Cyber crims smash through Windows into the great beyond

How malware became a multi-platform game

Securing Web Applications Made Simple and Scalable

Windows has been a beleaguered piece of software over the years. That is because malicious hackers, like everyone else, want to walk the simplest path to the greatest glory.

Microsoft’s operating system has been the most popular one for the past 20 years, so it has attracted the most malware. One IT professional told The Register he thought 100 per cent of working malware was aimed at Windows.

He was, of course, being a tad disingenuous. Now that all and sundry are heralding the post-PC era, it is becoming apparent that malicious software authors have turned their attention to other operating systems.

“The time when Windows was the only platform associated with malware is long gone,” says Marta Janus, security researcher at Kaspersky Lab.

“Nowadays, cyber criminals target every system that is potentially exploitable and attack any that may result in a profit.”

Rotten Apples

Looking solely at desktops, Windows is undoubtedly still massively popular among digital criminals. The most sophisticated malware types seen to date, from Stuxnet to Flame, were Windows based.

But a host of examples hint that both data-stealing malware and financial Trojans have started showing a fondness for Apple Macs. Although it is supposed to be more secure than Windows PCs, Mac OS X has been hit by some significant outbreaks recently.

The Flashback Trojan infected at least 650,000 Macs back in 2012, exploiting a Java security vulnerability that Apple patched six weeks after the Windows code fix was released.

It was a pernicious data stealer that sought to nab passwords for email, Skype and other accounts. It also proved that epic botnets could be created on the Mac OS X platform.

A wide range of malware used for espionage is Mac compatible too. In February, Kaspersky Lab researchers uncovered “one of the most advanced global cyber espionage operations” ever seen, called the Mask.

The attackers targeted government organisations and energy companies using a complex set of attack tools, including rootkits, bootkits and other malware for PC, Linux and, yes, Mac OS X.

The world’s most advanced cyber spies were targeting Macs

These were seriously talented hackers, looking for SSH keys and access to remote desktop clients while scooping up communications and files from victims’ machines. The world’s most advanced cyber spies were targeting Macs.

Though the iPhone maker’s locked down approach to security does bring benefits, attacks on Apple’s mobile offering, iOS, as well as its desktop software can no longer be ignored, according to Bob Tarzey, security analyst at Quocirca.

“iOS and Mac OS are not immune but the walled garden of Apple does help, as does its smaller market share [compared with Android]," he says.

“Also, apps downloaded for use on company devices may not be insecure per se, but that does not mean they are not a security risk for business data.”

The days of wholly trusting in Apple products to fend off malicious hackers are long gone.

“The presumption that Apple platforms are attack-proof came from the fact that devices running Apple software used to be far less popular than Windows PCs, so they didn't draw so much cyber-criminal attention,” says Janus.

“Now with its huge growth in market share, Apple faces the same security problems Microsoft has been experiencing since the early 90s.

“Both Mac OS and iOS have become lucrative targets, and even though Apple-oriented malware is still far smaller than its Windows counterpart, no operating system can be called 100 per cent secure.”

Android attraction

While exploding the myth of Apple security is a noble pursuit, it is clear the pretender to the crown of most malware-ridden operating system is a Google creation.

“The biggest growth of malware is in Android, which like Windows is widely used and open – both good things but they make it a worthwhile target,” says Tarzey.

Other mobile operating systems too are targeted by cyber criminals, and many attacks, such as those over public Wi-Fi networks, work regardless of operating system.

But Android attracts almost all mobile malware. F-Secure research from April revealed there were 277 new malware families in the first quarter of 2014, 275 of which targeted Google’s operating system.

The majority are SMS Trojans, sending text messages to premium-rate telephone numbers owned by the malware creators or one of their crooked cohorts.

Ransomware - locking users out of their phones by encrypting files and asking for payment for decryption, is becoming more of a menace - as hinted at by the Koler Trojan, which targeted those drawn to prurient content.

Fake anti-virus is also starting to proliferate. In May, Kaspersky uncovered a range of fake anti-virus products across Google Play (one was even found on the Windows Phone market).

They may not have caused any apparent data loss but they still convinced a large number of shoppers to part with cash for apps that did nothing whatsoever despite promising security. It followed the apparently accidental release of Virus Shield, for which Android users who bought the app were compensated.

OS, who cares?

As with Mac and iPhone, espionage malware has also been seen hitting Android devices. This points to a reality that everyone, from employees to IT chiefs, needs to be aware of: targeted attacks do not care about the operating system.

“The statement that niche systems are less prone to infections is no longer true. Even the least popular platforms are at risk as long as there is any potential reason for attacking them,” says Janus.

State-sponsored attackers are less concerned about the nature of a target’s operating system than they are about the applications sitting on those operating systems.

That is why there is such panic when a zero-day vulnerability for popular software, often Internet Explorer and Adobe products, emerges.

A good example reared its ugly head in April, when it was reported that Syrians were being targeted by attackers using an Adobe Flash zero-day. It was part of a drive-by download attack, as exploits taking advantage of the zero-day were served to visitors to a Syrian government website for the Justice Ministry.

The attack code would check the operating system version, according to Kaspersky Lab, informing the hackers about how they might want to proceed. Adobe issued an out-of-band patch for the critical bug, covering not just Windows but Mac OS X and Linux too. All were open to compromise.

Mobile application security vulnerability report

Next page: Save our servers

More from The Register

next story
LibreSSL RNG bug fix: What's all the forking fuss about, ask devs
Blow to bit-spitter 'tis but a flesh wound, claim team
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
NUDE SNAPS AGENCY: NSA bods love 'showing off your saucy selfies'
Swapping other people's sexts is a fringe benefit, says Snowden
Own a Cisco modem or wireless gateway? It might be owned by someone else, too
Remote code exec in HTTP server hands kit to bad guys
British data cops: We need greater powers and more money
You want data butt kicking, we need bigger boots - ICO
Crooks fling banking Trojan at Japanese smut site fans
Wait - they're doing online banking with an unpatched Windows PC?
NIST told to grow a pair and kick NSA to the curb
Lrn2crypto, oversight panel tells US govt's algorithm bods
prev story


Reducing security risks from open source software
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Application security programs and practises
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.