March 2008 — News
Print this articleClick here to receive your FREE subscription to T.H.E. Journal
A White Hat Talks about Modern Malware
Schaffhauser: What was that hack doing?
Thompson: Same thing. It went to a place in China. As well as trying to use the exploit, they tried to use social engineering, which is where they try to trick you into doing something. In this particular case, they showed a screen saying, 'Windows can't play this video. You have to install a new codec. Click here to install the new codec.' If you did install the codec, it wasn't really a codec; it was the bad software. That was a pretty good thing to attempt, from a MySpace Webpage, particularly Alicia Keys, because it's full of video--it's rich media. People would expect it...
If you go back six or seven years, worms were the main problem. But when Service pack 2 was released for [Windows] XP, the firewall was on by default. Even the pathetic old Windows firewall did a pretty good job of keeping the worms out. So when it was on by default, that was an extinction level event for worms. People still install worms, but they're not going to be anywhere near as effective as they once were.
But when you start a Web browser, you start that from within the firewall. You're starting from a trusted place. That creates a hole through the firewall. If you visit a Web site with hostile intent, the code is able to come back through the firewall. The firewall provides no protection against that sort of thing. The code is able to get back through to the desktop and has a shot at executing.
Schaffhauser: What about Web 2.0? What kinds of new problems does that introduce?
Thompson: You mean Web 2 oh-oh....
Everybody is trying to create the next MySpace or the next Google. In order to make their Web site more appealing than somebody else's Web site, they're trying to put in as much functionality and as many bells and whistles and dancing girls and dancing pigs as they can.
In security, there's an inverse relationship. The more secure you make something, the less functional it tends to be. And vice versa. The more functional, the less secure it tends to be.
It's just a natural consequence of having more things and more problems. And the bad guys are just really good at finding the problems.
Schaffhauser: And frequently the functions of Web 2.0 sites are pulled together from many different sources...
Thompson: They're trying to create the richest possible thing they can--the most functional thing they can. It's the emerging battleground for now and for the next few years.
Schaffhauser: How do you go about researching these exploits? How do you sift out the things you've seen a hundred times before from that new hack that stands out?
Thompson: It turns out that there aren't a million of these bad guys. There might be a couple of hundred gangs. There's a finite set. And they each have their own way of doing things.
