Week in review: Multi-platform malware, new trends in BYOD, and Google setting up privacy team. Posted on 27 August 2012. Here's an overview of some of last week's most interesting news, articles and reviews: 92% of the top 100 mobile apps have been hacked Ninety-two percent of the Top 100 paid Apple iOS apps and 100 percent of Top 100 paid Android apps have been hacked, according to a new report by Arxan Technologies. Copyright infringement blackmail scam targets mobile phone users According to TorrentFreak, the victims seem to have visited via their mobile phones a malicious website that managed to extract information from their devices. SMSZombie Android Trojan infects 500,000 users Chinese mobile security company TrustGo Security has recently discovered an Android Trojan that targets Chinese users exclusively, as it takes advantage of a vulnerability in the China Mobile SMS Payment process to generate unauthorized payments, steal bank card numbers and money transfer receipt information.
Proactive or reactive: Should that be the question? Sleep your way to greater knowledge. Webroot to terminate email service in November. New Gauss and Flame link was a mistake, researchers say | Security & Privacy. Editor's note: This story and its headline have been updated and corrected to reflect new information provided by the researchers that completely changed their conclusions. Researchers today said that hackers behind the Gauss cyber-espionage malware targeting banks in the Middle East were directing infected computers to connect to a command-and-control server used by the Flame spyware. However, later in the day they said they were mistaken and that other researchers had control of the server instead. "In our post earlier today, we concluded that there was some sort of relationship between the Gauss and Flame malware actors based on observing CnC communication going to the Flame CnC IP address," FireEye Malware Intelligence Lab said in an update to its original post.
"At the same time, the CnC domains of Gauss were sink-holed to the same CnC IP. Connections between Gauss and Flame had been made by Kaspersky Labs, which first revealed the existence of Gauss two weeks ago. Inside Huawei, the Chinese tech giant that's rattling nerves in DC | Mobile. SHENZHEN, China --Chen Lifang is a bit flummoxed. Chen is a board member and senior vice president at Huawei, the giant telecommunications gear maker based here.
She's digesting news that broke a day earlier that the U.S. House Intelligence Committee has increased the pressure it's putting on the company to disclose details about its ties to the Chinese government. The bombshell came in the form of a letter, released to the media, from the committee's chairman and the ranking Democrat to Huawei founder and Chairman Ren Zhengfei. Really, the letter was more of an 11-page laundry list of accusations, wrapped around questions about everything from funding the company has allegedly received from the Chinese government to queries about how board members got their posts. In the letter, Congressmen Mike Rogers (R-Mich.) and C.A. Today, though, Chen has the business of the congressional inquiry in front of her. And Huawei is a patent machine, with about 50,000 patents filed worldwide. Smart Grid Infrastructure & Networking.
Posted on 27 August 2012. With contributions from more than 30 experts, Smart Grid Infrastructure & Networking describes cutting-edge technologies for connecting the electrical power infrastructure to modern, computerized communications networks. The book offers essential information on standardization, applications, protocols, automation, architecture, and management. Key topics such as bidirectional communication, automation, renewable energy integration, wireless sensor networks, and more are discussed in this practical, comprehensive resource. Coverage includes: Cyber incident reporting in the EU. Posted on 27 August 2012. ENISA took a snapshot of existing and future EU legislation on security measures and incident reporting. Their analysis underlines important steps forward, but also identifies gaps in national implementation, as most incidents are not reported.
Cyber security incidents significantly impact society. Here are five well-known examples:In 2012, millions of business network passwords were exposedIn 2011, the storm Dagmar wrecked millions of Scandinavian communication linksIn 2011, a British data centre failure interrupted millions of business communications worldwideIn 2011, a certificate authority was breached exposing the communications of millions of usersIn 2010, a Chinese telecom provider hijacked 15% of the world’s internet traffic for 20 minutes.Each time, millions of citizens and businesses were seriously impacted. The study shows common factors and differences between the articles and looks ahead to the EU cyber security strategy. "Tax Payment Rejected" spam campaign. Bogus emails supposedly coming from the US Internal Revenue Service (IRS), informing users that their "tax transaction" has been cancelled and trying to get them to follow a malicious link, have been spotted hitting inboxes around the world.
While individuals not living in the US are unlikely to fall for the scam for obvious reasons, some US citizens might be alarmed by the message and follow the link, which will take them to a bogus “Page loading…” page, hosted on a variety of compromised hosts: The bad news is that the java script that redirects the victims to one of the pages serving the Blackhole exploit kit is currently detected by only 8 of the 41 AV solutions used by VirusTotal. The good news is that once the kit exploits one of the two software flaws it is designed to, the assortment of malware dropped on the system - the Cridex Trojan among them - is detected by at least half of those solutions. Social Networks Part 2 – Have you been infiltrated? Article published on The Malta Indipendent Ron Kelson, Pierluigi Paganini, Fabian Martin, David Pace, Benjamin Gittins The explosion of social networks and new user accounts in recent years is staggering.
There are now over 1,000 social networking sites on the Internet, with Facebook currently being the largest, with over 840 million user profiles. In our first article we explored how social networks can be described as powerful communication tools capable of reaching clique groups and/or vast audiences instantaneously and globally. Social networks as a powerful tool enabling citizens to coordinate their observation and management of government(s) and corporations, and where deemed necessary, coordinate (non-violent) struggle against perceived injustices; andSocial networks as a powerful tool custom-built for exploitation by governments and powerful organisations to monitor individual, group, regional, and global sentiments and trends.
Popularity can have its down side Targeted attacks Prof. Fast and furious reverse engineering. By Mirko Zorz - Monday, 27 August 2012. Tomislav Pericin is one of the founders of ReversingLabs and the company's Chief Software Architect. In this video, recorded at Hack in The Box Amsterdam 2012, he talks about TitanEngine, a Swiss army knife for reverse engineers that can be automated. TitanEngine was designed in such fashion that writing unpackers would mimic analyst’s manual unpacking process. Basic set of libraries, which will later become the framework, had the functionality of the four most common tools used in the unpacking process: debugger, dumper, importer and realigner. With the guided execution and a set of callbacks these separate modules complement themselves in a manner compatible with the way any reverse engineer would use his tools of choice to unpack the file.
This creates an execution timeline which parries the protection execution and gathers information from it while guided to the point from where the protection passes control to the original software code. 10 Tips For Protecting Mobile Users. Phishing attack targets users with fake BlackBerry ID email. Network World - Security vendors say they've spotted phishing attacks trying to fool BlackBerry users into opening email on their Windows machines that launches malware for taking over the system. SLIDESHOW: Is RIM ruined? RELATED: New BIOS security standards aimed at fighting rootkit attacks "It's the typical mass attack," says Chris Astacio, manager of security research at Websense Security Labs, about what is an authentic-looking replica of a "copy and paste BlackBerry email. " But this dangerous fake BlackBerry-related email is telling the intended victim that "they have successfully created a BlackBerry ID," and "To enjoy the full benefits of the BlackBerry ID, please follow the instructions in the attached file.
" The attached file, of course, is loaded up with malware to take over the victim's computer should he or she open it. Websense is seeing similar code being used in another spam attack that masquerades as email coming from a hotel. Saudi Aramco restores internal network after malware attack. Saudi Aramco, Saudi Arabia's national energy company, said on Sunday it had repaired 30,000 workstations infected with a malicious virus earlier this month. The eighth largest refiner in the world said its main internal networks were affected on Aug. 15. The computers have now been "cleaned and restored to service," according to a statement. Company employees resumed work on Aug. 25 following the Muslim Eid holidays.
Enterprise systems used for hydrocarbon exploration and product are isolated network systems that were not affected. Production plants, which also have isolated systems, were not affected, Saudi Aramco said. The incident remains under investigation. A group calling itself the "Cutting Sword of Justice" claimed responsibility for the attacks.
Saudi Aramco said it expected further intrusions. Send news tips and comments to jeremy_kirk@idg.com. BlackBerry users targeted with malware-serving email campaign. Security researchers from Websense, have intercepted a currently spamvertised malicious campaign, attempting to trick BlackBerry users into downloading and executing the malicious .zip archive. The archive with MD5: 9a01293b87b058619d55b8d4d12f2a8e is currently detected by 27 out of 42 antivirus scanners as Backdoor.Win32.Androm.gi; Worm:Win32/Gamarue.I. On a periodic basis, cybercriminals mass mail millions of emails impersonating multiple brands in an attempt to target as many market segments as possible. Thanks to the publicly avaiable DIY email harvesting tools, and managed databases of already harvested millions of segmented email addressess, cybercriminals are at a unique position to reach out to millions of Internet users in a matter of hours.
We're definitely going to see more systematic abuse of well known and trusted brands, in an attempt by the cybercriminals to socially engineer end and corporate users into interacting with their campaigns. Java zero day allegedly spotted in the wild. FireEye's Malware Intelligence Lab is making the claim that there is a new zero day vulnerability in the wild that affects the latest version of Java.
Researcher Atif Mushtaq wrote on the company's blog that he spotted the initial exploit on a domain that pointed to an IP address in China. A quick search showed that the server at this IP address had been responsible for serving other forms of malware in the past. At the time of writing, the server was either refusing or being non-responsive to browser requests, but it is still online. Previously, potential victims would be directed to the site, where a malicious applet exploited the zero day and forced a dropper application to be downloaded from the same server and installed on the system.
According to Mushtaq, from here, the dropper contacted a command and control server located in Singapore. Mushtaq was able to successfully test the exploit on a test machine running Firefox and the latest version of Java. Telstra DNSChanger infections have almost halved. Telstra has cut its customers' DNSChanger infections by almost half since it implemented a temporary redirect to ensure that victims would still be able to connect to the internet. DNSChanger was malware that changed the DNS server that is used by devices to find internet addresses, from the standard server to one run by criminals.
After the criminals behind the operation were arrested, these servers were to be shut down, but if they were, infected users would no longer be able to surf the web, as the DNS server they were using would be gone. Nonetheless, after a period of advertisements, they were shut down on 9 July. Telstra opted to protect its own users by putting in place a similar measure, to keep infected users online. "We've kind of halved it. Chisholm said that once the remaining infection figure was low enough, Telstra would be able to remove its own redirection, and allow customers stand on their own.