Mac Malware Monsoon in May

Here’s a quick update on the Mac OS X malware landscape, a rather hot topic this month. May started off with the announcement of the DIY malware kit Weyland-Yutani BOT. This news was shortly thereafter dwarfed by numerous reports of fake (a.k.a. rogue) security software for the Mac; names include Mac Defender, Mac Protector, Mac Security, and MacGuard.

In the past I’ve read comments from Apple users claiming that the XYZ threat for Mac isn’t a “real virus” because the victim has to manually install the threat. Mac users should understand that millions of Windows threats exploit the user, rather than the operating system. Attackers target the curiosity of the person at the helm of the mouse, who’s just a couple clicks away from watching that video, seeing a photo, or obtaining the system protection they’ve been “promised.” Sadly, many Windows users have grown accustomed to the tactics of those who seek to gain control over their PCs. But even sadder will be the non-Windows users who have lived in ignorant bliss.

Here’s a chart highlighting the recent increase in the creation of malware for Mac OS X, namely the impact of these rogue security programs on the landscape, as seen in red below.

Is this merely a short-term blip on the radar or the beginnings of a trend for Mac threats? Time will tell. However, rogue security programs in general are generating revenues of hundreds of millions of dollars a year for the bad guys, a powerful incentive. Furthermore, ZDNet estimates that 60,000-125,000 customers have called Apple support this month about such malware. Of course only a fraction of those infected would actually pick up the phone, so the problem is likely much larger.

Fake Lotto for Indian Premier League

There has been yet another spam attack on the widely followed game of cricket. Earlier this year, Symantec reported about a spam attack that targeted the Cricket World Cup. It is now time for the Indian Premier League (IPL). With the playoffs in progress and the grand finale just two matches away, it is not surprising to see spammers trying to make the best of it.

We have observed IPL scam, in the wild, promoting an IPL lottery. Were the IPL honchos promoting a sweepstake of this sort?  We did our research and the answer is no.  So, where did this offer come from?  We investigated further and found that it was from a compromised machine from the suburbs of Mumbai, India.

Below is the spam sample:

So what is this scam all about? Our analysis found out that it comes from a fake “IndianPremier League Fiduciary Agentclaim department” and speaks about a whooping amount of “(Rs/-56,80,708.00) Fifty Six Lacs Eighty Thousand Seven Hundred and Eight India Rupees”.  What does a user have to do to get this coveted cheque/demand draft? As is customary with such scams, there is a list of information that needs to be provided along with personal details such as:

·         Full name

·         Date of birth

·         Present contact address

·         Email address

·         Mobile number
 

Ironically, there is a security warning included in the offer: “For Security reasons, you are advised to keep your winning information CONFIDENTIAL to avoid double claim or impersonation”.

All this together makes for a perfect IPL sweepstake scam!  This scam attack is targeted at the cricket-crazy population in India. We advise our readers to follow general security and safety policies and to not reply to such scam emails.

Thanks to Christopher Mendes for the contribution of this blog.

Super Mario data-slurping scare hits the Google Chrome web store

Data that can be accessedFancy a game of Super Mario for free? Well, be careful – because although you may not have to pay any money for it, you might just be giving away a lot of your private data.

Blogger David Rogers has described how he stumbled across something interesting on the Google’s Chrome web store – a playable Super Mario app that – can also access data from all the websites you visit, your browsing history, and your bookmarks.

If you were a fan of Nintendo’s dungaree-wearing moustachioed Italian plumber, would you bother to read the small print or just be terribly excited at the prospect of playing “Super Mario World” in your browser?

Super Mario World

Of course, these apps (technically they’re browser extensions rather than apps..) aren’t endorsed or developed by Nintendo, and by downloading and playing these pale imitations you’re only encouraging others to rip-off the hard work of genius game developers from yesteryear.

Nintendo’s PR department got in touch with me to emphasise the point:

"Nintendo video games are offered only on Nintendo systems such as the Wii and Nintendo 3DS. Applications on the Apple or Google marketplaces that purport to be Nintendo video games are not legitimate and users who download these applications may expose themselves to spyware or other malicious software. Nintendo actively monitors the unauthorized use of its intellectual property, and will continue to seek removal of any unauthorized content in these marketplaces. In this case, Nintendo worked with Google to have the applications removed."

But more than just supporting copyright thieves, you could find that the lure of a video game classic could be being used to rip off data about you. Think of that next time your eyes glaze over when faced with small print about what an app is really going to do.

It appears that Google has now removed the errant apps from its Chrome Web Store, but one wonders how many other apps and extensions are designed to slurp up more of your data than reasonably expected.

There’s no indication that the unauthorised Mario games in the Chrome Web store are intentionally malicious, but they’re certainly playing pretty loose in terms of the data they want to access.

There have, of course, been viruses that have posed as Nintendo games in the past.

For instance, on the Windows platform a few years ago we saw the Romario worm, which launched one of the classic Super Mario Bros games, starring the starring the portly Italian plumber.

The worm plays a classic Super Mario Bros game

What would Princess Peach have to say about such shenanigans?

Obama: Gary McKinnon’s fate is in the hands of the British legal system

Gary McKinnon and his mother Janis SharpWe’ve written on many occasions on the Naked Security site about the case of British computer hacker Gary McKinnon.

McKinnon, who suffers from Asperger’s Syndrome, was arrested in 2002 after breaking into computers belonging to the US Army, US Navy, US Air Force, Department of Defense and NASA.

The 45-year-old hacker claims that he accessed the computer systems only to hunt for top secret information about anti-gravity propulsion systems and alien technology, which he believed the authorities were hiding from the public.

For their part, the US authorities claim that McKinnon caused some $800,000 worth of damage.

ITV reporter Tom Bradby quizzed Obama and Cameron about whether the leaders had found a solution to the vexing question of whether McKinnon should be extradited to the United States.

As you can see in the following video of what was said, there may be cause for some optimism amongst McKinnon’s many supporters.

Obama, who visited the UK this week on a state visit, told the international media at a press conference held with the British Prime Minister, that the decision as to whether McKinnon should be extradited or not lies with the British legal system.

We have proceeded through all the processes required under our extradition agreements.. It is now in the hands of the British legal system. We have confidence in the British legal system coming to a just conclusion. And so we await resolution, and we'll be respectful of that process."

In 2009, a Sophos poll of 550 IT professionals found that 71% believed that McKinnon should not be extradited to the USA: