Dark Reading
Risky Business
Do more than just cursory scans. Develop
a holistic approach to app security.
Find out how!
Learn to take the ambiguity out of managing IT so you can guide your business forward.
Download now!
Use these tips from Gartner to identify the EPP solution that best suits your business.
Download now!
Cybercriminals Offer 43 Cents For An Infected Mac
Sophos researcher offers a peek at the inner workings of an infamous Russian affiliate networkSep 25, 2009 | 12:29 PM
By Kelly Jackson HigginsDarkReading
Good news for Mac users: An infected OS X is still not as profitable to cybercriminals as an infected Windows machine.
But the bad news is that the bad guys are looking at infected Macs as a potential money-maker. Sophos researcher Dmitry Samosseiko at the Virus Bulletin conference in Geneva this week gave an inside view of the Russian "partnerka," a network of cybercrime affiliates who spew spam and malware (think "Canadian Pharmacy" Website) -- including information on one black market Website that a few months ago offered 43 cents per infected Mac OS X machine, which was at least 10 cents less than what infected Windows machines were going for in the cyber underground at the time.
The Website offering the deal, MacCodec.com, also provided malware-laced phony video players to help the affiliates infect the Macs. The site has since disappeared from the Web, according to Sophos.
"Mac users are not immune to the scareware threat. In fact, there are 'codec-partnerka' dedicated to the sale and promotion of fake Mac software," Samosseiko wrote in his research paper (PDF).
A partnerka contains hundreds of affiliate networks that sell fake watches, fake antivirus, fake prescription pills, and other online scams, according to Samosseiko. "The affiliate networks focused on the promotion of illegal products are part of a growing multimillion dollar 'industry.' Affiliate web marketing also became the main driving force behind the recent explosion in malware, website infections, email spam and general web pollution," he wrote.
But the good news is pressure from researchers, law enforcement, and hosting companies is forcing some of the scareware operations to go deeper underground or shut down altogether, he says.
Meanwhile, Mac users shouldn't celebrate too soon: "The growing evidence of financially motivated criminals looking at Apple Macs as well as Windows as a market for their activities, is not good news. Especially as so many Mac users currently have no anti-malware protection in place at all," blogged Sophos' Graham Cluley yesterday.
Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.
China Shutters Hacker 'Boot Camp' 02/09/2010
Hacker Unleashes BlackBerry Spyware Source Code 02/08/2010
The Evolving Malware Threat: Is Your Organization Protected from All Angles? 02/17/2010
Daily log review sucks, here's how to make it easier 01/28/2010
DIGITAL ASSETS
From the Field: A Hacker's Story
02/01/2010
Testing Role-based Authorization Controls in Websites
02/01/2010
Subscribe to RSSChina Shutters Hacker 'Boot Camp'
GAO Report: NASA Still Facing Weaknesses In IT Security
Hospitality Industry Hit Hardest By Hacks
MORE KEYHOLE
Published:2010-01-22
Severity:High
Description:SUSE Linux Enterprise 10 SP3 (SLE10-SP3) configures postfix to listen on all network interfaces, which might allow remote attackers to bypass intended access restrictions.
Published:2010-01-22
Severity:High
Description:The URL validation functionality in Microsoft Internet Explorer 7 and 8 does not properly process input parameters, which allows remote attackers to execute arbitrary local programs via a crafted URL, aka "URL Validation Vulnerability."
Published:2010-01-22
Severity:Medium
Description:ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta does not properly validate DNSSEC (1) NSEC and (2) NSEC3 records, which allows remote attackers to add the Authenticated Data (AD) flag to a forged NXDOMAIN response for an existing domain.
Published:2010-01-22
Severity:High
Description:Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-2530 and CVE-2009-2531.
Published:2010-01-22
Severity:High
Description:Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-3671, CVE-2009-3674, and CVE-2010-0246.
|
