Rixstep
 About | ACP | Buy | Industry Watch | Learning Curve | News | Products | Search | Substack
Home » Industry Watch

Flashback: Kaspersky Spreading That FUD Again

Don't expect any of them to stop anytime soon.


Get It

Try It

MOSCOW/UNICORN PARK (Rixstep) — Here they go again. The vultures of the Windows antivirus industry together with the technical nincompoops of the InterWeb's mainscream media. Very little of what you read is true. Read on.

'Flashfake'

Kaspersky Labs of Moscow - and now of Massachusetts in the US as well - have made a fortune on the heroin economics of Windows security. This is today a depleted market.

More and more people are finally realising what a bucket of manure Windows is. Malware attacks are more targeted than ever before. Malware authors use major antivirus products to test their hacks to make sure they can't be stopped. And the most advanced forms of malware - as reported for years now at Krebs on Security - are basically able to get past AV checkpoints no matter what.

The idea of collecting strains of malware, then analysing them for characteristic binary sequences ('signatures') is antiquated. Network admins can derive a minimal benefit from AV in heterogeneous environments, knowing that AV can perhaps stop what common sense should have stopped in the overlooked and somewhat dimwitted user, but it's of no use to anyone else.

Particularly not on a Mac. Brian Krebs says himself he'd never buy it for a Mac.

The Windows AV companies see the end of the road. Windows can't survive forever. The greater the chances Windows survives, the greater the risks the Internet itself doesn't survive. It's as simple as that.

Faced with that dilemma, the AV companies have two scenarios, both of which are treated with a healthy dose of 'fear uncertainty and doubt' (FUD).

  • Discourage as many people as possible from switching from Windows. Convince them things are just as bad anywhere else. Scare them with the prospect of worldwide outbreaks on all other platforms.

    As with Microsoft themselves, they love the news of an outbreak on another platform - and conveniently sidestep the fact that Windows has had millions of such outbreaks by now.

  • Bamboozle the switchers into buying their products for the new platforms as well. See above for Brian Krebs' comment on that.

1. SecurityWeek/Steve Ragan

Steve Ragan of SecurityWeek leads off this latest bout of targeted hysteria and confusion. Ragan notes that Kaspersky have discovered a new strain of Flashback that 'allows the attackers full control over the system'. Ragan doesn't explain how this is possible unless the trojan exploits a bug to escalate privileges to root. Having some control over a system is of course feasible. And it's common for Windows users to confuse the two concepts as they don't really have escalated security anyway.

Note that the article's title includes 'New Mac Trojan' - but note as well in Ragan's third last paragraph that he reveals it's not really a 'Mac' anything.

'It's important to remember that this latest Mac threat isn't Mac alone. Windows users are just as vulnerable to it depending on their system setup and personal computing habits.'

And that's not the full of it either. For contrary to what Steve Ragan might assume, there are other platforms out there - myriad BSD and Linux platforms - that could be vulnerable as well.

What no one wants to point out (or is too ignorant to point out) is that this 'trojan' has nothing to do with Apple's OS X. Or Microsoft's Windows. Or any Unix flavour available. It's a Java vulnerability. And it wouldn't have harmed a flea if Apple didn't continue to pursue such a twitty attitude towards cooperation in the open source community.

Very few Windows computers were hit. Very few Unix likewise. This because those vendors took the urgent patch from Java caretaker Oracle and applied and distributed it immediately.

Whilst the engineers at Apple sat on their hineys for two months and let up to 700,000 Apple customers get hurt.

[Yes there should and could be a class action against Apple for this. And there can be more unless they stop farting around. Ed.]

2. Kaspersky US

But it's Kaspersky who led this FUD action off and it's Kaspersky who are responsible for the most of the damage. Or try this on for size.

'The notorious Flashfake Trojan that helped to create a botnet of 700k+ Mac computers may be the most prominent example of vulnerabilities in a Mac OS X environment...'

There are so many things deliberately misleading in that statement that it's not funny.

  • 'Notorious' - arbitrary adjectives aren't permitted in good journalism. Flashback is hardly notorious anyhow. Most Mac owners probably still haven't heard of it, much less formed an opinion about it.
  • 'Flashfake' - leave it to Kaspersky to rename something everyone already has agreed on. 'All the better to frighten you, my dear.' Then the capitalised 'Trojan' for good measure. 'Trojan' is neither a proper name nor a place name. But it sure gets more intimidating when it's capitalised!
  • '... vulnerabilities in a Mac OS X environment...' It's not called 'Mac OS X' anymore but Kaspersky can't be expected to know that as they bathe in Windows bugs day and night. And it is definitely not a vulnerability in OS X. Note the coy way Kaspersky worded that: they didn't come right out and say it was an OS X bug - but they made you think it was!

But things actually get even more embarrassing for Kaspersky at this point. For the source of this latest attack is found in a product from Microsoft.

Yes friends it's true:

'During the analysis of the backdoor, more details were uncovered about the infection vector of a targeted attack. Kaspersky Lab's researchers have found six Microsoft Word documents, all of them containing the exploit.'

As has been said so many times before, something that will bear repeating again and again: when computer disaster strikes, Microsoft are always right around the corner.

  1. Turn off Java. Permanently. If you must use it then make sure you have the patch.
  2. Read this so you're protected against future attacks. Apple are still too busy with their new iPs to understand what's going on.
  3. Write to Apple. Repeatedly until they get a clue and relent. Protest against their immature treatment of your personal safety and open source on your computer. Ask them for example why your command interpreter is six years old.
  4. Beware Windows antivirus snake oil peddlers.

See Also
SecurityWeek: Kaspersky Confirms New Mac Trojan Used for Targeted Attacks
Kaspersky Lab US: New Backdoor Proves to Be an Advanced Persistent Threat for Mac Users

Learning Curve: Flashback: What Do You Do When It Strikes Again?
The Technological: Apple and the War on Stupidity
The Technological: Apple's Achilles Heel
Industry Watch: Flashback Botnet Recruits 550,000 Macs

About | ACP | Buy | Industry Watch | Learning Curve | News | Products | Search | Substack
Copyright © Rixstep. All rights reserved.