Know thine enemy: Old dogs still sporting old tricks
By Goh Su Gim August 5, 2015
- Cybercriminals hitting low-hanging fruit and easy targets in the developing world
- Malaysia alone accounted for quarter of all Downadup infections reported worldwide
WHILE most digital security firms are focusing on new cutting-edge malware plaguing the world and making millions of dollars in the process, the majority of the Asian nations still suffer from vulnerabilities brought about by age-old malware that still exists on the Internet.
Developing countries such as India, Malaysia, Vietnam and the Philippines all are open to such vulnerabilities, according to studies by F-Secure Corp.
The reason is simple: Developed nations such as the United States and those in Europe grapple with more advanced attack vectors that include Java exploits. Their main aim is to target unpatched browser plugins, which are then used to steal private information or unleash ransomware such as Browlock and CryptoLocker, which are then used to lock out victims’ information.
But in developing countries such as the aforementioned ones, the attacks of cybercriminals do not need to be so advanced simply because there are much lower-hanging fruit and easier targets to go after.
Old threats still haunt
According to F-Secure’s second half 2014 Threat Report, the Downadup worm still constitutes 37% of the Top 10 malware families reported by our product users.
Downadup, better known as Conficker, is a worm that has been around since 2008 and so it is surprising to see that seven years later, it is still in the top 10 list. Back in January 2009, F-Secure Labs had already blogged about the severe havoc this worm causes to networks around the world, especially to enterprise networks.
Downadup is a network worm and this means that an infected PC in a corporate environment could spread the worm all over the internal network and infect unpatched servers (especially Windows 2000 and 2003 servers which are still in use) through network shares, and removable storage such as USB portable drives as well as through ‘Autorun’ exploitation.
Once infected, Downadup will also disable important system services and security products, and prevent access to Windows update websites.
This behaviour may account for the malware’s continued presence in corporate networks.
Related to this is the fact that the Windows’ Autorun functionality may be exploited and unsuspecting users who do not know this may inadvertently stick a thumb drive into a PC and propagate the worm further.
According to F-Secure’s studies, Malaysia alone accounted for a quarter of all Downadup infections reported worldwide, showing the prevalent use of outdated and/ or unpatched Windows operating system (OS) versions in the country, despite Windows XP coming to the end of life (EOL) cycle in April 2014.
What’s more interesting though is that the vulnerabilities that Downadup infections expose can be simply fixed by patching the vulnerability.
While in reality it may not be possible to totally stamp out this malware in this part of the world, where piracy is still rampant and outdated OS versions are still in common use, the solution is there for some enterprises that may still be using outdated versions of Windows.
Other exploitations
After Downadup, a new JavaScript trojan named ‘JS.Likejack’ is the next top malware detected in Malaysia. This malware dupes unsuspecting users to respond, usually with provocative headlines such as: ‘A picture of naked lady.’
Its aim is to cause users to click and view the picture or video, only to find a malicious link that hijacks your ‘Likes,’ and get others to follow suit.
The database of unwary users can also be sold on the black market and used for more targeted attacks.
Hijacking popular brands online to lure in unsuspecting users has also become a common technique for cybercriminals on Facebook.
What can be done?
IT security awareness in Asia is still in its infancy in the region and in Malaysia, especially in suburban to rural areas. Users in these areas are still hopping on the Internet bandwagon as we speak, and as broadband is made relatively inexpensive.
Unfortunately, for many of these users, security is a secondary issue and not a primary one, and it’s still not second nature for them to be aware.
So is there something that can be done?
Put simply, there isn’t much that can be done except educating the public. Users need to be repeatedly taught to think of security as second nature, just like how they breathe. Issues such as patch management, using updated operating systems as well as basic software antivirus and/ or Internet security solutions cannot be overemphasized.
As more people get onto the Internet, they will all be exposed to the threats that only they themselves can strive to protect.
Goh Su Gim is the security advisor, Asia, for cybersecurity firm F-Secure Corp. He can be reached at [email protected].
Related Stories:
Old malware still threaten in Malaysia, thanks to legacy systems and pirated OSes
Malaysia among countries most hit by e-banking malware: Trend Micro
Windows XP users are putting everyone at risk
For more technology news and the latest updates, follow us on Twitter, LinkedIn or Like us on Facebook.