--
F-Secure has posted news about a new Trojan horse for Mac OS X. It is currently being called "BASH/QHost.WB". Using the standard malware naming system, the official name should be Trojan.OSX.BASH/QHost.WB.A. So far I am unaware of why it is being given a 3-part name. Most likely there will be the usual proliferation of other names across the anti-malware community before a final name is established.
F-Secure's report is well documented and worth reading here:
Trojan: BASH/QHost.WB
Why I'm laughing, heehee: Of all the software to fake for Mac OS X, it is HILARIOUS that these malware rats chose the Adobe FlashPlayer installer. Is there any more hated software for Mac OS X than Adobe Flash?! Oops. I don't see this Trojan becoming very proliferated. But there are always victims, so it is worth documenting what this thing does.
So far there is no documentation as to where the Trojan is found. As usual, double-check the source of ALL your software. NEVER install anything you've been sent or randomly picked up off the net without verifying it as legitimate. Obviously, the safest place to pick up the Adobe FlashPlayer software is directly from Adobe. Also keep in mind that Adobe FlashPlayer has historically been found to be profoundly insecure. Be absolutely certain you are installing the most recent version of FlashPlayer and check Adobe at least once a month for security updates.
When installing the fake FlashPlayer.pkg file, it looks like Apple's standard installer, fooling you that it is legitimate.
After installation, Trojan.OSX.BASH/QHost.WB.A takes over your 'hosts' file and damages it to dump your web browsers to a phishing site located in the Netherlands. The malware can easily damage the hosts file for further fake forwarding in the future. (Say that 10 times!). The Mac OS X hosts file is located here:
/private/etc/hosts
You can read about the purpose of the hosts file here:
Hosts (file) @ Wikipedia
The current version hijacks a series of Google web addresses. If you read F-Secure's notes you'll see that there are detectable differences between the real Google pages and the fake phishing pages.
Using the phishing site results in bogus search results. Clicking on the result URLs only returns you back to the phishing site. Meanwhile, however, the bogus site nails your browser with a series of pop-up pages which it grabs from a nefarious remote server.
At this time, the pop-up remote server is not providing any information to the phishing site. Possibly, this is a prototype malware being used either for demonstration purposes or to prove a hacking method to the hacking community. No doubt we will know more about the situation in the near future.
Most likely, Apple will be integrating a signature for Trojan.OSX.BASH/QHost.WB.A into their XProtect anti-malware system in Mac OS X 10.6 and 10.7. At the moment of my posting this article, Apple has not yet updated their XProtect.plist file.
Share and Enjoy!
:-Derek
Showing posts with label Google. Show all posts
Showing posts with label Google. Show all posts
Friday, 5 August 2011
Wednesday, 10 November 2010
Smartphone Bank App Security Problems
--
The benefit of Apple having a closed App Store is their scrutiny of all applications submitted. This has helped maintain a superior security record for the iPhone versus any Android phone. However, a big hole in Apple's vetting system has become evident whereby all smartphone users have been put in danger by poorly designed and coded banking applications. Thank you to the SANS Institute for bringing this issue to my attention on in SANS NewsBites Vol. 12 Num. 89:
Please vet submitted Apps more thoroughly for security flaws. Much appreciated!
Dear Google,
'Anything goes' does not trump application security.
--
The benefit of Apple having a closed App Store is their scrutiny of all applications submitted. This has helped maintain a superior security record for the iPhone versus any Android phone. However, a big hole in Apple's vetting system has become evident whereby all smartphone users have been put in danger by poorly designed and coded banking applications. Thank you to the SANS Institute for bringing this issue to my attention on in SANS NewsBites Vol. 12 Num. 89:
--Security Flaws in Smartphone Banking Apps (November 5, 2010)Dear Apple,
Researchers have found that several banking applications for Android and iPhone contain security flaws that store account information in plaintext. Attackers could potentially steal sensitive data by luring users to maliciously crafted websites designed to find the information. Of the seven applications inspected in the study, just one, from the Vanguard Group, did not store information in plaintext. The institutions were notified of the problems and reportedly have taken steps to fix the flaws.
http://www.wired.com/threatlevel/2010/11/bank-apps-for-phones/
http://www.informationweek.com/news/security/vulnerabilities/showArticle.jhtml?articleID=228200291
[Editor's Note (Pescatore): The Android phone world seems to be trying to compete with the iPhone by saying "Droid does anything - no restrictive App Store." The reality is that the Apple iPhone could actually compete by making the bar a bit higher for iPhone apps, to make sure that the apps don't do silly things like storing account info or passwords in the clear on the phone. I think users are very comfortable with "only" having 20 Tetris games to choose from if they know that none of the 20 are going to send their information to identity thieves.]
Please vet submitted Apps more thoroughly for security flaws. Much appreciated!
Dear Google,
'Anything goes' does not trump application security.
--
Wednesday, 13 October 2010
U2 can B Incognito On The InterWebs!
--
I was just thinking of this today: InterWeb surveillance. Being not exactly friendly toward the "We Must Know ALL!" attitude of the US government and marketing morons, along with "The Customer Is CRIMINAL" attitude of the Corporate Oligarchy, I simply want to be left the frack alone to my personal privacy. No one ever has the right to 'watch' me. I don't deal with peeping pervs at my house, or over the InterTubes.
Therefore, I don't deal with Google collecting data on me wherever I go on the net. I've written about Tracking Cookies here on the blog and how to subvert them. But I get really tired of various websites still attempting to load Google Analytics.
Then I clicked over to Intego's Mac Security Blog this evening. (You'd think they'd pay me for all the PR I give them! ;-) To my synchronistic joy I found a great little article about a niffy kewl Safari extension that does ALL the Google blocking for me. It blocks FaceBook surveillance as well! And here it is:
INCOGNITO
A similar tool for Firefox is Google Sharing.
BTW: I also use Safari AdBlocker. And Safari Cookies. I also frequently use software from The Tor Project (formerly The Onion Project), including Vidalia and Tor Button for Firefox, which provides excellent proxy anonymity on the TubeWebs.
IOW: I am the boss of my Internet browsing, not the government, not Google, not the Red Hacker Alliance, not hacker/crackers, not Apple, not Microsoft, not the Neo-Con-Jobs, not nobody, not no how but ME. It is in keeping with my Positive Anarchy point of view. I make all the honest, responsible choices I wish to with total disregard for the extraneous interests of others. Control freaks: Go have an aneurism over it. :-P
Speaking of which: Over at my MacSmarticles blog this coming month, I'm going to be providing lesson articles on how to setup and use Tor, via Vidalia and Tor Button for Firefox. Sorting out how to use tools is a huge PITA if you're not a computer geek. Therefore, I shall be translating the methods into human-speak for mere mortals. Because this is geek level technology, it's still a bit time consuming. But once you get the hang of the protocol and set it all up for the first time, it ain't no big deal.
You too can be 100% INCOGNITO on the Webnets!
~~~~~~~~~~~~~
MenInBlack
The Stranglers
� 1979
We're not here to destroy
We are here to employ
We have come to make you function
So we can eat at our functions
We are the meninblack ...
Information can destroy
So we'll treat you just like toys
Healthy livestock so we can eat
Human flesh is porky meat...
We are the meninblack...
We don't approve of artificial food
We grow you for our own good
First we gave you the wheel
Then we made you live to kill
So the best stock will survive
We eat you all alive
We are the meninblack ...
~~
I was just thinking of this today: InterWeb surveillance. Being not exactly friendly toward the "We Must Know ALL!" attitude of the US government and marketing morons, along with "The Customer Is CRIMINAL" attitude of the Corporate Oligarchy, I simply want to be left the frack alone to my personal privacy. No one ever has the right to 'watch' me. I don't deal with peeping pervs at my house, or over the InterTubes.
Therefore, I don't deal with Google collecting data on me wherever I go on the net. I've written about Tracking Cookies here on the blog and how to subvert them. But I get really tired of various websites still attempting to load Google Analytics.
Then I clicked over to Intego's Mac Security Blog this evening. (You'd think they'd pay me for all the PR I give them! ;-) To my synchronistic joy I found a great little article about a niffy kewl Safari extension that does ALL the Google blocking for me. It blocks FaceBook surveillance as well! And here it is:
INCOGNITO
Incognito is a Safari extension that prevents Google and Facebook from following you on the web.It's FREE.
It's a jungle out there
When browsing the web, you are continuously being tracked. Not only by the websites you are visiting, but also by major companies that embed their 'content' into other websites through ads and analytics.
As a result, companies like Google and Facebook have an almost complete picture of your online activity.
Your online counterspy
Incognito protects your privacy by blocking Google Adsense and Google Analytics on non-Google pages. In addition, it allows you to optionally block Facebook content on third-party websites as well as embedded YouTube movies outside of the YouTube website.
No ad-blocker
Although effectively blocking Google Adwords, Incognito is no dedicated ad-blocker. It simply prevents companies from gathering information outside of their own website.
A similar tool for Firefox is Google Sharing.
The Firefox Addon for the GoogleSharing system. GoogleSharing ultimately aims to provide a level of anonymity that will prevent google from tracking your searches, movements, and what websites you visit.It's also FREE.
BTW: I also use Safari AdBlocker. And Safari Cookies. I also frequently use software from The Tor Project (formerly The Onion Project), including Vidalia and Tor Button for Firefox, which provides excellent proxy anonymity on the TubeWebs.
IOW: I am the boss of my Internet browsing, not the government, not Google, not the Red Hacker Alliance, not hacker/crackers, not Apple, not Microsoft, not the Neo-Con-Jobs, not nobody, not no how but ME. It is in keeping with my Positive Anarchy point of view. I make all the honest, responsible choices I wish to with total disregard for the extraneous interests of others. Control freaks: Go have an aneurism over it. :-P
Speaking of which: Over at my MacSmarticles blog this coming month, I'm going to be providing lesson articles on how to setup and use Tor, via Vidalia and Tor Button for Firefox. Sorting out how to use tools is a huge PITA if you're not a computer geek. Therefore, I shall be translating the methods into human-speak for mere mortals. Because this is geek level technology, it's still a bit time consuming. But once you get the hang of the protocol and set it all up for the first time, it ain't no big deal.
You too can be 100% INCOGNITO on the Webnets!
~~~~~~~~~~~~~
MenInBlack
The Stranglers
� 1979
We're not here to destroy
We are here to employ
We have come to make you function
So we can eat at our functions
We are the meninblack ...
Information can destroy
So we'll treat you just like toys
Healthy livestock so we can eat
Human flesh is porky meat...
We are the meninblack...
We don't approve of artificial food
We grow you for our own good
First we gave you the wheel
Then we made you live to kill
So the best stock will survive
We eat you all alive
We are the meninblack ...
~~
Thursday, 15 July 2010
Firefox Add-On Security Alert! Mozilla Sniffer, CoolPreviews, Master Filer
--
Graham Cluley at Sophos.com has provided a great article at his blog about BAD Add-Ons for Firefox. The most recent is nasty spyware, another is infected with a spyware Trojan horse, and the last has a potentially dangerous security hole that could lead to PWNing your machine:
Mozilla pulls password-sniffing Firefox add-on
All of these Firefox Add-Ons have been blocked from distribution by Mozilla. But if you happen to have them laying around or have installed them: Kill them.
Mozilla Sniffer: It has been available since June 6, 2010. It spies on Internet passwords you enter in Firefox and sends them to nefarious fiends.
Master Filer: The infected version has been available since earlier in 2010. It is infected with the LdPinch Trojan horse, which also steals your Internet passwords and sends them to nefarious fiends.
CoolPreviews: Versions 1.0 through 3.0.1 have a demonstrated security vulnerability that could allow run malicious code on your computer. (Sounds like a typical buffer overflow problem). Proof-of-concept code has been created that demonstrates how to perform the hack. Therefore, it is critical to update to the latest version of CoolPreviews.
There have been other BAD Add-Ons as well, all of which Mozilla have blocked from distribution.
As a side note:
This same sort of problem has been plaguing the Android community whereby anyone can post anything as an application, including crapware and malware. As with Mozilla, Google have no formal system for approving or filtering bad software apart from reports from users. Therefore, it is likely that a number of people are going to be victims of BAD software before it is removed from distribution.
To be honest, this lack of formal software scrutiny system is what we are all used to in the general computer community. The best workarounds have been the use of websites like MacUpdate, VersionTracker, TuCows, MajorGeeks, etc., where either the site managers or other users have tried and rated the software.
For better or worse, Apple now use a formal scrutiny system at their App Store for the iPhone, iPod Touch and iPad. If you download a CrapApp onto your iOS device, you can point fingers at Apple for messing up. Microsoft have had a copycat scrutiny system for their Zune thing app store and plan the same thing for their Windows Phone 7ista OS thingies. Meanwhile, for all other devices, it is that mean old adage: Caveat emptor, IOW Downloader Beware.
--
Graham Cluley at Sophos.com has provided a great article at his blog about BAD Add-Ons for Firefox. The most recent is nasty spyware, another is infected with a spyware Trojan horse, and the last has a potentially dangerous security hole that could lead to PWNing your machine:
Mozilla pulls password-sniffing Firefox add-on
All of these Firefox Add-Ons have been blocked from distribution by Mozilla. But if you happen to have them laying around or have installed them: Kill them.
Mozilla Sniffer: It has been available since June 6, 2010. It spies on Internet passwords you enter in Firefox and sends them to nefarious fiends.
Master Filer: The infected version has been available since earlier in 2010. It is infected with the LdPinch Trojan horse, which also steals your Internet passwords and sends them to nefarious fiends.
CoolPreviews: Versions 1.0 through 3.0.1 have a demonstrated security vulnerability that could allow run malicious code on your computer. (Sounds like a typical buffer overflow problem). Proof-of-concept code has been created that demonstrates how to perform the hack. Therefore, it is critical to update to the latest version of CoolPreviews.
There have been other BAD Add-Ons as well, all of which Mozilla have blocked from distribution.
As a side note:
This same sort of problem has been plaguing the Android community whereby anyone can post anything as an application, including crapware and malware. As with Mozilla, Google have no formal system for approving or filtering bad software apart from reports from users. Therefore, it is likely that a number of people are going to be victims of BAD software before it is removed from distribution.
To be honest, this lack of formal software scrutiny system is what we are all used to in the general computer community. The best workarounds have been the use of websites like MacUpdate, VersionTracker, TuCows, MajorGeeks, etc., where either the site managers or other users have tried and rated the software.
For better or worse, Apple now use a formal scrutiny system at their App Store for the iPhone, iPod Touch and iPad. If you download a CrapApp onto your iOS device, you can point fingers at Apple for messing up. Microsoft have had a copycat scrutiny system for their Zune thing app store and plan the same thing for their Windows Phone 7ista OS thingies. Meanwhile, for all other devices, it is that mean old adage: Caveat emptor, IOW Downloader Beware.
--
Friday, 21 May 2010
Tracking Cookies:Google Offers Opt-Out
--
In keeping with the "bad news travels fast; good news is forgotten" theory, I dug up something quite good today that was only whispered in the tech news: Google lived up to their motto this past March and started offering opt-out options and tools for being free from being followed by their Tracking Cookies. Imagine that.
Not that I actually care, since I've been blocking Tracking Cookies on my web browsers for over a decade. And not that your average Internet surfer is going to notice. Google aren't exactly advertising their kind gesture.
If you've read my previous posts on Tracking Cookies you already know what to do: TURN OFF third party cookies in your web browser settings. On Mac, every browser worth using has this setting available in its Preferences under various descriptions. Here are some examples:
iCab Preferences:
In keeping with the "bad news travels fast; good news is forgotten" theory, I dug up something quite good today that was only whispered in the tech news: Google lived up to their motto this past March and started offering opt-out options and tools for being free from being followed by their Tracking Cookies. Imagine that.
Not that I actually care, since I've been blocking Tracking Cookies on my web browsers for over a decade. And not that your average Internet surfer is going to notice. Google aren't exactly advertising their kind gesture.
If you've read my previous posts on Tracking Cookies you already know what to do: TURN OFF third party cookies in your web browser settings. On Mac, every browser worth using has this setting available in its Preferences under various descriptions. Here are some examples:
Safari Preferences:
OmniWeb Preferences:
Camino Preferences:
FireFox Preferences:
iCab Preferences:
Opera Preferences:
. . .
For the sake of review,
What Are Tracking Cookies?
Wikipedia.org has a very good description of them HERE.
My rendition:
Fried SPAM with cute little colored sprinkles on top. Or if you prefer sushi, how about:
Marketing people, ideally, like to help people find what they need and want. (These days we know that is generally NOT the case, thank you MBA degree mills. But I cover that subject over at my zunipus blog). The modern ideal in marketing is to follow you every minute of the day and offer you sales opportunities everywhere you go that are tailored just for you.
There are some marketing people who would be most pleased to implant a chip under your skin that triggers off automatic ads with potential sales opportunities around every corner. Some people believe this will trigger the end of the world. What a revelation. Darn, you got chip ID #666? That's not good.
Since it is illegal to 'chip' anyone in our current age, the next best thing is to 'chip' your web browser. This allows marketing people to follow you around on the Internet and trigger off automatic ads with every click.
The 'chip' in your browser is called a 'cookie', formerly 'magic cookie'. Thank Lou Montulli of Netscape for the concept and name. Cookies are actually very benign in concept. They allow the sharing of basic information between you and specific websites. For example, they are able to hold your ID and password at the Apple Store. They can also feed back to each specific website where you visited within that website. Amazon make very good use of cookies, suggesting books, music, electronics, etc., that fit within your demonstrated interests while navigating their site. It can help you find things you never knew existed.
Where cookies become evil is when they are shared among many sites. These are Tracking Cookies. Google is the King of Tracking Cookies. What you end up with is a syndicate of websites, all associated with one marketing hub, such as Google, who all share their cookie data with one another via ubiquitous Tracking Cookies. This means that your Google web searches end up with Targetted Ads aimed particularly at you.
Suppose you went to Amazon.com and went shopping for sex toys. Thanks to Google's Tracking Cookies, now the entire syndicate of Google associated web shops knows. So now you get ads for vibrators on your Google search pages. You go to SuperDuperWhatever.com for the very first time and up pop ads for warming gels, various stimulation pills, elongated probing instruments, on and on.
If this all sounds entirely offensive and invasive of your privacy, you're not alone. I personally don't give a rat's about marketing data collection, no matter what 'opportunities' they may offer. When I want something I go out and research it, all on my own, and typically end up buying the best product at the cheapest price entirely due to my efforts. No ads required. To me, advertising is a distraction at best. Therefore, my web browsers are maxed out with ad blocking plugins and settings. Even in situations where anti-ad measures fail, my brain is so used to marketing 'opportunities' on both the real and virtual landscapes that I quite literally don't see them. They don't exist in my mind's eye. There are 'subliminal' marketing theories of course, but every one of them fails from my POV.
Example:
My parents freak out whenever I visit them because I never bother to mute the TV ads. Why do I do that? I literally don't notice them! I don't care what they say. If I pay attention at all it is typically to mock them, they are usually so ridiculous and predictable. The only exceptions are abusive ads. I pick up on them rather quickly and take note of what they're selling in order that I never buy it. I also enjoy collecting examples of abusive ads. I often post perpetrators of what I call 'AD BLASTING' and 'AD SLAMMING' over at my zunipus blog. For some reason, my personality is particularly offended by any form of human abuse. Maybe it's because I'm human. With the plethora of psychopaths in world politics, religion and biznizz these days you have to wonder how many humans are left on Earth. But I rant.
We humans always discover and create new ways to thwart other people's bad choices. Blocking Tracking Cookies is simple because just about every web browser provides a method. Set it once and forget it. Happiness shall be yours young apprentice.
Well, there is one drawback: Advertising isn't going away.
You'll still be hit with it everywhere you go IRL or WWW. But instead of the ads targeting specificially you, they'll simply be generic. Darn! You'll just have to settle for having your privacy.
--
What Are Tracking Cookies?
Wikipedia.org has a very good description of them HERE.
My rendition:
Fried SPAM with cute little colored sprinkles on top. Or if you prefer sushi, how about:
Marketing people, ideally, like to help people find what they need and want. (These days we know that is generally NOT the case, thank you MBA degree mills. But I cover that subject over at my zunipus blog). The modern ideal in marketing is to follow you every minute of the day and offer you sales opportunities everywhere you go that are tailored just for you.
There are some marketing people who would be most pleased to implant a chip under your skin that triggers off automatic ads with potential sales opportunities around every corner. Some people believe this will trigger the end of the world. What a revelation. Darn, you got chip ID #666? That's not good.
Since it is illegal to 'chip' anyone in our current age, the next best thing is to 'chip' your web browser. This allows marketing people to follow you around on the Internet and trigger off automatic ads with every click.
The 'chip' in your browser is called a 'cookie', formerly 'magic cookie'. Thank Lou Montulli of Netscape for the concept and name. Cookies are actually very benign in concept. They allow the sharing of basic information between you and specific websites. For example, they are able to hold your ID and password at the Apple Store. They can also feed back to each specific website where you visited within that website. Amazon make very good use of cookies, suggesting books, music, electronics, etc., that fit within your demonstrated interests while navigating their site. It can help you find things you never knew existed.
Where cookies become evil is when they are shared among many sites. These are Tracking Cookies. Google is the King of Tracking Cookies. What you end up with is a syndicate of websites, all associated with one marketing hub, such as Google, who all share their cookie data with one another via ubiquitous Tracking Cookies. This means that your Google web searches end up with Targetted Ads aimed particularly at you.
Suppose you went to Amazon.com and went shopping for sex toys. Thanks to Google's Tracking Cookies, now the entire syndicate of Google associated web shops knows. So now you get ads for vibrators on your Google search pages. You go to SuperDuperWhatever.com for the very first time and up pop ads for warming gels, various stimulation pills, elongated probing instruments, on and on.
If this all sounds entirely offensive and invasive of your privacy, you're not alone. I personally don't give a rat's about marketing data collection, no matter what 'opportunities' they may offer. When I want something I go out and research it, all on my own, and typically end up buying the best product at the cheapest price entirely due to my efforts. No ads required. To me, advertising is a distraction at best. Therefore, my web browsers are maxed out with ad blocking plugins and settings. Even in situations where anti-ad measures fail, my brain is so used to marketing 'opportunities' on both the real and virtual landscapes that I quite literally don't see them. They don't exist in my mind's eye. There are 'subliminal' marketing theories of course, but every one of them fails from my POV.
Example:
My parents freak out whenever I visit them because I never bother to mute the TV ads. Why do I do that? I literally don't notice them! I don't care what they say. If I pay attention at all it is typically to mock them, they are usually so ridiculous and predictable. The only exceptions are abusive ads. I pick up on them rather quickly and take note of what they're selling in order that I never buy it. I also enjoy collecting examples of abusive ads. I often post perpetrators of what I call 'AD BLASTING' and 'AD SLAMMING' over at my zunipus blog. For some reason, my personality is particularly offended by any form of human abuse. Maybe it's because I'm human. With the plethora of psychopaths in world politics, religion and biznizz these days you have to wonder how many humans are left on Earth. But I rant.
We humans always discover and create new ways to thwart other people's bad choices. Blocking Tracking Cookies is simple because just about every web browser provides a method. Set it once and forget it. Happiness shall be yours young apprentice.
Well, there is one drawback: Advertising isn't going away.
You'll still be hit with it everywhere you go IRL or WWW. But instead of the ads targeting specificially you, they'll simply be generic. Darn! You'll just have to settle for having your privacy.
--
Subscribe to:
Posts (Atom)