shares and...
Banning the use of removable drives may sound like a strict IT policy. But when faced with a worm introduced to your network by such devices, it is the sensible thing to do. Recently, the US Department of Defense has done just that in order to protect their networks from such threats.
As the use of removable drives has increased, they have become a successful vehicle to enter a network and compromise computers. The ease of infection is facilitated by a feature within Windows called AutoPlay. Meant as a feature of convenience, AutoPlay allows programs to automatically launch when CDs, DVDs, removable drives, or any other form of storage is inserted into a computer. However, this convenience comes at a serious security cost, as described in the following video:
So how do you protect yourself from such rapidly spreading threats? Banning the use of removable media does reduce...
