Exploit Bait and Switch

When a new virus or other piece of malware is identified, security researchers attempt to get a hold of the infection toolkit used by malicious users, and then apply this infection into a specially controlled environment in order to study how the virus spreads and communicates. Normally, these toolkits also include some sort of management console commonly used to evaluate successfulness of infection and other factors of the malware application. In the case of the EFTPS Malware campaign however, the admin console had a special trick.

This console was actually a fake, accepting a number of generic passwords and user accounts, and provide fake statistics to whoever looked in to it. All the while, the console would “call home” with as much data about the researcher as possible. By tricking the researchers in this way, the crooks would be able to stay one step ahead of anti-virus tools that would limit the effectiveness of any exploit. Thankfully though, the researchers managed to come out on top this time.

[via boingboing]

Comments

  1. pwnr says:

    Though evil virus writers suck, I vote they put more emphasis and focus on OSX for a couple years ;-)

  2. Xed says:

    Yeah, I’m tired of PC users getting all the virii’
    Why not wipe that smug, preppy, elitist hipster smile off of their faces and go after MAC products?

  3. grenadier says:

    ^^ That

  4. zool says:

    what’s the …. problem?

  5. tre says:

    Why not go after Mac products?

    That’s easy – world market share.

    All Mac Operating systems = 5%

    In the US, market share is up (mid 11%)… But the US is 3.07 million of a 66.97 million world.

  6. anon says:

    @Xed

    The plural of virus is viruses.

  7. lelandjs says:

    Why don’t people write viruses for OS X? Well, they do; there were trojans embedded in torrent of iWork and Photoshop not too long ago.

    Why aren’t there as many for OS X as there are for Windows? The ROI sucks. There’s a bunch more Windows users, meaning that there’s a better chance of the virus working on more computers.

    On the other hand, if you’re a Windows user and getting viruses in this day and age, you’re obviously doing something wrong.

  8. Belenos says:

    @anon
    Not necessarily; if memory serves, ‘virus’ comes from a latin root, so the latinate pluralization could be indicated.

  9. bigbob says:

    Nobody ever writes viruses for macs (and probably won’t) because nobody keeps anything important enough on them to bother with trying to hack into… Unless by important you mean somebody’s garage band session or lame photo album.

  10. Tech B. says:

    @bigbob
    The avarage mac user still uses the internet for important stuff, like email, bank accounts, …ect
    And their logged data could cash in pretty well on the market.

  11. Sitwon says:

    @anon
    While technically correct, you’re making the assumptions that:

    A) Xed was intending his message to conform to accepted English.
    This might not be the case. And, in fact, the non-word ‘virii’ carries historic connotations for many people familiar with one of the several internet dialects or pseudo languages that began forming in the early 80s. Though is is now officially a misspelling and has fallen out of use, it has always been jargon associated with a specific community of computer users.

    B) That anyone ever cared what the proper Latin-esque pluralization of ‘virus’ was.
    In fact, the mistake may have originally been intentional as humor, as a custom of the early 90s, to distinguish it from the medical usage, or simply because it sounded nicer than ‘viruses’.

  12. Fabi says:

    If there would be more Mac Users there would be more Mac Viruses.
    And Virii isn’t a true Latin Form.
    It sounds like vir(i) – the word for man

  13. fred says:

    Well, this was an interesting read until the comments, which deserve a /facepalm

    The plural of virus is viruses. Virii is an affectation by ubernerds who wish to flaunt their superior misknowledge of language.

    Then we come to the most famous argument of all: NOBODY does such and such. Have you questioned every virus writer on the planet, or every Mac owner? Or are you even aware of what is important anymore?

  14. raith says:

    The problem is that PCs have 95 percent of the market, and the other 5 isn’t solely mac but also linux and miscellaneous operating systems, the go for PC because it will hit the most people.

  15. NatureTM says:

    A little bit of social engineering definately goes a long way.

    This is just my opinion about the security of macs vs pc’s in the near future:
    If Apple’s user base keeps growing, Apple will soon have to reconsider it’s security model. We’ve all heard this. I just think it will be a big issue well before the number of Macs equals the number of PC’s.
    The threshold for Mac being a more appealing target for hackers should be defined as something like:
    if (probably of a mac malware infection success) * (mac population) > (probability of a win malware infection success) * (windows population), then hack the macs (assuming all boxes are equally valuable.)
    From what I’ve read, windows has a much better security implementation. It probably doesn’t make economic sense for Apple to invest too much money into something that isn’t yet a problem. As a result, the mac probability in the inequality above is likely much higher than the windows probability. We won’t need too many more macs before they become the preferred target. If Apple allows this to happen, they can say goodbye to the “I like Macs because I never have any problems” market, which is like everybody who buys a Mac.

  16. sM10sM20 says:

    @raith

    You said it all my friend. OSX in reality is no more secure than Windows, the only reason you don’t see as many vulnerabilities on OSX is because no one is looking for them.

    The kind of people that discover 0days are not stupid, if the market was 95% OSX then we would see more vulnerabilities on Mac computers. However as it stands Microsoft is the more profitable target.

    Anyone denying the above is a fanboy or computer illiterate.

  17. asdf-chan says:

    First of all Mac or Linux, it doesn’t fucking matter you noobs, they have all security wholes.

    What i wanted to say is that they had this one time experiment, where Whitehats produced virus/malware ‘n shit and finding every day new technics and of course the anti-virus companys worked there ass off, but they could not stopp the fast flow of new bugs and virus. So it somehow managed to stay like this for the good of everyone, because a bug is never bad.

  18. Mi6 says:

    You’ve probably heard some rumours about MAC users being ghay? Let us dissect why no viruses are written for MAC systems. No one wants to be remembered through history as the first homosexual human to ever write an exploit for MACs.

  19. opcode says:

    Every time I hear someone saying that MACs are better cz they’re more secure makes me wanna code a virus..Damn!!
    Look what they say: “A Mac isn’t susceptible to the thousands of viruses plaguing Windows-based computers. That’s thanks to built-in defenses in Mac OS X that keep you safe, without any work on your part.” more apple marketing bs here: http://www.apple.com/why-mac/better-os/
    There are people that actually think and support that MACs cannot get a virus!

  20. ormon says:

    Well. Flamewar.

  21. lelandjs says:

    @Mi6
    Can’t stop laughing at that.

    @opcode
    So far it’s actually been impossible for the “average” OS X user to get a virus; the only successful ones (read: released in the wild) have been embedded in illegal downloads.

  22. outleradam says:

    You can’t write a “Linux” virus.
    1. Each distribution has it’s own pacakges which make up the interface. What works on one distribution, won’t work on another
    2. Package distribution is handled in a centralized manner on Linux. Software updates come from “headquarters”.
    3. You cannot run things directly from the browser. They have to be made executable and then run. The browser only has access to virtual machines.

    Which brings us to Trojans
    4. The package distribution systems are the preferred method of obtaining new software. Most users will search the distribution system before downloading and running untrusted software

    5. In order to do any kernel changes, the user has to enter a password. The kernel is the only thing the distributions have in common and that is controlled by kernel.org

    6. Linux users are smart. They’re all frickin’ computer geniuses. Ask a Linux user if they know a computer language, or how to directly interact with any device on their computer.

    All of these factors mean that a virus would never propigate on Linux. Even if they were sucessful at hitting GNOME desktop manager, or KDE, There’s always fluxbox or the huge plethora of others out there which will function just fine.

    Even if they hit a version of the kernel installed on the computer… The user can just switch kernels at boot time.

    If the virus was intended to wipe out all the data on the computer… Well, then it’s not going to propigate that way is it?

    Mac or Windows are a much better target. There is 1 desktop manager and 1 window manager. If you hit that, then you’ve got the entire computer. Linux is the way of the future because of this.

  23. TeejMonster says:

    @outlerdam
    Not all Linux users are computer whizzes. My mother uses a Ubuntu that came with her Dell, and my aunt uses a Mint release that she downloaded and installed herself. Not that they’re dumb, but it wouldn’t be hard to imagine them compromising their systems by being too trusting.

  24. Digital says:

    wow, my IQ just dropped 3 points trying to wade through all of that bad grammar and spelling. My head hurts now, thanks everyone.

    just a side thought… do you kids even know what the red squiggle signifies when it’s underneath a word you’ve typed?

  25. wouter says:

    sitwon = hero! xD

  26. Tom says:

    PROBLEM, OFFICER?

  27. phil says:

    o hai there /b/ ಠ_ಠ

  28. walt says:

    “hankfully though, the researchers managed to come out on top this time.”

    wtf is this site called again? you’re not even on the right side anymore!

  29. Decius says:

    It’d make sense hitting a Mac instead of a Windows user. They probably own an itunes account and some sort of bank information online you could easily swipe.

    Windows user would just pirate all their software lol.

  30. Anon says:

      ▲
    ▲ ▲

  31. anonymous says:

    @Belenos & @Sitwon
    Both of you need to get a life.

    Sitwon:
    We conform to English because it is our native language, given that this website is written in English and the comment was in English, I would deem it necessary to correct in English.

    Which ALSO
    A) Developed from Latin roots.
    B) Is the language I am now completely conforming to.

    Belenos:
    Your memory serves wrong.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 92,041 other followers