Sophos in the news: Gameover malware gets harder to kill; will Windows XP live on after death?

CorporateSophosLabsMedia coverageMicrosoftNaked SecurityRootkitsWindows

Sophos-in-the-newsWe often talk about inanimate things as if they live and die — maybe to feel better about them having power over us. Just look at Windows XP, which is now on extended life support until Microsoft finally pulls the plug in April, and which critics would gladly see die.

On Patch Tuesday in April, Microsoft will officially end support for the aging Windows XP with its final security patch. But with millions of people still relying on this long-in-the-tooth operating system, will it live on even after Microsoft has essentially killed it off?

Along these same lines, one of our superb researchers at SophosLabs discovered recently a new variant of the Gameover banking Trojan that borrows code from a rootkit in order to stay hidden, making it much harder to kill. And when it comes to matters of crime and punishment, some cybercriminals are finding that their malicious code will live long after they have gone away.

Windows XP nears retirement

The nearly 13-year-old Windows XP will get its last security patch on April 8th, but Microsoft is finding it very difficult to convince people to leave XP behind and upgrade to more secure operating systems. As we’ve discussed previously, this raises many security issues not just for XP users, but for all of us.

Beginning this weekend, XP users will get a pop-up warning on their screens advising them that they need to upgrade. And Microsoft said it will provide XP users with a free migration tool to help people transfer their files and settings to Windows 7 or Windows 8.

But many millions of XP users will probably miss the deadline, making life easier for cybercriminals who have been waiting in the wings for the end of XP support to exploit new vulnerabilities in Windows that will remain forever unpatched in XP.

As our security expert James Lyne told BBC News this week, Windows 7 and Windows 8 are much harder to exploit than XP, making the decision to go after XP a simple one for cyber crooks.

Not only will it be easier to attack XP — Microsoft will, essentially, be offering a helping hand. Any security update to Windows 7 or 8 will alert cybercriminals to go looking for similar flaws in XP, as Paul Ducklin, senior security analyst at Sophos, points out in a post at Naked Security.

Gameover gets a rootkit

Our SophosLabs threat researcher James Wyke recently uncovered an interesting development in Gameover’s code — the addition of a rootkit element that makes this banking Trojan much harder to detect and remove. As James reported at Naked Security, the new element comes from the rootkit Necurs, which protects Gameover so that you can’t delete it or kill off the Gameover process.

“The rookit greatly increases the difficulty of removing the malware from an infected computer, so you are likely to stay infected for longer, and lose more data to the controllers of the Gameover botnet,” James explains, as reported in PCWorld.

Russian hacker Gribodemon awaits sentencing in U.S.

Our researchers and experts are often called upon by the media to explain what’s happening in the security world. This week, USA TODAY reported an interesting feature story about the Russian hacker Gribodemon, the mastermind behind the SpyEye exploit kit who is now being prosecuted in the U.S.

Chester Wisniewski, senior security advisor at Sophos, explained that cyber crime is so resilient and hard to combat because prosecuting a few individuals doesn’t really have much of an impact on the thriving underground economy.

“We’re dying a death by a million cuts,” Chet says. “We’ll go after SpyEye or the Target gang. Every year, we go after two or three of these guys, but nothing is ever really done.”

If that sounds a little too pessimistic, consider that last year’s arrest of Paunch, the creator of the Blackhole exploit kit, has done little to stop the emergence of new, and even better, exploit kits.

As USA TODAY reported, young Russians like Gribodemon lack opportunities for using their substantial computer skills for legitimate purposes. So as long as there is money to be made in cyber crime, desperate people will continue to go that route.

Sophos UTM Accelerated 9.2 now available!

Here is a spot of good news for IT folks — our newest release of Sophos UTM is available now! Check out our blog series on all the great new features in UTM Accelerated (9.2).

Stay in the know

Never miss a beat with the latest news, opinion and advice from our experts. Sign up for our Sophos Blog newsletter by filling in your email address at the top of the page (you can receive notifications after each post, or on a daily or weekly basis).

Follow us on your favorite social media networks, chat with us in our forums, download our informative podcasts, and sign up for our RSS feeds.

1 Comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s