Exploit Bait And Switch

When a new virus or other piece of malware is identified, security researchers attempt to get a hold of the infection toolkit used by malicious users, and then apply this infection into a specially controlled environment in order to study how the virus spreads and communicates. Normally, these toolkits also include some sort of management console commonly used to evaluate successfulness of infection and other factors of the malware application. In the case of the EFTPS Malware campaign however, the admin console had a special trick.

This console was actually a fake, accepting a number of generic passwords and user accounts, and provide fake statistics to whoever looked in to it. All the while, the console would “call home” with as much data about the researcher as possible. By tricking the researchers in this way, the crooks would be able to stay one step ahead of anti-virus tools that would limit the effectiveness of any exploit. Thankfully though, the researchers managed to come out on top this time.

[via boingboing]

31 thoughts on “Exploit Bait And Switch

  1. Why not go after Mac products?

    That’s easy – world market share.

    All Mac Operating systems = 5%

    In the US, market share is up (mid 11%)… But the US is 3.07 million of a 66.97 million world.

  2. Why don’t people write viruses for OS X? Well, they do; there were trojans embedded in torrent of iWork and Photoshop not too long ago.

    Why aren’t there as many for OS X as there are for Windows? The ROI sucks. There’s a bunch more Windows users, meaning that there’s a better chance of the virus working on more computers.

    On the other hand, if you’re a Windows user and getting viruses in this day and age, you’re obviously doing something wrong.

  3. Nobody ever writes viruses for macs (and probably won’t) because nobody keeps anything important enough on them to bother with trying to hack into… Unless by important you mean somebody’s garage band session or lame photo album.

  4. @anon
    While technically correct, you’re making the assumptions that:

    A) Xed was intending his message to conform to accepted English.
    This might not be the case. And, in fact, the non-word ‘virii’ carries historic connotations for many people familiar with one of the several internet dialects or pseudo languages that began forming in the early 80s. Though is is now officially a misspelling and has fallen out of use, it has always been jargon associated with a specific community of computer users.

    B) That anyone ever cared what the proper Latin-esque pluralization of ‘virus’ was.
    In fact, the mistake may have originally been intentional as humor, as a custom of the early 90s, to distinguish it from the medical usage, or simply because it sounded nicer than ‘viruses’.

  5. Well, this was an interesting read until the comments, which deserve a /facepalm

    The plural of virus is viruses. Virii is an affectation by ubernerds who wish to flaunt their superior misknowledge of language.

    Then we come to the most famous argument of all: NOBODY does such and such. Have you questioned every virus writer on the planet, or every Mac owner? Or are you even aware of what is important anymore?

  6. The problem is that PCs have 95 percent of the market, and the other 5 isn’t solely mac but also linux and miscellaneous operating systems, the go for PC because it will hit the most people.

  7. A little bit of social engineering definately goes a long way.

    This is just my opinion about the security of macs vs pc’s in the near future:
    If Apple’s user base keeps growing, Apple will soon have to reconsider it’s security model. We’ve all heard this. I just think it will be a big issue well before the number of Macs equals the number of PC’s.
    The threshold for Mac being a more appealing target for hackers should be defined as something like:
    if (probably of a mac malware infection success) * (mac population) > (probability of a win malware infection success) * (windows population), then hack the macs (assuming all boxes are equally valuable.)
    From what I’ve read, windows has a much better security implementation. It probably doesn’t make economic sense for Apple to invest too much money into something that isn’t yet a problem. As a result, the mac probability in the inequality above is likely much higher than the windows probability. We won’t need too many more macs before they become the preferred target. If Apple allows this to happen, they can say goodbye to the “I like Macs because I never have any problems” market, which is like everybody who buys a Mac.

  8. @raith

    You said it all my friend. OSX in reality is no more secure than Windows, the only reason you don’t see as many vulnerabilities on OSX is because no one is looking for them.

    The kind of people that discover 0days are not stupid, if the market was 95% OSX then we would see more vulnerabilities on Mac computers. However as it stands Microsoft is the more profitable target.

    Anyone denying the above is a fanboy or computer illiterate.

  9. First of all Mac or Linux, it doesn’t fucking matter you noobs, they have all security wholes.

    What i wanted to say is that they had this one time experiment, where Whitehats produced virus/malware ‘n shit and finding every day new technics and of course the anti-virus companys worked there ass off, but they could not stopp the fast flow of new bugs and virus. So it somehow managed to stay like this for the good of everyone, because a bug is never bad.

  10. You’ve probably heard some rumours about MAC users being ghay? Let us dissect why no viruses are written for MAC systems. No one wants to be remembered through history as the first homosexual human to ever write an exploit for MACs.

  11. Every time I hear someone saying that MACs are better cz they’re more secure makes me wanna code a virus..Damn!!
    Look what they say: “A Mac isn’t susceptible to the thousands of viruses plaguing Windows-based computers. That’s thanks to built-in defenses in Mac OS X that keep you safe, without any work on your part.” more apple marketing bs here: http://www.apple.com/why-mac/better-os/
    There are people that actually think and support that MACs cannot get a virus!

  12. @Mi6
    Can’t stop laughing at that.

    So far it’s actually been impossible for the “average” OS X user to get a virus; the only successful ones (read: released in the wild) have been embedded in illegal downloads.

  13. You can’t write a “Linux” virus.
    1. Each distribution has it’s own pacakges which make up the interface. What works on one distribution, won’t work on another
    2. Package distribution is handled in a centralized manner on Linux. Software updates come from “headquarters”.
    3. You cannot run things directly from the browser. They have to be made executable and then run. The browser only has access to virtual machines.

    Which brings us to Trojans
    4. The package distribution systems are the preferred method of obtaining new software. Most users will search the distribution system before downloading and running untrusted software

    5. In order to do any kernel changes, the user has to enter a password. The kernel is the only thing the distributions have in common and that is controlled by kernel.org

    6. Linux users are smart. They’re all frickin’ computer geniuses. Ask a Linux user if they know a computer language, or how to directly interact with any device on their computer.

    All of these factors mean that a virus would never propigate on Linux. Even if they were sucessful at hitting GNOME desktop manager, or KDE, There’s always fluxbox or the huge plethora of others out there which will function just fine.

    Even if they hit a version of the kernel installed on the computer… The user can just switch kernels at boot time.

    If the virus was intended to wipe out all the data on the computer… Well, then it’s not going to propigate that way is it?

    Mac or Windows are a much better target. There is 1 desktop manager and 1 window manager. If you hit that, then you’ve got the entire computer. Linux is the way of the future because of this.

  14. @outlerdam
    Not all Linux users are computer whizzes. My mother uses a Ubuntu that came with her Dell, and my aunt uses a Mint release that she downloaded and installed herself. Not that they’re dumb, but it wouldn’t be hard to imagine them compromising their systems by being too trusting.

  15. wow, my IQ just dropped 3 points trying to wade through all of that bad grammar and spelling. My head hurts now, thanks everyone.

    just a side thought… do you kids even know what the red squiggle signifies when it’s underneath a word you’ve typed?

  16. It’d make sense hitting a Mac instead of a Windows user. They probably own an itunes account and some sort of bank information online you could easily swipe.

    Windows user would just pirate all their software lol.

  17. @Belenos & @Sitwon
    Both of you need to get a life.

    We conform to English because it is our native language, given that this website is written in English and the comment was in English, I would deem it necessary to correct in English.

    Which ALSO
    A) Developed from Latin roots.
    B) Is the language I am now completely conforming to.

    Your memory serves wrong.

Leave a Reply

Please be kind and respectful to help make the comments section excellent. (Comment Policy)

This site uses Akismet to reduce spam. Learn how your comment data is processed.