The virus infections haven't reduced in 2010, they only increased. The superstars of malware made a few headlines and as the anti-virus software got stronger, the virus developers got even smarter. Though this might look like homage to the infections, this is a look back to inform and remind of what came and what lies ahead.
The furore of Google threatening to vacate its seat in China originated from an attack allegedly perpetrated by Chinese authorities who were trying to get into the Gmail accounts of Chinese dissidents. The virus targeted Fortune 100 companies stealing the source code and several pieces of proprietary information. Google admitted to being under attack for over a few months in January, last year. Google claimed the worse was over but reports over the attack continued until late February of 2010. The hackers had used the zero-day vulnerabilities in Internet Explorer 6 to enter systems illegally. Not surprisingly, Microsoft after the entire hoopla sent out a fix that patched up those vulnerabilities. But Internet Explorer 6 has been, by experts, termed the most vulnerable and "buggy" browser.
Solution offered for 2011:All the major anti-malware manufacturers released patches against this attack. But the virus has never been eradicated, the source code was sold in the black market and version of the virus is said to be trolling the webspace. The safest way offered out has been to upgrade from the now defunct browser. Several websites have labelled warnings on websites demonstrating the vulnerabilities and the inability of IE6 to be even close to secure. An inexpensive switch to another browser will prevent against any such attacks.
This is probably the most dangerous malware made. With an estimated budget of over one million dollars spent on development by a "sophisticated, cohesive unit".
"Special bots were released to analyse and exploit zero day vulnerability," said Costin Raiu, Director, Global Research and Analysis Team, Kaspersky Lab. The virus was targeted at a specific nuclear reactor that was specifically designed to control the enrichment of Uranium. Though conflicting reports said it was created in Iran, Bucharest or the US, it was the most popular of them all.
"What stuxnet did was exploit the weakness in the drivers for the printer, that's how it got infected the machines," Raiu explained. The virus was aimed at Programmable logic controller made by Siemens. Even though the controller wasn't on the network most of the data that had to be introduced to the controller was through USB drivers, the virus attached itself to it and then attacked the PLC by making malicious changes to the PLC configurations that could potentially cause explosions and potentially a Chernobyl-like effect. The virus was completely removed from the machines in Iran and stricter security policies were set in place.
Solution offered for 2011: The cost to upgrade is often lower than the cost to reorganize. This can easily happen to any large datacentre even with the strictest policy if it has left open, unknowingly, a loophole like an outdated driver. Keep alert for updates and security patches. Contrary to popular belief turn on security updates on your windows machine now.
Android and iOS Malware
This certainly got a few people, including us, laughing. Jailbreaking the iPhone had become a necessity to run inexpensive and often free apps. Android users felt invincible with Google, they thought, watching over their shoulders. But in August 2010, their dreams were shattered. Twitter was buzzing with apparent virus attacks on Android and iOS. The developers were called terrorists. Don't get us wrong, we encourage fiddling under the hood. It only improves efficiency but to go install firmware from unauthenticated sources just because there has been no precedence is playing the wrong ends of the odds.
"A virus is created when the need," ticks three categories, "The OS has to be widespread, there should be built in security loopholes and the documentation should be good," said Raiu.
Solution offered for 2011:When the iPhone or the Android is broken into, users put in firmware to run their various apps on. The firmware is where the Trojans are placed and since there is no official need for an antivirus because of the presence of authenticated apps on either Marketplace or iTunes. The safest way is to not jailbreak these devices and wait for the apps to come on sale at more affordable prices.
The 64-bit Virus
The 64-bit virus took a long time coming. Once Windows 7 was adopted virtually everywhere, the three points on the checklist ticked themselves. Latest figures say 46% of Windows users are now on the 64-bit version and are surfing through unchartered waters without knowing or recognizing the kind of infections that may affect your machine.
Solution offered for 2011:Hold tight as the anti-malware industry finds ways to plug the gaps. Though it is safe for now, but the next attack, Raiu said, will be so deeply imbedded in the OS that it will be difficult to get them out.
"The next frontier," Raiu said, "is virtualisation, clouds and sandbox attacks.” These three have been left so far untouched and haven't been violated by miscreants, but that too is a matter of time. With comprehensive documentation available on the Internet, it is easy to spot the holes and manipulate them.