Rootkit attack vector using Bing and Yahoo

Consider this a WinExtra PSA post.

It is being reported by GFI Software, formerly Sunbelt Software, that searching or Flash Player on Bing and Yahoo can possibly lead you to pages sporting a malware rootkit that is proving extremely hard to remove.

The version being installed is of the Sirefef (ZeroAccess aka Max++) family and is said to be one of the nastiest pieces of malware out in the wild right now. Sirefef will kill any attempt to remove it and is nearly impossible to remove short of booting to a rescue disk and running cleanup programs, or as a last resort – reformatting.

However, the problem is not limited to this particular threat, because this isn’t the first time that Bing’s sponsored results have been poisoned in this manner. In September, GFI’s researchers reported asimilar attack , which targeted keywords for several popular programs, including Firefox, Skype and uTorrent.

“Microsoft needs to get a handle on ad placements on Bing,” Eckelberry stressed, pointing out that this also affects Yahoo since it uses the same engine. According to September statistics from comScore, the two Web search services have a combined market share of nearly 30 percent.

Google used to have similar problems, with cybercriminals regularly tricking its sales team into accepting rogue ads. However, the company is now much more vigilant and such attacks are extremely rare.

via PC World

via GFI Labs Blog

Malware Warning: A Bing, and Yahoo, sponsored link leads to rootkit is a post from: winextra
Follow us on Twitter: @WinExtra | Don't forget we're on Facebook as well: WinExtra Fans

Related posts:

1. Don’t let this nasty bit of malware make you jump out of windows
2. New sponsored desktop themes for Windows 7 – they aren’t half bad
3. Does the new Bing display of Facebook Likes hold a dangerous flaw?
4. A new best of Bing theme pack for Windows 7

Getting your hands on a cracked version of Windows was as easy as going to your friend’s place and making a copy of the disks. Hell anyone from that period will still remember the “famous” release of Windows that only needed a series of  1′s to make it believe it was a legal version.

OEMs around the world pumped out machine after machine with Windows installed on it. It didn’t matter where you turned, chances are if you were looking at a computer it had Windows installed.

However there is a price we all paid, and still pay today, for that ubiquitousness and that is constantly having to be on guard for all kinds of malware. While there has been a marked improvement when it comes to security in Windows 7, the fact is that Windows is no longer the only target of choice for malware creators.

Now we find ourselves moving quickly into a more mobile world where things like smartphones and tablets are gaining incredible marketshare.

It is a market where the major battle is between Apple and Android, however with Apple they control the complete ecosystem from the hardware to software which makes it a little harder for malware to gain a foothold.

Instead the real target is going to be Android because it is suffering from the same thing that painted the target on the back of Windows users – market saturation.

With Android what we are seeing is very similar to the early days of Windows. Just as almost every computer sold had Windows installed we are seeing the same thing happening with Android. Handset manufacturers around the world are pumping out millions of smartphones powered by Android.

Also just as Windows in those early days was a security nightmare so is Android today. Already we are hearing about malware that can record and save your phone calls, and that is just the tip of the iceberg. Yet neither Android or the smartphone manufacturers seem to be doing anything to deal with the problem; much like Microsoft in the early days.

It is almost as if the concern to get the smartphone operating system out there on as many handsets as possible and as quickly as possible never mind the potential dangers; gain, much like Microsoft in those early Windows days.

The problem with this is that smartphones are much more our identity wallets than computers ever were, and for the most part we use them to do things without thinking that we would never do when using a computer. The majority of everyday smartphone users are under the illusion that smartphone makers, and by extension Android, wouldn’t purposely leave them open to attack.

Microsoft has learned the security lesson the hard way, to the point where in 2002 Bill Gates put a freeze on all development until every single product had passed a revamped coding security standards (one of the reason for the delay leading to Vista) referred to as the Trustworthy Computing initiative.

One of the standing jokes whenever an OS flamewar blows up was how people bragged about how Mac and Linux never get malware. The most logical response to such claims was that neither of those operating systems had enough of a market share to make it worth any malware creator’s time.

This has to a degree been proven true as we see Apple gaining marketshare as well as an increasing number of malware attacks aimed at Macs; but Apple isn’t alone. As Android continues to pump out millions of handsets it is positioning itself as the market leader and as a result painting a bigger and bigger bulls eye on the back of the consumers.

Say what you want about Microsoft and Windows and its past but the reality is that Android is being pumped out by the millions without any apparent concern when it comes to protecting the consumer. This will make it target number one for malware creators and as a result we are seeing the beginning of what could be a security disaster.

Android could avoid this by simply looking to the past and what happened in the Windows world but somehow I don’t see that happening.

The Windows lesson that Android needs to learn, and learn quick; but probably won’t. is a post from: winextra
Follow us on Twitter: @WinExtra | Don't forget we're on Facebook as well: WinExtra Fans

Related posts:

1. Best Android developer thumbs up for Windows Phone 7 yet
2. Not happy with Android tablet OEMs are looking to Windows 8
3. Guess which Apple fan would take Windows Phone 7 over Android, if forced?
4. Why I Will Go Windows Phone 7, With or Without Android 3.0

According to the report 92 percent of malware was blocked with when IE9′s URL-based filtering was enabled and believe it or not but 100 percent with the Application-based filtering enabled.

Second place surprisingly went to Internet Explorer 8 blocking 90 percent, third was a tie between Safari 5, Chrome 10, and Firefox 4 blocking 13 percent. Last place went to Opera 11 which only blocked 5 percent of malware.

This study was based on going to sites that relied on tricking users into installing malicious software, it wasn’t based on sites that required browser flaws to initiate an attack. The study also was strictly based on European users where the URLs visited were harvested from spam e-mails, instant messages, and from posts on the various social networks.

via Ars Technica

Internet Explorer 9 just kickin’ malware butt is a post from: winextra
Follow us on Twitter: @WinExtra | Don't forget we're on Facebook as well: WinExtra Fans

Related posts:

1. So what is the difference between Internet Explorer 9 Beta and the Release Candidate
2. Microsoft to keep IE developer previews flowing until Internet Explorer 10
3. Official download links for Internet Explorer 9 RC leaked early
4. Download links for Internet Explorer RTM have gone live

There’s a new rootkit making the rounds, as well as some nasty variations of it, called Popureb. Here is a description of it courtesy of Sophos

Popureb is a rookit for the Windows platform that affects the Master Boot Record (MBR) of the infected disk. Once installed, the rootkit has three main components; the malicious MBR to load the rootkit at boot time, the driver to protect the malicious MBR from alteration, and the malicious agent loaded by the driver.

At this point Microsoft’s only recommendation to fix your system should it become infected is to reinstall Windows; but the folks at Sophos beg to disagree with that idea.

According to a post up on their Naked Security blog this little nasty has had some research done into it and their finding, along with how to remove the rootkit, has been published to the Sophos site.

SophosLabs Threat Researchers Mike Wood, Michele Freschi and Ahmed Zaki have published a technical paper that looks at the inner workings of Popureb.

In the paper they explain the four major components of the malware, including the methodologies used by the rootkit and driver used to protect it.

To get all the details on Popureb and how to safely disinfect infected computers, download “Popureb – a small rootkit with a big reputation.”

Like the claims of an indestructible botnet, this malware has been characterized as something a bit more than it is.

Just in case you missed that link you can head here to grab what you need to try an remove the rootkit if you think you are infected.

Don’t let this nasty bit of malware make you jump out of windows is a post from: winextra
Follow us on Twitter: @WinExtra | Don't forget we're on Facebook as well: WinExtra Fans

Related posts:

1. Another big bonus for Windows 7 – it has lower malware infection rate
2. Confused about what viruses, malware or spyware means? Here’s some help.
3. A nasty ransomware trojan making the rounds
4. Malware writers fine-tuning their nasties to specific OS versions

Download audio file (dailyb154)

Show notes.

Socially engineered Firefox scareware impersonates Microsoft Update website - Microsoft Addict

Microsoft Analytics for Twitter – Windows Observer

Windows Phone developer certification exam on the way - Paul Thurrott

Nintendo admits its Wii U highlight reel was spiced up with PS3 and Xbox 360 footage – Engadget

Xbox LIVE to be the entertainment service for Windows 8 says Microsoft - Liveside

IDC: Windows Phone to surpass Apple’s iOS by 2015 – Cnet

Microsoft hopes to draw Android developers to Windows Phone – InfoWorld

Daily Brief: Wii U – That Looks Suspiciously Like…. is a post from: winextra
Follow us on Twitter: @WinExtra | Don't forget we're on Facebook as well: WinExtra Fans

Related posts:

1. Daily Brief – Kinecting the Gears
2. Daily Brief – All About The UI
3. Daily Brief #29 – Old Spice Guy does Microsoft
4. Daily Brief – No lobotomy for Hodson

I know I have written many times that it was only a matter of time before the Mac, and other Apple products, would be a large enough market that malware writers would start to target it, just as they have the Windows platform.

Today Ed Bott has an excellent post up that has an interview with an AppleCare support person and I highly recommend heading over there to give it a read but one of the answers that the rep gave to Ed stopped me cold:

EB: Yes, there must have been a point where you noticed that a lot of people were dealing with this Mac Defender thing and that it wasn’t just your calls.

AC: We have a team of people who go though all case notes and find new issues that are popping up a lot and send notices to all of AppleCare. Our notice for Mac Defender is that we’re not supposed to help customers remove malware from their computer.

EB: Wow.

AC: That’s about what i said when I read it. The reason for the rule, they say, is that even though Mac Defender is easy to remove, we can’t set the expectation to customers that we will be able to remove all malware in the future. That’s what antivirus is for.

It turns out that some AppleCare, and their supervisors, are letting that slide and helping out the customers affected but doing so could possibly lead them to being written up or terminated.

Wow.

“We’re not to remove Mac Defender trojan” says AppleCare is a post from: winextra
Follow us on Twitter: @WinExtra | Don't forget we're on Facebook as well: WinExtra Fans

Related posts:

1. Watch out for the Energizer Bunny he might be carrying a trojan
2. A nasty ransomware trojan making the rounds
3. Old Windows trojan being re-worked for Mac OS X
4. Search for news on wildfires could land you a trojan