Connect with us

Phuket

Phuket live wire: Mac attack

Legacy Phuket Gazette

Published 

 on 

Phuket live wire: Mac attack | The Thaiger
  • follow us in feedly

PHUKET: It was inevitable that somebody would create a Trojan – a botnet, no less – for the Mac OS X. But I don’t think anybody expected the first major Trojan would hit as hard, or so many people, as the one we’re witnessing right now.

According to numerous sources, more than 600,000 Macs have been infected – and most of the people who are infected don’t know it. Two weeks ago, a Russian company called Dr Web reported the massive infection. Last week, Kaspersky Labs verified it. “We were able to log requests from the bots. Since every request from the bot contains its unique hardware UUID [a number that’s different for each Mac – Ed], we were able to calculate the number of active bots. Our logs indicate that a total of 600,000+ unique bots connected to our server in less than 24 hours.”

Yes, you read that correctly. Kaspersky set up a “honey pot” (that’s the technical term for it) and within 24 hours, more than 600,000 infected Macs phoned home. While more than half of the infected Macs phoned in from the US, there were also infected Macs calling from Thailand. Most embarrassingly, 274 of those phone home episodes originated in Cupertino, California, the home of Apple Inc.

If you own a Mac, or know somebody who owns a Mac, they need to run a check. Now. They also need to install antivirus software, just like us poor beleaguered Windows users. Now.

But first let me explain how Flashback works, and why it’s so disconcerting. Flashback can infect in many different ways. The people who created Flashback aren’t sitting on their laurels: the primary infection method has changed at least three times in the past three months.

Most commonly, Flashback is placed on infected web sites. If you go to an infected web site using a Mac and Safari, the Flashback infector looks to see if you have a specific older, unpatched version of Java installed. If so, Flashback simply infects your
machine: you don’t need to do a thing. That’s called a “drive-by attack” and it’s the most lethal of all web-based infection methods. You get infected, and you have no idea that you’re infected – and you didn’t do anything to deserve it.

The second method involves a bit of social engineering. If Flashback determines that the version of Java running on your Mac doesn’t have the two gaping security holes, it shows you an update certificate and asks you if you want to update your computer. This one’s a little lame because the certificate says it’s signed by Apple, but Safari will tell you that it can’t confirm the certificate: “This root certificate is not trusted.” Most people in the Windows world are wary of such warnings. Many people on the Apple side, though, have never seen a bogus certificate, and click through. If you click Continue, your Mac gets “pwned” (an expression that originates from “owned” used to describe when a hacker takes remote control of a server or another computer) .

The latest version of Flashback, called Flashback.N, has a much “improved” social engineering trick. If you’re using a Mac and Safari, and visit an infected web site, you’ll see the spinning gear “busy” icon for an extended period of time, followed by a typical Apple Software Update dialog. There’s no warning on the dialog about an invalid certificate: the dialog just says “Type your password to allow Software Update to make changes.”

Many people do, and their machines get taken over.

This is only the beginning – just the infection mechanisms have been discovered and documented. It’s hard to find unbiased reports. Mac lovers seem to react with “it’s no big deal.” Well, sorry, but it is a big deal: 600,000 subverted machines and counting, with a drive-by infection mechanism and a sophisticated rootkit style botnet – no matter how you define it, that’s a big deal.

So once your machine is infected, what happens? Again, it’s hard to find reliable details, but it looks as if the infecting program downloads a much larger payload from the internet, then forces Safari to quit, and installs “root” programs that run underneath Mac OS X. That’s what makes this program so hard to detect.

The root programs inject code into Safari that makes it a silent keylogger, looking for user names and passwords that you type into the browser. Those user names and passwords are stored up, and then periodically sent to a waiting web site. The exact name of the web site is calculated in a complex way, so if you look at the infected
program, it is difficult to figure out where the stolen data is going next.

Kaspersky managed to reverse-engineer the naming routine, registered one of the domain names, Krymbrjasnof.com, and set up their honey pot on that domain. That’s how they found 600,000 different Macs phoning home in 24 hours, with just one domain.

I can’t find any definitive information about changes in Flashback, but most botnets are set up to look at multiple web sites, and download updates if they’re available. Which means if you’re infected now and don’t clear up the infection, the next version of Flashback could start looking at everything, not just what you type on the web. And Flashback will upgrade itself, no intervention required.

What’s Apple doing? Not much. The original Flashback – which doesn’t seem to have infected nearly as many people – appeared at the end of September last year, where it masqueraded as an update to Adobe Flash. Apple is notorious for having dropped Flash on the Mac more than a year ago: you can’t even get it to run on iPads and iPhones, and you have to install it manually on Macs. That’s why the original Flashback didn’t infect many machines.

But these later versions take advantage of Java, which runs on all Macs (but not on iPads or iPhones). Java was updated to fix the two security holes I mentioned, way back in February. But Apple keeps its own version of Java, and Apple didn’t update that version until two weeks ago.

The Mac has a malware scanner called XProtect, but it’s proved toothless. Apple’s updated it twice recently to protect against Flashback, but the Flashback authors have found easy, quick workarounds.

If all of this sounds to you like Microsoft all over again – well, you’re not alone.

So what can you – or any other Mac user – do?

First, run over to Dr Web’s site and see if your Mac is in their database of compromised machines. The simple instructions are at public.dev.drweb.com/april. They’re updating the list constantly, so if you’re not on the list, check back again in a week or two.

Second, get patched! Download and install the latest Apple patch, at support.apple.com/kb/HT5228.

Third, get some sort of antivirus program! The most recent version of Flashback won’t even try to install itself on a Mac system running Little Snitch, XCode, Virus Barrier, iAntiVirus, Avast, ClamXav, HTTP Scoop, or Packet Peeper. Why? The guys who wrote Flashback are smart –they don’t want to draw any attention to themselves.

Fourth, if you’re running Mac OS Leopard or Tiger (OS X 10.4 or 10.5), move up to Snow Leopard (10.6) at least. Why? Apple didn’t even bother to patch Leopard or Tiger. If you’re running Leopard or Tiger you’re completely exposed, and there are no patches.

Fifth, realize that Macs can and will get infected. If you’re asked for a system password, don’t blithely type it and forget it. Watch the dialogs and see if they make sense. If you aren’t expecting to install a program, don’t do it. The halcyon days are over.

Yes, I’m saying Mac users need to start acting more like Windows users. Sorry, but it’s true.

Seth Bareiss holds computer sessions on every-other Wednesday afternoon, from 1 to 3pm. If you have a Windows problem that needs to be solved, drop by one of Seth’

— Woody Leonhard

Keep in contact with The Thaiger by following our Facebook page.

Never miss out on future posts by following The Thaiger.

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *



Read more headlines, reports & breaking news in Phuket. Or catch up on your Thailand news.

Archiving articles from the Phuket Gazette circa 1998 - 2017. View the Phuket Gazette online archive and Digital Gazette PDF Prints.

Events

Phuket Monopoly game creators need your help with token designs

Avatar

Published

on

Phuket Monopoly game creators need your help with token designs | The Thaiger

Phuket is set to get its own version of the popular game MONOPOLY and its creators want your help with ideas for the specialised tokens. ‘MONOPOLY: Phuket Edition’ was announced last month which will see the street art on the board game replaced with that of famous places around Thailand’s famous tourist destination. Such art will include beaches, hotels, shops, markets and other popular attractions.

Jennifer Lau from Winning Moves UK, is producing the game under official license from Monopoly brand owners, Hasbro. Lau says the tokens will feature a holiday theme. The token’s departure from the original theme of wheelbarrows, boots, iron, and thimbles as well as popular sports cars and hats.

“We have had a wealth of emails and suggestions coming in for Phuket, so thank you for each and every single one of them! We are taking them all into consideration whilst putting together the design of the game.”

“We wanted to change the tokens so that they would be more suitable for an island like Phuket, where so many people like to go on holiday to.”

“There will be six themed tokens that replace the original and we want to hear your suggestions for what these tokens should be!”

Bangkok has already been featured in the Monopoly game as it came out for purchase back in 2018.

SOURCE: The Phuket News

Keep in contact with The Thaiger by following our Facebook page.

Never miss out on future posts by following The Thaiger.

Continue Reading

Coronavirus (Covid-19)

Phuket holds vaccine administration rehearsal as it waits for green light

Avatar

Published

on

Phuket holds vaccine administration rehearsal as it waits for green light | The Thaiger

Phuket is rehearsing procedures to ready themselves for the Covid‐19 vaccine administration green light. A rehearsal at Vachira Hospital’s Lan Muang Khao open area was held late yesterday to iron out any kinks in the administration process. Phuket Vice Governor Pichet Panapong watched over the procedures along with other health officials.

Pichet says the first vaccine round of 4,000 doses should arrive early in March, with the 2nd and 3rd set of doses, 16,000 and 48,000 respectively, to arrive in April and May.

“The government recognises the importance of the affected areas of the economy where the epidemic situation of COVID-19 must be stopped and has allocated the COVID-19 vaccine to Phuket Province to build herd immunity, restore the economy, return a smile to Thailand.”

“We are preparing to COVID-19 mass vaccination to build confidence among the people that they will receive a quality, safe vaccine and to receive follow-up care after it has been administered.”

Pichet says Phuket’s first target groups to receive the vaccine include medical and public health personnel, with others on the frontlines to come next.

Then, workers aged 18-59 years old, people with underlying diseases including chronic respiratory disease, cardiovascular disease, chronic kidney disease, cerebrovascular disease, cancer, diabetes and obesity will follow.

“People with severe neurological conditions and pregnant women should be wary of taking the vaccine, as well as women who are breastfeeding and people with immunodeficiency.”

The procedure to get vaccinated starts by recipients undergoing screening by having their temperatures taken, and then sanitising their hands before entering the administration area. Then, they will move their way through a series of steps, detailed below:

Step 1: Register

Step 2: Record weight and blood pressure

Step 3: Pass the screening process by have their medical history and risk assessment recorded and then signing a consent to receive the vaccine

Step 4: Wait for vaccination

Step 5: Vaccination

Step 6: Rest for 30 minutes, while being observed for symptoms. Then scan the official Line account “หมอพร้อม” (“Doctor Ready”)

Step 7: Pass a final check before receiving a document confirming vaccination

Pichet says health workers will follow up with vaccine recipients after 1,7, and 30 days from being vaccinated to monitor any adverse reactions.

Those who are set to receive their second jab will have appointments made for them. Those who receive the Sinovac vaccine will be scheduled to have their second doses 2 to 4 weeks after the first. AstraZeneca vaccine receivers will be scheduled for their second doses 10 to 12 weeks after the first.

SOURCE: The Phuket News

Keep in contact with The Thaiger by following our Facebook page.

Never miss out on future posts by following The Thaiger.

Continue Reading

Phuket

Phuket police officer charged with attempted murder for shooting and critically injuring a noodle vendor

Caitlin Ashworth

Published

on

Phuket police officer charged with attempted murder for shooting and critically injuring a noodle vendor | The Thaiger
PHOTO: Siamrath

The drunk, off-duty police officer in Phuket who has caught on camera shooting and beating a noodle vendor on Bangla Road is now facing attempted murder charges as well as charges of carrying a firearm in public without a necessary reason and firing a weapon in a public area. The commander of the Phuket police station said he ordered investigators to prosecute the officer Pornthep Channarong with every criminal charge that can be applied.

The officer had gotten into an altercation just before dawn yesterday and shot a young vendor who was walking by. Surveillance camera footage show the 25 year old suddenly falling to the ground after being shot. The officer walks up and shoots the vendor at a close range, but it appears the second shot did not hit the vendor. The officer also slapped the vendor in the face, picked him up and shoved him over, and then kicked him as he lay on the ground.

The vendor has a 4 year old daughter and 3 month old son. His wife says normally he works as a motorbike driver, but he was helping his mother selling noodles. He was shot while he was walking back from collecting a noodle bowl, she says. The vendor is in critical condition and being cared for at Vachira Phuket Hospital’s intensive care unit. He’s in need of Type B blood.

“For his condition, the doctor told me that the bullet went through his lung. He lost a lot of blood. We need a lot of Type B blood for him.”

A disciplinary investigation into the incident was launched by police and Pornthep was officially dismissed from the Royal Thai Police force. Region 8 Police Commander Kitrat Panpetch says the incident does not reflect the police force in Phuket.

“The incident was caused by an officer who did something wrong that our organisation does not want. We are a big organisation with more than 200,000 officers under our control. Our officers are not all bad like this.”

Phuket Provincial Police Commander Pornsak Nuannu says he has reminded the police chiefs across the island to discuss reasons for carrying firearms in public.

“Carrying firearms is to prevent any type of crime that may happen, not to commit a crime by themselves like this incident. If I see any police doing such a thing, I will decisively proceed in terms of both officer discipline and criminal charges.”

SOURCE: Phuket News

Keep in contact with The Thaiger by following our Facebook page.

Never miss out on future posts by following The Thaiger.

Continue Reading
Phuket Thai food treats you need to try | VIDEO | The Thaiger
Tourism4 days ago

Phuket Thai food treats you need to try | VIDEO

Thailand News Today | Bars, pubs and restaurants ‘sort of’ back to normal | Feb 23 | The Thaiger
Thailand4 days ago

Thailand News Today | Bars, pubs and restaurants ‘sort of’ back to normal | Feb 23

In search of Cat & Dog Cafés in Phuket Town | VIDEO | The Thaiger
Tourism5 days ago

In search of Cat & Dog Cafés in Phuket Town | VIDEO

Thailand News Today | Gambling crackdown, Seafood market to reopen, Vlogger challenge | Jan 21 | The Thaiger
Thailand1 month ago

Thailand News Today | Gambling crackdown, Seafood market to reopen, Vlogger challenge | Jan 21

Thailand News Today | Covid testing for visas, Business impact, Vaccine approval | January 19 | The Thaiger
Thailand1 month ago

Thailand News Today | Covid testing for visas, Business impact, Vaccine approval | January 19

Thailand News Today | Weekend Bangkok bombs, Thailand fires, Covid update | January 18 | The Thaiger
Thailand1 month ago

Thailand News Today | Weekend Bangkok bombs, Thailand fires, Covid update | January 18

Thailand News Today | Stray car on runway, Indonesian quake, 300 baht tourist fee | January 15 | The Thaiger
Thailand1 month ago

Thailand News Today | Stray car on runway, Indonesian quake, 300 baht tourist fee | January 15

Thailand News Today | Governor off respirator, sex-trafficking arrest, condo prices falling | January 14 | The Thaiger
Thailand1 month ago

Thailand News Today | Governor off respirator, sex-trafficking arrest, condo prices falling | January 14

Thailand News Today | Chinese vaccine, Thailand ‘drug hub’, Covid update | January 13 | The Thaiger
Thailand2 months ago

Thailand News Today | Chinese vaccine, Thailand ‘drug hub’, Covid update | January 13

Thailand News Today | Bangkok may ease restrictions, Phuket bar curfew, Vaccine roll out | January 12 | The Thaiger
Thailand2 months ago

Thailand News Today | Bangkok may ease restrictions, Phuket bar curfew, Vaccine roll out | January 12

Thailand News Today | Covid latest, Cockfights closed down, Bryde’s Whale beached | January 11 | The Thaiger
Thailand2 months ago

Thailand News Today | Covid latest, Cockfights closed down, Bryde’s Whale beached | January 11

Thailand News Today | Southern floods, Face mask fines, Thai Air Asia woes | January 8 | The Thaiger
Thailand2 months ago

Thailand News Today | Southern floods, Face mask fines, Thai Air Asia woes | January 8

Thailand News Today | 305 infections, No happy ending for massages, Phuket quarantine mooted | Jan 7 | The Thaiger
Thailand2 months ago

Thailand News Today | 305 infections, No happy ending for massages, Phuket quarantine mooted | Jan 7

Thailand News Today | 10,000 schools closed, 900 new migrant infections, Gambling crackdown | January 6 | The Thaiger
Thailand2 months ago

Thailand News Today | 10,000 schools closed, 900 new migrant infections, Gambling crackdown | January 6

Thailand News Today | PM reverses lockdown, Southern P.D.A. crackdown, Covid update | Jan 5 | The Thaiger
Thailand2 months ago

Thailand News Today | PM reverses lockdown, Southern P.D.A. crackdown, Covid update | Jan 5

Follow The Thaiger by email:

Trending