Posted on 12/01/2014 3:46:00 PM PST by Dacula
The FBI warned U.S. businesses that hackers have used malicious software to launch destructive attacks in the United States, following a devastating cyberattack last week at Sony Pictures Entertainment.
The five-page, confidential "flash" warning issued to businesses late on Monday provided some technical details about the malicious software that was used in the attack, though it did not name the victim.
An FBI spokesman declined comment when asked if the software had been used against the California-based unit of Sony Corp.
The Sony attack resulted in five films being leaked online, including the updated version of "Annie." In the attack on the studio's corporate systems Nov. 24, an image of a skeleton appeared on company computers with a message that said, "Hacked by #GOP," with the group behind it calling itself "Guardians of Peace."
The message threatened to release "secrets and top secrets" of the company. Currently being investigated is a connection between upcoming Sony movie "The Interview," and North Korea.
The FBI occasionally issues "flash" warnings to provide businesses with details about emerging cyber threats to help them defend against new types of attacks. It does not name the victims of those attacks in those reports.
The report said that the malware overrides data on hard drives of computers which can make them inoperable and shut down networks.
It is extremely difficult and costly, if not impossible, to recover hard drives that have been attacked with the malware, according to the report, which was distributed to security professionals at U.S. companies.
the warning should be how destructive the morons in the fed govt are.
http://www.reuters.com/article/2014/12/02/us-sony-cybersecurity-malware-idUSKCN0JF3FE20141202
Sorry, you are wrong. That is simply not true. Yes, any platform is susceptible to Trojan malware. However, OS X has built in protection against all known Trojans. . . and there are only 57 known trojans for the OS X Mac platform. Compare that to the number of trojans known for the Windows platform. . . and that alone shows the failing of your assertion.
It takes industrial strength stupid to continue such behavioral activity to install such malware, which ALSO requires the input of an Administrator's user name and password, not just the click on an "OK" check box warning to override protection. It takes an affirmative knowledgeable action.
Most writers of malware target the low-hanging fruit. That means they write their malicious wares for the Windows platform.
However, there are no known vectors for other types of malware such as words or viruses to get into OS X UNIX platforms at this time. There have been seven (7) virus/worm candidates offered for such malware in the past twelve years and all of them have failed for lack of viable vectors to invade the machines. That leaves ONLY Social Engineering as a means of malware invasion or physical possession/access to the computer. Windows machines are still being attacked via other means.
It seems to be more of a "Look out!" Scare tactic than anything else. I can't find out anything either. I know that Sony uses it's own Windows' based computers, not Macs, being competitors with Apple, so the exploit had to be on that platform. . . unless it was a server based exploit. I don't know what type of server they use.
The report said the malware overrides all data on hard drives of computers, including the master boot record, which prevents them from booting up."The overwriting of the data files will make it extremely difficult and costly, if not impossible, to recover the data using standard forensic methods," the report said.
The document was sent to security staff at some U.S. companies in an email that asked them not to share the information.
I notice the strange mis-use of verbiage. It is non-technical in the the use of "overrides" which is an "authority, power, cancel, etc." a decision of a lower subordinate. Not a technical term at all. The next paragraph uses a proper technical term which can be appropriate use for the destruction of data: "overwriting" with nonsense data.
Then we find that someone selected that only certain companies were notified of this danger. Who made that selection and on what criteria? Then we find that the selected companies were asked (read "told") to keep that information quiet! Again, why?
This strikes me as politically selective and not good. Who was left with their data hanging in the wind at risk?
OS X has built in protection against all known Trojans. . . and there are only 57 known trojans for the OS X Mac platform
And...
That leaves ONLY Social Engineering as a means of malware invasion or physical possession/access to the computer
You made my point for me. I said they are a TARGET for MALICIOUS content. I said nothing about viruses or specifically about Trojans. I said that they are susceptible if properly executed. I said nothing about the difficulty of infection, simply that they can be infected, so the assertion that Macs are immune to viruses and malware is patently false.
Pong
Your point is twaddle intended to misinform and hide the truth behind disinformation intended to equate the mess that has been the Windows environment in comparison with the Mac environment that for 16 years has not had any malware of which to speak.
Even in Trojans, the infection level has been miniscule. Most anti-malware companies list the number of infected Macs from these 47 Mac OS X Trojans at UNDER >100 units and most are listed a zero to 50.
The worst case scenario wss the so-called Mac Flashback Trojan which supposedly created a JAVA-script botnet based on a JAVA exploit that had been closed 18 months before, which was announced two and a half years ago by Dr. Web, a Russian Anti-Malware company, in which they claimed an astonishing 680,000 infected Macs as members!
This claimed Mac botnet was a real puzzle to Mac users, because to even GET infected required Mac users to go to an obscure Russian language gaming site, download a trojan JAVA Script masquerading as a character definition for an even more obscure Russian language JAVA role-playing game, ignore the built-in OS X warnings that the file contained an already known Trojan, and then install it in the game. Say what? The game itself had been downloaded fewer than 15,000 times! So how can 680K supposedly savvy Mac users get infected by a really obscure Russian game with fewer than 15,000 users? That seems exceedingly unlikely to begin with.
One would assume that RUSSIANS would be playing the Russian language game, yet 95% of the "infections" were in the English speaking United States with the balance in English and French speaking Canada and the English speaking UK, with a sprinkling of infected Macs in Europe? HUH? That made absolutely no sense.
Being a JAVA exploit, the game would also run equally well on Macs and Windows, and one would assume that with Mac gamers being outnumbered by Windows gamers 10 to 1, one would see a similar ratio in infected machines in the bot, yet 98% of the "infected" computers were Macs. Huh? Again, Dr. Web's discovered botnet makes absolutely NO SENSE numerically at all. . . especially when they announced it as a "cross-platform exploit!"
Then, amazingly, the number of "infected Macs" being reported in the news media started to rapidly shrink—from 680K to 270K (after Secunia analyzed Dr. Web's reports and assumptions) to 160K, to under 50K, and then all reports disappeared from the news cycle with a whimper in less than two weeks. . . and then was never heard from again— as no one ever found any infected Macs in the wild. . . and there were a lot of people looking.
AS a matter of fact, the ONLY evidence this MacBotnet ever existed was claims from Dr. Web about the "honey pot intercept server" run by Dr. Web which they claimed was "intercepting all the infected Macs calling home to the malware's control server." Other Computer Security companies, echoed Dr. Web's reports. . . nothing more. Dr. Web put a tool online for people to check a list of UUIDs culled from the Honey-Pot if their Mac's were infected or not. It soon became obvious, as more and more people found their computers' UUIDs were on the list, but were NOT infected, that something was very wrong. Two of my office computers were on the list, but neither had JAVA installed. . . and one of those had NEVER been connected to the Internet! Analysis of the UUIDs on Dr. Web's honey-Pot server soon showed that the list included among the original 680,000 infected member Macs, UUID's for Macs that had never had JAVA installed—which meant they could never have been infected, UUIDs for Macs that had never been sold and did not even have JAVA installed, and even UUIDs for Macs that had never yet been manufactured!
It turned out to merely be a list of random UUIDs that were in the range known to be available to Apple for use in their computers. As the claimed numbers of infected Macs, dropped. It was, to put it bluntly, a hoax apparently designed to sell Mac business anti-malware for that Dr. Web had, just co-incidentally, released that week (wink, wink). Funny thing, Dr. Web announced two or three months ago their NEW anti-malware package for individuals and simultaneously, they announced they had JUST discovered a new MacBot. . . this one of only 17,000 member Macs. . . infected by a Trojan they cannot tell anyone how it works, but they KNOW it's out there because they've intercepted it "calling home" on their honey-pot. . . RIGHT. Sure. No one paid any attention. Just like before, no one but Dr. Web can find even a SINGLE example in the wild. . . and just like before the only evidence of this MacBot is it is that its members are contacting Dr. Web's honey-pot server by UUIDs. This time, no one is listening to their FUD!
Much of the Mac Malware is of a similar kind. Two or three day tempests in a tea-pot. . . announced by an anti-malware company with something to sell to ex-Windows users to protect them from what was just discovered. We long time Mac OS X users yawn. Heard that many times before. It NEVER pans out.
Show me a computer VIRUS that has ever infected an OS X Mac. EVER. You cannot! There have been ZERO computer viruses to ever infect an OS X computer. None, Nada, ZIP!
Your inclusion of viruses with computer malware is disingenuous. A Trojan is merely a program that does something other than what the user expects it will . . . usually malicious. A computer that can not run any programs is the ONLY computer that would not be susceptible to a Trojan. A Trojan is installed by the user, usually by trickery.
A computer virus or worm, are self-replicating, self-transmitting, self-installing, self-running malware that can invade a computer without user intervention or involvement. Both of them, however, require vectors for their invasion and installation. They are a different species entirely than a Trojan.
No, sir, the problem here is that you're the type who thinks that Apple can do no wrong and that Microsoft turns out garbage product regardless of its success.
Further, throughout your screed you discuss that Macs can, in fact, be infected by trojans and malware. The fact is that as soon as you read anything condescending about Apple's products, you immediately go on the defensive and miss crucial points to the discussion at hand.
My only point, from the beginning, was that "Macs are just as much a target for malicious content as Windows machines." You continue to misquote me and insinuate that I was speaking specifically of viruses, and that makes you, sir, the disingenuous one here. If you pay attention to IT security channels, you would know that Macs are increasingly being targeted by malware and spyware creators and are not immune to infection. My point was not arguing probability, it was arguing possibility, and they are two very clear distinctions. As an IT professional with over 20 years of experience from desktop support to data center engineering, I can tell you that Macs are not without their software pitfalls, regardless of your level of obsession with the cult of Apple fandom.
I'll put it out there that I am not without product fealty. I'm a Microsoft Certified Professional with their server line since 2003, and I am paid as an architect to design and implement the back end systems that your Apple devices often utilize including NDES, SSO, RMS, and the entire ADDS system your corporate Parallels sessions use to connect to your enterprise domain.
If you think that Apple rules for their ease of use and aesthetics, you won't hear an argument from me, but having worked with Apple engineers presently and in the past, I can tell you that not a single one of them can point to or advocate for an Apple device that functions in an enterprise as well as Windows and Linux products do.
Apple has its place, sir, but under no circumstances can you sit there with an honest conscience and say that Apple devices are immune from anything. As computing devices, they're susceptible to anything that idiot users can and will do. Just because you count yourself among power users does not mean that every other Apple-owning consumer out there is the same.
There are reports the feds are “offering code” to “help protect” vulnerable systems. uh huh....
I never claimed equality in vulnerability, Sword. You cannot sit there and honestly claim that Macs are not vulnerable to attack. As there are more Apple devices on the market, there will be a greater demand for malware and exploits.
Fact is that since Windows dominates the OS marketplace, they are the largest, easiest target. It’s a numbers game. Claim all you want about Apple platforms, my assertion from the beginning was that nothing is immune, and I stand by that.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.