Friday, February 20, 2009

Unsafe At Any [Connection] Speed

by Kevin M Nixon, MSA, CISSP®, CISM®, CGEIT®

Introduction

I was surprised and very concerned at the number of responses I received to my article regarding a Blended Hack Attack.  The article was about how Hackers tricked people into going to a website to check to see if they had received a Parking Ticket.

Now, the creativity of combining a Social Engineering attack with a fake website is amazing but what really got me going were the number of people that think that using Apple's Macintosh system is "protection" against an attack.

I also realized that when one can remember the evolution of a hardware platform from an 8-bit processor chip with a dual 8" floppy storage system to the Mega Systems of today; that proves one thing.  I’m getting old!

Yes, A Mac Can Be Hacked and Infected Just Like PCs

Prior to January 1984, Apple had the Apple I, Apple II, and the Apple III.  There were no hard drives they ran on Dual 8" Floppy disks. The Apple I and II were Command Line systems.  No Mouse here.  The motherboard contained a single MOS 6502 8-bit chip! Steve Wozniak modified a version of BASIC and after using the booting with the floppy, the Boot Disk was removed and then the single application floppy was inserted into A: and the ONLY Commercially Off The Shelf application was Visicalc.  Apple-II improved speed by using the memory in the CRT device.  When the Apple III was released it came with Visicalc pre-burned on the chip. 

Then the world changed on January 22, 1984 during the 3rd quarter of Super Bowl XVIII when Apple unveiled the Macintosh 128K. This was the first MAC.  Up till then the devices were all named Apple.

Two days after the 1984 ad aired, the Macintosh went on sale. It came bundled with two applications designed to show off its interface: MacWrite and MacPaint.

>See Timeline of Mac Models

Apple is a vertically integrated product, meaning that Apple controls every aspect of the product including the operating system. The OSX operating system will only work on Apple computers.  

Despite the $1.5 Million spent on the Super Bowl Ad plus an additional $2.5 Million spent for a 39 page advertising brochure in Newsweek, Apple continued to struggle, due to various problems, such as lack of OS compatible application software, the monochrome-only display and the closed architecture.

Apple eventually gained success as a result of its introduction of desktop publishing (and later computer animation) through Apple's partnership with Adobe Systems which introduced the laser printer and Adobe PageMaker. Indeed, the Macintosh would become known as the de-facto platform for many industries including cinema, music, publishing and the arts.

Apple did briefly license some of its own application designs, but Apple did not allow other computer makers to "clone" the Mac until the 1990s, long after Microsoft dominated the marketplace with its broad licensing program. By then, it was too late for Apple to reclaim its lost market share.

At the 1997 Macworld Expo, Steve Jobs announced that Apple would be entering into partnership with Microsoft. Included in this was a five-year commitment from Microsoft to release Microsoft Office for Macintosh as well a US$150 million investment in Apple. It was also announced that Internet Explorer would be shipped as the default browser on the Macintosh.

Today, a modern Mac can boot on a Windows operating system with the boot camp utility, which lets you chose between OSX and Windows when starting the computer.

A PC is a generic architecture design of hardware that will allow a Linux or Windows operating system to boot.

PC manufactures' rely on OEM software, and do not vertically integrate their products.

As a result of the interoperability of PC architecture, PC's have around 95% market share, this is good news for the availability of software, and bad news for the availability of viruses.

The 2 Minute Mac-Hack

(source: Mac Hacked In Under 2 Minutes )

Within 2 minutes, of directing a MAC to a Web site that contained exploit code, the computer was under the hacker's control.

The hacker (Charlie Miller) was given a $10,000 cash prize AND was quickly given a nondisclosure agreement to sign, and he's not allowed to discuss particulars of his bug with anyone but Apple.

The Contest rules stated that the hacker could only take advantage of software that was preinstalled on the Mac, so the flaw he exploited must have been accessible by, or possibly inside, Apple's Safari browser.

So is an Apple Mac immune to Hacks, Worms or a Virus?  NO!

Every Mac owner needs to be just as concerned as a PC owner.

If a Mac was not able to be hacked or infected why would the Apple Support Website publish Security Update Patches?  Mac owners should review the following pages at Apple support and update and patch just like 95% of all computer owners!

From the Apple Support Website:
Apple Security Updates
Apple security updates (25-Jan-2005 to 21-Dec-2007)
Apple security updates (03-Oct-2003 to 11-Jan-2005)
Apple security updates (August, 2003 and earlier)
VirusBarrier X5

© Copyright 2009 – Kevin M. Nixon – All Rights Reserved – See: Information Security Resources
(This article may be reprinted in whole or in part only with proper attribution to the author.)

 

Parking Ticket Leads to PC Virus Attack

by Kevin M Nixon, MSA, CISSP, CISM, CGEIT

At 11:47 AM CST – 02-20-09 I posted this story on Daily Kos and my comment meter went off the scale.  People just couldn’t believe that something like this could be true.

I have to give a “SHOUT OUT” to my friend “Sparky” (Shannon Myers-Leitz at GotMetrics.com) for sharing this story.

Firewalls. Corrupted files. Spam with bad code.  Those were the traditional vectors hackers used to plant malware on a system or gain access to a workstation. Now they just give you a parking ticket.  

Last week the SANS Internet Storm Center discovered a case in Grand Forks, North Dakota where yellow card-like fliers presumed to be parking  tickets were found on cars in a parking lot.

The would-be tickets read: "PARKING VIOLATION: This vehicle is in violation of standard parking regulations."

The card then instructs the ticket recipient to visit a specified Web Site. From this point, hackers count on law-abiding users to go home and log on where, strangely enough, they'll see a picture the parking lot where their car was. A few clicks later, a fake Internet Explorer security alert pops up asking the user if they'd like to do a quick antivirus scan. The infection starts from there.

Lesson learned:  Go Green! Take Public Transportation.

Forensics of the Hack

With the “Parking Ticket” in hand, lawful citizens went to the website only to discover a photo of their car!

parking1rt5

The picture displayed was of cars in that location (not the ticket holders car) with the prompt to use the Picture Search Tool.  This leads the person to believe that they can search through a series of photos looking for their car.  So CLICK, and then the fun begins.

The Picture Search Tool is know as a Browser Help Object (BHO).  The BHO seemed to wait for the user to browse the Internet a bit, and then brings up a pop-up with a fake security alert:

Error Message

The initial program installed itself as a browser helper object (BHO) for Internet Exploter that downloaded a component from childhe.com and attempted to trick the victim into installing a fake anti-virus scanner from bestantispyware securityscan.com and protectionsoft warecheck.com.

Attackers continue to come up with creative ways of tricking potential victims into installing malicious software. Merging physical and virtual worlds via objects that point to websites is one way to do this. I imagine we'll be seeing such approaches more often.

© Copyright 2009 – Kevin M. Nixon – All Rights Reserved – See: Information Security Resources
(This article may be reprinted in whole or in part only with proper attribution to the author.)

Powered By Blogger