How Viruses Evolve Into All-Purpose Malware 117
Posted
by
timothy
from the increments-of-evil dept.
from the increments-of-evil dept.
KingofGnG writes "Computer threats are continuously evolving, and some malicious codes are a problem difficult to tackle because of their inherent complexity and an intelligent design capable of constantly putting under pressure security companies. A remarkable 'intelligent' threat is for instance Sality, the 'new generation' file virus that according to Symantec has practically turned into an 'all-in-one' malware incorporating botnet-like functionalities as well."
You lost me... (Score:5, Insightful)
Software alone wont ever solve this problem. (Score:5, Insightful)
Security? (Score:4, Insightful)
How is this evolution? (Score:5, Insightful)
Re:Software alone wont ever solve this problem. (Score:3, Insightful)
Apple does. Look at the App Store.
Re:Software alone wont ever solve this problem. (Score:3, Insightful)
Yes, but Apple haven't solved the problem, they've merely given the user one avenue that is "probably" safer.
Anyone who has a jailbroken phone can essentially install software from anywhere, thus making them JUST as vulnerable as any Windows or Nix user.
You might as well say Apple has cured the problem of AIDs by not allowing people to have sex.
Re:Software alone wont ever solve this problem. (Score:1, Insightful)
The problem is that the same solution that can address the Trojan problem will make DRM impossible to get around, like trusted computing, curtained memory, etc.
Instead, what I'd like to see would be a standard for secondary access that is accepted by everyone across the board using an offline token system. The token system would allow someone to install an app on their phone (be it a WM device, Android, iPhone, or similar), or be a separate keyfob. Basically like what Blizzard offers for secondary authentication, but with the ability to support multiple devices (so if I don't take my phone with me, the authenticator on my keychain is usable), and is supported universally, even for machine authorizations.
Even better would be a ZTIC like system. Perform a major action on your bank account, you get prompted to confirm on your phone or keyfob with details on what was done. Same with changing a password on a social networking account, or altering substantially one's privacy or credit card settings. This way, the computer can be compromised as hell, and there will be damage, but it will be limited.
Re:the benefits of open source... (Score:5, Insightful)
Face it, thanks to Open Sores we all get to suffer more malware and more powerful malware. If even Microsoft with all their programmers has a hell of a time keeping up with patches and all of that, how are average users going to stand a chance? Tell me again why closed source is such a horrible thing??
Because closed source is equivalent to security through obscurity paradigm -- which never works and worse still - is illusory. You are only asking to live in your la-la land when the reality is different.
Malicious people are going to develop such sophisticated attacks regardless of whether software is closed-source or open-source.
Making such exploits open-source lets us know what sort of channels are exploited. This leads to a better understanding of the weaknesses in the underlying protocol. This is where you have improved software that won't fall down like a house of cards when kicked at the shins.
With closed source -- you are trusting what? An obscure programmer who is under a deadline to push something out the door??
You probably are not even aware of how many times Open Sourcing has saved your a$$. Just because you pretend the problem doesn't exist, does not mean that your ignorance is the truth.
Re:Software alone wont ever solve this problem. (Score:3, Insightful)
Apple is just fortunate enough not be getting attacked right now. GNU/Linux land is much better prepared than Apple's ecosystem because unlike with Apple on the desktop you haven't got systems where users are installing software from non-repository sources.
One word: PPAs.
Seriously. Think about it. Ubuntu PPAs are not vetted by Canonical or the Ubuntu Dev Team, and could, potentially, be used to spread Linux viruses.
Of course, someone has to go through the work of adding it to the package manager, but Ubuntu as made this relatively painless by 'add-apt-repository'.
Re:Software alone wont ever solve this problem. (Score:5, Insightful)
Partly right.
What we're essentially trying to do with malware is not unlike what some countries try to do to keep illegal immigrants out. They try to shut down the border. And you know how well THAT worked, right? It's like smashing all the windows in your home and then trying to keep the flies out.
A "total" solution does not exist, and probably never will. Whitelisting, while it would be initially quite secure, won't solve it either. Why, you ask? Because then the malware will be included in "harmless" looking programs. You will get a program that actually does what it should and contains a nifty little payload. Or, if everything fails, we'll get to see an exploit or security weakness in a programm sooner or later. What? Would be detected immediately? Oh yeah, right, and that's why no consoles have ever been hacked using save game exploits. And here even EVERYONE involved in the making of the hard- and the software had the interest to NOT allow something like that to happen.
Back on topic. We're now at the point where the number of usable exploits is down to a handful, actually. There's a reason why malware creators are reaching for exploits in third party software already (btw, Adobe, get the f... off your rear and get your act together!), simply because the useable exploits in the system itself become too few and are fixed too quickly. Recently I've seen the first exploits for popular games. Script support and the general support of user created content really opens that Pandora's box. But they're still few and far between, almost all infections today happen with the consent and actual help of the user. It's social engineering, people! Not software engineering.
The biggest security problem is not in the box on the floor. It's sitting right next to it.
Re:the benefits of open source... (Score:4, Insightful)
While not really an MS fanboy, the main reason why there's so little malware for OSS is because there's so little market. Malware is just like any software: They want to target a market as big as possible. Why are there so few commercial games for Linux? Same reason.
Besides, it's not anymore which system is more secure. The main question today is, which system has the bigger amount of completely ignorant users who click anything promising him dancing bunnies. And you can have the tightest, most restrictive security system in place, if the user has the root password and hands it to everything promising him a dancing bunny, the security is swiss cheese. Windows, Linux, MacOS or whatever, if the user is a doofus, the system is easily compromised.
It kinda depends (Score:3, Insightful)
You're certainly right that a sufficiently motivated idiot can compromise any system, but the system designer could probably mitigate the problem of idiot users (dancing bunnies, etc. in their inbox) into irrelevance.
It's just shoddy design that .doc files with macros can be opened directly in MS Word without any kind of sandboxing of the file system to prevent macros from rooting around the file system for other documents to infect. The way I see it, you could have a more fine-grained privilege system where it isn't all-or-nothing, but where some documents (files) get more privilege to "do things" based on where they're from (inbox, local file system, remote file system, etc.). Of course you'd need some way to elevate/demote the amount of trust you (as a user) have in a document. This could perhaps be exploited by spammers/scammers, but but if most of the documents your average user receives in their email runs fine with the lowest possible privileges, then they'd at least be more likely to actually notice when a document in your inbox needed elevated privileges to function. (As opposed to now, where you'd get the exact same warning for every single document in your inbox regardless of the documents. So your average user just learns to click "Yes, I know what I'm doing" without even reading the dialog box.)
(I'm not saying things are much better in Linux land, it's just easier to make the point using MS Word .doc's as an example since Linux email clients don't tend to be quite as fast & loose with loading documents/attachments.)
Re:the benefits of open source... (Score:3, Insightful)
Care to back it up? I have here a rather extensive amount of samples per day flooding me, more than I can sensibly analyze away (fortunately 99% are just variants of something I already have). And nearly all of them rely on social engineering at some point. And all of them are for Windows.
These asshats writing malware are not "real hackers". They're businessmen, plain and simple. They don't give a fuck whether they compromise your machine or the one of the doofus next to you. Actually, the doofus is more interesting because he probably cares less about security than you do and hands him more info.
Of course, cracking the shell of a Linux box (pardon the pun) wins you the holy grail of hackerdom, and you gain cred by the truckload. But that's not the point here. Nobody writing malware cares for fame. Quite the opposite.
It's a business. Take a look at RBN [wikipedia.org], as a prime example of how it's done. Do you think these guys care about hacker cred? Do you think they aim high at the pole vault to "prove" something? They couldn't give less of a fuck about your opinion about them. They do it for the money. Plain and simple.