Hackers Increasingly Look for Cross-Platform Vulnerabilities

By Antone Gonsalves, 2-Aug-2012

A Microsoft security researcher says malware makers seek 'economies of scale'.

Hackers Increasingly Look for Cross-Platform Vulnerabilities

More and more hackers are targeting the same application vulnerabilities on Macs and Windows PCs as a way to reap the financial benefits of writing cross-platform malware.

The trend involves exploiting vulnerabilities that go as far back as 2009 in Office documents. Other cross-platform, third-party technologies favored by hackers include Java, Adobe PDF and Adobe Flash, Microsoft security researcher Methusela Cebrian Ferrer said Tuesday in the company's Malware Protection Center blog

Targeting the same vulnerabilities in applications commonly found on both platforms allows hackers to reap profits twice from the same malware, a trend Ferrer calls "economies of scale in cross-platform vulnerabilities. 

"This method of distribution allows the attacker to maximize their capability on multiple platforms," he said.

Stephen Cobb, security evangelist for ESET, said cybercriminals have treated malware development and methods for infecting systems as a business for years. "We can expect to see further application of business logic -- such as economies of scale, division of labor and risk/reward calculations -- to developments in this space," he said in an interview via email.

Microsoft spotted the latest trend while investigating malware called Backdoor Olyx, which the software vendor first spotted a year ago.

Although targeted vulnerabilities may have already been patched by vendors, hackers bank on user negligence when it comes to installing software updates. 

As an example, people are notoriously slow in installing Java patches to Windows PCs and Macs. As much as 60 percent of Java installations are never updated, according to security vendor Rapid7. 

"All these un-updated applications on the desktop, whatever they may be, are low-hanging fruit," said Jamz Yaneza, research manager for Trend Micro. "These are the easiest things to attack."

Microsoft spotted the latest trend while investigating malware called Backdoor Olyx, which the software vendor first spotted a year ago. Subsequent variants since then demonstrated the cross-platform approach taken by malware writers. 

Backdoor Olyx and its variants are typically downloaded by victims clicking on malicious links or visiting malware-distributing Web sites. The Trojans are also distributed through e-mail attachments. 

Because the malware attacks known vulnerabilities, the best defense is to keep security software up-to-date and install the latest operating system and third-party security patches. "This best practice should extend to all devices and platforms, especially those in large enterprise networks," Ferrer said.

Additional options include uninstalling Java. While the platform is often necessary in servers, its importance has diminished in desktops and laptops with the use of newer Web technologies.

To make other software safer, users can run applications in the safest configuration possible, according to Wolfgang Kandek, chief technology officer for Qualys. He noted, for example, that users can turn off Javascript in Adobe Reader as one way to bolster security in that software.

Source: CSO (US)


  • AMD may Build ExactTrak Data-zapping into its Chips, to Compete with Intel vPro

    AMD said Thursday that it signed a deal with ExactTrak to embed the security company's technology inside its microprocessors. While no new products accompanied the announcement, the deal leaves open the possibility that AMD-based PCs could be remotely zapped--yes, literally--by users or network administrators.

  • Intel to Close $15 bn (about Rs 90,000 crore) Deal to buy Altera

    California based global tech giant, Intel, is set to close a deal to buy fellow chip maker Altera Corp. for about $54 (about Rs 3,480) per share, 15 percent more than Altera’s closing share price on Thursday, $47 (about Rs 2,620).

  • Server Sales Bolstered by Cloud Expansions

    Server vendors recorded the strongest shipment growth in over four years for the first quarter, mainly driven by continued investments in the hyperscale server infrastructures that power public and private clouds.

  • Salesforce Doubles Down on Big Data with New Analytics Tool

    All the data "lakes" in the world won't amount to much if you can't figure out what they mean for your business. With that in mind, Salesforce on Thursday unveiled Salesforce Wave for Big Data, a new tool designed to help business users make sense of their information stores using the Salesforce Analytics Cloud.

More news »