January 12th, 2008 by JM Hipolito (Technical Communications)
A URL link to a Trojan posing as a copy of the Trend Micro RootkitBuster is currently being spammed in the wild.
It was found that the email containing the said malicious URL is being spammed to members registered to certain freeware download domains, such as www.bestfreewaredownload.com and betterwindowssoftware.com. This hacked version of RootkitBuster is apparently used to gather email addresses from its users.
It is now detected as TROJ_FAKEBUSTR.A. It displays a fake GUI (Graphical User Interface) of the Trend Micro RootkitBuster as shown below:
This Trojan then displays the following window to prompt target users to activate the “product” and its updates through registration of their names and email addresses:
The data entered by unknowing users is then sent to a remote malicious user, possibly using the gathered addresses to spam the same Trojan to more users or for other more malicious activities.
The real RootkitBuster can be downloaded for free directly from the Trend Micro Web site. It is not spammed and it does not ask for any information from the user when it is downloaded.
Security vendor Prevx has also found their product used in a similar scheme when a hacked copy of their ComputerSecurityInvestigator was discovered to be available for download at CNET’s Download.com.
Downloading anything (yes, even security applications) should always be done with caution, lest your computer goes bust courtesy of these fakes.
Thank you to Prevx for all their help in this case.
Additional information provided by Senior Threat Engineer Millette Regulacio
November 6th, 2007 by Arman Capili (Technical Communications)
Well-anticipated like most other Apple products and services, the latest incarnation of the Mac OS X line, dubbed “Leopard,” began selling last October 26. Nevertheless, with almost a year’s worth of delay in its release, the latest big cat from Mac is already suffering early scratches on its fur.
Security researchers and users alike have complained of the seemingly backward development of the firewall in the Mac OS X v10.5. Users of the previous v10.4 “Tiger” face the awkward task of turning the firewall on (which is turned off by default) when upgrading. Moreover, it was observed that it still allows other connections though the option to block all is selected.
An incompatibility with an Application Enhancer (APE) has also resulted in some Macs hanging with a blue screen while installing Leopard. This APE was discreetly installed on Macs by Logitech for its mouse drivers and has since been addressed by Apple.
Researchers too noted that the secure Guest account feature retains access rights to the system. This, despite Leopard erasing the home folders of guests, can lead to abuse by guest users. Still others have found a bug in the Finder application that inadvertently deletes files or folders when transferred to external or network storage devices.
And while Apple is busy patching up the iPhone and iPod Touch, a hacker has just been successful at installing Leopard in PCs. In a tech discussion Web site, a member posted instructions on creating a bootable Leopard installation disk. The installer was tested on a Windows PC with specifications that are considerably higher than the average Mac. Leopard already supports a Boot Camp application that allows for a Windows partition on a Mac hard drive.
Even with its widely perceived superiority over other platforms, especially Microsoft’s Windows Vista, Mac OS X v10.5 is sure to find itself in a big catfight as the security spotlight slowly turns on Apple.
