Malware after Windows 7

Windows 7 looks to be way more secure than previous MS OS's.

So what sort of malware will come next ?

How much "better" will the social engineering / phishing-type exploits become ??

 

Yes, interseting to see this.

 

The old " I love you" virus , was very clever.
I think we will see more of that "type".

More facebook exploits maybe ?

I think the bot nets that exist at the moment will become more highly prized as more people move to more secure windows versions.

 

Malware may be different, take different forms, but unless the two principal delivery methods change, the basic security procedures remain the same.

Methods

1) Malware sneaks in automatically

2) Malware is installed by tricking the user

Security Procedures

For 1): By many accounts, the Operating System is being less and less exploited as better security measures are being built in. Even the browsers, notably IE, are much more robust. The focus is on exploiting 3rd party applications -- PDF readers, Flash, etc, and the mainstream press avoids for the most part any discussion of Browser configuration as the principal and most effective protection against this remote code execution type of attack.

For 2): Very few mainstream security writers other than Brian Krebs of the Washington Post and some others emphasize:

• Don't install anything that you didn't go looking for
  
  
• Verify the reputation of the software before you decide to install

An example of how nothing has really changed:

Rogue ad hits New York Times site
September 13, 2009
http://news.cnet.com/8301-1009_3-10351460-83.html

Soon a few blogging analyses appeared and marveled at the trickery involved with the fake scan and everything.

Anatomy of a Malware Ad on NYTimes.com
http://troy.yort.com/anatomy-of-a-malware-ad-on-nytimes-com

nytimes-malware-html-2.html
http://gist.github.com/186467

Yet this same trick started in the late summer of 2008, as I and others found out:

http://www.urs2.net/rsj/computing/tests/antivir/

You will notice a similarity even in some of the file names used in the exploit, and the same types of pop-up boxes.

In the cnet.com and troy.yort.com stories, not one word about how proper configuration of scripting in the browser prevents these exploits from starting.

Most of the big name spyware/malware bloggers took their wrath out on the advertising component of this attack, and gave no space to protection at the user end.

New types of sophisticated malware will continue to evolve, but as long as basic security procedures are ignored, there is no need for malware delivery methods to change. The mainstream press will continue to sensationalize the exploits, readers will ooh and ahh, and everything will continue as before.

REFERENCES

Rogue AV Theatrics on Extended Run
September 15, 2008
http://blog.trendmicro.com/rogue-av-theatrics-on-extended-run/

Volume of Rogue Anti-Virus Applications Increasing To Alarming Rates
July 29th, 2009
http://www.spywareremove.com/securi...us-applications-increasing-to-alarming-rates/

How many people here have family members/friends who could be exploited by something like this? What are you doing about it?

----
rich

 

Exactly the same kind of malware as before, but probably with a slightly different emphasis. A whole lot of social engineering malware: "You need to download this codec to see this video of (some 'hot' celebrity) stripping in a private party." People click on that, and run it as admin, and that's that... We're likely to see some more malware that's fully LUA compatible, too. Other than that, same as before. And like Rmus noted, the same methods to defend against this stuff will still work.

 

Some entries this evening on one of the malware domain lists illustrate the two safeguards I mentioned above.

Don't install something you didn't go looking for

A redirect from a smog information site to a rogue antivirus site. First, with javascript enabled only for authorized sites, this redirect brings up a blank page:

​

Enabling javascript to watch the exploit work: I see the usual fake scan page with a very convincing alert notice.

​

No matter what I click, a prompt to Run the file appears:

​

No matter if I click the "X" or "Cancel" this box keeps reappearing. Sometimes these boxes and windows are difficult to close, so stopping the Browser process is the usual method recommended. In case of an accident, some type of protection would prevent the inadvertant installation of this thing.

​

Verify the reputation of the software before installing

Evidently people hear about a product via email, spam on bulletin boards, whatever. Here is one with a very impressive and convincing looking site:

​

But a quick search to verify the product reveals that it is a rogue:

​

Another part of verifying is to check around to see how others have responded to a product before installing.

Several have mentioned trickery on Facebook. The flash-update is a popular one:

​

Users should know how their various applications handle updates, and of course, update only from the vendor's site via your own link to the site.

----
rich

 

The problem for users will be for trusting the software they will be looking for. In other words malware will be injected into compilers (such as Induc).