Bitcoins, Home Hacking, Apple Malware and More at Virus Bulletin

September 29, 2014

The Virus Bulletin conference took place in Seattle, Washington last week. It’s touted as the oldest security conference in the world, and while the event generally boasts a full line-up of enterprise-oriented presentations, like Black Hat, this year’s conference played host to an increasing number of consumer and general interest topics under discussion as well.

Bitcoins,-Home-Hacking,-Apple-Malware-and-More-at-Virus-Bulletin

Two briefings of interest were (full disclosure) presented by my colleagues here at Kaspersky Lab: an explanation of the rapid escalation of Bitcoin theft from petty crime to Hollywood heists, and another presentation about hacking the modern home. An overview of the state of malware targeting Apple’s Mac OS X operating system, and a look at how white collar crime is changing on the Android operating system, caught our eyes as well.

Home Hacking

David Jacoby wrote about his experience hacking the various devices in his home here on Kaspersky Daily recently. He asked, “…if we can’t secure ourselves against current threats, what good will it do to identify potential new future threats?”

That question was born of Jacoby’s concern that we, as an industry, spend too much time talking about zero-days and lofty vulnerabilities in connected cars, refrigerators, hotels, home alarm systems, toilets and other so-called “Internet of things” devices that few people own. Meanwhile we spend too little time focusing on the problems we’ve known about for years and the woeful state of security for things that nearly everybody owns, like SmartTVs, routers, printers, modems, gaming consoles and network storage devices.

The conclusion that I had is why don’t you put out a special network segment where you put all of these devices and actually separate them from your network where you have your workstations, computers, phones, tablets and so on.

Before starting his endeavor, Jacoby says he was pretty sure his home was secure. He is, after all, an accomplished security researcher who spends nearly all of his professional time thinking about network security. This is precisely why he was shocked by the lack of proper security controls built into connected devices and the number of vulnerabilities present within them.

In a podcast with Threatpost editor-in-chief Dennis Fisher at Virus Bulletin earlier this week, Jacoby noted an interesting paradigm: as people become better about protecting their mobile devices and traditional computers, they seem to care less about the security of networked hard-drives, wireless printers and the assorted other devices with access to their home networks.

“We need to start thinking about how we connect our home appliances in our home” Jacoby said. “The conclusion that I had is why don’t you put out a special network segment where you put all of these devices and actually separate them from your network where you have your workstations, computers, phones, tablets and so on. 

Apple Malware

Patrick Wardle, director of research at Synack, spoke about malware persistence on Mac machines. Over the last five years, Wardle’s data illustrated, OS X has doubled its market share from seven to nearly 15 percent of home and enterprise workstations. Apple is now the third ranked vendor of personal computers in the United States.

In 2012, Apple said: “It doesn’t get PC viruses. A Mac isn’t susceptible to the thousands of viruses plaguing Windows-based computers.” That second sentence is technically true. However, the first sentence, as Wardle’s presentation demonstrated, is patently false. As much as some would hate to admit it, Mac machines are PC’s.

Wardle claims that the very first Mac virus was called ‘Elk Cloner’. It targeted the Apple II, which was popular in the early 1980’s. Last year, Wardle says 30 new families of malware emerged targeting the OS X platform. That number certainly pales in comparison to the amount of malware families targeting Windows machines and Android devices.

However, Wardle asserts that the increasing number of Macs on the market, along with the relatively weak antivirus protections deployed by most Mac users and a serious lack of Mac malware analysis tools could spell trouble, which is precisely why he’s working on “identifying persistence mechanisms in OS X and studying malware that abuses these, [so] we can (better) protect ourselves.”

Bitcoin Bonanza

Kaspersky Lab researcher Santiago Pontiroli of Argentina gave a brief and interesting overview of the rapid escalation of Bitcoin crime from penny-stealing malware to million dollar robberies over the past few years. His presentation bears resemblance to Wardle’s, because they both illustrate an all-too-common point: that criminals – like legitimate businesses – flock toward popularity because there’s more money in the popular than in the obscure.

In the case of Bitcoin, it’s precipitate rise to popularity and the concurrent attraction of criminals cannot be attributed to one source but rather a collection of factors, many of which are shared. For example, Pontiroli explains that the ability to buy nearly anything from nearly anywhere brought in many early adopters, but also ushered in criminals who sought to sell drugs, weapons and worse. It’s decentralized, unregulated and private, three incredibly appealing factors for those that would like to avoid taxation or launder money. Bitcoin also gives users the ability to be their own bank, which has proven more difficult that initially imagined.

Android and White Collar Crime

Another promising talk, which unfortunately had not yet been presented by deadline time, was Luis Corrons’ briefing about exposing the ever-larger group of white collar criminals exploiting the Android operating system. His talk promised to explore the evolution of Android crime.

He says most Android crime plays out as premium SMS scams where a criminal compels your phone to send text messages to premium rate SMS numbers. The user is then charged for those texts, and the attacker profits. To this point, such scams have been perpetuated by lookalike applications sneaking into the Google Play store. In this way, users believe they are downloading the Angry Birds app, but they are actually downloading a malicious application that will secretly send pricey text messages.

Corrons claims that in recent months, new techniques have emerged. Now, he says, the attackers are honest about the intentions of their apps – specifically that the users who download them are enrolling in a premium rate SMS services – and yet users are downloading them anyway.