Archive for the ‘VIRUSES BUGS’ Category


Sunday, July 31st, 2011

The new smartphone

virus is upon us.

So watch for it

NO ONE knows who lies behind Zeus. Security experts believe he or she is Russian, although no one is completely sure. But what they all agree is that Zeus is the most pernicious ”Trojan Horse” on the internet. During the past four years it has infected millions of PCs, taking control of the computer and stealing personal banking details.

Microsoft has fought a running battle against Zeus, which is one of the most difficult types of malware to detect – but the great fear among cybercrime experts is no longer home computers. A new strain of Zeus, dubbed ”Zitmo” (it stands for ”Zeus in the mobile”) has begun to exploit a huge hole in personal banking security: the smartphone in your pocket.

In the past fortnight, this malicious new version of Zeus, which attacks phones using the Android operating system, has sparked intense concern among security companies. One major US internet security provider, Trusteer, claimed Google Android is ”fraudsters’ heaven”. Trusteer chief executive Mickey Boodaei said in a blog: ”Bad news: fraudsters have all the tools they need to effectively turn mobile malware into the biggest customer security problem we’ve ever seen.”

But it’s not just Zeus that smartphone customers should be worrying about, according to Alex Fidgen of MWR InfoSecurity, one of the biggest cybercrime-busting outfits in Britain. It legally hacks into computers to test security. More recently it has turned its attention to smartphones and found that it can crack open every new handset it sees.

”The mobile phone industry is not fit for purpose, especially for financial transactions,” says Fidgen. ”The evidence is irrefutable. You cannot be assured of security with modern smartphones. As soon as the handset is compromised, then any data is up for grabs.”

Fidgen says the fault lies with the handset manufacturers rather than the network providers or banks. In the race to bring new phones and new features to the market, many have left security low on the agenda. Modern smartphones, particularly when they are used in public Wi-Fi hot spots, can become fatally compromised. Trojans can enter a smartphone in many ways. All you have to do is click on a link or attachment that contains the virus, and within seconds it can secretly seize control. That link might be a TinyURL in Twitter. The attachment could be a vCard, the standard format for sending a business card to a phone.

Or it could be that you are accessing a website in a cafe. At Wi-Fi hot spots, fraudsters create bogus gateways, known as ”evil twins”, to which the latest mobile phones will automatically connect. Once a connection is established, all the information passing through the gateway can be read directly or decrypted, allowing fraudsters to harvest user names, passwords and messages. Until now, these attacks have been rare. But experts say that’s just because smartphones are still taking off. ”We’re walking into a minefield,” says Fidgen, who has been warning about the risks for several months, ”but nobody’s bloody listening.”

At Trusteer, Boodaei forecasts that ”within 12 to 24 months, more than one in 20 of all Android phones and iPads/iPhones could become infected by mobile malware”.

Are Apple iPhones safer than Android? MWR InfoSecurity says Apple’s famed security from viruses doesn’t quite translate to mobile devices. ”Both platforms have problems,” says the company. ”The Android market has quite a reputation for serving malware regularly, whereas Apple seems to be in better control of the content of the App Store. Android, however, has Sandbox [a security feature], which limits the impact of malicious or vulnerable applications. This can help limit the effectiveness of the malware, a feature that does not exist on the Apple platform.”

BlackBerry phones are considered safer to use, as their maker, RIM, ”keeps details of the platform a secret, which makes it much harder for attackers to write malware”.

All the experts are agreed that ”jailbreaking” – where you remove the limitations imposed by Apple on iPhones and iPads – exposes the user to much wider security threats.

Why not simply add an anti-virus program to your smartphone? The bad news is that the phones may have been built so poorly in the first place that the anti-virus programs won’t be much help. All they do is give a false sense of security to users, say the experts.

Last week, a report in InformationWeek, a respected US technology magazine, warned of an ingenious new approach by Zeus/Zitmo that tricks home PC users into downloading it on to their smartphone. The Trojan sleeps on the home PC until the user logs into a bank website. At that point it wakes up, intercepts the process, asking the user to download a new security device on to their mobile phone to complete the banking log-in process. But in reality, the new security device is the Zeus Trojan infecting their phone. Once it’s on, it takes control of the user’s phone.

At the heart of Zeus is a Russian developer who produces the source code and then licenses the program to numerous fraudsters in the criminal underworld. This software genius regularly sends out patches and updates so that every time it is detected Zeus bounces back again.

Don Jackson of Dell’s security arm, SecureWorks, is the person who first discovered Zeus, in 2007.

”Zitmo has all the hallmarks of the original author of Zeus. This brand new version is his flagship new product, which he’s making available to a select few. He writes it, sells it for huge amounts of money, and even supports his ‘customers’ to rid it of any bugs that develop.”GUARDIAN

Sourced & published by HenrySapiecha


Monday, January 31st, 2011

Google’s Android

more vulnerable to

viruses than Apple’s


Security firm states

January 13, 2011

Google’s Android operating system for mobile devices is more vulnerable to hackers and viruses than Apple’s iPhone platform, according to security software maker Trend Micro.

“Android is open-source, which means the hacker can also understand the underlying architecture and source code,” Steve Chang, chairman of Trend Micro, the world’s largest provider of security software for corporate servers, said in an interview. “We have to give credit to Apple, because they are very careful about it. It’s impossible for certain types of viruses” to operate on the iPhone, he said.

Google, owner of the world’s most-popular online search engine, offers Android for free and allows developers access to its code for writing software. Apple, whose iOS software trails Android in smartphone market share, requires every application to be approved before being sold in its online store.

“On all computing devices, users necessarily entrust at least some of their information to the developer of the application they’re using,” Mountain View, California-based Google said in an emailed statement. “Android has taken steps to inform users of this trust relationship and to limit the amount of trust a user must grant to any given application developer.”

‘The next PC’

Chang said he’s betting Android users will start to buy more security software for mobile devices.

“Smartphones are the next PC, and once they’re adopted by enterprises, data loss will be a very key problem,” he said.

On January 7, Tokyo-based Trend Micro released Mobile Security for Android, software that users can install on a mobile phone to block viruses, malicious programs and unwanted calls. Trend Micro aims for the $US3.99 application to help it gain revenue from the more than 250 million phones Gartner expects will run on Android by 2014.

“Apple has a sandbox concept that isolates the platform, which prevents certain viruses that want to replicate themselves or decompose and recompose to avoid virus scanners,” Chang said.

Apple’s iOS isn’t fully immune to security threats and may be hit with so-called social-engineering attacks, which trick users into authorising the download or installation of malicious software, Chang said. Trend Micro offers a security application for Apple’s iOS, he said.

Natalie Harrison, a spokeswoman for Cupertino, California-based Apple, didn’t immediately return a call seeking comment.

Market share

Phones using Android accounted for around 26 % of the global smartphone market in the third quarter, behind Symbian, used in Nokia Oyj handsets, and ahead of iOS, which had a 17 % share, researcher Gartner said November 10.

In 2014, 259 million devices, or 29.6 per cent of all smartphones, will use Android, trailing 30.2 per cent share for Symbian and ahead of 15 per cent share for iOS, Gartner predicted in September.

Trend Micro’s 2010 revenue is expected to have dropped 1.3 per cent to 95 billion yen ($1.16 billion) and net income is forecast to be 22 per cent lower, at 13.7 billion yen, according to the average of eight analyst estimates compiled by Bloomberg

Sourced & published by Henry Sapiecha


Friday, January 21st, 2011

See the frog that cut off

160 telco customers


January 20, 2011 – 2:36PM
The frog that took down 160 customers.
The frog that took down 160 customers. Photo: Supplied

Due to the wet weather, the frogs in Childers, Queensland have been “breeding like crazy”, with one cutting off hundreds of telecommunications customers.

The one pictured managed to squeeze into a Telstra roadside cabinet through a failed air filter and shorted out the power tracks of the main board of a Remote Integrated Multiplexer (RIM) unit, according to Telstra spokeswoman Karina Keisler.

It resulted in over 160 customers not able to receive incoming calls and also took ISDN services (such as EFTPOS) “completely offline”, she said. 

Communication technician Alan Williams inspecting the cabinet where the frog was found.Communication technician Alan Williams inspecting the cabinet where the frog was found. Photo: Supplied

Sourced & published by Henry Sapiecha


Friday, December 31st, 2010

‘Most sophisticated

mobile virus’

starts spreading on

Android smartphones

December 31, 2010 – 10:00AM
The Google Nexus One smartphone, seen here at its launch in Washington in January, uses the company's Android software.
Targeted … Google Android phones. Photo: AFP

A very powerful virus targeting smartphones in China using Google’s Android operating system may represent the most sophisticated bug to target mobile devices to date, security researchers stated.

Anti-virus firm Lookout Mobile Security estimates that the number of phones that have been infected by the virus, dubbed Geinimi, could be tens of thousands or hundreds of thousands.

Researchers said that the virus has yet to wreak havoc, though, and that they were unsure what its authors were seeking to accomplish. 

“It is not clear to us what the purpose of it is,” said Kevin Mahaffey, chief technology officer for Lookout. “It could be anything from a malicious advertising network to an attempt to create a botnet.”

A botnet is an army of enslaved computers that its controllers can compromise for identity theft, use to launch attacks to shut down websites or turn into spam email servers.

Still, the emergence of the Geinimi virus underlines concerns that hackers are shifting from focusing on attacking PCs to targeting mobile devices as sales of the powerful handheld computers take off and users increasingly put sensitive data in their pockets.

Phones become contaminated with Geinimi when users download software applications that have been repackaged to include the virus, according to researchers from Lookout and Symantec Corp.

Tainted programs include versions of the video games Monkey Jump 2, President vs. Aliens, City Defense and Baseball Superstars 2010,Lookout said.

Lookout researchers said that so far they have only found the tainted software at third-party apps stores targeting the Chinese market. Legitimate versions of the applications in the official Android market appear to be safe, they said.

Compromised phones call back to a remote computer for instructions on what to do at five-minute intervals. Then they transmit information on the device’s location, its hardware ID and SIM card back to the remote computer.

To date the remote computers have been collecting data but have not issued any other orders to the infected phones, Mahaffey said.

Liam Murchu, a research manager with anti-virus software maker Symantec, said that infected devices could be ordered to make calls, send text messages and download other malicious software onto the phones.


Sourced & published by Henry Sapiecha