Tag Archives: computer forensics

The Mac Malware Is Back

Posted on by
Reply

This year is probably one of the busiest years according to researchers, cyber security experts and computer forensics when asked about the Mac malware. So why do you think these people point that out? The reason is pretty simple really; it is the report from Apple, one of the leaders in the IT industry.

This report has opened a new update regarding a list of malware that is known to invade many desktops and devices with Mac operating systems. Among those malware is the Trojan dropper experts’ call as Revir and including in the report is the new Trojan they call as Flashback. If Revir disguises itself as some sort of PDF file, the Flashback will cloak itself as some sort of update for the Flash Player. Intego, the security firm of Mac believes that the Trojan Flashback was not as widespread at start, but now there has been an increase in number of incidences and reports of Flashback infections.

Experts from Intego believe that this Trojan is slowly spreading its terror across different systems and it is spread through many malicious Websites. Whenever internet users visit the malicious websites, they will suddenly notice a particular message saying that their plug-in has crashed and that there are suspected errors in the plug-in. After these false messages, a screen will suddenly pop-up offering the user to fix the problem by installing the Adobe Flash installer. Unknown to the user, this installer is not an Adobe Flash installer but an installer for a Trojan horse, the Flashback. And if the user’s browser is in Safari mode, then their computer will automatically download the said “safe” downloadable and a window for the installer will automatically open.

In the event that the user will install the said “safe” software, the Trojan horse Flashback will automatically deactivate the software needed for network security. The code in this particular malware will deactivate some security software only like Little Snitch, and luckily it has no effect in software like Intego VirusBarrierX6. Once the package has been installed, it will automatically delete the installation package. This malware will also automatically install a dynamic loader or dyld library and also an auto-launch code that allows the malware to inject its code into any applications the user will launch. This malware will also install a backdoor in the system where it will try to communicate to a remote server where it will send all the data it has stolen and this data will be in an RC4 encryption.

Experts who have completed cyber security training and computer forensics training believe that this malware infection is a fruit of genius social engineering. Most Mac users aren’t easily fooled by this method because an installer for Mac will never appear this way. Unfortunately, there are two things that make this approach believable. Devices with Mac OS X Lion does not come in with a Flash Player package, so if they want to view Flash content found on the Internet they must install the software themselves. Second reason is that their Flash Player must have been set to automatically update itself and this might look like an update alert. These two reasons could easily trick or fool Mac users; they would unwittingly download a malicious malware that would compromise their important data.

However, the report did not mention how Internet users are being drawn into these malicious websites. But according to some experts who have completed computer forensic course, it is easy to imagine how the users are drawn to these sites. One example is creating viral videos and spreading them like wildfire. Crooks may use these viral videos like a video about a trending topic or a scandalous video or nude video of an artist or any known person. When Internet users will try to view the video, they are prompted to install a fake Adobe Flash update – a false update that is instead an installation of the said Trojan. In fact, this method has worked well in many Windows as well as Mac users for the past years.

Indeed, there are more malware that is written and intended for Windows users compared to Mac OS X. Still it doesn’t mean that Mac computers and devices should be left unprotected.

The International Council of E-Commerce Consultants (EC-Council) is a member-based organization that certifies individuals in cybersecurity and e-commerce. It is the owner and developer of 20 security certifications. EC-Council has trained over 90,000 security professionals and certified more than 40,000 members. These certifications are recognized worldwide and have received endorsements from various government agencies. They also offer trainings in computer forensics.

More information about EC-Council is available at www.eccouncil.org.

Incoming Waves of Small Botnets

Posted on by
Reply

Large botnets nowadays are in the hot seat due to the fact that law enforcement as well as security agencies are tracking and eliminating them one by one. In fact some of the major botnet operations have been ended and their operators are now behind bars. Because of the increase of crackdowns against them, some vile minds are directing their skills to different avenues. These avenues are multiplying in an alarming rate even with the increase of crackdowns against them and the reason is simple – because they are smaller and much harder to trace botnets. These kinds of botnets are cheaper and far easier to build and manage, and criminals know that large scale botnets will surely attract unwarranted attention.

Nowadays botnets have become more commoditized, sophisticated and automated; in fact, botnets are powerful weapons that can greatly affect our society, even if it is in the hands of a criminal with little computer expertise. And smaller botnets can steer clear of the law enforcement as security agencies radar, thus they have become numerous. The development of botnet technology is parallel to the technology in the Internet industry. The staggering truth is that latest versions of botnet kits can be purchased for just a couple of thousand bucks and it could lead into millions of illegal profit. Sometimes, there are free versions of such tools, which lead to some major concerns of experts and computer forensics in the security industry.

Botnet industry is one of the most sophisticated, yet scalable business in the black market. Some clients can employ the service of a botnet merchant for a certain 1 hour DDoS attack for a few dollars only. In fact, botnet rental comes with service agreements as well customized controls for their clients – making it appear as legitimate as regular business transactions.

Even if the security system of an industry is protected from becoming host to a botnet, it doesn’t mean that it is safe from botnet attacks like DDoS. As the number of controlled botnets increase, the bandwidth needed to control them also increases. This year the largest ever recorded DDoS attack was 49 Gbps. That number alone could take out a lot of working sites and could possibly lead to serious damages.

The threats of botnets are always present wherever you may be in the globe, so what should your business do against them. Smaller businesses should first find a safer refuge for their important data; relocate them to extremely capable and highly maintained cloud applications providers – providers that offer safety and defense against DDoS attacks. It would be less expensive than maintaining it on your own. Larger companies must first asses the abilities and features of their chosen data or webhosting providers so that the important services are not ignored and become an open vulnerability against attacks. Of course all of these industries, whether small or large must have the assistance of security experts as well as individuals who have received computer forensics training.

Botnets are an all around tools and once a computer system has been infected with a bot, hackers can use it as a leverage to send spam, execute DDoS attacks and even host illegal contents. They can be used in some covert illegal activities like recording the keystrokes of a victim, steal the banking information of an individual. One of the most common botnet software is the ZeuS and it is a creation as well as control software that is used to steal passwords as well as other credible information.

Somehow, almost half of bot variants made the same way as ZeuS can be detected by regular antivirus programs. Years ago the Conficker botnet can be compared to a dangerous volcano, waiting to erupt any moment, but somehow it has been mitigated and stopped. So this implies that, botnets can still be eliminated, whether it is large or small and it all relies on the education and knowledge of individuals who are willing to work together to be able to eliminate the infection and also improve the cyber security of a network.

However, criminals do not need large botnets just to direct an attack to a particular enterprise; smaller botnets can deliver the job. Even cyber security experts and individuals who have completed computer forensic course always say that industries must treat small botnets the same as the large botnets.

The International Council of E-Commerce Consultants (EC-Council) is a member-based organization that certifies individuals in cybersecurity and e-commerce. It is the owner and developer of 20 security certifications. EC-Council has trained over 90,000 security professionals and certified more than 40,000 members. These certifications are recognized worldwide and have received endorsements from various government agencies. They also offer trainings in computer forensics.

More information about EC-Council is available at www.eccouncil.org.