Botnets evolve, Mac weaker in Q1 say experts
Dubai, June 10, 2012
Botnets evolved strongly in the first quarter of 2012, the Mac has become the weak link in corporate security systems and for the first time, cybercriminals used a “fileless” bot to build a zombie-net, said a report.
The first quarter of the year also saw the discovery of a mobile network with infection numbers similar to typical Windows botnets, said Duqu – Kaspersky Lab’s traditional quarterly malware report for Q1 2012.
A zombie net of 700,000 Mac OS X computers was exposed, added the report.
Among the growing malware problems for Macs, the report noted the rise of targeted attacks against this OS. Users need to be alert to the risk of cybercriminals targeting organizations which use both Windows and Mac platforms, it said.
In the first quarter of 2012, one case involved cybercriminals using two Trojans – one for Mac and another for Windows – to gain access to confidential records. Depending on which OS was running on the target machine, the appropriate malware was loaded, the report said.
Both Trojans got their commands from a single control center. To make the initial intrusion into the system, the criminals used an exploit that works in both Windows and Mac OS X environments; a successful attack gave them control over the infected machine.
“Judging by the speed with which new malware is being created for targeted attacks on Mac OS X, it is not that complicated for cybercriminals to develop. Meanwhile, the careless attitude of many Mac users, coupled with a lack of security on their computers, makes Macintosh the weakest link in business security systems,” said Yury Namestnikov, senior malware analyst at Kaspersky Lab, and author of the report.
After a four-month break the authors of Duqu got back to work: in Q1 a new Duqu driver with functions similar to previous versions was detected. The difference in the code was negligible; all the changes were aimed at evading detection. The main Duqu module related to the driver has not yet been found.
“We were right in our suppositions: when so much money has been invested in a project, as it was with the development of Duqu and Stuxnet, it is impossible to suddenly just halt that process. Instead, the cybercriminals are persevering as usual – they have changed the code so it avoids detection and will continue to attack,” concluded Alexander Gostev, chief security expert at Kaspersky Lab.
The first quarter of 2012 was also notable for the successful joint efforts of antivirus companies and law enforcement bodies: they took over control of the 110,000-strong Hlux (Kelihos) botnet, shut down control centers of several ZeuS botnets targeting online banking users and arrested several Russian cybercriminals. – TradeArabia News Service
More IT & Telecommunications Stories
- Kuwait moves to create telecoms watchdog
- Batelco backs Royal Fund for Martyrs
- Egypt's Global Telecom posts $749m Q4 loss
- Red Hat launches open source BPM suite
- Batelco announces new board
- Batelco offers improved broadband
- You don't own phone numbers, warns TRA
- Tech giants back top Qatar ICT event
- Du to provide wifi access in public areas
- Zain finalises $800m, five-year loan facility
- Ooredoo Q4 net profit falls 36pc to $140m
- Mobily, Etisalat team up for LTE roaming
- Batelco approves $84m dividends for 2013
- Etisalat Q4 profit rises 70pc to $394m
- Kenya telecom firm to join Etisalat SmartHub
- Aruba appoints new sales director
- Du enters $1.17 billion financing deals
- VIVA extends 4G LTE offer
- Batelco to update students with latest technologies
- Etisalat SmartHub seals IPX agreement
- Etisalat picks Alcatel for LTE network expansion
- Boeing, QCRI host machine learning forum
- Mobily provides 4G LTE international roaming
- Viva Kuwait, Huawei to set up innovation centre
- Etisalat, Airtel deal to boost network services
- Batelco offers 4G LTE backup solution
- Arbor unveils ‘Peakflow’ solution
- Etisalat launches enterprise mobility services
- STC launches advanced 4G network
- Dubai to host ITU global summit