The Japanese arm of antivirus vendor Trend Micro has announced its website had been hacked and its pages modified to service up viruses. In other words, if someone had visited their website chances are they’d have picked up a virus.
Not the sort of thing you expect from an antivirus manufacturer, and they’re not being very forthcoming about it, either. While the company has announced that some of their website pages are found to be modified from March 9th to 12th, this is so far only in Japanese, according to asiajin. And that was yesterday. Nothing on their U.S. website yet.
Gen Kanai suggests it was because the company is using Windows 2000, and rips into TrendMicro both for the length of the breach and the lack of transparency: “If a security services/software firm can’t keep their own web servers secured, and left their own hacked website up for 3 days, there’s no logical reason to expect that their own security services are any better.”
Not very reassuring. I’ve often recommended HouseCall but until this is sorted out and Trend Micro comes clean about this, I’m steering clear.
This week’s WSJ.com column (subscription only) is about mobile viruses — or the lack of them. First off I talked about CommWarrior, the virus any of you with a Symbian phone and Bluetooth switched no will have been pinged with anywhere in the world.
CommWarrior isn’t new: It has been around since March 2005. But this isn’t much comfort if you find yourself — as a lunch companion and I did — bombarded by a dozen attempts to infect our phones before the first course had arrived. So is CommWarrior just the thin end of a long wedge? Yes, if you listen to the Internet-security industry. “I can personally assure you that mobile threats are reality, and we have to start taking our mobile security seriously,” says Eric Everson, who admittedly has a stake in talking up the threat, given that he is founder of Atlanta-based MyMobiSafe, which offers cellphone antivirus protection at $4 a month.
But the security industry has been saying this for years about viruses — usually lumped together under the catchall “malware” — and, despite lots of scare stories, I couldn’t find any compelling evidence that they are actually causing us problems beyond those I experienced in the Italian restaurant.
For reasons of space quite a bit of material had to be dropped, so I’m adding it here for anyone who’s interested. Apologies to those sources who didn’t get their voices heard.
Symantec, F-Secure Security Labs and other antivirus companies call FlexiSPY a virus (though, strictly speaking, it’s a Trojan, meaning it must be installed by the user, who thinks the program does something harmless). “In terms of damaging the user, the most serious issue at the moment is commercial spyware applications such as FlexiSPY,” says Peter Harrison, of a new U.K.-based mobile-security company, UMU Ltd.
Not surprisingly, however, Mr. Raihan isn’t happy to have his product identified and removed by cellphone antivirus software, though he says his protests have fallen on deaf ears. “We are a godsend to them,” he says of the mobile antivirus companies. “They are fear-mongering as there is not a significant problem with viruses in the mobile space.”
How often do antivirus manufacturers admit that their products are not really up to the challenge anymore?
The only folks I know who do this are those from Trend Micro. I interviewed Steve Chang, its founder, a couple of years back, and he made it clear that antivirus software can’t keep everything out. But it doesn’t always come across quite as frankly as it should. This BusinessWorld piece today makes clear, in an interview with Ah Sin Ang, Trend Micro Incorporated’s regional marketing manager for South Asia, asks the important question, (is there) yet no antivirus software than can protect us from phishing?
Ang’s reply could be more thorough, but it’s probably more honest than some of Trend Micros’ competitors: If you are aware that banks don’t send you these types of emails, you’ll be protected. That’s why Trend Micro emphasizes public education.
He also makes the valid point that ‘antivirus’ is not a particularly useful term anymore: Although anti-virus is a general term for Internet security, we like an antivirus software to clarify what that software means – does it include protection against Trojans, spyware, adware and hackers? Does it block unhealthy sites? Once you get infected, there may be a lot of pop-ups featuring pornographic and gambling sites. A good integrated software must also allow filtering. When you filter, it must also be able to filter spam and phishing.
I think the bottom line is that antivirus software is not doing what its customers think it’s doing. Most of us can’t tell the difference between a worm and a Trojan, and tend to assume that antivirus software will also protect us if we click on something in an email that takes us to an infected site. This is no longer true, if it ever was. Instead, the software gives us a false sense of security. Would we better off not having it, and instead educating ourselves about threats?
Further to my outburst about how network administrators and anti-virus companies may be making the whole MyDoom thing worse, here’s a similar take, albeit more detailed and informed than mine, from Attrition.org. The message: Treat all emails ‘notifying’ you that you have a virus as spam and inform the administrator/company/ISP accordingly. Thanks to the excellent TechDirt for pointing this one out. CNET have a similar report as does The Register.
My tuppennies’ worth? Sue anybody who accuses you of harbouring a virus. It’s defamation pure and simple.
Some other tidbits about the virus: It seemed to have originated in Russia, and may not actually contain an attack on SCO.com, so there’s a strong school of thought growing that all that SCO/Linux stuff is a ruse, and that the real purpose is a good old fashioned Mafia-originating password-stealing scam. If so, it’s reassuring to know that a) the open source crowd haven’t gone bad and b) it’s still just about da money. Slashdotters discuss the matter here.
That said, there’s a lot about MyDoom we don’t know about it, and writing it off as a variation of earlier worms I think misses the point. Viruses may often be built on old ones, but it doesn’t mean they do the same thing. Microsoft Monitor calls it “one of the more sophisticated viruses in recent memory” and says antivirus companies are only starting to learn about what it may do.
Here’s a program that may help you if you worried about the recent spate of viruses and phishing tricks that focus on keylogging — small, often invisible, programs that secretly capture what you type, especially when you’re entering passwords .
System Mechanic 4, a collection of software tools from iolo technologies, includes parasite-fighting tool called SpyHunter(TM) which “seeks and destroys annoying and dangerous spyware, malware, adware, and other notorious malevolent applications, plug-ins and ActiveX controls that fly under the radar of antivirus solutions”.
SpyHunter also “protect users from keyloggers”, although the press release I got doesn’t say how. I will check out the software and get back to you.
System Mechanic 4 Professional includes Panda Antivirus Platinum 7.0 antivirus and firewall, System Shield, Search and Recover, and DriveScrubber. There’s also a Popup Stopper tool, a disk defragmenter and something called NetBooster, which claims to speed up Internet connections by up to 300%. The whole kaboodle costs $70.
This from reader Jim Erlandson on Microsoft’s declining support for Windows 98:
“Windows 98 support isn’t dropping off the face of the earth according to Microsoft. $35 per incident phone support is. How many people do you know who have spent $35 for a phone call to Microsoft lately?
And a quote in C|Net indicates that security updates will probably still be released as needed. The company’s policy would not ordinarily call for Microsoft to provide any security-related patches, but in an e-mailed statement, the company said it would evaluate future threats as they emerge.
“In addition to the robust set of third-party security products we encourage all Windows customers to use, including antivirus and firewall products, (after Jan. 16) we will evaluate malicious threats to our customers’ systems on a case-by-case basis and take appropriate steps,” Microsoft said.
That bit about “more than 80 percent of companies surveyed were still using Windows 98 and/or Windows 95.” would be more interesting if they quoted percent of desktops. By their method, a company with thousands of Win XP machines and a single Win 98 box in the basement running the boiler would add to that 80 percent number – but not in a meaningful way.”
Thanks, Jim. All good points.
You know if AccountancyAge are reporting it, there’s money involved. According to the bean-counters, organised crime is looking at how it can make money from spam and virus writing, which means attacks may become less common than now but more dangerous. Quoting Russian antivirus expert Eugene Kaspersky, the latest MiMail worms were the first in a new type of attack aimed at deriving financial profit from viruses and malware.
Recent MiMail variants collected and forwarded PayPal account details to the worms’ creators. ‘The business of the mafia is business, and there could be a lot of money to be made from malware and spamming. As they consolidate control, the business of hacking and virus writing they will squeeze out independents. Spam will be an early target,’ he said.
What’s the interest for the mafia? Stealing commercial valuable secrets, bringing down networks for extortion, grabbing money from PayPal accounts.
Further to my earlier post about the rising virus conflict
, one option to consider is a non-mainstream Anti Virus program
. There are some out there, and they might just do a better job of saving your hide: They may work better, and they may put out updates faster. One is the unfortunately named NOD32, from Eset Software
which seems to be on the cutting edge: today it announced it has become the first product for the (next) Windows 2003 operating system to receive prestigious Checkmark certification at Levels 1, 2 and Trojan, from SC Magazine’s West Coast Labs.
NOD32 Antivirus claims its effectiveness is “due to its unique core technology that addresses both known and unknown viruses”. In other words, it’s not just looking for stuff we know to be viruses, but also “virus-like activity”. It also claims to be fast: more than twice the speed of the next best product on the market, means it’s less likely to slow down your computer while checking incoming stuff for viruses. I haven’t checked out NOD32 but I’m about to.
This week’s New Scientist confirms
what readers of this blog already knew about the growing imbalance in the virus arms race. Antivirus specialists, the mag says, are fighting a losing battle against malicious code like viruses and worms. Research undertaken at Hewlett-Packard’s labs in Bristol, UK, is the first to evaluate the effectiveness of antiviral software. It shows that the way we fight viruses is fundamentally flawed, because viruses spread faster than antivirus patches can be distributed. By the time the antivirus software catches up, the damage has already been done.
Hewlett-Packard researcher Matthew Williamson designed a computer model to mimic the way in which viruses spread, based on a model that tracks the spread of biological viruses. He then introduced parameters to represent the way the antivirus software responds to this spread. He found that even if a signature is available from the moment a virus is released, it cannot stop the virus spreading if it propagates fast enough. Should we be worried? Yes.