Cyber crims smash through Windows into the great beyond
How malware became a multi-platform game
Windows has been a beleaguered piece of software over the years. That is because malicious hackers, like everyone else, want to walk the simplest path to the greatest glory.
Microsoft’s operating system has been the most popular one for the past 20 years, so it has attracted the most malware. One IT professional told The Register he thought 100 per cent of working malware was aimed at Windows.
He was, of course, being a tad disingenuous. Now that all and sundry are heralding the post-PC era, it is becoming apparent that malicious software authors have turned their attention to other operating systems.
“The time when Windows was the only platform associated with malware is long gone,” says Marta Janus, security researcher at Kaspersky Lab.
“Nowadays, cyber criminals target every system that is potentially exploitable and attack any that may result in a profit.”
Looking solely at desktops, Windows is undoubtedly still massively popular among digital criminals. The most sophisticated malware types seen to date, from Stuxnet to Flame, were Windows based.
But a host of examples hint that both data-stealing malware and financial Trojans have started showing a fondness for Apple Macs. Although it is supposed to be more secure than Windows PCs, Mac OS X has been hit by some significant outbreaks recently.
The Flashback Trojan infected at least 650,000 Macs back in 2012, exploiting a Java security vulnerability that Apple patched six weeks after the Windows code fix was released.
It was a pernicious data stealer that sought to nab passwords for email, Skype and other accounts. It also proved that epic botnets could be created on the Mac OS X platform.
A wide range of malware used for espionage is Mac compatible too. In February, Kaspersky Lab researchers uncovered “one of the most advanced global cyber espionage operations” ever seen, called the Mask.
The attackers targeted government organisations and energy companies using a complex set of attack tools, including rootkits, bootkits and other malware for PC, Linux and, yes, Mac OS X.
The world’s most advanced cyber spies were targeting Macs
These were seriously talented hackers, looking for SSH keys and access to remote desktop clients while scooping up communications and files from victims’ machines. The world’s most advanced cyber spies were targeting Macs.
Though the iPhone maker’s locked down approach to security does bring benefits, attacks on Apple’s mobile offering, iOS, as well as its desktop software can no longer be ignored, according to Bob Tarzey, security analyst at Quocirca.
“iOS and Mac OS are not immune but the walled garden of Apple does help, as does its smaller market share [compared with Android]," he says.
“Also, apps downloaded for use on company devices may not be insecure per se, but that does not mean they are not a security risk for business data.”
The days of wholly trusting in Apple products to fend off malicious hackers are long gone.
“The presumption that Apple platforms are attack-proof came from the fact that devices running Apple software used to be far less popular than Windows PCs, so they didn't draw so much cyber-criminal attention,” says Janus.
“Now with its huge growth in market share, Apple faces the same security problems Microsoft has been experiencing since the early 90s.
“Both Mac OS and iOS have become lucrative targets, and even though Apple-oriented malware is still far smaller than its Windows counterpart, no operating system can be called 100 per cent secure.”
While exploding the myth of Apple security is a noble pursuit, it is clear the pretender to the crown of most malware-ridden operating system is a Google creation.
“The biggest growth of malware is in Android, which like Windows is widely used and open – both good things but they make it a worthwhile target,” says Tarzey.
Other mobile operating systems too are targeted by cyber criminals, and many attacks, such as those over public Wi-Fi networks, work regardless of operating system.
But Android attracts almost all mobile malware. F-Secure research from April revealed there were 277 new malware families in the first quarter of 2014, 275 of which targeted Google’s operating system.
The majority are SMS Trojans, sending text messages to premium-rate telephone numbers owned by the malware creators or one of their crooked cohorts.
Ransomware - locking users out of their phones by encrypting files and asking for payment for decryption, is becoming more of a menace - as hinted at by the Koler Trojan, which targeted those drawn to prurient content.
Fake anti-virus is also starting to proliferate. In May, Kaspersky uncovered a range of fake anti-virus products across Google Play (one was even found on the Windows Phone market).
They may not have caused any apparent data loss but they still convinced a large number of shoppers to part with cash for apps that did nothing whatsoever despite promising security. It followed the apparently accidental release of Virus Shield, for which Android users who bought the app were compensated.
OS, who cares?
As with Mac and iPhone, espionage malware has also been seen hitting Android devices. This points to a reality that everyone, from employees to IT chiefs, needs to be aware of: targeted attacks do not care about the operating system.
“The statement that niche systems are less prone to infections is no longer true. Even the least popular platforms are at risk as long as there is any potential reason for attacking them,” says Janus.
State-sponsored attackers are less concerned about the nature of a target’s operating system than they are about the applications sitting on those operating systems.
That is why there is such panic when a zero-day vulnerability for popular software, often Internet Explorer and Adobe products, emerges.
A good example reared its ugly head in April, when it was reported that Syrians were being targeted by attackers using an Adobe Flash zero-day. It was part of a drive-by download attack, as exploits taking advantage of the zero-day were served to visitors to a Syrian government website for the Justice Ministry.
The attack code would check the operating system version, according to Kaspersky Lab, informing the hackers about how they might want to proceed. Adobe issued an out-of-band patch for the critical bug, covering not just Windows but Mac OS X and Linux too. All were open to compromise.