Continuing the battle with the bad guys, G Data has released its MobileSecurity product for Android smartphones and tablets. MobileSecurity is designed to protect the data on phone from viruses, malware and spyware. Apps have to gain authorisation from the user before the app can make calls, send text messages or transfer data. Other features include app blacklisting and app checking during installation. Of course, there are regular updates to the software to keep the protection up-to-date.
Eddy Willems, Security Evangelist at G Data commented: “Malware writers are entrepreneurs: always looking for the best return on investment. According to analysts, Gartner and IDC, Android seems to be the market leader in mobile operating systems, so it is logical that cyber criminals will target the platform. Android malware can be easily spread through apps, which is another reason the platform is targeted. Not only did the beginning of 2011 see the emergence of this trend, but it also saw Android take the lead as the most targeted mobile operating systems in terms of malware. So it is the perfect time to introduce a solution for the protection of Android devices, as we expect a large increase in this area.”
Marketing puff aside, as we’ve seen in the past few weeks with the Mac malware and the Gmail spearphishing, there are criminals out there working out how to attack every major platform. And f they can’t beat the platform directly, they’ll go after the user, which is often the weakest link.
G Data’s MobileSecurity is available for £9.99 from a range of Android app stores or is free with G Data’s 2012 range of security products.
If you or a friend have been conned into installing one of the fake anti-virus tools that has been doing the round recently, you’ll be delighted to hear that G Data are offering a free tool to remove the most prevalent type of scareware, “System Tool”.
Many of us will have seen those pop-ups claiming that our PCs have been infected and most of us will have dismissed them for the scams that they are. However, some people are taken in and G Data has seen an increase of 35% over the past 15 months in this type of fake AV. And if you are taken in, it’s a double whammy, with the criminals getting your credit card details while your PC remains under their control for further malicious activity.
“The development and deployment of scareware has become a highly profitable business. Fake antivirus programs have a double benefit for cyber criminals: they receive money from users who purchased a ‘full version’ of their useless tools and they get hold of the victims’ credit card data. To make matters worse: the fake AV programs often also put online criminals in a position that allows them to download additional malware onto their victims’ computers”, explains Eddy Willems, Security Evangelist at G Data.
The instructions for running the cleaner program is:
1. Download G Data FakeAV Cleaner from the G Data website: http://www.gdatasoftware.co.uk/support/downloads/tools.html. It’s down at the bottom of the page.
2. Run the G Data FakeAV Cleaner setup file. The G Data FakeAVCleaner “System Tool” has to be executed with the Windows user account that is infected. As the FakeAV “System Tool” shuts down all user initiated programs which do not have any kind of reserved name, like explorer.exe, winlogon.exe or svchost.exe and many more, the file name for the G Data FakeAVCleaner is svchost.exe
3. Reboot the computer to finalise the installation.
If you are interested in the background to this kind of threat, G Data have a complementary blog post discussing some of the issues and demonstrates a scareware infection.
G Data’s been busy. After releasing their malware protection for Android, they’ve also extended their safety net into the internet. G Data‘s CloudSecurity is a free browser plug-in designed to block phishing sites and protect against websites pushing malware. The plug-in can be used with Mozilla Firefox and Internet Explorer and it’s available as a free download from free-cloudsecurity.com.
CloudSecurity blocks dangerous websites before they can cause harm to your PC or steal your data. And the more people who use CloudSecurity, the better it gets. Users can report suspicious websites via the plug-in back to G Data, whose experts then check over the websites to see if they are dangerous or not. If they are, they get added to the black list.
If you are currently availing of some of the free AV solutions out, then this sounds like a useful complementary (and complimentary) product.
(This type of product seems to be flavour of the month as Todd also mentioned a similar product in GNC #652 last week – Web of Trust.)
The Android OS has already attracted the attention of malware and virus writers looking for new ways to extort money from unsuspecting victims. The BBC reported back in August of 2010 on a Russian media player that sent premium rate text messages, thus earning the virus writer hefty referral fees. More recently, the Geinimi trojan had been collecting personal info and passing it on to some Chinese remote servers.
G Data Software today announced their MobileSecurity solution for Android 2.0 and above to guard against malware and other fraudulent programs. By monitoring activity on the phone or tablet, it can detect unwanted sending of SMS text messages or web browsing in the background.
Using the security app on the smartphone, the user can authorise the activity of known apps but block those apps which start acting in an unexpected fashion. The security app will also maintain a blacklist of Android malware which is regularly updated with downloads from G Data.
Available from April 2011 for £9.99 from the Google Market Place or free to existing G Data customers from G Data’s website.
Digital security firm Sophos today released their Security Threat Report for 2011, which reviews all the ways that the bad guys are out to get you. It’s a glossy 52 page report and is worth a quick read to understand the threats that are out there, especially in areas that you might not be familiar with.
The report covers the key threats from 2010:
- Fake anti-virus software and scareware – through a warning dialog, users are scared into paying for and installing fake anti-virus software, which at best does nothing and at worst steals passwords and credit card information.
- SEO poisoning – manipulating search engine results to point users to fake and rogue websites, which are loaded with browser exploits and malware.
- Clickjacking or UI redressing – hiding malicious buttons underneath innocuous images, e.g. clicking on a “Like” or “Share” image actually emails out malware to all the users friends.
- Survey scam – in order to complete a questionnaire that typically offers a non-existent but sought-after prize, software has to be installed or access given to personal data. This information is then used to propagate the questionnaire onwards, earning affiliate revenue for the application developer.
- Spam – not exactly a new entrant in 2010 but the rise of spam on social networking sites is an increasing problem.
- Spearphishing – a variant on the original phishing but in this case the attack is well targetted and much more convincing and consequently more likely to succeed.
- Stuxnet worm – a traditional vector but with a new target, the Stuxnet worm went after SCADA systems and industrial PLC controllers. Very sophisticated, leading to conspiracy theories involving industrial sabotage.
- Malvertising – the infection of advertising on legitimate websites that links to malware or fake anti-virus software.
- Compromised sites and accounts – Legitimate websites and typically celebrate accounts are hacked to serve infected webpages or link to malware sites.
The report briefly covers the threats posed to iOS, Android, Windows 7 and Blackberry smartphones before moving onto to review issues with Facebook, Adobe products, removeable media and USB drives. Windows 7 and OS X are also discussed.
The report continues with some of the success stories when the justice system has managed to catch up with the criminals before closing with advice and guidance on how to avoid getting hit.
Give it a read. Warning – 4MB .pdf download.
Sophos has published its quarterly report into spam and the USA remains top of the league for spam-relaying, being responsible for nearly 19% of all spam messages. India follows with a little under 7% and then Brazil, Russia and the UK finishing the top 5 on 4.5%.
The vast majority of spam does not come directly from spammers’ servers, but rather from PCs that have been compromised by trojans or other malware and are now under the control of the criminals. This allows spam to be passed on by PCs without the owners’ knowledge – this is spam-relaying. Consequently, these figures indicate that huge numbers of PCs in the US are infected and under the control of the spammers.
Sophos also notes that the nature of spam is changing. Previously, pharmaceutical products would have been the mainstay of the spammers’ output but increasingly the spam is spreading malware and phishing for account information. As an aside, an estimated 36 million Americans purchased drugs from unlicensed online sellers.
The top spam relay countries for the last quarter were:
|8. S Korea
“Spam is certainly here to stay, however the motivations and the methods are continuing to change in order to reap the greatest rewards for the spammers,” said Graham Cluley, senior technology consultant at Sophos. “What’s becoming even more prevalent is the mailing of links to poisoned webpages – victims are tricked into clicking a link in an email, and then led to a site that attacks their computer with exploits or attempts to implant fake anti-virus software.”
Sophos also warns that social networks are increasingly attracting the attention of criminals through malicious apps, stolen profiles and junk messages.
German security firm G Data put out an interesting press release last month regarding the expected successor to the Zeus trojan, which infected millions of PCs and captured bank account details. The new trojan, Ares, has a similar modular design, allowing it to be easily configured for a range of target activities.
Malware is big business and a software development kit for Ares is already available to buy on-line, either for an upfront payment of $6,000 or else on a licensing model for when modules are subsequently sold on. There’s even a cut-down version at $850.
The developer of Ares talked about the new malware in an underground forum. According to the author, Ares is “not focused on banking. Every copy of Ares is unique to its customer and it has the same banking capabilities as Zeus & SpyEye which can be added provided the customer wants it. I actually consider this more of a platform which is customized to each buyers liking.”
Without a doubt, malware and virus writing is no longer the domain of the insecure nerd trying to prove his expertise to his peers. This is now business, criminal business, with significant money involved. And when they catch the writer, I hope that the penalties will be commensurate.
Unless you want to be a victim, make sure you have virus and malware protection in place and keep it updated.