Spyware Sucks
“There is no magic fairy dust protecting Macs" – Dai Zovi, author of “The Mac Hacker’s Handbook"

Wow.. is it 20 years already?

January 20th 2006 in Uncategorized

20 years ago what many call the first *PC* virus was discovered in the wild, named “Brain”

How ironic that the first *computer* virus is noted in the article as affecting the Apple II ;o)   That little gem is almost as much fun to reveal as the fact that Internet Explorer and Netscape have a common grand-parentage… check out my Internet Explorer Community article for more information about that:

The virus and malware landscape has changed since 1986.  Brain was very restricted in how it could be spread – it could only be passed from PC to PC via an infected floppy and was relatively easy to remove.  Nowadays viruses are network aware, spread automatically, and can sometimes infect a PC with no interaction from a victim apart from visiting a website or viewing an email in Preview Pane.

It must have been more than two years ago that I gave a presentation in Sydney regarding malware.  At the time we were beginning to deal with self-aware, co-dependent, super hidden malware services that monitored each other for interference so that they could reinstall, using random file names, automatically if we dared to try and remove them.  The malware was intelligent enough to detect, and disable, the most popular antivirus and antispyware software.  I had seen PCs with *dozens* of randomly named files generated by failed cleanup routines.  Back then, during the presentation, I called the situation as it was then the ‘end game’. 

How wrong I was…. a year later I attended a seminar in Singapore, where the security expert in question (whose name I cannot mention thanks to a continuing NDA), discussed what was then the early emergence of rootkits.  HackerDefender was just grabbing a foothold.  Rootkits were were not yet being used in malware.  Back then, his advice when faced with potential rootkits was ‘nuke the box from orbit’.

But, sometimes it is not possible to nuke a box from orbit, and even if you do nuke it the problem may not be solved.  Look at the laptop I was dealing with last weekend.  Its owner is a very senior member of management of a very large corporation… this person allowed his kids to use his corporate laptop to surf the web and, inevitably, the laptop was infected with malware. 

The problem was… what if the laptop was infected with a network aware rootkit?  Was the entire corporate network of a multi-million dollar corporation at risk because of the actions of a couple of kids?  Imagine the reaction if I had been forced to tell the company that I could not guarantee the integrity of their network?  You do not lightly tell multi-million dollar corporations that their network is f*cked.

So where are we today?  The worst malware is using rootkits.  Criminal elements have become involved now that they have realised how much money is to be made.  The problem is not going to go away.

Our only defence is education and safe hex best practice.  We cannot rely on anti-spyware or anti-virus products to keep us safe… we cannot hide behind the skirts of protective software in the (vain) hope that it will keep us safe when we’re being stupid or careless.

Even the latest XSS exploit, if we are paying attention, is plainly obvious to the alert surfer.  The addressbar and statusbar, the title bar and even the mouseover tooltip, shows us, before we click on anything, that the URL that will be loaded from a link in an email is not quite kosher.

After we click on the link and view the page in IE, we get even more clues…

We have to take responsibility for our safety; check the URL in the status bar, check the URL in the addressbar, check the Title Bar (at top of screen) to see what is displayed there.

It is a very rare phishing site that gets everything right… there are *ALWAYS* clues… ALWAYS.

Be careful out there guys.. there are some infections, if they get on your PC, that give us no choice but to wipe out everything… forget about saving your data.. anything may have been infected.

Be safe, don’t be sorry.

Comments are closed.

I spent a fair few hours this weekend helping out a fellow MVP by using VNC to remotely clean up his client’s laptop which was showing signs of being infected with malware/adware – our primary concern was trying to assess what was on the PC, and whether the system may have been infected with a […]

Previous Entry

…here it is… Saturday morning…and the transformer for my HP nx6120’s power cable dies without warning.  Not a good thing when there is a *lot* of work to be done and my battery is flat :o(
HP (of course) are closed.  All HP Resellers are closed.  All the open repair shops do not have a replacement transformer in […]

Next Entry