Yahoo News is reporting today that as many as 1 million Chinese mobile phone users are infected with a new SMS trojan. The target operating system has not been mentioned in any of the reports (we'd guess Android or Symbian), but the effects of the virus are well reported. Once a phone is infected, it transmits the contact list to the virus authors, then begins sending out spam SMS messages to contacts with links leading to malware. It also sends messages to premium rate numbers. This has apparently racked up $300,000 bills in some cases.
To add insult to injury, the virus is masquerading as an antivirus app to lure in new victims. Chinese authorities have tracked down the company that allegedly made the antivirus app, but they claim no involvement with the trojan. They insist they are victims of the evil-doers as well.
As if things couldn't get worse, other malware authors have begun copying this virus to create their own mobile cash machines. The day might be coming when antivirus apps are an unavoidable necessity on smartphones.
Uggghh. I should have known better, but there I was, staring at a bright-red screen in my Google Chrome tab that was trying to impress upon me—as much as a software browser could sans digital kick to the butt—that the popular tech news site I was about to visit was riddled with some kind of malware.
“Impossible,” I thought to myself. “There’s no way that this, a common site I frequent on a near-daily basis, could have anything to do with nefarious crap trying to install itself on my PC.”
Yes, the phrasing of my thoughts really does come out like that. So does my stubbornness. For rather than heed Google’s warning that the site I was about to visit was about to unleash a world of hurt on my system, I calmly told my browser that I was comfortable proceeding on my own (damnit).
I clicked the link, read my news and… was thrilled to find a new “Security Center” malware now popping up out of my taskbar about once every five minutes. Sigh. Before I could even turn to one of the many “get the heck off my system” tools that I keep installed for such measures, my entire screen went blue.
So, what do you use to clean your PC... aside from a baseball bat?
Malware writers are a cunning bunch, and if you don't keep up with the latest trickery, you could be in for a world of hurt. The latest ruse making the rounds is a nasty bit of code called Rogue:MSIL/Zeven that first detects what browser you're using and then spoofs said browser's warning page.
"This is meant to be a social engineering scheme in order to trick the user into downloading and installing the rogue, relying on the user's trust of his day-to-day browser," Microsoft warned in a recent blog post on its Malware Protection Center portal.
"The similarity between the fake warning pages is so accurate that it can trick even highly trained eyes."
It works with Internet Explorer, Chrome, and Firefox, the three most popular browsers on the planet, though there are some telltale signs.
"In the Firefox page, for example, you can see it's not the real warning page because they misspelled 'out' and wrote 'Get me our of here,'" Microsoft explains.
The biggest telltale sign is that in all three browsers, the fake warning prompts potential victims to download an "update" or a "solution," which is not something you should ever see when a website is blocked.
Turkey gets to wear the prickly crown of being the most dangerous country to surf the web. According to AVG, the incidence rate of virus attacks in the Eurasian country is 1 in 10, which is way above the global average of 1 in 73. Russia comes in a close second with one web attack for for every 15 users.
Security researchers behind the study attribute the high probability of web attacks in these countries to a combination of factors, including the popularity of illegal download sites, poor online file sharing habits and heavy reliance on Internet cafes.
Seven out of the ten safest countries from an Internet security perspective are from Africa, with Sierra Leone (1 in 696) being the safest. Japan (1 in 400) is ranked fourth on the list. AVG's findings are based on “data from over 127 million computers in 144 countries.”
Cameron Diaz has toppled Jessica Biel as the most dangerous celebrity to search for on the web, according to security technology leviathan McAfee, which has been publishing an annual list of the most dangerous celebrities in cyberspace since 2007. Diaz's rise to the top spot has been meteoric.
Last year, Cameron Diaz was not even among the top 15 celebrities on McAfee's list. An analogy would be an unseeded player winning a tennis grand slam. According to the study, one in every ten web searches for Cameron Diaz is likely to end up in a visit to a malicious site.
Julia Roberts (second), Jessica Biel (third), Brad Pitt (fifth) and Tom Cruise (eighth) are some of the others big names on the list. Having slipped to the very bottom of the rankings, Barack Obama (49) and Sarah Palin (50) are among the safest people to search for on the internet.
And thus it begins, the era of SMS viruses for Android. That's according to security firm Kaspersky, which earlier this week warned that the first malicious program classified as a Trojan-SMS has been detected for smartphones built around Google's Android platform.
"The new malicious program penetrates smartphones running Android in the guise of a harmless media player application," Kaspersky warns. "Users are prompted to install a file of just over 13KB with the standard Android extension .APK. Once installed on the phone, the Trojan uses the system to begin sending SMSs to premium rate numbers without the owner's knowledge or consent, resulting in money passing from a user's account to that of the cybercriminals."
Called Trojan-SMS.AndroidOS.FakePlayer, Kaspersky says this bit of mischievous (and costly) code has already infected a number of mobile devices. That isn't surprising, considering that the Trojan-SMS category is the most widespread class of malware for mobile phones, Kaspersky claims.
Android has had a few security scares during its meteoric rise to greatness, but this is the first time a software package could accurately be described as a malicious trojan. The malware, called Trojan-SMS.AndroidOS.FakePlayer, appears to be a standard Android application with the .APK file extension. Upon installing, the app will begin sending out SMS messages to premium numbers. This racks up huge charges on customer bills. It could be a big payday for the criminal elements behind this trojan.
This application is not available through the Android Market, it is obtained from outside sources and must be side-loaded onto the phone. This has kept its spread limited to Russia so far. Even if international users were infected, they could not be charged by the premium number being used. In response to the issue Google said in a statement, "Users must explicitly approve this access in order to continue with the installation. We consistently advise users to only install apps they trust. In particular, users should exercise caution when installing applications outside of Android Market."
Is this the beginning of a trend? If this proves to be just the first volley in a campaign to target Android with malware, we might be running mobile security apps out of necessity rather than paranoia.
If your place of business has a server running on a PowerEdge R410 motherboard, you might want to have a talk with Dell. According to the PC maker, a "small number" of these motherboards were shipped to customers with malicious code on them. The exact nature of the malware isn't clear, but disturbingly, it is embedded in the server management firmware.
Dell only commented on the situation after a customer wrote about being contacted by Dell support to schedule an appointment to remove the malware. There have been no reports of customer security breaches due to these motherboards. The code in question is only a danger to servers running a Windows OS.
Dell is doing the right thing now, and is contacting all customers that bought the boards. Though, we wish they'd have prevented this in the first place, or at the very least, fessed up faster. This is just one of the risks when your components are built in a factory half a world away.
Ah, Microsoft. It's taken the software giant years to wise up and realize they ought to provide a free antivirus solution to their users. The launch last year of Microsoft Security Essentials gave us hope that Microsoft was getting serious about security. While they haven't really pushed the program, it's is at least available. Now a new beta for the Security Essentials suite is available for you to download and try out.
The improvements range from humdrum tweaks like firewall integration during setup, to more necessary updates like a faster, more efficient protection engine. The new beta will also integrate with Internet Explorer to detect web threats. Yes, you probably don't use IE, but most people still do. Security Essentials will moreover be able to detect and block local network-based attacks.
We've always found Microsoft Security Essentials to be an excellent free antivirus program that bests many of the more bloated paid apps. We just wish Microsoft would integrate it with Windows. People should have a real AV application when they start up a new PC. No more of this trialware junk. Go straight here to join the beta.
The ZeuS banking trojan is back making headlines, this time for hitting up infected machines with fake enrollment screens for both Visa and MasterCard credit cards.
"When you log into your bank, it says you have to enroll in Verified by Visa, that it's regulated now and you have to do it," explains Mickey Boodaei, CEO at Trusteer, a security firm.
This new variant sits in waiting until the potential victim logs into a list of targeted sites. Once they do, the ZeuS trojan uses this and other shenanigans to trick users into forking over not just credit card credentials, but Social Security numbers, personal identification numbers, and other personal info.