Thursday, June 21, 2007

Open source, the new target of malware

It is now a known fact that no operating system is immune to malware
attacks.

But, for a few years, users could seek refuge in Open Source, as it was
a somewhat unpopular target for virus/trojan writers and hackers!

Recent reports regarding worms created to attack OpenOffice (the open
source answer to Microsoft Office) are a clear indication that days of
safety are long gone and that open-source software is becoming more
attractive to malware creators.

Simply, open source applications and operating systems are growing in
popularity, and where users go - malware goes!

The OpenOffice macro-based worm is quite sophisticated. It affects
OpenOffice users on several platforms including Windows, Linux and the
Mac. No escape, apperantly.

Some open source believers are pretending the OpenOffice worm is an
isolated incident, especially as very few cases have been reported; or
in ‘anti-virus talk’, the worm’s presence in the wild is very low.

But, Symantec say that’s only because of coding errors in the worm that
limit its ability to spread.

Watch out for better engineered worms soon, as hackers pay more
unwelcome attention to the platform!

OpenOffice has been downloaded over 80 million times, which represents
very fertile ground for an attack. It’s a new avenue to exploit, to
spread their worms and Trojans, and the home-user sector is a
particularly attractive target.

In fact, and according to Symantec’s latest Internet Security Threat
report, 98 percent of all targeted attacks are aimed at consumers.
Open-source software, in itself, is not necessarily more vulnerable to
attacks compared to proprietary software from Microsoft, for example.

But if ‘closed source’ software from multi-million dollar companies
claiming secure systems has flaws, imagine what ‘open’ software would be
like!

On the other hand, open source enthusiasts are saying that it’s already
very popular, yet the attacks are few. Is that as sign open source
software is more secure? Probably not, it just means hackers and virus
writers haven’t paid enough attention to it yet.

In our region, open source is just starting to pick up pace.
Unfortunately, widespread adoption could coincide with the emergence of
viruses.

Think of it in terms of ‘economies of scale’. If malware developers can
create something that will work reliably across Windows, Linux and Mac,
then it will give them ‘more bang for their buck’.
Malware creators are, after all, organized criminals selling their
services to phishers and spammers.

If there’s a a potential to profit, you will see malware creators
entering a platform. It’s just the simple law of digital evolution.

zanasser@gmail.com

0 Comments:

Post a Comment

Subscribe to Post Comments [Atom]

<< Home