Hill Top Information Technology

Mac Defender is a fake anti-virus program for the Mac OS and it’s designed to steal people’s credit card information and other personal information.  It’s MalWare.  It’s on a Mac.  It’s very real.  I know there’s a lot of people that think that Mac’s are virus-proof, but that’s simply not true.  Apple has removal instructions on their website.  The 1st virus for Mac OSX appeared in February 2006:

Experts at SophosLabs™, Sophos’s global network of virus, spyware and spam analysis centers, have announced the discovery of the first virus for the Apple Mac OS X platform. The virus, named OSX/Leap-A (also known as OSX/Oompa-A) spreads via instant messaging systems.

How is Apple responding to the flood of customer calls about installations of the Mac Defender malware?  Apple continues to tell support reps: do not help with Mac malware.  Now that may sound bad, but in reality it’s not Apple’s responsibility to teach users how to use a Mac properly or how to secure it. 

We see this kind of thing on Windows all the time.  Fake anti-virus programs that suddenly appear warning of massive infections that can only be corrected with a Visa or MasterCard.  They can instantly disable Internet access, interrupt normal program function, erase system recovery points, lock users out of administrative access, and transmit confidential information.  They all have one thing in common: no significant anti-virus protection, which is exactly where most Mac users are at.

Mac users have enjoyed virtual immunity from the cyber-criminals who have focused almost all of their efforts on Microsoft products.  But now that Apple has become a tech name bigger than Microsoft, and the Mac OS is now on millions of computers, that time is no more.  Cyber criminals have no brand loyalty, they are only motivated by theft and greed.  The Apple is ripe for the picking.  Mac Defender isn’t going away.  It will be copied, changed, altered, replicated, and will inspire other cyber criminals to succeed where Mac Defender failed.

While there is a small part of me that will enjoy watching that smile getting slapped off the smug faces of those self-important Apple religious-fanatics (you know who you are), I also feel a great swell of pity for the many innocent people who will be victimized in the near future because some fool told them Mac’s were virus-proof.  Well, if you own a Mac, you can now switch to a Linux because it’s “virus-proof” too.  Or you can get a real anti-virus program for the Mac OS.  Here’s what I found that’s available:

You may have read recently that Yavapai County offices suffered a serious virus attack.  Their MIS department shutdown workstations including remote law enforcement terminals to contain the problem until it could be corrected.  The Daily Courier reported that it was the Qakbot virus, or some variant thereof.  Specialists were brought in to help, and the county’s MIS staff worked non-stop until they could restore normal operation.  The breach was an enterprise-level event that effectively crippled nearly all county services, and threatened catastrophic damage.

W32.Qakbot is a worm that spreads through network shares and removable drives.
It downloads additional files, steals information, and opens a back door on the
compromised computer. The worm also contains rootkit functionality to allow it
to hide its presence.

It’s also been reported that YC’s MIS was uncertain as to exactly how the virus penetrated their systems and walked right past their enterprise-level anti-virus software and other security measures.  I could make some guesses (Facebook) but without knowing their policies and procedures, it’s anybody’s guess.

I also read a lot of comments posted by Daily Courier readers about the security breach.  There was a lot of negative criticism hurled towards the MIS staff.  I feel most of it was undeserved and based on conjecture.  Even though a failure like this should never have happened, there is no anti-virus program in the world that can bullet-proof any system against 100% of all potential threats.  Keep in mind that in IT as well as life: It is possible to make no mistakes and still lose.

The first known and confirmed cyber super weapon has been discovered.  It’s called Stuxnet and technically it is a logic bomb.  It is capable of spreading like a virus or worm, and can rewrite the operating systems controlling powerplants including nuclear.  It is specifically designed to sabotage power plants, and it wants to do it too.

The CIA used a logic bomb in 1982 to destroy the Siberian gas pipeline in the Soviet Union; that explosion was visible from space.  But that was a long time ago before the internet and USB sticks.  Now things are much easier to destroy.

Stuxnet’s new abilities including being able to rewrite the logic system in, say, the machinery of a power plant and then covering its tracks. The result? All manner of things could happen to the plant, including a meltdown, and a meltdown is something you do not want to happen at a site with a nuclear reactor. The kind of supervisory control and data acquisition (or SCADA) components Stuxnet targets are used in everything from chemical, electric and nuclear power plants to factories all over the world. In other words, this thing could seriously damage a country’s physical economy, power grid or production capabilities.

In other words, all those movies we’ve seen where terrorists or governments use hackers to destroy the infrastructure of the United States; well it’s all possible now, and Stuxnet is the first REAL example of this.

Via: DVICE

The W32.Imsolk.B@mm virus (actually a worm), a.k.a. the “here you have” virus has recently plagued major companies including ABC, Disney, Google, Coca-Cola, and NASA.

E-mails that carry the virus contain a link that encourages readers to click on a PDF document file. But rather than a PDF, the file  contains a Windows script that transmits a virus and spams the entire contact list of the person who opened the file.

Anti-Virus rule #1:  If you don’t know the sender, or were not expecting a file, don’t open the file.  E-mail worms impersonate people you know.  Be safe and call the sender and ask them if they sent you a file.

Anti-Virus rule #2:  Have anti-virus software.  Free anti-virus software such as Avast and AVG are grossly insufficient to protect your computer.  Don’t use free AV programs, go buy something.

Anti-Virus rule #3:  Keep your computer up to date.  Download updates for the operating system and every piece of software you have installed on it.

Anti-Virus rule #4:  Don’t buy anything that runs Mac OS.  Apple users think they’re invincible because most virus authors focus on Windows and Linux.  This false sense of security has resulted in totally inadequate protection for Mac OS.  Many Apple users have virus infections now and don’t even know it.

Via: MSNBC

Smartphones running the Android OS can get infected; technically, any smartphone can including Blackberry, iPhone, Windows Mobile, and others.  However, Android can not get infected with this particular Trojan unless a default safety is disabled.

Continue reading »