BBC: "US cyber war defences 'very thin', Pentagon Warns"

--

A quick post to note an article that finally points out the big DUH: That the US government has terrible cyber-security. It is well known, certainly if you've been following my posts, that the US government has been repeatedly PWNed by Red China since 1998. The US feds only admit, however, to being PWNed since 2007 when they discovered all their computers attached to the Internet had been infected with bots that were feeding every piece of their data over to Red China. It was also uncovered around that time that Red China had been circulating an internal memo declaring 'cyber war' on the USA. This is our #1 trading partner benefiting from 'Most Favored Nation' status. The mind boggles.

It's a good and short read, important if only because the Pentagon has finally come clean about their incredible LACK of readiness in the ongoing cyber-security warz.

US cyber war defences 'very thin', Pentagon Warns

And yes, despite FUD to the contrary, the US feds would be remarkably better off if only they would dump Windows and, chant along with me:

GET A MAC

Red China says: "Thank you USA for using Windows!" (0_o)

Mac OS X is far from perfect. But Windows is far from adequate. Mac OS X remains the single safest GUI operating system on the planet. Only OpenBSD and FreeBSD have better security reputations. Sorry Linux.
--

Intego Errors! Marketing Vs Fact, Money Vs Reality

--
Kids. Didn't I tell you the computer anti-malware community was 'unprofessional'? Here we go again.

For shame Intego! Publishing FUD to sell your anti-malware software. For shame!

I like the folks at Intego a lot. But this is the SECOND time they have outright FUDed the public for the sake of making sales of their indeed superior anti-malware software. Note that this is entirely in line with our current era of PROPAGANDA at the expense of both facts and reality. I DESPISE FUD! I DESPISE PROPAGANDA! If you check out my zunipus blog you'll see I'm well versed on the subject.

This very WRONG page of information was posted at the Intego website this week. It makes me want to gag. It's crap like this that inspires me to keep writing my own, independent, 'hey look at me I have a brain in my head', Mac-Security blog:

Intego: Learn About Mac Malware

The Post-Mortum:

I) This page claims to provide a "clear explanation of what types of viruses and malware are a danger for Mac OS X."

Bullshit.

There is nothing 'clear' about FUDing customers and confusing them with ignorant information. If you haven't already spotted the garbage on this page, read on.

II) The Mac picture provided on the page, with its arrows to various malware, includes the word "Botnet". This is WRONG. There is no such thing as a 'botnet' form of malware. A 'botnet' is the result of having many computers infected with BOT malware. The software that infects your computer is called a 'bot.' Not a 'botnet'. A BOT!

III) The paragraph entitled "MAC VIRUS" is WRONG. There are NO viruses for Mac OS X. There never have been any viruses for Mac OS X. So this paragraph must be proceeded with the word:

NO

The description of viruses by Intego in this wrongful paragraph is entirely inadequate. Read these instead:

Computer Virus
or
What is virus?

In fact there are dozens of pages on the Internet that have superior descriptions of computer viruses. Google "What is a computer virus?"

IV) Examining the wrongful "MAC VIRUS" paragraph we see two wrongful examples. They are NOT viruses. Here is what they REALLY are: PROOF OF CONCEPT malware. Did you see 'Proof Of Concept' listed as a type of malware in Intego's illustration? No. Why? Because they are only demonstration malware that are NOT released into the wild, cannot replicate in the wild, and are only created to prove a software security problem. They are HARMLESS to one and all except on test machines used for EXPERIMENTATION. Anyone telling you that Proof of Concept malware will ever appear on your machine at any time, except within an experimentation situation, are FUDing you. FUD = a classic form of propaganda known as FEAR, UNCERTAINTY and DOUBT.

You can read about FUD here:

Fear, uncertainty and doubt (FUD) is a tactic of rhetoric and fallacy used in sales, marketing, public relations, politics and propaganda.

If you'd like to read about Proof Of Concept malware, check these out:

Proof of concept

Prototype

What is proof-of-concept virus?

And for fun, here is what these two Proof of Concept malware actually do:

A) OSX.MacArena.A - Here is a quotation from 2006 from Kaspersky's Securelist.com:

"Macarena was the first attempt to create a virus for Mac OS X that infects mach-o format executable files. The virus only infects files in the current directory and only runs on Intel platforms, i.e. it does not pose a threat to machines with ppc architecture. These malicious programs are purely proof of concept code, i.e. they demonstrate that such programs can be created."

Darn. This thing can only self-propagate within its own current directory. Wow. So scary. It is NOT in the wild. It does NOTHING to harm your computer. Not-a-thing.

B) "OSX/Oomp-A or Leap.A" - First off, note use of two different names for the exact same thing, AND the total lack of conformity to the published malware naming standard. I'd be ticked off, except this is again harmless proof of concept malware, so who cares. Here is an article from Macworld, published in 2006, about what is ACTUALLY called the "Oompa-Loompa Trojan" by the first person to publicly describe it, Andrew Welch of Ambrosia Software:

Reports emerge of Mac OS X Trojan horse or worm

"Reports indicate that someone has let loose a �Trojan horse� or worm for Mac OS X users. The program is hidden within a package that purportedly contains screenshots of Apple�s as-yet unannounced next major revision to Mac OS X. Whether it�s a Trojan horse or worm seems to vary depending on the source of the information."

Do you see the word 'virus' in this description? NO.

"So-called Trojan horses are differentiated from viruses because they masquerade as a regular application or file and do not replicate themselves arbitrarily."

Ah! So NOT a virus!

"Anti-virus software maker Sophos takes issue with this description claiming this is the �first ever virus for Mac OS X.�

Traveling over to the Sophos page, what do we see in the TITLE of their article?

"First ever virus for Mac OS X discovered
OSX/Leap-A worm spreads via iChat instant messaging software"

So it's a 'worm', and NOT actually a virus. That's what Sophos are actually saying.

But I thought proof of concept OSX.MacArena.A was "the first attempt to create a virus"!!!

Are you getting the idea of how chaotic the anti-malware community can be?

And guess what folks. Ooompa-Loompa was made entirely INERT with the next Apple revision of iChat. So be scared. Be VERY scared!

And no, it's NOT a virus. No, it CANNOT replicate itself in-the-wild. This thing can only replicate via iChat within a LAN. That means it hasn't even got a clue what the Internet is. Got that? NOT-IN-THE-WILD at all. It can't get there. There was only ever ONE place it was ever found on the Internet, at that was in a forum at a Mac rumor website.

V) Then we move along to the wrongful paragraph about BOTs. I'm perfectly happy to ALSO call them by other malware names. But the ONLY bots for Macs exist in the form of Trojan horses. There are three of them: Trojan.OSX.iServices.A - C, which is to say that there are versions A, B and C. They have only ever been found, as Intego indicate, within the installers of pirated software. These include pirated copies of Apple iWork and Adobe Photoshop CS4.

Once Macs were infected, via these pirated installers, with the bots, the computers were then 'zombied' or 'botted'. Via communication over the Internet, these machines then joined into what is called a 'botnet'. In early 2009 there was a guestimate that the resulting botnet contained over 10,000 Macs, which indicates the popularity of pirated software. The only published attack carried out by this botnet that I am aware of was a DDOS, or Distributed Denial of Service attack. I've never heard or read about it again. But note that this malware is indeed still in-the-wild and can infect you.

VI) Then we get to the WORM section: Note how Intego don't list any for Mac. That's because THERE AREN'T ANY for Mac, except as Proof of Concept malware. Yawn. Therefore, this section also requires the removal of the 'YES' to be replaced with:

NO

The description of worms here is poor. Reading this stuff you'd think they were the same thing as viruses. They aren't. Read this from Wikipedia.org:

Computer worm

"Unlike a virus, it does not need to attach itself to an existing program. Worms almost always cause at least some harm to the network, if only by consuming bandwidth, whereas viruses almost always corrupt or modify files on a targeted computer."

The main, if not only, point of a worm is self-replication. Whereas, the point of a virus is not merely to replicate but to DAMAGE.

~~~~~~
I know Intego are not going to be pleased that I've ripped apart this blatant propaganda / FUD piece. To be honest, I'm really miffed that I, a non-professional in the Mac malware field, end up having to point out these ERRORS and FUD. If dimwit security amateur me knows full well the bullshit in this Intego article, why the hell are the 'professionals' at Intego publishing it?!

My proposal:

Dear Intego,

FIRE your Marketing Manager. Dishonest marketing damages your company's reputation. Witness Adobe.

And please don't bother writing to me to attempt to explain the bullshit in your article! Just take the article down, remove it, kill it. Then get a serious professional at Intego, (I know they exist! I've talked to them!), to write a seriously HELPFUL, HONEST and INFORMATIVE article that misleads no one and educates everyone. THAT will bolster your reputation and sales. Not this FUD crap.

Where's my aspirin?
--

The First Reported Mac BOTNET

--
Let me first share news from SANS Institute, then provide a brief perspective on the situation.

Below is a quote from SANS NewsBites Volume 1, Number 30, released last night. (I added some bolding for emphasis). You can sign up for the SANS newsletters HERE.

--Trojan in Pirated Mac Software Helped Create First Mac Botnet
(April 15, 2009)

Malware embedded in pirated versions of Apple's iWork and Adobe Photoshop CS4 for Mac that were available over a peer-to-peer network in January is responsible for what appears to be the first known Mac botnet. The zombie network attempted to launch a distributed denial-of-service (DDoS) attack against an unidentified website. The malware had spread to several thousand computers before it was identified.

http://www.cbc.ca/technology/story/2009/04/15/ibotnet-trojan.html

http://blogs.zdnet.com/security/?p=3157

[Editor's Note (Honan, Schultz): Looks like the Mac platform is an increasingly fruitful target for cyber criminals. ]

Indeed it has. "Several Thousand Computers." This is incredibly sad, but also inevitable.

While all the FUD mongers have a sadism party at our expense, (and they will), keep in mind that NONE of the current Mac malware is able in penetrate any Mac unless the user (often called the 'luser') deliberately installs a Trojan horse on their computer. This happens specifically because the user has been conned by what is called Social Engineering, or in this case, the luser is using pirating software that has had the Trojan carefully placed in the installer to go along for the ride. What do you call it when a dirty deed is done to someone pulling a dirty deed? How about 'Dishonor Among Thieves'. It is more like poetic justice, parasite chewing on parasite.

Anyway, Mac Botnets have arrived. What is done with them will be of interest. Typically these days they are used for money making schemes. Go read all the news about the Windows Conficker worm scare of April 1st and beyond. Once created via infection, a botnet can pull off just about anything you can do over the Internet except in mass numbers at one time.

OK! You're a luser and maybe you did something that could have gotten you infected. Now what?

What NOT to use:

ClamAV. Worthless for Macs. I've covered this disappointment several times.

MacScan. The botnet Trojans are out of its league. It's clunky unreliable software anyway.

Symantec Norton Whatever. I consistently get reports that Norton Anti-Virus continues to be one of the single most buggy and CPU hogging applications you can buy for Macintosh. Symantec also invented the anti-Mac security FUD campaign back in 2005. Save your money and your patience. Avoid. Run away. Just my opinion.

Freeware:

iAntiVirus from PC Tools. It can detect and remove all current Mac malware. You don't have to pay for the application unless you are a business or are running a large network. The paid version offers technical support. Note that it only runs on Leopard. I use it and find it to be very simple and unobtrusive.

Shareware / Commercial-ware:

Sophos Anti-Virus. It is designed for companies and networks of computers.

Intego VirusBarrier. I find them to be the best-in-class for single users. I'm disappointed at their disorganization as a company. But the program is top notch. Just be prepared to shell out money year after year. Bleh. Nonetheless, I own it, use it and like it.

I used to use Virex X, now called McAfee Virus Scan. But it got clunky. Many people downright hate it. I don't know why. These days it is designed for companies and networks, not single users. I would have shoveled McAfee into the grave along side Symantec for having FUDed the Mac. But oddly, their CEO ended up stating that the single best way to escape computer malware was to "buy a Mac." So they can't be entirely stupid over there.

There is other stuff around, but it makes me yawn. You can get a listing of it all at the download sites by searching for 'virus'.

DEFENSE!

If you are in charge of a home computer shared by others, or you are an IT manager, stop the luser users from installing Trojans by giving them Mac OS X accounts that Do Not Allow Program Installation! If a user wants a program installed, let them ask you to do it for them in YOUR account. Then give them access to the program.

But of course this means that YOU, the boss of the machines, have to be careful too. Always verify that what you install has specifically been tested somewhere. I always use the download sites like VersionTracker or MacUpdate. There are many others. Be sure that either the site itself has tested that version of the program and given it an OK, or that a lot of users have tested it and OKed it. Buy commercial-ware directly from the company, and make certain they are entirely, unquestionably reputable. Adobe.com = reliable. Jake's Super Deluxe Fly-By-Nite Site.com ? reliable. You get the idea.

And just to tick off the FUD mongers:

A) There is no such thing as a 'virus' for Mac OS X.
B) There is no such thing as a 'worm' for Mac OS X.
C) There is no such thing as illicit 'spyware' for Mac OS X. All Mac spyware is sold legally for the purpose of surveillance of network machines.
D) There is no such thing as 'security by obscurity' for Mac OS X. If you know how to do math, you can prove this for yourself. Go backwards in my blog if you want to read the gravestone I wrote for this mythological absurdity form of FUD.
E) As a Mac user you must keep computer security in mind. Follow the basic rules:

1. Make regular backups. This is the #1 Rule Of Computing.
2. Learn how to use your router's firewall and use it.
3. Learn how to use Mac OS X's built-in firewall and use it.
4. Always use password protected accounts. Make very sure your password is strong, obscure, unintuitive and plain old nasty. Be sure you remember it. Don't give anyone else access to it.

I've gone into greater detail about add-on measures in previous posts. The list above covers the essential basics.

And of course, don't ever pirate software. Now it's extra dangerous. If that gets you excited, welcome to the botnet.

:-Derek
--