Location-Aware Malware Becoming a Reality

Trend Micro posted on a recent location-aware malware scheme to target individuals using local information (here) – hat tip to Krebs for the post (here)

On Monday, security firm Trend Micro began warning people to look out for bogus “Reuters breaking news” e-mails warning of explosion or other various calamities that have supposedly broken out in a city near you. The message content pulls data from so-called “geo-location” services that can use the recipient’s Internet address to make a semi-accurate guess of their nearest town.

For example, a user who lives in Fairfax, Va., might see this subject line in a missive sent by Waledac: “Powerful explosion burst in Fairfax this morning.” The message authors also append a Wikipedia link and a Google search link at the bottom to add to the fake alert’s legitimacy.

I talked about this as one of the potential security problems associated with GPS enabled smart phones in a post entitled “iPhone creates mobile malware tipping point” by enabling new and interesting methods for malware proliferation (here) at the time many of the press I talked with didn’t understand how this would work…

The moves to support office applications, broadband connectivity, GPS, and releasing a common development platform for both iPhone and Mac OS X, Apple has created the perfect storm for an explosion of slow trickle of mobile malware, data theft incidents and IT management headaches. Let’s review the more important WWDC announcements and their impact on enterprise security:

Enterprise Support (including Microsoft Exchange Integration and Office Applications) The point at which mobile and handheld devices become real issues for enterprise IT is the point at which data can be viewed and manipulated in the same way it can be on a desktop or laptop. The ability to store, forward, read, and write Microsoft Office applications eliminates the need to use a conventional computer to do real work, but creates a nightmare scenario for organizations who are still challenged by securing data on the devices for which they are responsible.

3G Support Fast Internet access will only increase the use of the iPhone for web browsing, on-line banking, commerce, and enterprise SaaS applications like salesforce.com. Handheld salesforce.com access, for example, will be a boon to field sales people, but opens the door to increasing the number of browser-based attacks.

GPS Support Although this may seem innocuous from a security perspective, it is clear that targeted malware is on the rise. Imagine being able to tailor a message to not only include information about the recipient but to include or reference their location.

iPhone Development Environment In my opinion the most significant WWDC announcement has been the introduction of the iPhone as a development platform that shares APIs and tools with Mac OSX. Couple this ability to cross-pollinate malware between the iPhone and Mac OSX, with a rich media layer and an easy-to-use development environment, and you create endless fun for the legions of malware authors looking to profit from the proliferation of iPhone and Mac OS X.


3 thoughts on “Location-Aware Malware Becoming a Reality

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s