Web Threat Spotlight A Web threat is any threat that uses the Internet to facilitate cybercrime. ISSUE NO. 61 APRIL 12, 2010 Apple Store Spam Comes Before iPad Release Since time immemorial, computer users have been debating over which OS is better—Microsoft's Windows or Apple's Mac OS X. Windows, no doubt, is the more widely used platform between the two but the minority are quick to point out that its lack of security is its ultimate flaw. The best solution to address this problem, they say, is to use alternative OSs like Mac OS X. However, are users patronizing this other platform completely safe from threats? The Threat Defined Simple Spam Targets Apple Fans TrendLabs recently spotted one of the latest attacks involving Apple—a simple spammed message supposedly from the Apple Store , Apple’s global chain of retail stores. The email asked recipients to either view or update their Apple Store orders online. Clicking the hyperlink text “Order Status,” however, led users to a website that was found to be unrelated to the store—a site under a recently created domain that is involved in selling male organ enhancers like Viagra and Cialis. The spam run’s timing coincided with the gathering anticipation over the release of the iPad, a tablet computer that is a cross between a smartphone and a laptop. The date of its release was announced last January 27. Debuts of new Apple products were typically met by much fanfare triggered by marketing hype and resulting in hordes of people lining up in Apple stores the morning each new product is officially released. Given that the nature of today's threat landscape is targeted, it is no surprise that more and more social engineering ploys are banking on the popularity of Apple to prey on its products' users. Despite the lack of any real threat in the Apple Store spam attack, cybercriminals may use similar ploys in the future to spread worms, Trojans, and exploit codes. 88 Vulnerabilities Targeted spam is not the only security issue Apple fans need to take note of, however. An ill-conceived myth is that alternative OSs like Apple's Mac OS X are immune to malware attacks because of their supposedly more secure design. However, on March 29, Apple released one of its biggest Mac OS X security updates to fix 88 vulnerabilities with Security Update 2010-002/Mac OS X Figure 2. Apple Store spam infection diagram Figure 1. Sample Apple Store spam 1 of 2 – WEB THREAT SPOTLIGHT
Transcript
Web Threat Spotlight A Web threat is any threat that uses the Internet to facilitate cybercrime.
ISSUE NO. 61 APRIL 12, 2010
Apple Store Spam Comes Before iPad Release Since time immemorial, computer users have been debating over which OS is better—Microsoft's Windows or Apple's Mac OS X. Windows, no doubt, is the more widely used platform between the two but the minority are quick to point out that its lack of security is its ultimate flaw. The best solution to address this problem, they say, is to use alternative OSs like Mac OS X. However, are users patronizing this other platform completely safe from threats?
The Threat Defined
Simple Spam Targets Apple Fans
TrendLabs recently spotted one of the latest attacks involving Apple—a simple spammed message supposedly from the Apple Store, Apple’s global chain of retail stores. The email asked recipients to either view or update their Apple Store orders online. Clicking the hyperlink text “Order Status,” however, led users to a website that was found to be unrelated to the store—a site under a recently created domain that is involved in selling male organ enhancers like Viagra and Cialis.
The spam run’s timing coincided with the gathering anticipation over the release of the iPad, a tablet computer that is a cross between a smartphone and a laptop. The date of its release was announced last January 27. Debuts of new Apple products were typically met by much fanfare triggered by marketing hype and resulting in hordes of people lining up in Apple stores the morning each new product is officially released.
Given that the nature of today's threat landscape is targeted, it is no surprise that more and more social engineering ploys are banking on the popularity of Apple to prey on its products' users. Despite the lack of any real threat in the Apple Store spam attack, cybercriminals may use similar ploys in the future to spread worms, Trojans, and exploit codes.
88 Vulnerabilities
Targeted spam is not the only security issue Apple fans need to take note of, however. An ill-conceived myth is that alternative OSs like Apple's Mac OS X are immune to malware attacks because of their supposedly more secure design. However, on March 29, Apple released one of its biggest Mac OS X security updates to fix 88 vulnerabilities with Security Update 2010-002/Mac OS X
Web Threat Spotlight A Web threat is any threat that uses the Internet to facilitate cybercrime.
v10.6.3. The update addressed critical issues that could lead to arbitrary code execution, information disclosure, and denial-of-service (DoS) attacks.
One of the critical fixes included is the solution for the AppKit issue, which could lead to an unexpected application termination or arbitrary code execution when spellchecking maliciously crafted documents. The update likewise includes fixes for several critical ImageIO and QuickTime bugs.
Bug Hunters Use Apple Flaws to Pwn
The “Pwn2Own Contest” (read as “pawn to own”) is an annual contest wherein contestants are invited to hack a variety of Web applications and platforms such as Web browsers and mobile phones for cash prizes and other benefits. During the recently concluded "2010 Pwn2Own Contest," two Apple products were put to the test—Safari and the iPhone.
A three-time "Pwn2Own" winner used Safari to infiltrate a MacBook by exploiting an inherent and critical vulnerability. Doing so, in turn, allowed him to take full control of the system.
The iPhone, on the other hand, was introduced to an exploit created by two European researchers. The exploit, which was capable of bypassing Apple’s code-signing feature that mitigated remote attacks, was used against a zero-day vulnerability to make the phone visit a compromised site. This, in turn, allowed the exploit to steal information from the phone’s SMS database—where lists of phone contacts, email addresses, and even chunks of deleted SMS messages are stored—and upload them to a server the researchers controlled. The iPhone was noted to be fully patched before the exploit was introduced.
User Risks and Exposure Apple users who received the spam in the featured attack may be convinced to click the link more than non-Apple users. Adding the fever-pitch anticipation that accompanies new Apple product releases—in this case, the iPad, set for release a few days after the spam was spotted—Apple users are even more vulnerable targets. In this attack, no malware was found on the site that opens when the link is clicked. However, the same spam and favorable timing may be used by cybercriminals to lead targets to more malicious domains like phishing sites where user credentials may be stolen or to malware-hosting domains.
Furthermore, with regard to the vulnerabilities in Apple products and applications, all bugs in the latest Apple security update were identified as "critical." Unlike Microsoft, Apple does not follow a scheduled patch release. As such, users are extremely vulnerable to attacks using these vulnerabilities for a longer period of time. Apple product users should practice good computing habits, most especially when going online to surf, download, or check email. Once software patches are available, users should apply them immediately.
Trend Micro Solutions and Recommendations Trend Micro™ Smart Protection Network™ infrastructure delivers security that is smarter than conventional approaches. Leveraged across Trend Micro’s solutions and services, Smart Protection Network is a cloud-client content security infrastructure that automatically blocks threats before they reach you. A global network of threat intelligence sensors correlates with email, Web, and file reputation technologies 24 x 7 to provide comprehensive protection against threats. As the sophistication of threats, volume of attacks, and number of endpoints rapidly grow, the need for lightweight, comprehensive, and immediate threat intelligence in the cloud is critical to overall protection against data breaches, damage to business reputation, and loss of productivity.
Mac users can protect their systems by using Trend Micro Smart Surfing for Mac, which prevents the spam from even reaching users' inboxes via the email reputation service, blocks access to malicious sites and domains via the Web reputation service. iPhone users can also stay protected by using Smart Surfing for iPhone.
The following posts at the TrendLabs Malware Blog discuss this threat: http://blog.trendmicro.com/spammers-spoof-the-apple-store/ http://blog.trendmicro.com/apple-fixes-88-bugs-as-ms-prepares-out-of-band-patch/ Other related posts are found here: http://www.w3schools.com/browsers/browsers_os.asp http://about-threats.trendmicro.com/Spam/US/Apple%20Store%20Used%20for%20Spamming http://blogs.zdnet.com/security/?p=5846 http://blogs.zdnet.com/security/?p=5836 http://support.apple.com/kb/HT4077
