Security firm Sophos says Google's new Android Market for the Web could open a backdoor for phone hackers to muck around with your smartphone. The problem, says Sophos, is that once a user clicks on the install button from the Web, the linked mobile device begins downloading the application without any kind of warning, and that could lead to trouble. Sophos sees this as a game changing scenario for phishers unless Google changes things up, and does so quickly.
With Valentine's Day less than a month away, you may want to think about how you'll celebrate the occasion with your significant other. We're not jumping to conclusions on where your relationship is at, but if preparation includes brushing up your knowledge of the Kama Sutra, be sure to consider the source.
According to security firm Sophos, a new Kama Sutra PowerPoint is making the rounds, one that promises to demonstrate different sexual positions. That promise is fulfilled, though you'll walk away with more than you bargained for, namely malware.
"The malware comes as a file called Real kamasutra.pps.exe (the old double-extension tricks)," Sophos warns. "In other words, you may think you are directly opening a PowerPoint slideshow, but in fact you're running an executable program.
"The PowerPoint slide deck (which ironically is itself 'clean' from the malware point of view) is then dropped onto your Windows PC as a decoy while malware silently installs onto your computer as AdobeUpdate.exe, alongside some other components (called jqa.exe and acrobat.exe)."
This particularly nasty bit of malware is flexible in what it can do, from using your PC to send out spam to spying on your activities, installing revenue generating adware, and even steal your identity, Sophos says.
Security firm Sophos is warning Facebook users about yet another app that supposedly lets you see who's been viewing your profile. Like many before it, this one is a scam.
"As we've described a couple of times before, plenty of Facebook users would *love* to know who has been checking them out online, but unfortunately scammers are aware of this, and use the lure of such functionality as a way to trick you into making bad decisions," Sophos said.
If you see someone posting a testimonial about one of these apps along with a link, run in the other direction. Not only do they fail to work, but by clicking the "Allow" button you're giving the app permission to pull your personal data and post to your wall, which is how they spread in the first place.
"Ever wondered how many people fall for a scam like this? Well, the figures can be shocking," Sophos says. "This current campaign is using a variety of different links -- but via bit.ly we can see that at least one of them has already tricked nearly 60,000 people into clicking."
You can "like" things on Facebook, but apparently a huge number of users have been hankering to "dislike" things as well. This is the only conclusion to draw from the rapid spread of the newest scam on the world's top social networking site. The scam revolves around a Facebook application that calls itself "The Official Dislike Button." Here's how the scam works.
Users that install the app will be directed to a survey to complete before they can have the magical dislike button. The survey makes money for the scammers behind this charade. The app will post messages in the individual's news feed to attract more marks -er, users. After finishing up the survey, the app will redirect to a FireFox add-on called FaceMod that just adds a dislike button to the interface. It does not connect to the Facebook system in any way.
So far, a few hundred thousand people have installed the offending app. We also feel the need to point out that the app makes will get access to the users' information. So losing a few minutes completing a survey may not be the extent of the damage done. Has anyone seen this crop up in their news feed?
As a country, we like our privacy, and when we feel the government or some corporation steps out of bounds, we're quick to call foul (right, Mr. Zuckerberg?). But hey, if we're the goose, then screw the gander, he's probably up to no good anyway. The gander in this case is any other nation we feel might be a threat to national security, and in that case, we (again, as a country) are just fine with government snooping.
That's essentially what you'll glean from Sophos' mid-year 2010 Security Threat Report, which revealed that 63 percent of people feel it is perfectly acceptable for their government to engage in cyber spying on another nation.
"I think there might be an attitude of all's fair in love and war," said Graham Cluley, senior technology consultant at Sophos, when speaking to eWEEK in Europe. "There's always been one rule for your country and another rule for your citizens. But it goes one state further when you begin to ask, is it all right to launch attacks against communication systems and financial systems?
The answer to that question is a resounding "maybe." In the report, Sophos found that only 1 in 14 respondents felt okay with using denial of service (DDoS) attacks against another country's communication or financial websites during periods of peace. When at war, that number jumps to nearly half, and 44 percent said it was never the right thing to do.
Private equity firm Apax Partners will spend $580 million on a 70 percent stake in Sophos, the security vendor announced on Tuesday. The hefty investment values the UK--based security company at $830 million.
Sophos focuses almost entirely on providing antivirus protection to businesses of all sizes, and according to Graham Cluley, the security vendor's senior technology consultant, not much will change as a result of the buyout.
"There won't be any job losses or any changes inside," Cluley said. "There will be the same management team."
Sophos had toyed with the idea of making an initial public offering (IPO) in 2007, but decided against doing so when the economy all but tanked. According to Cluley, Apax approached the company earlier this year with a more attractive offer than that of an IPO.
Security firm Sophos recently took it upon itself to run some tests on Windows 7 sans anti-virus software. Sophos used ten unique viruses found in circulation and attempted to infect Windows 7. While many may have thought this would be a foregone conclusion, they wanted to make a point. Microsoft claims that User Account Control (UAC) is more secure in Windows 7. Does it actually make a difference?
Sure enough, eight out of ten viruses ran without problem on a stock install of Windows 7 without User Account Control. With UAC active, an additional threat was actually blocked, and the other two still failed to run. Overall, UAC didn’t make much difference in virus protection. So yes, you still need to run an anti-virus on Windows 7. There’s been a lot of positive buzz around Redmond’s new release, just don’t let that stuff go to your head.
Password. Letmein. Asdf. Blahblah. Monkey. 1234. These are just some of the most commonly used passwords being used around the web, but even worse than using a boneheaded password is using the same one for every registered website. Nothing new, right?
Apparently it is, at least for one-third of respondents who participated in an online survey conducted by security outfit Sophos. According to Sophos, only 19 percent of respondents said they never use the same password for multiple websites. Almost half admitted to using a few different passwords, and 33 percent fessed up to using the same password all the time.
To state the obvious, using a single password for multiple websites makes it easy for hackers to wreak more havoc should the password become compromised. But obvious as basic security may seem, it's not being practiced by many. Recent examples include high profile Twitter account hijackings, including the ones belonging to President Barack Obama, Britney Spears, and Fox News, and the discovery that the population at large continues to use unimaginative passwords, such as selecting their first name.