PC World Philippines » malware

Malware Uses Smartphone Accelerometers to Steal Keystrokes

Fei — Thu, 20 Oct 2011 22:59:29 +0000

By John P. Mello Jr.
October 21, 2011

SAN FRANCISCO – Did you know your smartphone’s accelerometer can be used to steal keystrokes from a nearby keyboard?

Using an iPhone 4 and some pirate software they wrote, a team of researchers at Georgia Tech has managed to capture complete sentences from a nearby keyboard with up to 80 percent accuracy.

“The way we see this attack working is that you, the phone’s owner, would request or be asked to download an innocuous-looking application, which doesn’t ask you for the use of any suspicious phone sensors,” team member Henry Carter, a PhD student in computer science and one of the paper’s co-authors, explains. “Then the keyboard-detection malware is turned on, and the next time you place your phone next to the keyboard and start typing, it starts listening.”

The team initially tried to use an iPhone 3GS in their experiments, but the results were too difficult to read.

“But then we tried an iPhone 4,” says Georgia Tech School of Computer Science Assistant Professor Patrick Traynor, who is a member of the team along with Carter, Georgia Tech grad student Arunabh Verma, and MIT Lincoln Laboratory’s Philip Marquardt.

“[The iPhone 4] has an added gyroscope to clean up the accelerometer noise [and] the results were much better. We believe that most smartphones made in the past two years are sophisticated enough to launch this attack.”
Other researchers have attempted to steal keystrokes using a phone’s microphone, but there are drawbacks to that method. For example, microphones have a sampling frequency of 44,000 vibrations per second. This is much more difficult to analyze than an accelerometer, which samples at just 100 times per second.

Also, handset makers typically restrict app access to phone microphones. When an app tries to grab hold of the mic, your phone will usually ask you if you want that to happen. Such protections aren’t placed around accelerometers.

How it Works

The malware creates a model based on probability and keyboard pairs. It determines if a pair is on the left or right side of the keyboard, and then it determines the distance between the keys in the pair–are they far apart or close together? After analyzing that data for a series of pairs, it compares what it’s hearing to a pre-loaded dictionary that classifies words based on left-right, near-far characteristics.

For example, the word “canoe” would consist of four pairs: C-A, A-N, N-O and O-E. The malware would interpret those strokes into Left-Left-Near, or LLN, LRF, RRF and RLF. When that data is compared to the entries in pre-loaded dictionary, a statistically probable result would be produced. In this case, “canoe.”

For the technique to work reliably, words must be three letters or more. Working with a 58,000 word dictionary, the researchers found their word recovery rate was as high as 80 percent.

Should you start being paranoid when a colleague places their cell phone by your keyboard? Not really. “The likelihood of someone falling victim to an attack like this right now is pretty low,”Traynor says. “This was really hard to do. But could people do it if they really wanted to? We think yes.”

Carter, Traynor, Verma, and Marquardt will present their findings in a paper entitled “(sp)iPhone: Decoding Vibrations From Nearby Keyboards Using Mobile Phone Accelerometers” on Thursday at the ACM Conference on Computer and Communications Security in Chicago.

Tips for a Malware-Free Android Smartphone

Fei — Wed, 13 Jul 2011 23:00:50 +0000

By Armando Rodriguez
July 14, 2011

SAN FRANCISCO – Since more and more malware is emerging for the Android platform every day, you must pay strict attention to what is happening on your phone or tablet. Smartphones are essentially computers–and all computers are vulnerable to viruses, phishing, and other attacks from malicious software.

Here are five quick tips to help you keep your Android phone or tablet free of malware.

Always research the publisher of an app: What other apps does it offer? Does the publisher have its own website? Do any of the other apps look a bit shady? If so, you should probably stay away. Read online reviews, but remember that Android Market reviews may not always be truthful. Check around to see what reputable websites such as PCWorld, AppBrain, or AppLib are saying about the app before you press the download button.

Always check app permissions: Whenever you download or update an app, you see a list of permissions for it. An alarm clock app, for instance, probably shouldn’t need to look through your contacts. The general rule of thumb: If an app is asking for more than what it needs to do its job, you should skip it.

Avoid directly installing Android Package files (APKs): When Angry Birds first came to Android, you could get it only through a third-party app store and “sideloading” it, installing the app by using an APK file. Although Angry Birds wasn’t malware, in general it is highly advisable not to download and install APK files from third-party websites or app stores. Most of the time you won’t know what the file contains until you install the file–and by then it’s too late.

Put a malware and antivirus scanner on your phone: Several different big-name security companies already offer mobile-security options, many of them free. Antivirus apps such as Lookout Mobile Security can scan your phone and make sure that no malware is installed. On top of that, most of the utilities include features that allow you to track your phone–and perhaps even remotely lock it and wipe your personal data–if you lose the handset.

Watch out for scams: Believe it or not, your smartphone is prone to phishing scams, malicious sites, and drive-by downloads, just as your PC is. Malicious sites often try to trick people into entering personal information about themselves; even more annoying, however, is some sites’ ability to automatically download malware to your phone. Because of a phone’s smaller screen, users are three times more likely to click a suspicious link on a phone than when they are using a PC. Again, though, Lookout Mobile Security has your back: Its Safe Browsing feature is currently available in the Premium version of its app.

If you follow these steps and keep a watchful eye on your device, you should be able to enjoy your phone malware-free.

Osama bin Laden’s death spawns fake video, malware via social networks

Fei — Thu, 19 May 2011 23:00:19 +0000

May 20, 2011

Following the death of Al-Qaeda terrorist leader Osama Bin Laden, Internet traffic significantly increased across the world. As expected, cybercriminals have utilized this major event to infect users’ computers via social networking sites.

Kaspersky Lab malware researcher Vicente Diaz said in his blog that they have investigated and found potential distribution attempts of malware authors. One of those found was a fake video of Bin Laden’s death, which circulated mostly through Brazilian users’ social networks. This fake video spread initially through Twitter and the links go to a fake Facebook.

A second set of fake Bin Laden death videos was found in Twitter, this time, adding a .RAR file containing a malicious software. The same link was being distributed by the original Twitter source as a video for the latest action film “Fast Five.” The attempt to infect is riding on major stories, in this case, the death of Bin Laden and an upcoming film.

Another malware infection attempt that uses the Bin Laden death was a click-fraud campaign on Twitter that intended to redirect traffic to a site with publicity on it. The trend topic changes to keep the campaign under the radar while being propagated. The same links to the click-fraud campaigns are sent out as either Bin Laden death videos or as alleged banned videos of recording artists Justin Bieber and Bruno Mars.

When a user clicks on the links, the destination page poses as a Youtube video. Instead of asking the victim to download a code upon clicking a button in the video, a new malicious tweet will be created in the victim´s own Twitter account, thus “replicating” itself.

“The goal of the fraud is to redirect traffic to a page with publicity, earning the malware propagators some revenues by exploiting a trending topic,” according to Diaz.

Diaz advised the public to be very careful of links about such topics that seem suspicious and too obvious to be legitimate to avoid being scam victims.

“Never follow links claiming to offer an exclusive footage or information about this particular topic, especially if the URLs are shortened or if they are not sure of the destination of the link. Also, never download anything like movies, compressed files, codecs for video to see a supposed online video, etcetera. Finally, do not trust any message which would likely be a spam,” Diaz said.

However, Diaz said that as the detected threats so far seem more Brazilian-centered and not highly sophisticated, it is not likely that any of them will suppose a global threat. Diaz said Kaspersky Lab has not detected any particular threat for the Philippines as of this writing. Although as top users of social networks, particularly Facebook and Twitter, the chances of being infected by this kind of threat is “higher in the Philippines than in other parts of the world, thus it might lead to a quick infection of the whole group.”

Keep Malware Off Your Android Phone: 5 Quick Tips

Fei — Thu, 03 Mar 2011 22:59:17 +0000

By Armando Rodriguez
March 4, 2011

SAN FRANCISCO – The number of free Android apps that may be infected with malware this week has increased to more than 50.

While some of these apps would look suspicious, others named things like “Quick Notes” or “Chess” seem innocent enough and you might not think twice about downloading them.

Tips for a Malware-Free Smartphone

Here are five quick tips to help keep your Android phone malware free:

1. Always research the publisher of the app. What other apps are they offering? Do any of them look a bit shady? If so, you should probably stay away.
2. Read online reviews. Android Market reviews may not always be truthful. Check around to see what reputable websites are saying about the app before you hit that download button.
3. Always check app permissions. Whenever you download or update an app, you are given a list of permissions for that app. That alarm clock app you are looking at probably shouldn’t need to be looking through your contacts. The general rule of thumb is if an app is asking for more than it does, you should probably skip it.
4. Avoid directly installing Android Package files (APKs). When Angry Birds first came to Android, you could only get it through a third party. This is called “sideloading” or, installing apps using an .APK file. While Angry Birds wasn’t malware, it is highly advisable not to download and install .APK files that you randomly come across. Most of the time you won’t know what the file contains until you install it. By then it’s too late.
5. Get a malware and antivirus scanner on your phone. While many still think that antivirus scanners on phones are useless, maybe outbreaks like these will change minds. Several different big name security companies already offer mobile security options, many of them free. I myself had downloaded “Spider Man,” which is on a bad list. My Lookout software identified it as a Trojan.

Infected apps list published by Android user “Myournet”

- Advanced Currency Converter
- App Uninstaller
- Chess
- Dice Roller
- Falling Ball Dodge
- Falling Down
- Funny Paint
- Hilton Sex Sound
- Hot Sexy Videos
- Photo Editor
- Scientific Calculator
- Screaming Sexy Japanese Girls
- Spider Man
- Super Guitar Solo
- Super History Eraser
- Super Ringtone Maker
- Super Sex Positions

Infected apps list published by Android User “Kingmall2010″

- Advanced App to SD
- Advanced Barcode Scanner
- Advanced Compass Leveler
- Advanced File Manager
- Best password safe
- Bowling Time
- Magic Strobe Light
- Music Box
- Sexy Girls: Japanese
- Sexy Legs
- Super Stopwatch & Timer
- Supre Bluetooth Transfer
- Task Killer Pro

Infected apps list compiled under the developer name “we20090202″:

- Advanced Sound Manager
- Basketball Shot Now
- Bubble Shoot
- Color Blindness Test
- Finger Race
- Funny Face
- Magic Hypnotic Spiral
- Omok Five in a Row
- Piano
- Quick Delete Contacts
- Quick Notes
- Super Sexy Ringtones
- Tie a Tie

Also on the lists are the foreign language apps shown at left.

Lookout Mobile Security, which provides security software for mobile phones, posted a list of 56 Android applications on its blog that have been infected with DroidDream, a new type of Android malware that roots your phone and gains access to as much personal information as it can. The apps also can open a back door, allowing more executable code to be downloaded to your phone without you being aware of it.
A few of these apps have already been downloaded by at least 50,000 users, making this one of the most widespread cases of Android malware to date. While the apps have been pulled from the Android Market, Google is investigating them and has not yet moved to wipe them remotely from people’s phones.

Lookout has issued an update to its mobile security software. It also advises that if you have downloaded any of these apps, to run its malware scanner and to e-mail the Lookout support center. Mashable (who earlier today posted a list of infected appscomplied by Myournet) suggested returning your phone to your carrier as your data and security may be compromised.

With more and more malware emerging for the platform every day, Android users would do well to be more careful and pay more attention to what happens on their phones. You have to remember that smartphones are essentially computers, and all computers are vulnerable to attack by malicious software.

Fix a Windows Infection Using Linux

Fei — Tue, 26 Oct 2010 23:00:31 +0000

By Katherine Noyes
October 27, 2010

SAN FRANCISCO – If you use Linux on your company’s desktop or server computers, you’re already familiar with many of the security advantages the open source operating system offers over its Windows and Mac rivals. What many people don’t realize, however, is that Linux can also be used to rescue a computer that has been crippled by malware.
Malware is a frequent occurrence in the Windows world, in particular, and it can be devastating. When a Windows virus strikes, not only can it become difficult or even impossible to continue using the affected machine, but it can be dangerous as well, since prolonged use can further the infection.

That’s where Linux can be a life-saver. Without ever having to install the free alternative, you can still use it temporarily on a PC to get rid of any infection. Here’s how.

1. Get a LiveCD or Live USB

LiveCDs and USBs are a wonderful thing in the Linux world because they let you boot a machine directly from the CD or USB stick without ever having to access the computer’s boot records. Not only are they a great way to take Linux for a test-drive, but they can also be put to work when Windows can’t.

By far the fastest way to get a LiveCD or USB is to download the .iso file of the Linux distribution you’d like to use and then burn it onto a CD or USB stick. Since Ubuntu is the most popular distribution out there, I’ll go with Maverick Meerkat–the latest version of the software–for this example.

Ubuntu can be downloaded from the project’s Website for use on a LiveCD or USB; download links for other distributions can be found listed on FrozenTech. UNetbootin is another nice option if you want to go the USB route, which tends to run much faster.

Of course, to take either of these options you’ll have to have a working, Internet-connected computer. If you don’t, or if your Internet connection is slow, you may want to order a LiveCD or USB via snail mail. OSDisc and LinuxCD both offer a variety of options; pricing is about $2.

2. Boot into Linux

Once you’re equipped with a Linux LiveCD or USB, you’ll need to make sure the infected computer is turned off, and then turn it on again with the CD or USB installed. This will boot the computer into Linux, completely bypassing Windows and its infection. Again, nothing has been installed — you’re simply using Linux to get the machine running reliably again.

3. Get Antivirus Software

Next it’s time to get the Linux-based ammunition you’ll need to wipe out the malware: antivirus software. I’m going to use ClamAV, my favorite, via ClamTK, which provides a nice graphical front end.

From the main Ubuntu desktop, then, go to “Applications” and then “Ubuntu Software Center.” Choose “Edit” and then “Software Sources.” You’ll be presented with a box entitled, “Downloadable from the Internet,” and you should be sure all four boxes are checked before you click on “Close.”

Next, from the main Ubuntu Software Center page, click on the “Accessories” icon and type ClamTK into the search box. It will be shown as “Virus Scanner,” but if you click on “More Info” you can verify it’s the right package. Click “Install” and wait for it to download.

Once installation is finished, you should launch ClamTK by going to “Applications” in Ubuntu’s main menu, then “Accessories” and “Virus Scanner,” which is how the software will still be shown.

4. Run a Scan

When the ClamTK window opens, click on the “Scan” tab and select the option for a Recursive Scan. Next, you’ll need to tell the software which drive you want to check for viruses, which in this case is the one that includes Windows. Scanning may take some time, but once the infection is found you’ll get the usual options for what to do with it, including quarantine and removal.

5. Return to Normal

Assuming the infection has now been removed, your computer should be clean once again, making it safe to remove the LiveCD or USB and boot back into Windows as usual. As you enjoy your malware-free machine once again, remember that it’s all thanks to Linux. It’s also not a bad idea to keep your LiveCD or USB handy so you’ll be ready for the next time.

How to secure a new PC

Fei — Thu, 30 Sep 2010 23:00:46 +0000

By Rosemary Hattersley
October 1, 2010

LONDON – The late-summer sales are great news if you’re a PC vendor: it’s one of the busiest trading periods outside of Christmas. Back-to-school purchasing is big business, and technology is one of its greatest beneficiaries.

The start of a new school or university term is the perfect time to invest in a home PC so the kids have a machine on which to do their homework. Students setting off for university or beginning post-GCSE education will almost certainly need a laptop on which to write essays and keep in touch with friends back home, too.

But the new term is also a good time for hackers and malware vendors. With all those new PCs and laptops in circulation, there are virgin terminals ripe for infection and inexperienced users busy getting to grips with their shiny new toys, rather than paying attention to what’s lurking with intent in the ether.

We don’t want to deter you from sending the kids off to university or setting up younger offspring with new PCs and laptops for homework. But you’ll want to ensure their machines will run infection-free and won’t leave your little dears with egg on their faces.

If you’ve just bought a new computer with this in mind, you’re no doubt enamoured of the slickness of the Windows 7 operating system. Although it’s no radical update to Vista, it’s a more immediately likable version of Windows to use. It offers improvements to home networking and introduces a more logical way of storing and accessing files. There’s also a more refined Security Center that allows you to manage many aspects of your new computer’s setup and to see, at a glance, the status of its various tools.

Even so, many of us are likely to skip spending time on such mundane aspects in favour of getting to know the more exciting capabilities of our new computers. This is human nature, but it could leave you exposed to a number of threats.

Here, we look at some of the most important security issues when setting up a new PC or laptop, and what you can do to ensure a safe computing experience.

Avoid common security issues

Create a protected Administrator account: The first thing to do when setting up a new machine is create the main user account and give it a name and icon. Your next step should be to add a password that will be required whenever you leave the computer unattended for more than, say, 15 minutes.

Add a Standard user account: You should use the primary account only when altering settings and installing/uninstalling programs. Set up a second account for other tasks. In Control Panel, User Accounts lets you add users, while ‘Change Account type’ lets you specify whether it’s a Standard or an Administrator account.

Get our free Security Advisor newsletter Security Advisor Security reviews Security news Internet security suites Antispyware software Antivirus software Free security downloads

Restrict access: Password-protect your second user account and assign it limited access privileges. You’ll still be able to perform most tasks using this account but, crucially, if a virus worms its way on to your PC, it won’t be able to make any changes to the Registry or install diallers or keylogging tools.

Secure your web connection: The web itself poses the biggest threat to your PC. Going online with no security software in place is foolhardy at the very least; doing so at an insecure location, such as an open wireless network, is asking for trouble. Crank up the privacy, security and content settings in your browser.

Get free antivirus protection: If nothing else, install free antivirus and firewall software. Microsoft’s Security Essentials is free. Other free options include Avast and AVG. Keep up to date by allowing the software to search for new malware definitions when prompted.
Perform regular scans: Previously renowned for hogging system resources, today’s antivirus programs shouldn’t impact your day-to-day PC use. It’s prudent to perform a full scan of your PC every once in a while. This is best scheduled to run overnight or when you aren’t using the PC.

Get our free Security Advisor newsletter Security Advisor Security reviews Security news Internet security suites Antispyware software Antivirus software Free security downloads
Use an effective firewall

A firewall forms a barrier between your PC and the outside world. It’s a bit like the membrane at the bottom of a pond, designed to prevent all the water from seeping out. You probably wouldn’t have noticed the slow leak of water – or data – which is why such a barrier is so valuable. Keylogging programs that get in via a back door such as an unsecured port or a less-than-robust email sentinel are often identified and hung out to dry by firewalls.

Windows has its own firewall in the form of Windows Defender, but you may prefer to use another. If so, deactivate the Windows one so they don’t have a showdown.

Time-limited trials

Although it can be useful to have a free trial of 30 days or longer for a well-known security suite preinstalled on your new PC, you’d do best to make a snap decision about whether it’s the security program you are going to depend on from now on.

If it is, buy the full version immediately. If it isn’t for you, choose another program and buy that instead (or use a free one such as AVG or Security Essentials). This way, you won’t fall into the common trap of thinking your computer is secure, only to find the trial has ended and your PC is infected.

Unencrypted wireless access

Wi-Fi networks and hotspots pose particular problems. Cheeky neighbours may piggyback your web connection, but an unencrypted router also leaves your PC vulnerable to attack and to being recruited as part of a botnet – a zombie army of infected PCs that could eventually form part of a distributed denial-of-service attack.

Older routers often come with a default blank or easy-to-guess password, such as ’1234′ or ‘password’. Newer routers tend to have more rigorous security settings and use Wi-Fi protected access (WPA) rather than the older, easier-to-crack wired equivalent privacy (WEP) encryption. A new router will also let you distance your connection from the spectrum your neighbour uses.

Safe surfing

Logging on to the free Wi-Fi at a hotspot makes perfect sense if you’re a student watching the pennies. It’s also very convenient to be able to check your email
or Facebook to see what friends are up to over a frothy cappuccino. It’s just as convenient for web snoops. For them, Wi-Fi hotspots are fertile hunting grounds.

Bluetooth can also leave you open to data interception, so turn off this powerful short-range transmission service except when you actively require it. This is just as applicable to your mobile phone as to your laptop. If you’re a BlackBerry owner and need to send sensitive information, the end-to-end encryption of the BlackBerry Email Server is your safest bet.

In any case, we strongly suggest you don’t use a wireless hotspot for web transactions such as buying an item on eBay or checking your bank balance. A well-timed glance over your shoulder or the surreptitious snap of a cameraphone could be enough to compromise the privacy of your bank login details.

Download dangers

It takes time to familiarise yourself with a new PC or laptop, particularly if the operating system on which it runs is also new to you. Spend some time getting to know the security setup for routine tasks such as downloading programs. Are these automatically scanned, or is there an assumption that a download you initiate must be safe? Many of us blithely click the Ok or Continue button when prompted to check whether Windows should install a downloaded program. A decent web browser will actively check for the presence of malware, but you should also routinely check for rogue software using your installed security suite’s scanner.

As per our previous advice, you may need to log out of your everyday account and into the one you’ve set up with full Administrator rights to install anything. Don’t forget to switch back to the other account afterwards.

Plug it in

It’s all too easy to bypass your own security setup: simply plugging in a USB flash memory drive can do the trick. USB drives are incredibly useful, but they ought to come with a warning. Tales are rife of viruses being spread around the office after an employee plugged in a drive they brought into the office with them from home, where it wasn’t virus-scanned.

Once a virus finds its way on to a networked device, it can quickly infect anything with which it comes into contact or that is connected to anything that’s also plugged in or accessible. It’s little wonder that educational institutions often don’t allow students to plug in their own memory sticks and have stringent security software in place to prevent infections being transmitted this way.

And malware isn’t the only risk to worry about – USB drives also make you vulnerable to data theft. Get a security-enabled USB drive that you can access only with a password or a fingerprint, and your data will be safer. At least if you lose the device in the bar or leave it in the library, no one can steal your notes, even if you don’t end up getting the drive itself back. Secure memory drives such as an Ironkey or a Victorinox Swiss Army USB key provide reassurance and, in the case of the latter, double as useful tools for other tasks.

Beware of strangers

Our final two security tips are particularly relevant to younger PC users, but ‘stranger danger’ is also pertinent for adults.

Once you’ve set up your new PC or laptop you’ll want to start reaching out to friends. ‘Friending’ people on Facebook and chatting online can be fun, but be cautious about what you divulge – particularly if you have never met somebody in person.

It’s all too easy to give away information about where you live, when you were born and when you’re going away. Thieves and data miners thrive on such fodder, while luring kids into adult conversations is a well-documented danger.

Parental responsibilities

Monitor your child’s web use by being present when they go online and use the parental controls in Windows and in Internet Explorer’s Internet Properties, Parental Controls settings menu to prevent them using instant-messaging clients when you’re not there.

As we outlined at the start of this guide, setting up separate user accounts for different family members can pay dividends here. A child’s user account that imposes time-of-day and content-suitability limitations, depending on their age and what you deem suitable, can lead to less anxious times and fewer arguments.

RP slides from Top 20 most-attacked countries by malware in Q2 of 2010, reports Kaspersky Lab

Fei — Thu, 09 Sep 2010 13:23:31 +0000

September 9, 2010

The Philippines disappeared from the top 20 countries that received malware attacks after being in the list for several months, according to a report by leading Internet security and content management developer Kaspersky Lab.

Bangladesh took on the 19th place of the Philippines, which received 1.25 percent of infection attacks.

The Philippines also slid in the list of countries having servers that host malicious applications from 8th place in Q1 of 2010 to 18th place in Q2. This is primarily due to the falling popularity of the Philippines as a host for malicious applications.

However, Kaspersky Lab virus analyst Yury Namestnikov said that while this is a positive trend for the Philippines, this does not mean that the attacks have lessened.

Namestnikov stressed that the change is only 0.2 percent for the Philippines and there was even a spike in activity of the peer-to-peer (P2P) worm Palevo, which also serves as bot-client. He warned that this particular worm is very efficient as an infected computer will be fully controlled by the source of the Palevo. It can spread through instant messengers like MSN, USB flash drives, and other P2P applications such as BearShare, Ares P2P, iMesh, Shareaza, Kazaa, among others.

He also warned that the IM-Worm.Win32.Sohanad.bm has been detected in over 20 percent of the Asian region making it the 4th most common malware. Namestnikov warned that this prevalence of the IM-Worm.Win32.Sohanad.bm could increase in the coming months.

“The serious development of the Internet in the Philippines during the last several months together with slow growth of security awareness will likely cause this country to make a comeback in the Top 20 list very soon,” Namestnikov said.

Meanwhile, over half a billion computer-related attacks using malicious applications have been detected and blocked during the months April to June 2010 in 288 countries, Kaspersky Lab reported.

This number showed that the growth of infection attempts have grown by an average of 4.5 percent per month over a period of three months. Meanwhile, the total number of malicious applications increased by 0.7 percent during this period with 8,540,223 detected.

The company reported that 203,997,565 infection attempts were detected. The most common malicious software infection came from Trojan.Win32.Generic having 12.02% of all infections. This has remained at the top of all vulnerabilities since the first quarter of this year.

Twenty-seven percent of these attacks were malicious scripts injected by cybercriminals into a variety of websites in the hope of targeting vulnerable computers. Exploits in Adobe Reader remained the most common.

Kaspersky Lab also indicated that it has detected 33,765,504 vulnerable files and applications in users’ computers. This indicated that one in four computers had at least seven unpatched applications, which could lead to attacks by malicious software. The most common attacks against a single application is Microsoft Office Excel having 39.45 percent of all known vulnerabilities.

botnets – groups of malicious applications running automatically and independently – remained at the top of malware incidents. The company detected the creation of new bots, worth noting of which is ZeuS (Zbot) Trojan. A new modification for this particular botnet was detected in April this year that had a relatively unsophisticated code that attacked .exe files. ZeuS which primarily targeted online banking accounts.

Another new botnet-making applications detected is TwitterNET Builder. While largely a proof-of-concept application, TwitterNET Builder builds new botnets using the social networking tool Twitter as a command-and control-center. One of the new botnets that came out using TwitterNET Builder is Backdoor.Win32.Twitbot, which can download and run files, conduct distributed denial-of-service (DDOS) attacks, and open websites specified by the bot’s owners.

While bots created using TwitterNET Builder were easily detected and eliminated, it points to potential use of popular social networking service to attack people’s computers.

Among the countries where attacks remained prevalent during the Q2 of 2010 are China (17.09 percent), Russian Federation (11.36 percent), India (9.30 percent), United States (5.96 percent), Vietnam (5.44 percent), Germany (2.65 percent), Malaysia (2.37 percent), Saudi Arabia (2.19 percent), France (2.14 percent), and Ukraine (2.11 percent) at 10th place.

Linux Trojan raises malware concerns

Fei — Mon, 14 Jun 2010 23:00:39 +0000

By Tony Bradley
June 15, 2010

SAN FRANCISCO – I’ve got good news and bad news for those of the misguided perception that Linux is somehow impervious to attack or compromise. The bad news is that it turns out a vast collection of Linux systems may, in fact, be pwned. The good news, at least for IT administrators and organizations that rely on Linux as a server or desktop operating system, is that the Trojan is in a game download so it should have no bearing on Linux in a business setting.

An announcement on the Unreal IRCd Forums states “This is very embarrassing…We found out that the Unreal3.2.8.1.tar.gz file on our mirrors has been replaced quite a while ago with a version with a backdoor (trojan) in it. This backdoor allows a person to execute ANY command with the privileges of he user running the ircd. The backdoor can be executed regardless of any user restrictions (so even if you have passworded server or hub that doesn’t allow any users in).”
The post goes on to say “It appears the replacement of the .tar.gz occurred in November 2009 (at least on some mirrors). It seems nobody noticed it until now.”

Unreal is a popular first-person shooter game–similar to Doom or Quake. I don’t have any numbers on the total downloads since November of 2009, but it seems safe to assume there are a lot of Linux systems out there compromised by a backdoor Trojan.

However, none of those systems should be in a place of business, so the risk from a business perspective is not very high. IT administrators can learn, though, from the mea culpa at the end of the UnrealIRCd Forums post. “We simply did not notice, but should have. We did not check the files on all mirrors regularly, but should have. We did not sign releases through PGP/GPG, but should have done so.”

Basically, because of the false sense of security provided by Linux it simply never occurred to anyone to check if the software might be compromised. Combining that false sense of security with the security by obscurity factor that Linux makes up less than two percent of the overall OS market and isn’t a target worth pursuing for attackers, means that many Linux owners have zero defenses in place.
To be fair, Linux experts are aware that the operating system is not bulletproof. You can pick any flavor of Linux, and its accompanying tools and applications and find hundreds of vulnerabilities. The difference–according to the many lectures I have received in the comments of articles I have written on Windows security–is that the way the Linux OS is written makes it harder to exploit a vulnerability, and that because its open source vulnerabilities are fixed in hours rather than months.
The lesson for IT Admins managing Linux is to be more vigilant. Linux is not impervious to attack. Hopefully the Linux systems in a business environment aren’t running Unreal, but it’s quite possible that Unreal is not the only compromised software available.
Linux does not have the vast array of threats facing it that Windows systems do, but there are still threats. Even if those threats aren’t exploited through a quickly-spreading worm, they are still there and represent a potential Achilles heel in your network security if not monitored and protected.

Don’t make the mistake of simply assuming Linux systems are safe because they’re Linux systems. Implement similar security controls and policies for Linux as you have in place for Windows systems and you can prevent being pwned by a backdoor Trojan for months without even knowing about it.

Why Google’s Windows ban doesn’t make sense

Fei — Sun, 06 Jun 2010 22:59:03 +0000

By Preston Gralla
June 7, 2010

SAN FRANCISCO – Google’s move to ban Windows for internal use was ostensibly for security reasons. But that looks more like a convenient excuse than anything else, because there are plenty of reasons the ban doesn’t make sense.

Google’s ban of Windows implies that the China attack was a garden-variety Trojan or piece of malware that infected individual PCs. In fact, nothing could be further from the truth. The attack on Google was extremely sophisticated and highly targeted. Dmitri Alperovitch, vice president of threat research for McAfee, told Wired Magazine, “We have never ever, outside of the defense industry, seen commercial industrial companies come under that level of sophisticated attack. It’s totally changing the threat model.”

Almost a dozen pieces of malware and multiple levels of encryption were used in the attack. Many people believe the Chinese government was involved, which means a substantial amount of time and work went into it.

What does this mean? Even if Windows wasn’t being used, Google still would have been targeted. Given the resources behind the attack, there’s a reasonable chance it would have succeeded. So banning Windows won’t keep Google safe.

Also, Macs are vulnerable as well. Mac fans will tell you time and time again Macs are not vulnerable to security risks. It simply isn’t true. Just yesterday, for example, security firm Intego reported that it uncovered spyware on freely distributed Mac applications. There are more Windows attacks because there are more Windows machines. Google switching users from Windows to Macs won’t keep them safe from targeted attacks like the Chinese one.

Plenty of analysts have said the ban won’t make Google any safer. John Pescatore, an analyst at Gartner who specializes in security issues told Computerworld “If [hackers] know that Google uses Macs, then they’ll just target the company with Mac malware. And Mac malware exists.” Michael Gartenberg, an analyst with the Altimeter Group, added, “The idea that security is behind this is a little bogus. Windows seems pretty good for Fortune 500 companies.”

So why did Google ban Windows? One potential reason is to promote the use of its upcoming Chrome OS. And certainly, Google doesn’t want to miss a chance to criticize Windows in the hopes of moving people away from Microsoft Office and onto Google Docs.

It’s not clear, though, that Google is any safer after banning Windows than before.

Adobe products: hackers’ number one target in Q1 of 2010

Fei — Sun, 06 Jun 2010 00:47:47 +0000

June 6, 2010

According to Kaspersky Lab’s report ‘Information Security Threats in the First Quarter of 2010,’ Adobe products are currently the primary targetfor hackers and virus writers worldwide due to their prevalence and multi-platform capabilities. Furthermore, users of Adobe products are often unaware of the potential threat they are exposed to by opening PDF files of unknown origin.

Among the many varieties of exploit that were detected, the Exploit.Win32.Pdfka family with 42.97% was by far the most popular. This exploit takes advantages of vulnerabilities in Adobe Reader and Adobe Acrobat.

The Top 10 exploit families detected on the Internet

When added together, two families of exploits targeting Adobe products, Exploit.Win32.Pdfka and Exploit.Win32.Pidief, account for a total of 47.5%, or nearly half of all detected exploits. These exploits are PDF documents containing Javascript scenarios that, without the user’s knowledge or consent, download and launch other pieces of malware direct from the Internet.

The report highlights the fact that many users of Adobe products have not installed the patches designed to remove the software’s vulnerabilities and therefore remain susceptible to attack. Among the top ten most prevalent software vulnerabilities detected on users’ computers over the first three months of 2010, three were found in Adobe products, six were found in Microsoft products, and one was found in a Sun product. The three vulnerabilities targeting Adobe’s programs were found on 23.37%, 17.87%, and 15.27% of the computers examined, with the first and last being critical vulnerabilities that allow remote hackers to take full control of a system.

One of the vulnerabilities in Adobe’s products that became public knowledge over three years ago has had a patch available for all that time, which just goes to show that many users are still not updating their software. To resolve this problem, Adobe launched last April 13 an automated update service that runs in the background. Developers are hoping that this will help reduce the number of unpatched applications that are so appealing to cybercriminals.

The full quarterly report, titled Information Security Threats in the First Quarter of 2010, can be found at www.securelist.com.