Tag Archives: malware

Have You Been Gooliganed?



Check Point LogoA quick public service announcement….at the end of November security firm Check Point and Google announced that a variant of Ghost Push malware called Gooligan had infected over million Google accounts, with numbers increasing every day. The malware is present in apps typically downloaded outside of Google Play and infects devices on Android 4 (Jelly Bean and KitKat) and 5 (Lollipop).

Gooligan
Courtesy of Check Point

If infected, the malware exposes “messages, documents, photos and other sensitive data. This new malware variant roots devices and steals email addresses and authentication tokens stored on the device.” so it’s not very nice.

Fortunately, the team at Check Point have developed a tool which checks if your Google account has been compromised. All you have to do is enter the email address associated with your Android device.

While we are on the subject, if you want to check if your email address has been garnered in any of the recent security breaches, check out haveibeenpwned.com which tells you who’s been sloppy with your details (thanks, Adobe and LinkedIn).


Twitter banning Bit.ly, other URL Shortners on Direct Messages (DM)



Twitter logoToday I was trying to send a direct message to a friend. Included was a bit.ly link to a page I needed him to see. For some reason, Twitter kept saying there was an error and cannot send the DM. After checking his page to make sure he was still following me and sending a couple test DMs successfully, I realized the problem was the bit.ly link.

I did a search and found that indeed – Twitter was blocking DMs with bit.ly links. They found many different links could not be sent via DMs. CBS.com was one of those who were blocked by Twitter DMs.

Of course, this is because of Twitter allowing n0n-followers to DM people. You have to opt-in to the option, but with this you can get messages from many different people.

The Twitter error Message Needs to Be Fixed

So direct messaging with a link could come back saying the person might not be following you. That could be totally confusing – especially if you know they are. I almost chalked it up as a twitter database error but decided to check and see if there was any changes.

The only advantage of allowing non-followers to DM is if your Twitter account is a corporate one or you have over 10,000 followers and don’t want to follow them all back.

The Problem with Blocking Bit.ly – the Mask-Around

Spammers are smart and/or intuitive. Instead of using bit.ly, they’ll use another system that gets around the twitter issue. Twitter might then block that, but in the meantime, you don’t see a bit.ly link – you see a My.website link. Give a spammer/hacker 2-3 days with an $8 /year website domain and they could make enough to buy another $8 domain and start the process over again.

Of course this is a very common problem with url shorteners. Tiny URL added spam block and virus protect tools shortly after they started. Bit.ly also has some preventative measures (using companies like Sophos, Verisign, Websense and more). Still, they are not responsible for 3rd party content using their links.

Bottom Line – Don’t click on unknown links

Usually bad links start with “Hey, is this you” or “I got a way you can make money” which really translates to “I got a way for ME to make money using you”. If you choose to opt-in to letting anyone DM you, keep in mind you will get spam in your message box. If you don’t feel confident you can sniff out the good from bad, then simply don’t check the box.


Fake Bad Piggies Malware Hits Google Play, Android Phones



Bad-PiggiesIf you are a fan of the Angry Birds series, then you know about Bad Piggies – a sequel to the popular bird game. Security company F-Secure detected there was a faux app in the Play store that looked and felt like the Bad Piggies by Rovio. However, this app had a slight alteration to the name (Bad Pigs) and a different developer name.

Since the detection, Google Play has removed this malware version from their store. Unfortunately  10,000 downloads have occurred since May 25, 2013. The app asks the user for permission to do more than just push notification and simple data collection.

If any app asks for more information – including full access to your location and personal information, you should remove the app and report it. Usually trojanized apps are popular games, since they see more downloads.

Bad Piggies is a free app that sees between 10,000 – 50,000 app downloads on Google Play. It is available on Android and iOS apps, along with Mac and PC.

If you are one of the duped app users, simply delete the app through Android App Manager.


GNC-2012-04-13 #757 Are you an Enabler?



I have a couple of fantastic stories to tell you tonight, but you have to listen all the way through to get the impact. I leave for Vegas and NAB tonight. I would expect the Monday show to be a complication of content from the first day at NAB. Next weeks Thursday show may be a challenge as I get back into Honolulu very late.

Support my Show Sponsor: 5 Best Godaddy Promo Codes
30% Off on GoDaddy Products & Services cjcgeek30
$4.99 GoDaddy coupon for a New or Transferred .com domain cjcgeek99
$1.99 a month Economy Hosting with a free domain name. Promo Code: cjcgeek1h
$2.99 a month Managed WordPress Hosting with free Domain name. Promo Code: cjcgeek1w
Support the show by becoming a Geek News Central Insider

Download the Audio Show File

Links to all the articles talked about in this Podcast are on the Show Notes Page [Click Here]


G Data Mobile Security for Android



G Data’s Mobile Security provides anti-virus and security monitoring for Android smartphones and tablets. Is this really necessary, you might ask, but I think after some of the recent malware removals by Google, there’s sufficient evidence that Android will increasingly be a target for malware and virus writers. Such is life.

Mobile Security provides three main functions, on-demand scans, blacklist control and authorisation checks for installed apps, all controlled from a main home screen.

G Data Mobile Security Main Screen

Tapping on any of the four areas will show the next screen for that function. Here’s the on-demand virus scanning – no surprises there – but Mobile Security also scans apps as they are installed from the Android Market (or elsewhere presumably) which gives additional protection against malicious software.

G Data Mobile Security Virus Scanning

The Permissions area shows a set of controlled features such as calls and internet access, and by selecting a particular feature Mobile Security shows the apps that have permissions for that feature. I thought that you might be able to then select an application and revoke its permissions to, say, access the internet, but the only option is to uninstall the app.

G Data Mobile Security Permissions    G Data Mobile Detailed Security Permissions

A settings screen is accessible from the menu key which provides greater control over the behaviour of Mobile Security’s activities. Usual stuff about scan intervals and automatic scans but all good stuff.

G Data Mobile Security Settings

The Logs area shows what Mobile Security has been doing and Update simply checks that the virus signatures are current and up-to-date. Nothing unexpected here.

G Data Mobile Security Logs

Unfortunately, I didn’t have any malware to hand so I wasn’t able to test out Mobile Security’s detection and disinfecting abilities but I would imagine that G Data’s got that covered.

It’s a free download from the Android Market to try it out, but it’s £9.99 per year to get updates for new malware and viruses. Alternatively, purchases of other G Data security products such as  G Data AntiVirus include a Mobile Security licence as part of the package.

The licence for this review was provided free of charge by G Data. Thanks.

 


Mobile Malware Rises



With the rise of smartphones and tablets, it’s not exactly unsurprisingly that they’ve increasingly become a target for cyber criminals and other unscrupulous individuals. In the first half of this year, malware for portable devices increased by 273% compared with 2010.

Cross-platform Trojans are the main source of the growth and most of these viruses are designed to enable spamming or other criminal activities. “With mobile malware, cyber criminals have discovered a new business model,” explains Eddy Willems, Security Evangelist at G Data. “At the moment, the perpetrators mainly use backdoors, spy programs and expensive SMS services to harm their victims. Even though this special underground market segment is still being set up, we currently see an enormous risk potential for mobile devices and their users. We are therefore expecting another spurt of growth in the mobile malware sector in the second half of the year.

If you think that it’s just hyperbole, think again. Zsone, an Android app in the Google Android Market sent subscriptions to Chinese premium SMS numbers and then intercepted the confirmations. The only way the user knew they’d been scammed was when the bill came in.

PC malware is on the rise too with a nearly 16% rise in the last six months. The graph below shows the rise of new malware each year since 2006 and if the growth continues, there will be more new malware in 2011 than 2006-09 combined.

It’s a bad world out there, so be careful no matter what platform you are on. Just because it’s a phone and not a PC, it doesn’t make you invulnerable.


Malware Myths



GData has found that many people’s preconceptions about malware are wrong and are putting them at risk of malware infection. The vectors for viruses and trojans have significantly changed in the past couple of years and infections now mainly come from websites rather than emails and USB sticks. The growth of malware in the past five years has been phenomenal and since 2005, over 2 million malware threats have been identified.

GData surveyed nearly 16,000 web users in 11 countries regarding their views on internet threats. People are generally more knowledgeable now, with only 4% admitting to having no antivirus software on their computer, although 5% didn’t know. 48% of those questioned have free AV software and 41% have paid software. The survey is not entirely clear if it was Windows PCs only or any computer, including OS X and Linux.

GData identified 11 malware myths that can lead to a higher risk of infection. Here they are.

Myth 1: When my PC is infected, I will notice in one way or another (93%)
No, modern malware writers are smart and code their viruses and trojans to make sure that they work stealthily and unnoticed in the background.

Myth 2: Free AV software offers the same elements of security as paid for packages (83%)
Anyone who has bothered to compare the feature sets of free v. paid versions of security software from nearly any company will know that this isn’t true. Usually the free ones are missing features such as firewalls or anti-spam filters.

Myth 3: Most malware is spread through e-mail (54%)
As mail spam and antivirus filters have got better, malware in attachments has become rarer as it has become less effective. Consequently most spam / malware emails now only come with links to infected websites rather than payloads.

Myth 4: You can’t get infected just by loading an infected website (48%)
Sadly not true. Websites loaded with malware that take advantage of vulnerabilities in the browser and operating system can infect a PC even when the user is “just looking”.

Myth 5: Most malware is spread through downloads at peer2peer and torrent sites (48%)
Undoubtedly some malware is passed on via peer-to-peer but today websites are the prime source of infection.

Myth 6: It is more likely to encounter malware at a porn site that at a horseback riding site (37%)
Much as we might like this myth to be true, serious adult sites are professional and run to a high standard. The web site is key to their business and they make sure the sites are secured and up-to-date with patches. On the other hand, hobby websites are run by enthusiasts who are rarely IT experts and these websites are easily compromised by criminals who then upload malicious code to the site which subsequently infects visitors.

Myth 7: My firewall can protect my PC from drive-by-download attacks (26%)
Sadly, not true. Firewalls are a useful security component but because much malware is web-based and web traffic is generally allowed (because you couldn’t access websites if you didn’t), firewalls provide only limited protection against them.

Myth 8: I don’t visit risky sites, so I am safe from drive-by-downloads (13%)
This is much the same as Myth 6, but the point to take is that your trust in the website brand does not have a direct correlation to the likelihood of being infected. In the recent past, a couple of high-profile trusted sites have become vectors for malware without the owner’s knowledge.

Myth 9: If you don’t open an infected file, you can’t get infected (22%)
The emphasis in this myth is on the “you”. In a perfect world this might be true, but modern PCs and operating systems are so complex and do so much in the background that it’s possible for a malicious file to infect a PC regardless of what the user actually does.

Myth 10: Most malware is spread through USB sticks (13%)
In the past a large proportion of viruses and trojans would have been passed on using USB memory sticks and while they can still be a vector (Conficker!), now more malware is spread by websites.

Myth 11: Cyber criminals aren’t interested in the PC’s of consumers (8%)
As most people recognised, consumer PCs are definitely of interest to consumers, either to form part of a botnet or else to monitor for passwords for on-line services.

There is a natural assumption amongst Internet users that pornography sites are more dangerous than other leisure sites. This is a myth. Amateur hobby/leisure sites are often not professionally run like many pornography sites, making them much easier prey for hackers,” says Eddy Willems, G Data Security Evangelist. “In the past, malware was written by developers who wanted to show off their technical skills, meaning it was visible to infected users. Now cyber criminals design, sell and make use of malware that enables them to take control of PCs’ computing powers in such a way that users do not notice the infection. This covert approach not only puts users’ data at risk, but also allows cyber criminals to send spam e-mails and malware, and participate in DDoS attacks. Internet users must correct their misconceptions in order to stay safe online.

You can download the full report (.pdf) if you want more information on the survey itself and the myths.

So stay sharp out there. The bad guys are out to get you.