Remember when cell phones were big, bulky, and functionally limited? How quickly they've evolved, and so too have the risks. Today's smartphones blur the line between cell phone and PC, and according to Liviu Iftode and Vinod Ganapathy, two computer science professors at Rutgers University in New Brunswick, New Jersey, smartphones are every bit as vulnerable to rootkits as desktop computers are.
"The motivation around our work is that smartphone operating systems are becoming just as complicated as desktop operating systems," Ganapathy said. "Our study has shown that rootkits are just as much a threat for smartphones as desktops."
What makes this particularly frightening is the difficulty in detecting rootkits. However, it's not yet time to hit the panic button. There currently are no known in-the-wild rootkits for mobile devices making the rounds, though it's entirely conceivable that could change.
"Our work is a call for defenses," Ganapathy added. "We should start working on defenses for such attacks before such attacks become widespread in the future."
Experimenting with new extensions is part of what makes Firefox great, but if you downloaded either the "Sothink Web Video Downloader", or "Master Filer", you probably snagged a nasty Trojan for your troubles. According to an entry on the Mozilla Blog both these extensions contain code which exploit vulnerabilities in all versions of Windows, and were downloaded close to 5,000 times before being spotted.
The extensions in question were contained in the "experimental" area of the official Firefox add-on site, and while it might seem like little consolation for anyone who got infected, users grabbing extensions from this section are warned before download that this could happen. Mozilla employs a special add-on scanner which supposedly checks all new entries for malicious code, but they were forced to acknowledge that the security process failed. "[Add-ons] performs a malware check on all add-ons uploaded to the site, and blocks add-ons that are detected as such," said yesterday's blog posting. "This scanning tool failed to detect the Trojan."
Mac and Linux users who downloaded these add-on's are unaffected, but anyone who used the extensions in Windows are being warned by Mozilla to delete all traces of the infected file, and run a virus scan. Mozilla is promising to boost the number of times it scans files for malware in the future, and will also step up how often it scans its entire catalog of add-on's.
Does this hurt your trust in Firefox extensions? Or was this bound to happen eventually?
I just bought a used PC running Windows XP. It had been really fast loading and running programs and accessing the web, but suddenly it slowed down to a complete stop. I had to unplug it just to shut it down.
So, I unplugged the Ethernet cable and it worked fine. I scanned the C: drive—no virus. Plugged the Ethernet cable back in and it slowed down again. Unplugged the Ethernet and it’s fast again. What’s going on, Doc?
It's important that everyone be made aware of an extremely useful Web site that delivers malware and antivirus scanning right to the door of your... er. Web browser. I not only use it at Maximum PC to check the freeware files and such that I link to on a weekly basis, but I also turn to it as the first resort whenever I'm on a system that, for whatever reason, lacks a comprehensive virus-scanning setup.
Simply put, it's hard to envision a world without Virustotal. Although there have been reports and/or instances of false positives arising from some of the lesser-known third-party antivirus tools that Virustotal uses, it's pretty safe to say that your file is safe should it come up with "0 issues found" when running the gauntlet of the site's 41 different antivirus and malware scanning applications.
With so much going on behind the hood, using Virustotal to check your downloads must be a real nightmare, eh? Spoiler alert: It's super-easy. Click the jump and see how!
In a blog post today, Google has revealed some details on what it says was an unusually coordinated series of cyber-attacks launched against it in December. The attacks, which originated in China, were apparently aimed at gaining access to the Gmail accounts of a number of advocates for human rights in China. Google says only two accounts appear to have been accessed, and even then only basic details like subject lines and date stamps were taken.
As part of their investigation, Google claims to have discovered that dozens of human rights activists the world over have had unauthorized individuals access their Google accounts. This was not part of the December attacks, but was likely the result of phishing. Google has apparently plugged the holes that were exploited, but they aren’t done yet.
The Google.cn domain was launched in 2006 when the internet giant agreed to censor some search results. At the time, Google indicated they would monitor the situation, and adjust their approach if needed. According to the blog post, “These attacks and the surveillance they have uncovered--combined with the attempts over the past year to further limit free speech on the web--have led us to conclude that we should review the feasibility of our business operations in China.”
So starting now, Google says they will stop filtering search results in China. The Mountain View based company plans to discuss with the Chinese government the possibility of operating an unfiltered search engine. If that is not possible, the Google.cn domain may be shut down along with the Chinese Google offices. Is this a good move for Google? Should a commitment to free speech outweigh the lucrative nature of the Chinese market? Or maybe this move is just long overdue.
Google's Chrome OS has garnered a lot of attention in recent times. Early glimpses, however, don't quite justify the hype. Many tech savants have already written off the operating system as nothing more than a sexed up browser. However, it is still a little early for obituaries as Google may have a trump hiding up its sleeve. McAfee is one company that acknowledges the possibility of Chrome OS living up to all the hype.
According to its latest report titled "2010 Threat Predictions,"the operating system may become a prime target for hackers in the eventuality of it becoming rife. The security company fears that Chrome OS's dependence on HTML5 - allows web apps both online and offline access to a user's PC - will endear it to hackers. "When a technology is widely used and adopted, the bad guys will latch onto it before the good guys do,"said McAfee's director of security research, David Marcus. McAfee also expects the popularity of Adobe software among hackers to soar to such levels that it may become the most targeted application software in 2010.
The report had a word of caution for users of social networking sites as well. They might become more vulnerable in the new year as such sites come under increased attack. The report specifically mentioned the use of URL-shortening services in spreading malicious links through the social web.
McAfee, maker of computer security software, has released a report detailing their take on the threats computer users will face in 2010. The bad news is not only will threats increase, they’ll be emphasizing different areas than in the past. The good news--McAfee expects that law enforcement efforts will be more effective against cybercrime than in the past.
According to the report, McAfee “foresees an increase in threats related to social networking sites, banking security, and botnets, as well as attacks targeting users, businesses, and applications.” In particular, McAfee predicts, social networking sites will be subject to more sophisticated threats; HTML 5 will create new opportunities for malware writers; email attachments will continue to plague recipients; banking Trojans will become more clever; and the use of botnets will expand.
In what might be considered good news for Microsoft, long a prime target for malware, McAfee says that Adobe software, in particular Acrobat Reader and Flash, will now be the principal focus of malware creators.
McAfee expects that some of this shift/increase will be mitigated by a more sophisticated approach by law enforcement, which McAfee says is finally wising-up to the threat: “[T]he U.S. Secret Service, Australian Federal Police, Royal Canadian Mounted Police, U.K. National Crime Squad, and law enforcement organizations in other parts of the world were reorganizing themselves to create high-tech crime centers dedicated to investigations of cybercrime.” McAfee concludes, “that in 2010 we’ll see many more successes in the pursuit of organized cybercriminals.”
We all know that the increasing sophistication of technology opens up literally dozens of new opportunities for those wanting to inflict harm on that technology’s users. The Internet is, if anything, an object lesson for this truism. Once the Internet became mainstream, so to did viruses, spybots, DOS attacks, and all the other nastiness we collectively refer to as malware. One long term weaknesses in the security armor of the Internet is cross-site scripting (XSS). For the better part of a decade it has for Internet users left a door wide open to an unwanted destructive potential.
Michael Sutton, the vice president of security research at Zscaler, says that XSS typically needs a user to click a link, such as those that appear in spam or phishing efforts, which then strikes back at the user. But, he continues, XSS is becoming more sophisticated. Rather than being limited to a user-web site interaction, Sutton says that XSS efforts can now work within a web platform, such as a social networking environment, spreading itself readily among all users in the social network’s ecosystem.
Sutton also says that such sophisticated attacks, so far, have been by “[b]ored and bright individuals...tinkering with the concept”, and that “true criminals wait on the sidelines ready to move in when traditional techniques fail to achieve desired goals.” Translation: another malware threat to be concerned about. Not today, perhaps, but definitely tomorrow.
Solutions aren’t all that difficult. Users could quit doing stupid things. For instance, if you don’t know where an email originated, don’t click the link it contains. But, let’s face it, there’ll always be one or two of us who do it anyway. Which means that another level of protection is needed. Sutton says that’s got to be developers--they need to be more vigilant about writing into code the necessary protections for web programs, such as Microsoft has done with Internet Explorer 8.
Traditionally, the lowlifes running botnets have made due with shared hosting provided by shady ISPs. As these crimes become higher profile, enforcement has stepped up resulting in many of these ISPs going offline. To address this dilemma it looks like some purveyors of malware have started buying their own data centers.
It’s actually depressingly easy to do. The people running a botnet need only acquire a block of IP addresses from one of the Regional Internet Registries (RIR) or Local Internet Registries (LIR). These regulatory bodies are only supposed to be handing out IP blocks to large companies, ISPs, and telecoms. Turns out the RIRs aren’t doing their due diligence in investigating applications. Once the bad guys get the IP addresses, they buy some servers in a data center, and they become their own ISP.
This effectively takes away the best point of attack for authorities. “If there's a problem, who are you going to talk to? It's a different ball game now. These guys are buying their own data centers. These LIRs and RIRs aren't going to push back if you say you need a /24 or /16. They're not the Internet police," said Alex Lanstein of FireEye Research. The process is becoming common is places like Europe and the Caribbean. What’s worse, getting the IP addresses back can take a lot of time and effort. The procedures just don’t exist. The solution? Well, there isn’t one right now, but if you have an idea, we’d love to hear it in the comments.
Cybercriminals have a lot in common with the Periplaneta americana, the common household cockroach. They seek out the dark, poking and prodding for ways to get in where they are unwanted. In their case it isn’t food, but the misery of computer users they seek out. And, just like cockroaches, once you think you’ve got them blocked, they find a new way in.
Kaspersky Labs’ Cyberthreat Forecast for 2010 says that IT managers and users are becoming more savvy, making fake programs, gaming Trojans, or web sites less useful for cybercriminals. Instead, it looks like they’ll be focusing their attention on P2P networks, botnets, and mobile platforms.
P2P networks will be used to support malware attacks. According to Kaspersky: “This method has been used to spread notorious threats such as TDSS and Virut as well as the first backdoor for Mac OS X. In 2010, we expect to see a significant increase in these types of incidents on P2P networks.”
Mobile platforms, iPhone and Android, will also be more frequently targeted. Kaspersky suspects that iPhone users, without compromised handsets, will be okay, but that Android users might be in for some pain: “The increasing popularity of mobile phones running the Android OS combined with a lack of effective checks to ensure third-party software applications are secure, will lead to a number of high-profile malware outbreaks.”
As for botnets, Kaspersky sees them as offering profitable possibilities by manipulating Internet traffic: “In the future, we foresee the emergence of more "grey" schemes in the botnet services market. These so-called "partner programs" enable botnet owners to make a profit from activities such as sending spam, performing denial of service (DoS) attacks or distributing malware without committing an explicit crime.”
Lastly, Kaspersky sees Google Wave as a potential target for 2010. It’s new. It’s untested. And therefore it’s vulnerable. Kaspersky says: “Attacks on this new Google service will no doubt follow the usual pattern: first, the sending of spam, followed by phishing attacks, then the exploiting of vulnerabilities and the spreading of malware.”