7 Common Targets of Stealth Threats

Firefox's Underbelly

The Threat

Firefox add-ons are a potential security hazard -- not as bad as IE ActiveX plug-ins, but still a potential threat. Many Web-based attacks that target Firefox don't aim for the program executable itself. Rather, they seek to undermine add-ons -- files which may not be binaries and so may not be assumed to be at risk -- and the support structure for the program.

The Mechanism

Most of the danger comes from add-ons that pretend to be legitimate. For example, one add-on pretended to be the Adobe Flash Player, insisted on "updating" itself and dropped malware into the system.

Attacking Firefox through its supporting files is not as well understood, though, and for that reason it's that much more dangerous. Some of the files that Firefox uses to render elements in the browser's GUI are plain-text JavaScript files, so they can be edited by any program with write access to those files. One recent hijack in this vein edits the overlay.xul file to force Web searches to be redirected.

The Prevention

One would think that antivirus programs would be a good first line of defense, but they have a spotty record of detecting things like this. For instance, the overlay.xul attack described above was still being ignored by many prominent antivirus engines (Symantec, Panda, Kaspersky, Trend Micro) even after a month of being in the wild. The SANS researchers who examined this threat ran it through an online virus-scanning service and were dismayed at how few applications flagged it as malicious.

One possible workaround is to use a non-installed version of Firefox such as Mozilla Firefox Portable Edition, which can run in any directory or even from a removable drive. If the program becomes infected, it can be kept segregated from the rest of your applications, and is easier to clean up and reset without damaging your user data. (Another possible workaround is to use a different browser entirely, but that might be more effort than it's worth.)

Mac Hacks

The Threat

Many people switch to the Macintosh out of a sense that the Mac's a safer platform. By and large, it is, but threats do exist in the wild, whether piggyb

acked on pirated software or as the result of vulnerabilities in the platform itself. Most dangerous of all, though, is a false sense of security: users can be duped no matter what they're running.

The Mechanism

Mac security-product creators Intego released a report(PDF) in 2009 that examined Mac malware and kernel vulnerabilities. There's not a lot of Mac malware in the wild -- Intego found most of it in pirated copies of commercial applications (iWork '09, Adobe Photoshop) available on peer-to-peer file-sharing networks.

The kernel issues are also worth noting (the report notes that one was discovered in April 2009), but more worrisome are vulnerabilities in Safari. The browser has been shown time and again to be a weak link in OS X's security chain. Debates rage on about whether Macs are attacked less because of their minority share or because they are less vulnerable, but that doesn't make any attack on the platform less troublesome.

Most important of all, though, is the user at the keyboard. Mac users are no less vulnerable to social engineering -- and no less apt to download pirated software that turns out to be loaded with Trojans -- than those using other platforms.

The Prevention

A false sense of security is a bad habit to cultivate, especially if Mac adoption continues to climb. What's crucial is that users not assume that simply changing platforms is by itself a defense mechanism. It can stave off some obvious problems, but it won't eliminate all of them for all time.

To that end, Mac users need to keep apps updated (not too hard by itself), but also stay conscious of their security as a platform-neutral issue. Rip-off artists are loyal to no OS, and a bug in Safari can be just as problematic as a bug in IE. (The same goes for Linux as well: A scam run past someone using Firefox in Ubuntu is still a scam by any other name.)

Users should also stay informed about threats in the wild that might not seem like any of their concern at first. Malware is not just becoming more aggressive, it's jumping platforms and diversifying across them, targeting the user rather than the platform. Consider the Firefox XUL hijack described earlier: that was an attack that could be staged on multiple editions of Firefox, since the files attacked were not platform-specific.

And Mac users should avoid pirated software, for security (as well as ethical) reasons. The threat from such things may be marginal now, but that doesn't mean it'll always be that way.

(For some additional tips, you might want to check out this article: 15 easy fixes for Mac security risks.)

Subscribe to the Security Watch Newsletter

Comments