Tag Archive: Malware


Mobile security company Lookout has continued to expand its list of Android Market applications that have been found to contain malicious code known as ‘RuFraud’. Researchers spotted 22 malicious apps by the start of the week, prompting Microsoft to offer victims free Windows Phone handsets, while five more have been discovered since then.

The titles include several horoscope apps, wallpaper utilities that offer pictures from movies such as Twilight and Moneyball, fake downloaders for popular Android games such as Angry birds, and fake free versions of other games.

Once downloaded, the apps trick users into agreeing to charges that will be applied to the bill due to SMS messages sent to premium numbers. The code appears to affect users in Europe and Asia, rather than North America.

Google has quickly pulled the offending titles from the app portal, however the situation has given credence to criticism of the mobile platform’s security features. The company’s open approach is said to make it easier for attackers to post malicious apps without encountering problems in the approval process. Fragmentation is also seen as a potential problem, as most Android handsets are running older OS versions that lack the latest security protection.

Thanks: Electronista



The image of Android users as people who seek out danger and live on the edge may not be far from the truth. That’s the image that Verizon has been trying to project in some of their ads for the Droid Razr and a new study from Websense suggests that it’s an accurate portrait – but in ways that Verizon had rather not project.

The study suggests that while iPhone users are happy to stay within the bounds of Apple’s walled garden, enjoying music and video from legitimate sources, Android users spend more times exploring the web’s less reputable districts.

Unlike iPhone users, Android owners spend more time reading about guns and ‘exploding shuriken’ than they do playing Angry Birds, and many of them venture out in search of information on hacking and other ‘illegal or questionable’ activities, as shown in the chart below. Almost all iPhone users get their apps exclusively from Apple’s carefully crated App Store, but Android users have no problem getting their apps from a wide variety of unsanctioned (and sometimes illegal) marketplaces.

While a lot of fuss has been made about Google’s lack of tight control over what apps get into their marketplace, users are really sticking their neck out by getting their apps elsewhere. It’s remarkably easy for a legitimate looking Android app to be repackaged with malware and most users won’t know the difference until they are already infected.

A lot of questions have been raised about the security of Google’s mobile OS. McAfee recently reported that Android was shattering records for mobile malware, with almost all new viruses being targeted at it. While Microsoft’s Windows Phone and Apple’s iOS remain relatively safe, some security experts are suggesting that it might be wise to keep your Droid protected with security software, as reported over at Monsters & Critics. Some have gone so far as to call Android the ‘smartphone Windows of the future,’ referring to the high number of security threats targeting Microsoft’s venerable OS.

Thanks: Neowin


Internet safety is a topic that we are all commonly reminded of as we move to an increasingly digital age. Now, another reminder of how much we willingly share with those we don’t know has been shown, as reported by the BBC.

Using what is known as a ‘socialbot’, researchers were able to acquire information that a Facebook spokesperson rebuked as being “overstated and unethhical”. A socialbot is a botnet adapted for usage on social networks. The worst part of the socialbot’s power is how affordable it is. Dubious websites offer the bots for sale over the internet for as little as 29USD, or 18GBP.

A socialbot differs from a normal botnet in the sense that it can pass itself off as a normal Facebook user. A regular botnet is a type of virus that can infect a user’s computer, and can make use of this to send out spam or partake in digital attacks against other websites. The socialbot takes control of an existing Facebook account, and is able to perform normal activities, such as posting statuses and sending friend requests.

The research was performed by four members of the University of British Colombia, with 102 socialbots being commanded by one ‘master’. The master sends commands to the other bots, which they then act upon. These commands would likely consist of seeking profiles and adding them. In the space of eight weeks, the bots sent out 8,570 friend requests and had 3,055 acceptances. The research showed a relation in the number of Facebook friends a user had, and the likelihood of the socialbot being accepted as a friend.

Remaining within Facebook’s limitations for sending friend requests, the bots sent only 25 requests per day. Any more and the bots risked triggering the fraud detection and prevention system existing on Facebook. According to Facebook, the research is not reflective of how they prevent socialbots operating, as the accounts operated from ‘trusted’ university IP addresses. An IP address used by a real-life criminal operating socialbots would apparently raise alarm bells within the company.

Many people are now growing more aware of friend requests coming ‘out of the blue’, so to speak, and it reflects how people could be growing more aware of the people seeking to acquire more information, whether you intended to give them the information or not.

Thanks: Neowin


t used to be the case that people could claim that Apple software wasn’t susceptible to viruses, but it’s not so anymore. Actually, it hasn’t been for a while. Today, another Mac-borne virus was identified that uses processing power of computers to generate “Bitcoins,” a virtual currency.

According to TechWorld, the Trojan uses infected Macs’ video cards to generate Bitcoins. Antivirus companies said that the trojan is being distributed with legitimate software over BitTorrent. They said today that:

“This malware is complex, and performs many operations,” security researchers from Mac antivirus vendor Intego warned. “It is a combination of several types of malware: It is a Trojan horse, since it is hidden inside other applications; it is a backdoor, as it opens ports and can accept commands from command and control servers; it is a stealer, as it steals data and Bitcoin virtual money; and it is a spyware, as it sends personal data to remote servers,”

The trojan actually installs a legitimate application that is used in the Bitcoin production process –called DiabloMiner — but configures it to distribute the coins to the creators of the virus. As the application uses the GPU to create the currency, the machine runs extremely slow as a result.

Additionally, the trojan spies on users by taking automated screen captures and logging usernames and passwords, copying encrypted data, your Safari browsing history and more, then sending them back to the creators of the infection.

It’s clearly time for users on OS X to seriously consider installing antivirus protection, as this is pretty serious compared to other threats we’ve seen out there. If you’re not running anything yet, there are plenty of free solutions out there.

Thanks: Neowin


Internet users usually open up their web browsers to surf their favorite web sites without a lot of thought put into it. But Microsoft is launching a new web site that is designed to alert Internet users to the dangers of web surfing, particularly on older web browser versions. The web site is Yourbrowsermatters.org which tells a visitor how secure their browser is to threats like malware and phishing attacks on a scale of 0 to 4.

According to a post on Microsoft’s official Internet Explorer web site, 24.4 percent of all the PCs in the world that are connected to the Internet run an outdated version of a web browser. Microsoft says that amount comes to 340 million PCs that don’t run the latest version of their web browser software. The number of PCs in the world that run Internet Explorer 6 or 7 total 15.2 percent while PCs who run Mozilla’s Firefox 3.6 or older amount to 7.5 percent. PCs who run the 12th version or older of Google’s Chrome browser are in 1.7 percent of all PCs. Chrome is the only one of the three web browsers that now automatically updates to the newest version, without any need for a user’s approval.

Yourbrowsermatters.org goes over some of the things that people can do to be more secure while browsing the Internet. That includes downloading the latest version of your web browser, making sure your operating system is also up to date, being able to recognize phishing attacks and more.

Image via Microsoft



Earlier this week at Microsoft’s BUILD Conference in Anaheim, California, the company announced that the upcoming Windows 8 operating system would have built in malware and virus protection. Today, the official Windows 8 blog site gives more information on the malware protection features in Windows 8. Jason Garms, who works as Microsoft’s group program manager for its reliability and security team, said, “With Windows XP SP2, we began creating defenses called mitigations that make it difficult to develop reliable exploits for security vulnerabilities. Each subsequent version of Windows has continued to expand and improve on these mitigations, because a single mitigation feature can break an entire class of exploits. Windows 8 includes mitigation enhancements that further reduce the likelihood of common attacks.”

Just one of those mitigation improvements is what Microsoft is calling Address Space Layout Randomization. It was first launched in Windows Vista and allow the Windows OS to randomly shuffle “the location of most code and data in memory to block assumptions that the code and data are at same address on all PCs.” Garms says, “In Windows 8, we extended ASLR’s protection to more parts of Windows and introduced enhancements such as increased randomization that will break many known techniques for circumventing ASLR.” Windows 8’s kernel also gets some protection improvements. Garms says, “For example, we now prevent user-mode processes from allocating the low 64K of process memory, which prevents a whole class of kernel-mode NULL dereference vulnerabilities from being exploited. We also added integrity checks to the kernel pool memory allocator to mitigate kernel pool corruption attacks.”

While Microsoft expects a number of third party malware protection applications will be released for Windows 8, Garms says, “If you don’t have another solution installed, Windows 8 will provide you protection with a significantly improved version of Windows Defender.” Garms says that it will protect your Windows 8 device “from all types of malware, including viruses, worms, bots and rootkits” and it will be regularly updated with new signatures via Windows Update. The Windows 8 version of Defender will also “provide you with real-time detection and protection from malware threats using a file system filter, and will interface with Windows secured boot, another new Window 8 protection feature.”

The Microsoft SmartScreen feature, which alerts Internet Explorer users if they are about to download and install a possible malware program, will also be expanded to Windows 8 when it launches. Garms says, “We understand that Internet Explorer isn’t the only way you download applications from the Internet, so Windows now uses SmartScreen to perform an application reputation check the first time you launch applications that come from the Internet.”

Thanks: Neowin


It’s been known for a while now that Google’s Android mobile phone and tablet operating system is the one that seems to get more attention by malware makers. Now a new report from anti-virus company McAfee seems to confirm that notion. McAfee, a division of Intel, announced earlier this week that it has recorded a massive 76 percent increase in Android-based malware attacks in the second quarter of 2011. That rise has put Android in the dubious distinction of surpassing Nokia’s Symbian OS as the operating system that has the most malware. McAfee speculates that Android will become an even bigger target for cybercriminals who create dangerous malware programs.

McAfee says that overall it has found 12 million unique malware samples in the first half of 2011 which was a 22 percent increase from the same period a year ago. The company claims that it now has 65 million malware samples in its “zoo” and says those numbers could expand to a whopping 75 million samples by the end of 2011.

In addition to all of the new threats against the Android OS, McAfee says that there is an increasing malware threat to Apple’s Mac OS. In the past the Mac OS had been ignored by the malware community but now the first ever fake anti-virus threat has been found for the Mac operating system. In addition more malware in general are being hidden in a rootkit program. This kind of “stealth malware” threat has increased 38 percent this year compared to a year ago.

Thanks: Neowin


As Android devices get more popular (today comScore reports Android phones comprise 40% of the U.S. smartphone market), they’re becoming a more attractive target for cybercriminals. If you use an Android smartphone, you are now 2.5 times more likely to encounter malware (malicious software) than you were six months ago.

This isn’t just about apps. This year, 30% of Android users are likely to encounter a Web-based threat such as phishing scams, “drive by downloads” and browser exploits.

This is according to a new threat report from Lookout Mobile Security. Obviously, Lookout is selling mobile-security tools. However, individual and collective mobile security risks are real.

Whether you opt to pay for mobile security, use a free service or manage it yourself, you should be aware of the risks and use basic mobile safety skills.

Cybercriminals aren’t simply targeting Android devices more often, they’re also getting sneakier about it.

Specifically, Lookout notes that attackers are using new techniques to distribute malware to phones. These include “malvertising” (ads served up through legitimate apps that lead you to a fake Android market and trick you into downloading malware, like GGtracker) and “upgrade attacks” (where the initially downloaded app is clean, but later upgrades deploy malware).

How can mobile malware harm you? First of all, cybercriminals can rack up charges to your phone bill through “carrier billing,” a payment option that wireless carriers are increasingly pushing –and which Google is starting to make possible for Android market app purchases. Malware also can sign you up for “premium SMS” text messaging services.

Furthermore, mobile malware and spyware can pull sensitive data from your phone — such as your credit card numbers, online banking or e-mail account login credentials or your contacts list.

Infected phones also can become part of a “botnet,” which means your phone could be used without your knowledge as part of a larger attack scheme. This can also drive up your data traffic, which can push you toward your data plan’s cap faster.

Why is Android a bigger mobile security concern? It’s an open platform, which presents significant pros and cons.

On the bright side, Android’s openness has made it easier for vendors to offer cheaper smartphones (especially without costly two-year contracts) to a much broader consumer market. On the downside, Android’s openness also makes it especially susceptible to malware.

Users of Apple and BlackBerry mobile devices are not immune to mobile security threats. But the closed nature of those platforms does make it harder for cybercriminals to infiltrate those devices with malware.

However, threats such as e-mail phishing attempts and PDF exploits can put any mobile user at risk — even on the iPhone. (Apple recently patched its latest PDF vulnerability, but future iOS risks are always a possibility.)

Learn more about mobile security risks

John Hering, co-founder and CEO of Lookout, explains that a credulous user mindset has been a key factor in mobile security risks.

“We’ve observed that most mobile users are far more trusting about how they download and install software on their phone, compared to their computer,” he said. “But fortunately that’s starting to change. Android users especially are starting to get more discerning.”

However, the way people tend to use smartphones can also put them at risk. Hering noted that mobile users tend to be in distracting environments, so they generally provide only short bursts of divided attention to their phones.

Kevin Mahaffey, Lookout’s CTO and co-founder, explained that spotting malware on mobile devices is a bigger technical challenge than on computers.

“Personal computers have lots of power — both energy and processing capacity — so it’s easy to run security analyses in that environment. If it were even possible to run the same types of analytics on a mobile phone, that would destroy battery and take two decades to build,” Mahaffey said.

“So we had to consider, what if we could change the way malware detection is done? Instead of doing it on individual devices operating out in the world, what if we put it all on a big server and treat it as a data mining problem?”

This concept formed the genesis of Lookout’s Mobile Threat Network, which provides mobile device security through an online platform that aggregates and constantly scans anonymized data gathered from over 700,000 mobile apps.

One advantage of this approach is speed. Also, users don’t have to remember to update Lookout security software; the system constantly updates itself.

Mahaffey notes that if your phone is running an older version of the Android operating system, you face greater mobile security risks.

On Android phones, OS updates get deployed via a variety of manufacturers and wireless carriers. Because of this complexity, on many phones system updates lag behind — sometimes far behind — the latest “flavor” of Android (currently 2.3 “Gingerbread” for phones).

Unless you’ve rooted your Android phone to gain complete control over it, it’s up to the carrier and manufacturer, not you, when your phone will get a system update.

In contrast, iPhone system updates get deployed by a single source: Apple. So at any given time most iPhones in use probably have a fairly up-to-date version of iOS (unless it’s a much older device, such as the iPhone 3G).

Complicating this picture, to keep costs down some Android phone manufacturers skimp on processing power and other device capabilities. So some cheaper phones simply are not able to run the latest version of Android well, or at all.

This is why some brand new but cheaper models come with vastly outdated flavors of Android — like the Huawei Ascend, currently sold by MetroPCS for $99 on a $50/month no-contract plan, which comes with Android 2.1 (“Eclair,” released back in January 2010).

What red flags should mobile users watch for? According to Hering and Mahaffey, strange text messages coming from unknown sources are a common clue that you may have been subscribed unwittingly to a premium SMS service. You should contact your carrier immediately to report these.

Also, check your phone bill online periodically — probably more often than once a month.

Malware can cause a lot of surreptitious activity on your phone, so battery performance might be a clue. “If your battery suddenly starts draining really fast, consider that it might be malware,” Mahaffey said.

Hering also recommends healthy skepticism.

“Scrutinize permissions for Android apps before you download them. Does that game or utility really need permission to send premium SMS messages? Probably not,” he said.

Thanks: CNN