Cybercriminals Shifting Focus To Non-Windows OSes 265
Orome1 writes "In a major cybercrime turning point, scammers have begun shifting their focus away from Windows-based PCs to other operating systems and platforms, including smart phones, tablet computers, and mobile platforms in general, according to the a new Cisco report. The report also finds that 2010 was the first year in the history of the Internet that spam volume decreased, that cybercriminals are investing heavily in 'money muling,' and that users continue to fall prey to myriad forms of trust exploitation."
Thank God.... (Score:4, Insightful)
Will they please target the Linux platform so we can prove once and for all to all the Windows lovers that the underlying architecture protects better than the Windows design?
Re:Thank God.... (Score:4, Insightful)
That's not really as true anymore, though. I'm not sure if this is the article I read on it, but http://www.pcadvisor.co.uk/news/index.cfm?newsId=3235498
Also, even if the underlying architecture protects better... you can't protect people from their own stupidity. They will *absolutely* find ways to infect their machines with malware even if it requires becoming root.
Fucking users.
That's part of the protection. (Score:2)
The more steps the user has to complete, the more likely that they will fail to install the malware on their system.
90% success with a single step is only 81% success with two steps (of 90% success each).
Three steps (90% success each) is only 73% success.
And that's not even counting the various worms that won't work because the systems do not ship with services listening for them by default.
You will NEVE
Re:That's part of the protection. (Score:5, Interesting)
It was then that I realised there will never be a technical solution that makes more than a dent in malware infections.
Re: (Score:3)
Re: (Score:3)
Exactly. If people lose all their data in /home because they downloaded and ran a malicious program, they aren't going to care one whit that the underlying OS wasn't compromised. All they're going to think is, "This Linux crap isn't as secure as I was told!" Unless it actually does protect people from doing stupid things to their own data/user space, it's not going to matter how secure the underlying platform is.
Re: (Score:3)
I went to a machine the other day and found the user's password on a post-it note.
That's common enough, right?
Except he was in /etc/sudoers. Not any more.
I'm instituting a new security policy: if you leave your password on a post-it note, you lose sudo. If I find your password on a post-it note again, I get to hit you on the head with a hammer. Eventually it will stop.
Re: (Score:2)
Re: (Score:2)
I just turn off password authentication and use RSA keys.
I do see some 2-3 thousand "Bye bye"s a day though... on my personal computer connected to a cable modem.
Re:Thank God.... (Score:5, Funny)
Not until you get an equal number of people using Linux who are determined to see the dancing bunnies.
Re:Thank God.... (Score:4, Insightful)
And if you go look at the source code, you can find plenty of these exploits, I presume? I'll look forward to hearing about them with interest.
The fact that bad guys can find a bug means good guys can find it too. Ultimately, that makes the whole platform more secure. Not perfectly secure, and there's no such thing, but awfully good.
But feel free to repeat that old canard about using open source all over. In the meantime, those of us who depend on real machines with real security will use *nix, unless given absolutely no choice.
Re:Thank God.... (Score:5, Insightful)
What makes you think they haven't?
What you've described would be completely unmeasurable - because the only way you can properly measure exploits is when they are successful. There is no way to distinguish between failing to exploit Linux and not attempting an exploit it at all.
Comment removed (Score:4, Funny)
Re:Thank God.... (Score:5, Informative)
Re: (Score:3)
Also known as, the 8th and forgotten dwarf.
Re: (Score:2)
Shhhhh!
Now I'll have to change my hair style again.
Re: (Score:2)
Can't be. He wrote "Linux" without the GNU/ prefix.
Re: (Score:2)
Thanks, Ballmer! I'm going to run down to the computing store and purchase a safe, closed source, expensive, fear based product right this fucking minute... wait, I'm going to finish my coconut juice first, oh then I have to fiddle with some linuxy bits here in Solaris land. Oh crap, I forgot I need to get a van and move some other junk tonight. Oh, then I need to get some medication for my royal wedding fever... Perhaps next week, FOR SURE!!1!
Re: (Score:3)
You're right, there is. Less for both OSes combined than the number of Windows viruses created in a single day. None of which are in circulation.
So it is fair to say there is no malware for MacOS or Linux in the same way it is fair to say there is no smallpox. It's in the history books and there's probably a sample in a vault somewhere, but that's about it.
The internets disagree with you... (Score:2)
About 643,000 results (0.18 seconds) [google.com]
About 7,850,000 results (0.09 seconds) [google.com]
Also...
http://en.wikipedia.org/wiki/Linux_malware [wikipedia.org]
OH NOES GOOGLE FIGHT!!! (Score:2)
You're not seriously using the Google Fight argument are you?
https://encrypted.google.com/search?q=the+sky+is+red [google.com]
There you go, the sky is red, 216 MILLION Google results confirm it.
OH NOES A STRAW MAN!!! (Score:2)
Google servers heat up the straw in the straw man, [google.com] until it catches fire and BURNS.
Also, you lose 10.000 internets.
Forever.
Re: (Score:3)
Your argument that my argument is a straw man is a straw man. Many Google results for something does not mean that thing is common, correct, or even exists at all.
By creating this recursive strawman loop you are sucked into the straw man universe, where you are a sex slave to splintery straw men for the rest of eternity.
Re: (Score:2)
Except... (Score:2)
Your argument that my argument is a straw man is a straw man.
You do realize that is the equivalent of saying "Well, your argument that I'm making a straw man argument sucks"?
Many Google results for something does not mean that thing is common, correct, or even exists at all.
And there you go again. Also, putting words in my mouth.
I was not citing Google results as correct, common or actual.
Nor was I making an illogical claim like "Sky is red" (which in on itself is true every day around sunset, it is just that most of the day Earth's sky has another color) and then using the shear number of results as a counter-argument.
I.e... "Creating the illusion of having refuted
Re: (Score:2)
Yes they are a search for "Linux malware" and one for "OSX malware", and the wikipedia page listing the small number of Linux viruses that have ever existed.
Re: (Score:2, Insightful)
so acutally there is malware for linux and mac, why do you keep saying there isn't?
Anyone can write malware for Linux: writing, say, a key-logger that looks for credit card numbers is essentially trivial.
The problem is getting it onto PCs you don't control, which is vastly simpler in Windows than Linux because Windows has vastly more security flaws by design.
Re: (Score:2)
I didn't say there isn't any at all. Just none in current circulation, and only a tiny handful have ever existed.
Re: (Score:3)
Re: (Score:2)
That's why I run Windows XP in a VirtualBox session, so that my Linux box, too, can share in the richness that is malware.
Re: (Score:2)
Hey, you know they installed their own OSes, how many Windows users can even install Windows?
Re: (Score:2)
Look. I support Linux as much as the next guy. Hell, I use it on two of my four systems. That being said, I hold no illusions that Linux would remain as secure as it is today were its use as widespread as Windows...nor would it remain as secure once you get Grandpa Joe and Soccer Mom Jennifer using it daily (i.e. super widespread adoption, increasing the number of people targeting it.)
I'm not saying Linux isn't secure...I'm saying there is no way you can compare the security of an OS that barely holds 1%
Re: (Score:3)
"Barely holds 1% of the market"
Really? I'd like to know where you get your stats from. According to numerous sources, including W3's OS Statistics ( http://www.w3schools.com/browsers/browsers_os.asp [w3schools.com] ) DESKTOP linux users number about 5%. and that doesn't include the VAST number of servers.
Linux in the server market outnumbers windows. http://en.wikipedia.org/wiki/Usage_share_of_operating_systems [wikipedia.org] in the last few months "Linux/unix and variants" passed 50% of ALL server use.
with most of the people in Internet Security working on a
Re: (Score:2)
1%, 5%...it's still no where near the number of Windows desktops out in the wild.
Re:Thank God.... (Score:5, Insightful)
Re: (Score:3)
But how do you steal my credit card and bank details by hacking some random webserver?
More to the point, the vast majority of Windows exploits are trojans. Those webservers are (mostly) maintained by sysadmins unlikely to execute the "shocking pics.zip.exe" file someone emailed them unexpectedly.
Re: (Score:2, Troll)
No it is not. It is a professionally admined system that is outnumbered one to millions by clients where my malware will live happily undected for a long time, and where a couple of clean-ups - that is highly likely on the Apache server -- won't affect the malware network at all.
Yeah. That Linux server wouldn't be very valuable as a long-term botnet member. About the only useful information you could get out of such a server would be the database system it's connected to and all the credit card information it processes - hardly even worth bothering with.
Seriously: did you think about that at all before posting, or did you just click Submit and hope for the best?
Re: (Score:2)
I'd say there's a reason he posted anon.
Re: (Score:2)
You're not much one for sarcasm, are you.
Re: (Score:2)
I was convinced you were kidding, until I got to this line:
Seriously: did you think about that at all before posting, or did you just click Submit and hope for the best?
That's what threw off the detector :/
Re: (Score:2)
Nope. I was being a smartass. I was just dazzled by the idea that an Apache server wouldn't be a worthwhile hacking target just because it might not be a good botnet member. That logic is up there with "breaking into this bank is useless - it makes an awful aquarium."
Re: (Score:2)
You just gave me my new sig......
"breaking into this bank is useless - it makes an awful aquarium."
I gotta invite you to more parties..
Re: (Score:2)
/takes a bow
Try the veal! Tip your waitress!
Re: (Score:2)
You got whooshed!
Re: (Score:3)
Purely anecdotal, but I purchased a netbook for my 13 year old daughter about a year ago. It came with Windows 7 starter edition. I believe the very first thing we did was install an antivirus program, most likely AVG or Avast. After owning it for two days, it was infected with a virus, so I installed Ubuntu netbook edition. There were a few minor glitches (wireless drivers required a patch, adding new fonts is so convoluted that I had to create a script for that) but otherwise she has used it without comp
Re: (Score:3)
Again though, you're comparing a widely-used operating system to a barely-used operating system (from a desktop perspective, at least.) The number of people targeting Linux PCs is quite likely to be exponentially smaller that the number of people targeting a Windows PC.
Re: (Score:2)
My sister would pick up a virus at least once every two months on Windows, since switching her to Linux in 2007, not one. In fact I've only had to help her with it twice since, once to install a gstreamer codec (all through the GUI) and once to set up Skype and its audio levels.
And she's running Firefox with Flash and Java support and she never updates the thing.
To give you an idea of how good she is at finding malware, one time she took an out-of-date XP laptop I used for LAN gaming to use at school and br
Re: (Score:2)
Linux/Unix/Solaris/BSD holds 70% of the server market.
Those are the computers that matter, that hold keys to large kingdoms and large caches of valuable information.
Why hack janet's pc to get a single CC number when I can hack the Linux servers at A corporation and get 10,000+ credit cards that are all verified for me.
Dont you even try the fake argument that Linux and Unices are not a target. They are a bigger target than all of the windows universe combined.
Getting a nasty running on a root DNS se
Re: (Score:2)
I'm saying there is no way you can compare the security of an OS that barely holds 1% of the market to the most widely used OS on the entire planet.
Please see this post [slashdot.org]:
Will they please target the Linux platform so we can prove once and for all to all the Windows lovers that the underlying architecture protects better than the Windows design?
Slashdot warning: .
Deep recursion in thread "Cybercriminals Shifting Focus To Non-Windows OSes" at post "Re:Thank God..."
Re: (Score:2)
I was referring exclusively to the desktop/personal use space...hence why the word "server" was found nowhere in my OP.
If you'd like to try to argue that Linux is even remotely as widespread in people's homes as Windows...well, good luck with that.
Re: (Score:2)
As for desktops, if you somehow get Joe Schmoe to run an arbitrary executable[1] on either platform, Joe Schmoe's confidential data will be at risk, or his machine can be turned into a spam sending zombie. So no big difference. Whether the executable gets root/admin is irrelevant for many criminal purposes.
Linux servers tend to be more useful targets than Linux desktops. I also wonder whether there are more Linux servers than Linux
Re: (Score:2)
[1] Doesn't have to be an executable in the chmod sense of the word- perl Makefile.PL on a malicious Makefile.PL will still get you screwed.
Actually a lot of apps that have this design vulnerability are addressing the problem. For example recent versions of WINE won't run an .exe unless it's set as executable.
Re: (Score:2)
First, the report is not principally about platforms targeted but about types of criminal scams. But the secondary aspect is the one sensationalized by the reporter. Second, there is a big difference between "target" and "victim lying upside down on the floor waving its legs feebly in the air".
To be more precise : Which Linux ? (Score:3)
Yeah, but just one question :
Will they please target the Linux platform
Which of the gazillion of different flavour of Linux should they target ?~
And on which CPU : the traditional Intel-derived architecture ? The ARM on which it seems to be selling like hot cakes ?~
Oh, you meant that diversity is actually part of the Linux' strategy to be more resistant ?!?
More seriously :
Serious software developer are constantly complaining that it's hard to write closed-source binary blobs that target the whole Linux nebula.
(As opposed to open-source, which is ea
Re: (Score:2)
Uh. Please tell me how we'd know that they had targeted a Linux machine? I appreciate your idea but are you certain you thought it through? For surely the only notice we'd have of their work were if they succeeded in exploiting it. This conundrum is surely similar to that of proving God exists. Faith in security like faith in God kinda revolves around the notion of "no news is good news" wherein if you do not hear of exploits your faith may remain strong, but hear of one and the house comes tumbling do
Re: (Score:2)
Re: (Score:2)
It's been targeted for years. Just not on the desktop. Linux's largest problem is MISCONFIGURATION by incompetent admins (and there are a lot of them as it gains in popularity ... I inherited a bunch of that responsibility recently). Windows exploits, OTOH, are largely attacks against problems with the software itself. The only thing a competent admin can do in that situation is wait for the patch, or hope there is another mitigation.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Maybe you should do some research before making claims. AppArmor is included by default on Ubuntu and allows application level internet permissions. Granted, it is configured very liberally by default, and I'm not aware of an easy GUIfied way for end users to grant exceptions. That's a plus in my book, though. Any system administrator is free to lock it down as tight as they want, and if the general populace of Linux users starts running untrusted software willy nilly instead of using the package manage
Re: (Score:2)
Maybe you should do some research before making claims. AppArmor is included by default on Ubuntu and allows application level internet permissions. Granted, it is configured very liberally by default
Yeah, when I checked the firefox apparmor sandbox wasn't much of a sandbox.
An apparmor sandbox that's configured very liberally by default is not like ZoneAlarm and other similar software that make companies $$$ by scaring their users (whether rightfully or wrongfully).
Re: (Score:3)
If you want ZoneAlarm-like interactive firewall alerts and configuration you have a few options:
- Linux-firewall [linux-firewall.org]
- Mandi on Mandrake
- Fireflierd (no longer maintained though)
You can show UFW's log file as a Conky widget or something if you just want to let the user see attempts to send traffic out through unauthorized ports.
So now that you see that your pet functionality is possible, please start recommending Linux as a desktop OS to your users.
Re: (Score:2)
ANDROID TROJAN
No OS can completely protect itself from dumb users installing trojans, though Linux can do that a heck of a lot better than Windows can (e.g. if you have SELinux configured so that the 'Natalie Portman Hot Grits Screensaver' can't access files that a screensaver shouldn't be able to).
Someone who RTFA (Score:2)
Re: (Score:2)
Scam includes schemes with dishonest elements. My best example for you is the one a few stories back about hackers embedding code into job interview resumes. The results differ depending on the OS "targetted". If you are running Xfce on Slackware with ultra custom mods derived from the Species 8472 from Star Trek scriptwriter manuals, you'll laugh at malware.
If you're a typical overworked cube dweller running Win2000 you'll get hosed.
Re: (Score:2)
Scam includes schemes with dishonest elements. My best example for you is the one a few stories back about hackers embedding code into job interview resumes. The results differ depending on the OS "targetted". If you are running Xfce on Slackware with ultra custom mods derived from the Species 8472 from Star Trek scriptwriter manuals, you'll laugh at malware.
If you're a typical overworked cube dweller running Win2000 you'll get hosed.
If you are a typical cube dweller running Win2000 you already are hosed.
That is strictly the execution part of the scam... (Score:2)
And it has been fine-tuned towards the desired victim.
If the scam was targeting people running ultra custom mods derived from the Species 8472, they would simply make specific adjustments.
And only in that last execution part of the scam. The entire play up to that point stays the same.
And besides the fact that "running ultra custom mods derived from the Species 8472" relies on security through obscurity, let us not forget that Species 8472 were defeated through use of malware.
I.e. Borg nanoprobes specifical
Android app store now rejecting apps (Score:3, Interesting)
I see in the news that the android app store is now rejecting apps. The apps rejected were ones that downloaded other apps. Thus they were vectors for invasive software. Or at least potentially so. Likewise Moto is locking down droid with a re-incarnating system rom and apoptotic immune system. Apple has been heavily criticized for it's app store restrictions. But to me all these moves are a great idea. I don't want my phone to be so versatile that I have constantly be vigilent. Someday I might work up the nerve to let it function as a credit card. I defintely want to see years of virus/torjan free operation before I try that.
If I wanted a toy I could program as I wish I'd buy one of those. But please let there be some severly locked down phones before we all get telphonically transmitted diseases.
Re: (Score:3)
Rejecting apps because they're potential malware vectors (or outright malware) - Fine
Rejecting apps because they offend your delicate sensibilities or the menu bar is the wrong shade of teal, at least for this week - Less Fine
Re:Android app store now rejecting apps (Score:5, Interesting)
I don't see any problem with the Android App Store restrictions because you can choose to install packages from other sources if you choose. So, if you like feeling safe, don't mess with it. If you don't like the restriction, enable out of store installations.
Motorola's eFuse, on the other hand, seem nothing more than a way for them to control your phone; I don't see how it protects you.
Re: (Score:3)
Re: (Score:2)
Well, I for one, would still want the prerogative to install whatever from wherever.
Sure, a "locked down", malware-free repository is a good thing, but there is no need to restrict my freedom to fuck up with 3:rd party software if I want to.
If I want to be safe, I'll just not use any unaudited third party apps.
Mandatory makes it bad (Score:2)
Apple has been heavily criticized for it's app store restrictions. But to me all these moves are a great idea.
For me it's a great idea, as long as it's not mandatory.
In Apple's case, it's bad because there's no other choice. You only have the walled garden mode. And for everything else, you have to rely on exploits to root your very own phone.
In HP/Palm Pre & WebOS's case it's good because out-of-the-box you have 2 choice :
- Joe six pack will happily use the phone in its current state, the walled garden protecting him from the dangers of the homebrew world.
- Advanced users will simply type a specific and docume
Apple phones have a Dev mode as well (Score:2)
Developers can sign and install apps on their iphones as well.
Patched vulnerabilities vs real-world exploits (Score:2)
The CISCO report highlights growth in Apple's reported patched vulnerabilities. But it seems to me that a theoretic vulnerability is not the same as an actual real-world exploit. This is particularly true when there's a zero-day exploit that causes 'badguy code' to run. If that code runs in a non-privileged account and therefore can't accomplish its intent, does that count as an actual problem?
I'm not trying here to push the "Macs are better" argument, but rather explore the question of how we measure vu
Cybercriminals? (Score:2)
Ugh... I've been playing too much Shadowrun apparently, because this headline brought on all sorts of odd imagery.
Macs are still no mans land (Score:4, Insightful)
Common myth still spreading around that macs do not have viruses. Majority of its users still do not have anti-virus software of any kind.
The pioneer who goes in first, strikes the gold.
Re: (Score:3)
Re: (Score:2)
Trojans will cease to be a significant concern when most users look and install software from OS X App Store. We can discuss about the freedom implications of it, but from a security viewpoint it is a welcome improvement on OS X.
Re: (Score:3)
"Common myth still spreading around that macs do not have viruses."
Myth? Please point to a current Mac virus.
A.
Re: (Score:2)
Does a trojan count?
securemac.com [securemac.com] should probably be told that they are completely useless, as there is nothing for them to fight against.
Re: (Score:2)
No, since the user is the one fooled into installing it. As long people are able to install software in their machines you will not stop trojans, regardless of the OS unless we are talking about stock iOS. We are talking about self replicating, self installing virus.
Now, I would like that Apple kill the "open safe files automatically" in Safari and spend more time in the OS install process to teach basic security procedures to new users to be a happy customer.
Re: (Score:2)
Self replicating and self installing virii? I think Win7 has 1 or two of those. Everything else requires the user to install it. Even then, those 1-2 virii still require admin privs.
Re: (Score:2)
Myth? Please point to a current Mac virus.
Here [about.com], here [about.com], here [about.com], and here [wikipedia.org].
I'm sure there are more, but I think I've answered your request.
Re: (Score:3)
Going through your list we have: 1) proof of concept never in the wild and no threat; 2) failed virus that doesn't actually work, requires a user to untar and run the app, then fails to propagate except on the local LAN if the users is an admin with specific changes to their configuration and which by all accounts never went anywhere after being posted to a forum; 3) trojan; 4) trojan.
I'm sure there are more, but I think I've answered your request.
None of those are current viruses. Only two of them are viruses at all, the first a proof of concept never released and with
Re: (Score:2)
Re: (Score:3)
Ok ok, I just did a quick search. Here's a whole page [securemac.com] of vulnerabilities.
Vulnerabilities != viruses. Realistically, to date more Mac users have been compromised by faulty antivirus software than have had problems because of viruses.
The point is that OSX, nor any platform, is completely without flaws and impossible to infect.
That's a straw man argument. No one said it was.
As I'm sure several people have pointed out, as OSX becomes more prevalent, you'll see people working harder to develop malware.
That's quite likely, but doesn't support the conclusion that they will be successful enough to impact the average user.
And no, I'm not a Windows fanboi. I have several computers with OSes ranging from XP to Haiku, including OSX. To say that a Mac is unable to get a virus is like Hitler saying his army didn't need cold weather gear in Siberia.
Neither MacOS nor Linux is immune to viruses, but to date the security measures implemented by both OS's have been sufficient to make the threat a non-issue for the vast majority of user
Re: (Score:2)
A OS 9 virus, a PowerPC/10.4 trojan, a proof of concept virus and a trojan that uses social engineering to scam $39.99 from unsuspecting users that also need to explicitly download and install it. That's the best you managed to find? Is like saying old unpatched releases of BIND are insecure and installing random software from internet is a bad idea.
Soo... (Score:2)
For a virus to be acceptable for use on an Apple computer it must be current? Talk about elitist.
Also, doesn't your computer have internet on it? [google.com]
Re: (Score:2)
Or the myth that running Windows will get your virii. Been Virii/Malware free for 12 years on Windows, 10 of those 12 years without active virus scanners and the past 2 years with MSE1/2.
Tip, don't run all your apps as admin and don't install every program you see.
Re: (Score:2)
Please see list: http://www.iantivirus.com/threats/ [iantivirus.com]
Umm okay reading the list I see: proof of concept trojan never in the wild, keylogger, password cracker, five more keyloggers, demo trojan, then a bunch more keyloggers and legitimate remote management apps. Can you be a little more specific as to where on that giant list the in the wild virus is? I searched for "virus" on the page but of the first 20 or 30 results none were viruses, except for a few that applied only to MacOS 6, which predates OS X.
Re: (Score:2)
Re: (Score:2)
Trojans, sure. Anytime you have L-series users, you'll have trojans. But an actual virus?
Show us what you got.
Re: (Score:2)
Common myth still spreading around that macs do not have viruses.
Other common myths: water is wet and the sun is bright.
Re: (Score:2)
Re: (Score:2)
True, I do not use an anti-virus program (Score:2)
however I am not one to open e-mails from people I do not know, nor am I one who would just type in his system password when prompted.
Unfortunately based on several local user group meetings I know a lot of people who would do both. First and foremost because they are utterly convinced in their superiority to PC users and OS X's immunity to viruses, after all if they harm OS X Apple would provide a virus program.
Re: (Score:2)
This is exactly what I want to point out. People who buy Apple stuff are usually more affluent and more likely to have a no-credit-limit CC.
Identifying phone viruses (Score:2)
At least on my Windows PC, I have enough experience and knowledge dealing with Viruses and such that I have a reasonably good idea if my computer is infected. Common sense, using the right apps and such help reduce the threat.
I don't have the experience or knowledge of handling this with my Smartphone (Blackberry). I'm more concerned given the sensitivity of the data that I exchange on this platform - personal and business calls as well as e-mail that I don't know what adequate protections to use on the pho
Finally! (Score:2)