Tag Archives: Mac Virus

October 24th AVIEN updates

Updates to Anti-Social Media 

The Register: Facebook, Google sued for ‘secretly’ slurping people’s whereabouts – while Feds lap it up – “Facebook and Google are being sued in two proposed class-action lawsuits for allegedly deceptively gathering location data on netizens who thought they had opted out of such cyber-stalking.”


Graham Cluley: Twitter thought Elon Musk’s bizarre tweets were evidence he’d been hacked – “It’s an odd state of affairs when the bogus Elon Musk accounts offering bitcoin giveaways appear more legitimate than the real Elon’s tweets.”

Since there’s been a spate of Bitcoin fraud tweets spoofing his account, offering to sell someone some Bitcoin may have been a tweet too far.

Updates to Cryptocurrency/Crypto-mining News and Resources

Graham Cluley: Twitter thought Elon Musk’s bizarre tweets were evidence he’d been hacked – “It’s an odd state of affairs when the bogus Elon Musk accounts offering bitcoin giveaways appear more legitimate than the real Elon’s tweets.”

Since there’s been a spate of Bitcoin fraud tweets spoofing his account, offering to sell someone some Bitcoin may have been a tweet too far.

Updates to Specific Ransomware Families and Types

BitDefender: Gamma ransomware compromises data on 16,000 patients at California hernia institute – “The attack was tied to the email address Glynnaddey@aol.com which, according to databreaches.net, is associated with Gamma ransomware (part of the Crysis ransomware family). ”

Updates to Mac Virus

 for ESET: Banking Trojans continue to surface on Google Play
The malicious apps have all been removed from the official Android store but not before the apps were installed by almost 30,000 users


Buzzfeed: Apps Installed On Millions Of Android Phones Tracked User Behavior To Execute A Multimillion-Dollar Ad Fraud Scheme – “A BuzzFeed News investigation uncovered a sophisticated ad fraud scheme involving more than 125 Android apps and websites, some of which were targeted at kids.”

David Harley

Advertisements

17th March 2018 resources and article updates

Specific Ransomware Families and Types

Cryptocurrency/Crypto-mining News and Resources

Mac Virus (now linked from this portal): Android antics and MacOS malware

David Harley

Meltdown/Spectre resources

[Content now transferred to the resource page here, which I intend to expand and maintain as time allows.]

Official commentary from Apple: About speculative execution vulnerabilities in ARM-based and Intel CPUs and from Google: Today’s CPU vulnerability: what you need to know

Related Resources:

David Harley

iOS support scams – added to resources page

Added to the PC ‘Tech Support’ Cold-Call Scam Resources page today….

Here’s an extract from another Mac Virus article – iOS Support Scams – on tech support scams, this time targeting iOS users:

A new blog by Graham Cluley for Intego actually has some points in common with my most recent blog here (which also involved pop-ups misused by support scammers, particularly in the context of Safari). However, Graham’s article is about iOS, whereas mine related to questions asked regarding OS X and Safari (citing advice from Thomas Reed that also addressed other browsers).

David Harley

New Mac Malware Resource

Well, actually, it’s an old one. It’s at the Mac Virus site I kicked back into life a few months ago, primarily as a blog site.

However, I’ve been under some pressure to restore some of the features of the old Mac Virus site. While I’ll be restoring some (more) of the pre-OSX stuff for its historical interest, I don’t see that as a big priority right now. But as I’ve been talking quite a lot about Mac threats in the past month or two (see http://macviruscom.wordpress.com/2010/05/13/apple-security-snapshots-from-1997-and-2010/ for example), there’s been curiosity about what we’ve been seeing in the way of OS X malware.

Enter (stage left, with a fanfare of trumpets) the Mac Virus “Apple Malware Descriptions” Page at http://macviruscom.wordpress.com/apple-malware-descriptions/. Right now it consists of two descriptions of Mac scareware from 2008, so it’s at a very early stage of development. (It just happens to be those two descriptions because someone asked me about them yesterday.)

Isn’t this stuff available elsewhere, I hear you ask? Of course it is. The point about these descriptions is that unlike most vendor descriptions, they point to various other sources of (reasonably dependable) information, as well as including a little personal commentary. It’s a first cut at attempting to answer the question “if there’s so much Mac malware around, where is it?”

More later…

David Harley CITP FBCS CISSP
AVIEN Chief Operations Officer
Mac Virus Administrator
ESET Research Fellow and Director of Malware Intelligence

Also blogging at:
http://www.eset.com/blog
http://smallbluegreenblog.wordpress.com/
http://blogs.securiteam.com
http://blog.isc2.org/
http://dharley.wordpress.com
http://macvirus.com
http://amtso.wordpress.com/

NTEOTWAWKI

Given all the hype generated by the ridiculously titled Gawker Article about the so called ‘iPad’ hack, I’m somewhat reluctant to add to any more of the noise over what is really a pretty run of the mill story, but because I’m procrastinating on other jobs, I’ll write something. Warning: this story does involve the shocking exposure of people’s email addresses, said addresses getting revealed when they shouldn’t have been, and yes….er…well, no, that’s about it actually.

Indeed, Paul Ducklin of Sophos wrote a very nice article stating the rather important fact that, every time you send an email, that passes your email out on to the open internet. Of course, that’s not an excuse to have a poorly written web app that will spit out the email addresses of your partner company’s clientele at will. Partner company, I hear you cry, wasn’t this an Apple problem? Yes, indeed, this is absolutely nothing to do with Apple, it’s not an Apple problem, and it’s not a breach of Apple’s security, nor is it a breach of the iPad. In fact, it was solely down to a web application on AT&T’s website. It doesn’t even involve touching an iPad. But, but, you may splutter, isn’t this is an iPad disaster? No. Not even slightly; not once did the ‘attackers’ go near any one’s iPad. The ‘attack’ was purely a script  that sent ICCID numbers (this links a SIM card to an email address) to the AT&T application, in sequence, to see if their database had that number with an email attached – and if so, that came back. That’s right, it’s a SIM card identifier. The only ‘iPad’ part is that the ‘attackers’ spoofed the browser in the requests, to make the app think the request was coming from an iPad.

The upshot is that, as this page rightly points out (thanks to @securityninja for the link)

“There’s no hack, no infiltration, and no breach, just a really poorly designed web application that returns e-mail address when ICCID is passed to it.”

So, the correct title of that original Gawker article might have been “Badly designed AT&T web application leaks email addresses when given SIM card ID”, but that wouldn’t be “The End Of The World As We Know It”.

In a week where one ‘journalist’ writing here (thanks to @paperghost for the link) claimed that some security people confessing to being ‘hackers’ (whatever that means) “confirms our suspicions that the whole IT insecurity industry is a self-perpetuating cesspool populated by charlatans”, it might be time for the world of the media to turn that oh so critical eye on itself and ask who is really generating the hype in the information security world?

If you’re interested in keeping up with genuine Mac/Apple related security issues, a good resource is maintained here by my good friend David Harley

UPDATE: The original ‘attackers’ have published a response to the furore here. Pretty much confirms what I was saying

“There was no breach, intrusion, or penetration, by any means of the word.”

Andrew Lee
CEO AVIEN/CTO K7 Computing