Upgrade From XP, No Thanks

I was reading this article today about about the market share of Microsoft OS's in terms of how much malware effects them quantity wise, and with what is said in the article, I agree, XP is the most vulnerable to attackers.



While XP is still the most popular OS out of them all, it's slowly losing it's market share of users as more stores around the world ship out machines with Windows 7 on them and in the near future, Windows 7 will likely become the most popular OS, which creates a question for attackers. Where will they move onto?

I think we see it enough everyday in the news that Android smartphones are by far the most popular platform to attack just because of the openness and by far the most vulnerable, just like XP is, and we see it everyday that the world is moving onto smart phones. Smartphones ARE computer that we can hold in our hands, laptops and notebooks were the *thing* for a while, but smartphones is where it's at in terms of where the market share will go.

While I work in the computer security community, I do advise most everyday users to upgrade to Windows 7, but frankly the malware problem overall is down to the end users that don't keep up with security patches.

For now though, I'll be one person to keep XP alive, I'm sticking with Windows XP until support stops, then I'll move onto the newest OS (likely be Windows 8 by that time)

Google Adds g.co URL Shortener

Another awesome idea by Google, a second URL shortener, but this one is more designed around security.

Unlike goo.gl, which is public, anyone can make a short URL with goo.gl that can lead anywhere, but g.co will be private and only created by Google themselves, can't be created by anyone and Googles plan is to use them for when linking to something that is a Good product or service.

The idea is that more users will trust g.co links if they know that the website they are being linked to is a Google product and safe.

Nice one Google!

Rammnit Adapts To Zeus

In the latest malware news, the file infecter known as Rammnit gets an upgrade. The writers and creater(s) of Rammnit has adapted the Zeus code into it's coding, and this is just the first step in the evolution of newer infections.

Earlier this year we saw the Zeus source code released online, followed by SpyEye code being released online, and so far Rammnit is the first to take advantage of this and the creators added Zeus into Rammnits source code, all in the name of financial gain.

The malware scene and writers make millions from online fraud everyday, and as we saw, Zeus and SpyEye was widespread and very successful in what the infection was made to do, now with Zeus/SpyEye being released online, it's given malware writers a new base and platform for them to build around and possibly upgrade, and it just makes it easier for malware writers to create new malware with new techniques.

Sure, right now a lot would say TDL4 (as far as fixable infections go) is still the most dangerous as it's hiding in the MBR, one of the most dangerous areas of a machine to play with, but the point I'm making is that making malware nowadays with all the tools appearing online and in underground communities, it's not hard to do.

It wouldn't suprise me if we DID see more malware taking on the likes of Zeus into their code, and this can only result in more new and dangerous malware appearing.

More on Polymorphic File Infecters

I was sat thinking this evening about this new infection Kaspersky picked up a few days, and it amazes me as to why more malware writers haven't (yet) adapted this technique of infecting many of a computers system files.

I mean across the forums that I help on, we do see the likes of Virut, Sality and Rammnit but it's only the minority for now and it's a constant fight between the good guys and the bad guys.

Truely if the bad guys were bent on winning in the sense of creating malware that can't be beat, they would of adapted to infecting system files. Sure they've already managed this in the likes of TDL3 where it infects a random .sys driver file but it can be disinfected and repaired. Now with TDL4 they've gone as far as hiding in ring0 with the MBR infections.

I'm really just amazed why we aren't yet seeing TDL4 come with an explosive bomb attached to its chest and start infecting system files - it can be done and it's the one kind of infection that cant be stopped as the damage is just too great.

Sure we know the only way out of an infection like this is a quick drop everything and format situation, so I wonder if the bad guys want us to fight their malware instead of going down the path of destruction method, I mean their malware longs longer when we fight it right? rather than formatting, and they can constantly update to stop our tools from killing the infection.

Ah well, it was just a topic I was sat wondering about, who knows if we'll see more file infecters in the future.

Polymorphic File Infectors

I was reading this article today on Securelist about a new virus Kaspersky picked up called Virus.Win32.Xpaj.gen. It's a polymorphic file infector.

What are they and what makes them dangerous?

Essentially a polymorphic file infector injects malicious code into every .exe file on a machine and damages them beyond repair. This new virus works the same way as Win32.Sality virus, it spreads via USB so no doubt if this new infection starts to spread bigtime, it will cause mayhem on computers. Luckily the other infections that use this file infecting techniques aren't seen often so lets hope we only see a minimum of this new infection.

What can be done

As expected with malware nowadays, this one also comes with backdoor capabilities, and sadly with polymorphic file infectors there is nothing that can be done, the damage caused to a machine is too severe, and as I've seen with other infections like this, like the Rammit & Virut families, there is nothing that can be done to combat it.

The one warning I can give is the word of warning people to switch off autorun in Windows (even though Windows Updates now does this) to prevent infected USB hardware infecting your machines. Even though this update from Windows should of reached the majority of users by now, I still see lots of machine with autrun switched on, my old college machines for example.

The only way out is to fully format the WITHOUT backing anything up as backed up files are likely to be infected as well.

Here is another article about Sality & Virut by another amazing member of the security community meikimoes, worth reading.

Recommended Apps for Android

Thought I'd make a "Recommended Apps for Android" list, just some of apps I use on my Android everyday and some that run in the background, but they are all recommended anyway.

Facebook
Twitter
Google+
Teamviewer
Skype
Lookout Mobile Security
Droidwall*
Wireless Tether*
BBC News
ZDNet
TuneIn Radio

* = Apps that require a Rooted Android phone.

Facebook to enforce real name policy?

Was reading this article today on TheHackerNews and thought I'd post a little something about it.

The sister of Facebook CEO, Randi Zuckerberg wants to put an end to online anonymity. Facebook wants to force people to use their real names on Profiles.

You realize all this will do is anger the online consciousness that is Anonymous and me included. I'm not really a Facebook fan, never have been. I'm only on there to talk to a few friends and family, and my name is set to Belahzur because that's my online identity.

I'm sure everyone saw the big debate Google got when they forced this on users of Google+ and suspended accounts for it, frankly if Facebook did the same to me, cut me off contact with family just because I'd rather keep my real name hidden, then I'll happily leave Facebook and never go back there.

I don't want to sound like I'm all for Anonymous, but as an insider, what they do is for a just cause. I want my freedom of speech and my right to hide my name if I want to. If Facebook do plan to do this, then they deserve what's coming to them November the 5th.