Jan 03 2011

New virus threatens phones using Android

Category: MalwareDISC @ 5:39 pm
it's real :)
Image via Wikipedia

Mobile Malware Attacks and Defense

WASHINGTON (AFP) – A virus infecting mobile phones using Google’s Android operating system has emerged in China that can allow a hacker to gain access to personal data, US security experts said.

A report this week from Lookout Mobile Security said the new Trojan affecting Android devices has been dubbed “Geinimi” and “can compromise a significant amount of personal data on a user?s phone and send it to remote servers.”

The firm called the virus “the most sophisticated Android malware we’ve seen to date.”

“Once the malware is installed on a user’s phone, it has the potential to receive commands from a remote server that allow the owner of that server to control the phone,” Lookout said.

“Geinimi’s author(s) have raised the sophistication bar significantly over and above previously observed Android malware by employing techniques to obfuscate its activities.”

The motive for the virus was not clear, accoring the Lookout, which added that this could be used for anything from “a malicious ad-network to an attempt to create an Android botnet.”

But the company said the only users likely to be affected are those downloading Android apps from China.

The infected apps included repackaged versions sold in China of Monkey Jump 2, Sex Positions, President vs. Aliens, City Defense and Baseball Superstars 2010.

“It is important to remember that even though there are instances of the games repackaged with the Trojan, the original versions available in the official Google Android Market have not been affected,” the security firm said.

Mobile Malware Attacks and Defense

Related articles

Tags: Android, china, Google, Malware, mobile phone, Security, Servers, Trojan horse

Apr 21 2010

Raid said to have hacked Google password system

Category: CybercrimeDISC @ 3:30 pm

Google Appliance as shown at RSA Expo 2008 in ...
Image via Wikipedia

John Markoff, New York Times

Ever since Google disclosed in January that Internet intruders had stolen information from its computers, the exact nature and extent of the theft has been a closely guarded company secret.


But a source with direct knowledge of the investigation now says that the losses included one of Google’s crown jewels, a password system that controls access by millions of users worldwide to almost all of the company’s services, including e-mail.


The program, code-named Gaia for the Greek goddess of the earth, was attacked in a lightning raid taking less than two days in December, the source said. The software is intended to enable users to sign in with their password just once to operate a range of services.


The intruders do not appear to have stolen passwords of Gmail users, and the company quickly started making changes to the security of its networks after the intrusions. But the theft leaves open the possibility that the intruders may find weaknesses that Google might not even be aware of, independent computer experts said.


The new details seem likely to increase the debate about the security and privacy of systems that now centralize the personal information of millions of individuals and businesses.


Link to ‘poisoned’ site


The theft began with a single instant message sent to a Google employee in China, according to the person with knowledge of the inquiry, who spoke on the condition he not be identified. By clicking on a link and connecting to a “poisoned” Web site, the employee inadvertently permitted the intruders to gain access to his (or her) personal computer and then to the computers of a critical group of software developers at Google’s headquarters in Mountain View.


Ultimately, the intruders were able to gain control of a software repository used by that team.


Tightening security


The details surrounding the theft of the software have been a closely guarded secret by the company. Google first publicly disclosed the theft in a Jan. 12 posting, which stated that the company was changing its policy toward China in the wake of the theft of unidentified “intellectual property” and the apparent compromise of the e-mail accounts of two human rights activists.


Company executives declined to comment Monday about the new details of the case.


Google continues to use the Gaia password system, now known as Single Sign-On, but has tightened the security of its data centers.


Several technical experts said that because Google had quickly learned of the theft of the software, it is unclear what the consequences of the theft have been. One of the most alarming possibilities is that the attackers might have intended to insert a Trojan Horse – a secret backdoor – into Gaia and install it in dozens of Google’s global data centers to establish clandestine entry points.


This article appeared on page D — 1 of the San Francisco Chronicle on Apr 20, 2010

Cyber War: The Next Threat to National Security and What to Do About It

Tags: china, Gaia, Google, Human rights, Personal computer, Software developer, Trojan horse, Website

Dec 04 2009

Five ways to lose your identity

Category: Identity TheftDISC @ 2:42 pm

beconstructive12

By Jaikumar Vijayan
The rush by shoppers to the Web makes the season a great time for online retailers. It’s also a great time for hackers looking to steal data and money from the unwary millions expected to search for great deals online.

Checkout huge savings on Today’s Hot Deals on Information Security Solutions for the holidays

The growth of holiday hackers has annually prompted security analysts, identity theft awareness groups, and various government agencies to come up with lists of precautions that consumers can take to avoid becoming a victim of online fraud. Such lists can prove a benefit to consumers, but unfortunately some people ignore it.

Below are the identity theft awareness tips which can help maximize your exposure to online fraud.

Tip No. 1: Open all attachments from strangers and click on all embedded links in such e-mail messages. Such actions remain one of the most effective ways to provide thieves with personal information and financial data. All a hacker needs to do is find computer users who instinctively open e-mail messages from strangers, even those who write in a foreign language. The action can open the door to keystroke loggers, rootkits, or Trojan horse programs. Crooks can also easily install backdoors to easily steal data without attracting any attention. Once installed, hackers gain unfettered access to personal data and can even remotely control and administer systems from anywhere.

Tip No. 2: Respond to Dr. (Mrs.) Mariam Abacha, whose name is used by many hackers who say they have close friends and relatives in Nigeria who have recently been widowed or deposed in a military coup and need your help to get their millions of dollars out of the country. Users are told they will undoubtedly be rewarded for helping to get their “well-packed trunk boxes” full of cash out of Nigeria. And to make sure to provide bank account information, login credentials, date of birth, and mother’s maiden name so that they can wire the reward directly into a checking account in time for the holidays.

Tip No. 3: Install a peer-to-peer file-sharing client on your PC and configure it so all files, including bank account, Social Security, and credit card numbers, along with copies of mortgage and tax return documents, are easily available to anyone on the same P2P network. Your personal data will stream over the Internet while you check out what songs you can download for free without getting sued by the RIAA.

Tip No. 4: Come up with passwords that are easy to crack. It saves hackers from spending too much time and effort trying to access your PC. Clever sequences such as “123456” and “abcdef” and your firstname.lastname all make fine, easy-to-remember default passwords for you and for hackers. For maximum exposure, keep passwords short, don’t mix alphabets and numerals, and use the same password for all accounts.

Tip No. 5: Avoid installing the latest anti-malware tools and security updates. Keeping operating systems properly patched and anti-virus and anti-spyware tools updated make life hard for hackers. Users can help them out by making sure their anti-virus software and anti-spyware tools are at least 18 months out of date or by not using them at all. Either way, it’s very likely that your computer will be infected with a full spectrum of malware.

For additional tips on how to shop securely on Christmas and holidays season:
How to shop safely online this Christmas
Identity theft tip-off countermeasure and consequence | DISC

Please comment below regarding any other new and emerging threat which needs to be addressed during holiday’s season?

Reblog this post [with Zemanta]

Tags: antivirus, Christmas and holiday season, Computer security, Credit card, File sharing, hacker, Identity Theft, Malicious Software, Malware, Online shopping, Personal computer, Security, shop safely, shop securely, Spyware, threats, trojan, Trojan horse

Jan 06 2009

Digital frames and malware threat

Category: MalwareDISC @ 6:30 pm

Digital photo frame
No doubt, the digital frame is a hot state of the art technology item today. Some digital frames in the market carry a risk of infection through a Trojan horse (malware) which is capable of monitoring keystrokes and sending useful information back to its originator. In Jan 2008 there were multiple reports that digital picture frames attempted to install malware on devices connected to the frame. It’s Jan 2009, and digital frames are still embedded with malwares.

According to SF chronicle article by Deborah Gage (Jan 2, 2009, pg. c1) “These popular devices are now so powerful that they’ve become computers in themselves, although people who buy them don’t always realize that. And like computers, the frames are capable of carrying code that logs keystrokes, steals data and calls out to other malicious code once it’s installed itself on a PC. “ “Users don’t realize that bad guys can make use of each and every computer they can control, even if you don’t do Internet banking or have any sensitive information,” said Karel Obluk, the chief technology officer of AVG, a security vendor with offices in the United States and Europe. “They can profit by spam or other illegal activities and make (your) PC part of an illegal network. It’s something that users should always be reminded of.”

Consumers have to be wary of devices which have memory on-board.

December 29, 2008 (Computerworld) Amazon.com Inc. last week warned customers running Windows XP that a Samsung digital photo frame it sold until earlier this month might have come with malware on the driver installation CD. Amazon’s advisory identified the malware as “W32.Sality.AE,” the name assigned by Symantec Corp.

According to Samsung’s alert, “a batch of Photo Frame Driver CDs contains a worm virus in the Frame Manager software. This is a risk of the customers host PCs being infected with this worm virus.”
The Samsung SPF-85H is no longer available on Amazon.com.

“Samsung has issued an alert. … Our records indicate that you have purchased one of the digital photo frames through the Amazon.com website and are therefore affected by this alert,” said Amazon in the note.

Based on various security advisories — Only users running Windows XP are at risk from this virus or a Trojan, Samsung and Amazon said; Windows Vista is immune.

Some considerations to safeguard against Trojans:

 Turn off autorun in Windows, to stop Trojan and malware exploits from installing itself on your system.
 To find a Trojan on your system, configure Windows to show hidden files.
 Utilize antivirus software which look for Trojans and keep it turned on and up-to-date. Scan new devices for malware upon connection to a system.
 Perform application vulnerability assessment on digital frame which will look for hidden Trojans.
 Perform regular assessment to find new vulnerabilities
 Buy photo frames manufactured by vendors who can guarantee exclusion of malwares.
 Do your due diligence to find out for known vulnerabilities before buying a digital frame

Who should be responsible for to make sure digital frames are malware free or perhaps both? (consumer/vendors)

AP Impact: Viruses Hit Digital Photo Frames, GPS
httpv://www.youtube.com/watch?v=R19VKUyeXag

Reblog this post [with Zemanta]

Tags: amazon, anti botnet, anti trojan, anti virus, anti worm, illegal network, infection, Malware, photo frame, samsung, Trojan horse