Macs can’t get viruses can they?
WRONG! Mac computers are just as susceptible to malware and exploits as Windows
and other operating systems. In the past they were not as threatened simply
because they were not yet a large enough portion of the computing population
and worth the time for programmers. As Macs grew in popularity, so did their
use in malicious activities. In fact, in 2001 the known amount of malware
targeting OS-X operating systems overtook the amount of any other system. OS-X
held its spot as the most attacked until 2011 when Android blew up in
popularity, now vastly outnumbering other operating systems in number of
threats.
Last
Friday a major flaw in OS-X was discovered, and it has already infected over
17,000 computers worldwide. A Russian security firm discovered the presence of
a software called “Mac.BackDoor.iWorm”. Personally, if I were writing a virus I
would name it something more discrete like “SystemFile_DO_NOT_DELETE”. My
favorite part about this virus is was its method of communication, Reddit.
The
worm installs itself to look like an application, in most cases as if it were
Java, and creates a component to be automatically launched at the startup of
the computer. The virus does not seem to do much currently besides scan for
what applications you have installed, and then go to Reddit. It doesn’t simply
Reddit to search for funny cat pictures to spam the victim, but goes to special
encrypted SubReddits in order to find commands. Examples of these “commands”
can be seen here: /r/A858DE45F56D9BC9 and /r/f04cb41f154db2f05a4a.
What
the worm looks to be doing is creating a massive botnet. Through the use of
easily and publicly accessible things like Reddit, the hacker is able to anonymously
communicate amongst his infected computers. Programs communicating with hash
keys are a very old and standard technique, but the addition of using Reddit is
an interesting twist. In the past hackers would either have to directly connect
to the infected device, or use outside sources like IRC (a chat client).
Although they still had the ability to translate arbitrary text into useful
commands, this removed the anonymity of it. This brings up numerous ethical dilemmas
and new uses of social media that I doubt the creators ever anticipated.
Reddit responded to this particular
scenario by quickly banning the SubReddit, but how is anyone supposed to know
just what the random gibberish is meant to do? There are various sites that are
known to interact with legitimate programs using the same algorithms, yet to
the moderator and owners of the web space there is no difference between
garbage, malicious use, and constructive use. If I start tweeting incoherent hexadecimal
text, is Twitter obligated to block my account and put me under police
investigation? Furthermore, what’s to stop a sophisticated program turning text
like, “I’m currently writing my blog” to, “Start DDOS - user Lee Vinsel”? I’m
interested in seeing how future malware and network communication algorithms
develop, and what type of stance Reddit among other large public websites take
upon being abused in such a unique way.
http://finance.yahoo.com/news/hackers-found-flaw-macs-using-121808264.html
http://news.drweb.com/show/?i=5977&c=5&lng=en&p=0
http://www.mcafee.com/au/resources/reports/rp-quarterly-threat-q1-2013.pdf
No comments:
Post a Comment