Are Russian Hackers Exploiting Android?

Russian mobile malware factories are working with thousands of affiliates to exploit Android users, a security company has claimed.

According to Lookout Mobile Security the system is so efficient that almost a third of all mobile malware is made by just 10 organisations operating out of Russia. These “malware HQs” are pumping out nasty toll fraud apps, largely aimed at Android users, which force the user to call premium rate numbers the report said.

Thousands of affiliate marketers are also profiting from the scheme and helping spread the malware by setting up websites designed to trick users into downloading seemingly legitimate apps. Affiliates can make up to $12,000 a month and are heavy users of Twitter.

The report’s release at the DEF CON 21 conference in Las Vegas indicated that Lookout Mobile Security are working with the spooks to bring the crooks down. The malware HQs had gone to great lengths to obfuscate and encrypt their code to make detection tricky, but their advertising was pretty brazen.

Source

Phishing Attacks Increasing

Security researchers at Kaspersky Lab have reported significant growth in phishing attacks over the last year.

In a study entitled “The Evolution of Phishing Attacks”, Kaspersky said it found 37.3 million out of its 50 million customers running its security products that were at risk of being phished from 2012 to the present, an 87 percent increase over the same period between 2011 and 2012.

“The nature of phishing attacks is such that the simplest types can be launched without any major infrastructure investments or in-depth technological research,” Kaspersky said in the report.

“This situation has led to its own form of ‘commercialization’ of these types of attacks, and phishing is now being almost industrialized, both by cybercriminals with professional technological skills and IT dilettantes.”

The security firm explained that overall, the effectiveness of phishing, combined with its profitability for criminals and how simple the process is to undertake has led to a steadily rising number of these types of incidents.

Kaspersky noted that most of the victims in 2012-2013 were located in just ten countries, that is, Russia, the US, India, Germany, Vietnam, the UK, France, Italy, China and Ukraine. These 10 countries were home to 64 percent of all phishing attack victims during this time.

In addition to a rise in the number of users attacked, the number of servers involved in phishing attacks also increased, Kaspersky said, without giving any exact numbers. Though the firm did reveal that internet giants like Yahoo, Google, Facebook and Amazon are the top targets of malicious users.

“Online game services, online payment systems, and the websites of banks and other credit and financial organizations are also common targets,” the firm added, warning users to stay vigilant when entering personal data.

Source

Lenovo Soars

PC sales in China and high growth in smartphones sales helped boost Lenovo’s net profit for its fiscal fourth quarter by 90% year-over-year.

For the quarter ended March 31, Lenovo’s net profit was $127 million, the company said on Thursday. Revenue shattered records and was at $7.8 billion, growing 4% from the same period last year.

In Lenovo’s home market of China, the company had an operating margin of 4.9%, an increase of 8% year-over-year. The company also saw continued profitability in its mobile devices business, which makes up 9% of its overall sales. At the end of the quarter, Lenovo’s smartphone shipments were up 206% year-over-year.

Globally, PC shipments were down 13.9% year-over-year in the quarter, the market’s steepest decline since research firm IDC began tracking the market in 1994. Lenovo itself posted flat year-over-year PC shipment growth in the period.

Smartphone and tablet popularity have hurt PC sales, according to analysts. Computers running Microsoft’s Windows 8 have also failed to drum up consumer interest in the previous two quarters.

Source

Lenovo, however, has managed to weather the slowdown by taking advantage of the Chinese PC market, where it has an over 30% market share. Close to half of the company’s revenue comes from the country, now the world’s largest PC market.

The company is now close to surpassing leading PC vendor HP for the top spot. The company had a 15.3% share of the market in this year’s first quarter, while HP had a 15.7% share.

But the Chinese PC maker also plans to focus more of its investment on tablets, smartphones and enterprise hardware, the company’s CEO Yang Yuanqing said in a statement. Earlier this year, Lenovo also reorganized its operations to sharpen the company’s branding and compete better in high-end products.

For the current fiscal year, Lenovo aims to ship 50 million smartphones, up from 30 million last year, Yang said Thursday in an earnings call. It aims to ship 10 million tablets, a five-fold increase from the previous fiscal year.

Most of Lenovo’s smartphone sales come from China, but the company has also begun selling handsets in the emerging markets of Russia, India, Indonesia, the Philippines and Vietnam. In addition, Lenovo is preparing to bring its smartphones to the U.S. and European markets, Yang said, without saying when.

Is Twitter Home To Malware?

Security outfit Trusteer has recently identified an active configuration of TorRAT targeting Twitter users. The malware launches a Man-in-the-Browser (MitB) attack through the browser of infected PCs, gaining access to the victim’s Twitter account to create malicious tweets.

Dana Tamir, Enterprise Security Director for Trusteer the malware, which has been used as a financial malware to gain access to user credentials and target their financial transactions, now has a new goal: to spread malware using the online social networking service. At this time the attack is targeting the Dutch market. But since Twitter is used by millions of users around the world, this type of attack can be used to target any market and any industry.

The attack is carried out by injecting Javascript code into the victim’s Twitter account page. The malware collects the user’s authentication token, which enables it to make authorized calls to Twitter’s APIs, and then posts new, malicious tweets on behalf of the victim.

Tamir said that the attack is particularly difficult to defend against because it uses a new sophisticated approach to spear-phishing. Twitter users follow accounts that they trust. Because the malware creates malicious tweets and sends them through a compromised account of a trusted person or organization being followed, the tweets seem to be genuine. The fact that the tweets include shortened URLs is not concerning: Twitter limits the number of characters in a message, so followers expect to get interesting news bits in the form of a short text message followed by a shortened URL. However, a shortened URL can be used to disguises the underlying URL address, so that followers have no way of knowing if the link is suspicious.

Source

AT&T Gets GM

AT&T Monday said it will provide LTE wireless services to most General Motors automobiles starting in 2014 in the U.S. and Canada.

A multi-year agreement between AT&T and GM subsidiary OnStar calls for vehicles to continue getting OnStar’s safety and security services while adding information and entertainment services for backseat drivers, AT&T said.

Millions of vehicles will be affected, as AT&T rolls out LTE to reach 300 million people in the U.S. by the end of 2014.

The AT&T-GM announcement is part of an explosion in the number of devices connected to the Internet, many of them wirelessly, in what some have termed the “Internet of Things.”

“The is a big announcement for connected devices,” Glenn Lurie, president of emerging enterprises and partnerships at AT&T, said in an interview at Mobile World Congress here.

Source…

Kaspersky Finds New Malware

Kaspersky Lab has discovered three Flame spyware related malware threats that it said use “sophisticated encryption methods”.

Kaspersky claims that it uncovered the three new hostile programs while analysing a number of Command and Control (C&C) servers used by Flame’s creators.

“Sophisticated encryption methods were utilised so that no one, but the attackers, could obtain the data uploaded from infected machines,” the firm’s statement read.

“The analysis of the scripts used to handle data transmissions to the victims revealed four communication protocols, and only one of them was compatible with Flame.

“It means that at least three other types of malware used these Command and Control servers. There is enough evidence to prove that at least one Flame-related malware is operating in the wild.”

The discovery of the three programs indicates that Flame’s Command and Control platform was being developed in 2006, four years earlier than first thought.

Flame was originally uncovered in May targeting Iranian computer systems. The malware drew widespread concerns within the security industry regarding its advanced espionage capabilities.

The full scale of Flame and its overarching implications remain unknown, despite the ongoing joint research campaign being mounted by Kaspersky, IMPACT, CERT-Bund/BSI and Symantec.

“It was problematic for us to estimate the amount of data stolen by Flame, even after the analysis of its Command and Control servers,” said Kaspersky’s chief security expert, Alexander Gostev.

Following the discovery of the three new related programs, Kaspersky’s chief malware expert Vitaly Kamluk told The INQUIRER that Flame is not the only one in this big family.

“There are others and they aren’t just other known malwares such as Stuxnet, Gauss or Duqu,” he said. “They stay in the shadows and no one has published anything about them yet. Others were probably used for different campaigns.”

Kamluk added that it is “very possible” there are more than the three listed in Kaspersky’s report.

“They started building RedProtocol, yet another ‘language’ for unknown malware. No known client types are using that one, which means that there is even more malware out there,” he added.

Source…

Remote Access Tools Threatens Smartphones

Malware tools that allow attackers to gain complete remote control of smartphones have become a major threat to owners around the world, security researchers say.

In a demonstration at the RSA Conference 2012 here Wednesday, former McAfee executives George Kurtz and Dmitri Alperovitch, who recently founded security firm CrowdStrike, installed a remote access tool on an Android 2.2-powered smartphone by taking advantage of an unpatched flaw in WebKit, the default browser in the OS.

The researchers showed an overflow audience how the malware can be delivered on a smartphone via an innocuous looking SMS message and then be used to intercept and record phone conversations, capture video, steal text messages, track dialed numbers and pinpoint a user’s physical location.

The tools used in the attack were obtained from easily available underground sources, Kurtz said. The WebKit bug, for instance, was one of 20 tools purchased from hackers for a collective $1,400.

The remote access Trojan used in the attack was a modified version of Nickispy a well-known Chinese malware tool.

Learning how to exploit the WebKit vulnerability and to modify the Trojan for the attack, was harder than expected, said Kurtz. He estimated that CrowdStrike spent about $14,000 in all to develop the attack.

But the key issue is that similar attacks are possible against any smartphone, not just those running Android, he said.

WebKit for instance, is widely used as a default browser in other mobile operating systems including Apple’s iOS and the BlackBerry Tablet OS. WebKit is also is used in Apple’s Safari and Google’s Chrome browsers.

Several mobile remote access Trojans are already openly available from companies pitching them as tools that can be used to surreptitiously keep tabs on others.

Source…

Did Google Bypass Privacy Rules?

In the wake of reports that Google had circumvented privacy settings in Apple’s Safari browser, Microsoft announced today it had discovered that the Web giant had done the same with Internet Explorer.

“When the IE team heard that Google had bypassed user privacy settings on Safari, we asked ourselves a simple question: is Google circumventing the privacy preferences of Internet Explorer users too?” IE executive Dean Hachamovitch wrote in a blog post this morning. “We’ve discovered the answer is yes: Google is employing similar methods to get around the default privacy protections in IE and track IE users with cookies.”

The blog post, which details Microsoft’s findings and offers privacy protection tips, said it has contacted Google about its concerns and asked it to “commit to honoring P3P privacy settings for users of all browsers.”

Google countered that Microsoft backs a system that is dated and impractical.

“It is well known–including by Microsoft–that it is impractical to comply with Microsoft’s request while providing modern Web functionality,” Rachel Whetstone, senior vice president of communications and policy for Google, said in a statement to CNET this evening. “We have been open about our approach, as have many other Web sites.”

P3P, or Platform for Privacy Preferences, is an official recommendation of the World Wide Web Consortium that sites use to summarize their privacy policies.

Source…

Google Defends New Privacy Policy

In a letter sent to eight members of Congress, Google yesterday defended its decision to consolidate its privacy policies and users’ personal information.

The 13-page letter explains Google’s decision to change its privacy policies and answers specific questions from the legislators. In sum, Google contended that its approach to privacy remains the same, that users still have control over how they use the company’s various online services, and that private information stays private.

“Some have expressed concern about whether consumer can opt out of ourupdated privacy policy,” wrote Pablo Chavez, Google’s director of public policy, in the letter.

“We understand the question at the heart of this concern. We believe the relevant issue is whether users have choices about how their data is collected and used. Google’s privacy policy – like that of other companies – is a document that applies to all consumers using our products and services. However, we have built meaningful privacy controls into our products, and we are committed to continue offering those choices in the future,” he added.

Google stirred up something of a privacy firestorm last week when company executives disclosed plans to rewrite privacy policies and to meld user information across its various products and services.

.

Source…

Lawsuit Says Microsoft Illegally Tracks Customers

Microsoft allegedly tracks the location of its mobile user even after customers request that tracking software be turned off, according to a new lawsuit.

The proposed class action, filed in a Seattle federal court on Wednesday, states Microsoft intentionally designed camera software on the Windows Phone 7 operating system to ignore customer requests that they not be tracked.

A Microsoft representative could not immediately be reached for comment.

The lawsuit comes after concerns surfaced earlier this year that Apple’s iPhones collected location data and stored it for up to a year, even when location software was supposedly turned off. Apple issued a patch to fix the problem.

However, the revelation prompted renewed scrutiny of the nexus between location and privacy. At a hearing in May, U.S. lawmakers accused the tech industry of exploiting location data for marketing purposes — a potentially multibillion-dollar industry — without getting proper consent from millions of Americans.

The lawsuit against Microsoft cites a letter the company sent to Congress, in which Microsoft said it only collects geolocation data with the express consent of the user.

« Previous Page — Next Page »