PDA

View Full Version : Grumble about article claiming malware using twitter conduit


FloatingBones
Mar 6, 2012, 01:28 PM
This article (http://www.macrumors.com/2012/03/05/flashback-malware-authors-using-twitter-to-talk-to-infected-machines/) forwarded a claim that malware is using twitter as a conduit between infected machines and the malware authors. The claim is very specific, but, AFAICT, there's no evidence that any nefarious tweets were actually sent out.

Macrumors is typically excellent in the vetting of stories. This story doesn't appear to have been vetted.

GoCubsGo
Mar 6, 2012, 01:30 PM
If not vetted then call it a rumor and they're covered. :D

I do see your point though. Why yell that the sky is falling if you're totally unsure.

FloatingBones
Mar 6, 2012, 01:45 PM
I do see your point though. Why yell that the sky is falling if you're totally unsure.

The frustration has to do with the anti-virus companies: they market their product by spreading fear, uncertainty, and doubt. The claim about twitter as a channel for malware messages is novel and is giving them a lot of free play (free publicity) for Intego.

GoCubsGo
Mar 6, 2012, 02:26 PM
This has and will always be the case though, no?

FloatingBones
Mar 6, 2012, 05:09 PM
This has and will always be the case though, no?

That's why one doesn't take the claims of an anti-virus company at face value. Wendy's had their famous campaign many years ago; a variation is appropriate here:

Where's the tweets?

WildCowboy
Mar 6, 2012, 10:36 PM
Agreed that it's a bit of an unavoidable situation with conflicting interests...those selling anti-virus software are also among those with the best expertise, resources, and motivation to research them.

It's absolutely true that evidence of Tweets carrying the hashtags would be a great find to bolster the case, but I don't really see any reason to doubt Intego. I'm sure their work can be duplicated by others, and they may even be happy to share details on it to help verify.

Whether Tweets have been deleted or the functionality is included but not yet being used, I don't know, but I don't think Intego is making up claims about what they found in the malware's code.

FloatingBones
Mar 7, 2012, 07:55 AM
It's absolutely true that evidence of Tweets carrying the hashtags would be a great find to bolster the case, but I don't really see any reason to doubt Intego. I'm sure their work can be duplicated by others, and they may even be happy to share details on it to help verify.

In news reports, I'm interested in reporting of the facts and evidence to back up the facts. If there be tweets, then tweets should be shown in the news reports. If the tweets have been removed, then post images of the captured tweets. If there's some reason that no tweets have actually been sent, then explain why.

Our attitudes about Intego should be completely irrelevant. Either there is evidence or there is not.

Whether Tweets have been deleted or the functionality is included but not yet being used, I don't know, but I don't think Intego is making up claims about what they found in the malware's code.

The news reports should either provide the evidence or the reasons why the evidence is not available.

Fact-checking is a critical component for news reports. Earlier this year, sumofus.org created their "ethical iphone" petition. The original petition contained the copy:

On the other side of the world, a young girl is also swiping those screens. In fact, every day, during her 12+ hour shifts, six days a week, she repetitively swipes tens of thousands of them.She spends those hours inhaling n-hexane, a potent neurotoxin used to clean iPhone glass, because it dries a few seconds faster than a safe alternative. After just a few years on the line, she will be fired because the neurological damage from the n-hexane and the repetitive stress injuries to her wrists and hands make her unable to continue performing up to standard.

Mike Daisey seems to be the source for the n-hexane claims, but he noted in his blog (http://mikedaisey.blogspot.com/2011/03/harsh-reality-behind-apple-scandal.html) that the solvent was used at Wintek from August 2008 to July 2009. SumOfUs failed to fact-check their petition; nobody in the media (including the NYT and MR) checked the claims, either. Apple Insider finally broke the story (http://www.appleinsider.com/articles/12/02/23/sumofusorg_removes_false_claim_from_apple_petition_after_collecting_signatures.html) of the removal of false claims from that petition.

I visit MR regularly because Arn and his staff do an excellent job weighing the facts on the vast majority of stories reported here. My expectations were not met on the Intego story.

GGJstudios
Mar 7, 2012, 08:52 AM
...I don't really see any reason to doubt Intego.
In this case, I'm very suspicious of recent claims by Intego. I haven't seen any other security firm corroborating Intego's claims about recent Flashback variants, including the one that allegedly installs itself without user interaction. Usually, there are several firms acknowledging the existence of malware, or even some posters acknowledging that they encountered it, but not in this case. I'm very reticent to accept one firm's claims on face value. Intego has a history of trying to spread fear, to bolster its sales, and I believe recent claims may have crossed the line between fact and fiction.