April showers may bring May flowers, but the Internet also saw something else in full bloom — cyber crime. Computer systems around the globe experienced a variety of problems in April ranging from more fake antivirus software to malicious code that avoids detection from search engine Web crawlers. But none were as big as a well-publicized faulty security update that crashed thousands of computers and became a public relations nightmare for one of the world’s top security software makers. Here were some of the top security stories from April 2010:
McAfee takes a big hit for faulty AV update
One of the most talked about stories in April was the faulty McAfee antivirus update that wreacked havoc on thousands of Windows systems across the world. Instead of updating the security software, the faulty virus definitions removed a critical component in the Windows operating system that left affected systems running Windows XP Service Pack 3 (SP3) endlessly rebooting until tech support repaired the problem manually.
While McAfee issued an apology for the impact that the faulty signature update may have caused individuals and organizations, we will never know the full financial impact the debacle caused for McAfee’s worldwide customers, or the company, itself.
Windows users hit by drive-by attacks
Windows users were also on full alert with the discovery of a wave of drive-by attacks that attempted to exploit a new Java zero-day vulnerability to serve up malware. The problem was with the Java Webstart Framework, a plug-in, and ActiveX control distributed with the Java Deployment Toolkit. The vulnerability affects all versions of Windows, as well as Internet Explorer and Firefox. At the time of attacks were discovered, engineers at Sun Microsystems, which maintains Java, didn’t believe the issue was serious enough to warrant an immediate fix. However, the Google engineer who published the proof-of-concept code gave his reasoning for outlining several workarounds until a patch was deployed:
“The simplicity with which this error can be discovered has convinced me that releasing this document is in the best interest of everyone except the vendor. Exploitation of this issue is not terribly exciting, but is potentially of high enough impact to merit explanation.”
Fake AV software found on Facebook application
Because of their high volume of users and potential victims, social networking sites such as Facebook are becoming prime targets for scammers. In April, [a malicious advertisement was found within a Facebook application] that has more than 9 million monthly users. The bad Shockwave Flash ad redirected Facebook users to a Web site selling fake antivirus software.
Unfortunately, this is one of an increasing trend of socially engineered attacks. According to a Panda Security report released last year, as many as 35 million computers worldwide get infected with fake antivirus programs each month.
New Adobe Flash Player could change how online banks fight fraud
A report from Gartner highlighted how the reliance on Flash cookies as an authentication mechanism to identify legitimate users and block unauthorized or fraudulent access may need to change with the release of Adobe Flash Player 10.1, scheduled for release later this year.
The updated version’s “Private Browsing” feature will make it easier for users to clear Flash cookies after a Web session. While the feature may be good for privacy, it may force online banks and e-commerce businesses to find something else to rely on for their authentication process. Said Gartner analyst, Avivah Litan:
“In my opinion, this is a big deal in the fraud world. Many banks, card issuers and online retailers rely in part on device identification to successfully detect fraud. And in many of these cases, the device identification they use is based on Flash local storage.”
Hackers hiding from anti-malware search bots
Computer criminals are hiding from anti-malware search bots by blocking search engine Web crawlers from indexing legitimate Web pages that host hostile code. The malware inserts code into the hacked sites and goes out to anyone visiting the sites except anti-malware search bots like Yahoo! and Google. When the search bots find these sites they append a warning to a hacked site listing in the search results, as well as inform site owners about potential malware problems that need to be addressed.
While the search engineers are aware of and continually counteracting these types of techniques, Google engineer, Niels Provos, said the fight against these Web site hackers is a constant arms race:
“This has been going on for some time. What happens is if a Web crawler comes along, [the attackers will configure the hacked site so that it] ends up showing [trending content] they get from news sites. This is to game the ranking of search content. But then if the visitor comes to one of these sites via a search engine, he ends up getting exploit code.”
Thanks for taking the time to read this blog. Each week, I comment on the top stories from the security industry. I encourage your feedback and hope you come back soon.