Twitter finally appears to be preparing a new wave of attacks on the malicious spammers that have overrun the popular social network during the past year. Web security firm Dasient on Monday announced that it has been acquired by Twitter. ”Since its inception, Dasient has been focused on solving web-scale security problems involving malware and other types of online abuse,” the firm noted in a blog post. “In 2009, Dasient launched its web anti-malware platform, capable of scanning URLs and websites for the presence of harmful content. In 2010, Dasient launched the industry’s first anti-malvertising service to protect ad networks and publishers from the scourge of malicious ads. Over the last year, we have been very active in securing the ads and content of the some of the industry’s largest ad networks and web sites.” The firm is seen as playing a large role in securing new self-service advertising efforts Twitter is preparing to roll out in the near future. A secondary benefit to end users, however, is that the link-spam currently plaguing members of the social network may be quelled as part of Twitter’s efforts with Dasient technology. More →
Apple sold 925 iPhone 4S handsets each minute during the device’s debut weekend, and it sells 81 iPads every 60 seconds on average. Research In Motion sells 103 BlackBerry phones, Amazon sells 18 Kindle Fire tablets and Microsoft sells 11 Xbox 360 consoles every minute. More than 700 computers are purchased around the world every 60 seconds, and 232 of them are infected by malware. That malware stat seems surprisingly low, however, when you consider that 2 million people watch online porn every minute. Read on for more. More →
Microsoft’s senior director of Windows Phone communications Bill Cox said Thursday that more than 3,200 people replied to Microsoft’s request for stories about malware-infected Android smartphones. Microsoft had asked Android users to send in their malware horror stories and said it would provide free Windows Phone devices to those with the best tales. It isn’t clear if the number of responses actually represents Android users with malware troubles, or if the number of submissions was padded by people looking to get lucky and score a free phone. It’s no secret there are a number of malicious Android applications in the market; mobile security firm Lookout Mobile Security recently reported that more than $1 million was stolen from Android users in 2011 through the use of malicious apps. Still, Windows Phone isn’t exactly a post child for security, either. A flaw was recently discovered that allows a simple text message sent to a Windows Phone to render its messaging hub completely useless. More →
The Carrier IQ scandal has shifted attention from malicious mobile threats to carrier-sourced spyware over the past month, but a new report suggests the threat of more serious mobile malware continues to intensify. More than $1 million was stolen from Android smartphones alone in 2011 according to Lookout Mobile Security, which pulled data from more than a million apps and 15 million handsets around the world to compile its 2012 Mobile Threat Predictions report. The likelihood of an Android user encountering malware grew from 1% to 4% in 2011, and Lookout expects the trend to continue in 2012. Read on for more. More →
Investment in mobile security will increase 44% annually through 2015 according to a recent research report from Canalys. Reportedly, just 4% of smartphones shipped last year were sold with security software pre-installed. Canalys suggests that, by 2015, more than 20% of all smartphones and tablets will run some form of security software and mobile security will be a $3 billion market. The research firm attributes the growth to an increase in pressure from enterprise customers, and it expects the usage of client security products such as antivirus software, VPN encryption and firewalls will grow an average of 54.6% annually to 2015. “Enterprises must adopt a holistic view of mobile security, as there is no single solution that provides complete protection,” research analyst Nushin Hernandez said. “A more robust approach, even compared to that used to protect typical notebooks and desktops, is needed.” Read on for the full press release from Canalys. More →
A new report recently issued by the security firm McAfee suggests that the number of malware applications targeting Android devices jumped 76% during the second quarter of this year, making Android the “most attacked” mobile operating system. “This year we’ve seen record-breaking numbers of malware, especially on mobile devices, where the uptick is in direct correlation to popularity,” senior vice president of McAfee labs Vincent Weafer said. Android users typically install the malware accidentally and assume the app is from a safe and legitimate developer. The most prevalent malware-infected modified applications were:
- Android/Jmsonez.A - a calendar app that sends SMS texts to a premium rate number.
- Android/Smsmecap.A – a fake comedy app that sends SMS texts to everyone in the user’s address book.
- Android/DroidKungFu – malware that is capable of installing its own software and updates.
- Android/DrdDreamLite – capable of sending data back to the attacker.
McAfee also noted a number of popular Android Trojans that have been making their way through devices. In addition, the company released compelling figures for how much a hacker can sell stolen email addresses for. In the United States, for example, 10,000,000 addresses can be sold to spammers for roughly $300. Read on for McAffee’s full press release, which includes several data points for PCs, too. More →
AT&T announced on Thursday that it has teamed up with Juniper Networks to offer improved mobile security options for its customers. AT&T said that it expects the first “phase” of its security roll-out to be available to businesses, organizations and customers later this year when it launches the AT&T Mobile Security application. It can help businesses enforce security policies, manage enterprise and personal devices, and enable anti-virus protection with monitoring and control tools. In addition, the application can protect consumers from viruses and malware. “Mobile security is the ‘next frontier’ for our continued effort to mitigate cyber-threats and to help protect our customers’ information,” said Ed Amoroso, chief security officer, AT&T. Read on for the full press release. More →
Brooklyn-based artist Kyle McDonald finds himself in hot water after secretly photographing Apple Store customers while they shopping for computers. “I thought maybe we could see ourselves doing this we would think more about our computers and how we’re using them,” McDonald told Mashable. Without the staff’s knowledge, the 25-year-old installed software on computers at two Apple Store locations in New York that used their integrated webcams to capture photos every 60 seconds. The software then automatically sent the photos to McDonald. The electronic artist published his project on his site and a dedicated Tumblr blog, and eyebrows were raised soon after. Mashable reports that McDonald was soon approached by the U.S. Secret Service, and his personal computers have been confiscated as part of the investigation into alleged computer fraud. McDonald says he did get Apple Store security guards’ permission to take photos in the stores, and he also asked permission while photographing patrons — with his handheld camera. McDonald makes no mention of gaining Apple’s permission to install software on display computers that secretly snaps photos and sends them to McDonald behind the scenes. A video of McDonald’s project can be viewed below. More →
The small group of hackers known as Lulz Security, or simply “LulzSec,” would never disband without one final round of fun. BGR reported on Monday that the group’s reign of terror was coming to an end after 50 lul-filled days. During that period of time, LulzSec released data stolen in a series of online breaches with targets ranging from Sony to the U.S. Government. In its coup de grâce, LulzSec released a stash of stolen data from a variety of targets, including AT&T, Disney and the U.S. Navy. But data obtained through online breaches wasn’t the only thing LulzSec stuffed into the file; a directory named “BootableUSB” also contained a variety of malware including trojans and worms. While “LulzSec” is no more and its notorious Twitter account now sits dormant, members of the well-known hacktivism group “Anonymous Operations” have confirmed that LulzSec is gone in name only — the six LulzSec members have been absorbed by Anonymous, according to the group’s official Twitter feed. More →
Mac users have recently been targeted by a phishing scam that falsely claimed their computers were infected with a virus. Upon being redirected to an illegitimate website, users were instructed to install “Mac Defender,” which was malware masquerading as an antivirus application. Until recently, Apple had reportedly instructed its AppleCare support reps to deny any existence of the problem and said reps should “not remove or uninstall any malware” found on a computer. On Tuesday, however, Apple finally acknowledged the issue and posted instructions on its support forums that cover how to avoid and remove the Mac Defender malware. Hit the jump for Apple’s instructions. More →
AppleCare representatives can do a lot of things for Mac owners suffering software issues… except when it comes to malware. In an internal support article leaked to ZDNet, Apple instructs its call center representatives on how to handle calls from users reporting that they have a machine infected with the “Mac Defender” malware trojan. And, as you can see, Apple is definitely taking the hands-off approach. “AppleCare does not provide support for the removal of the malware,” reads the memo. “You should not confirm or deny whether the customer’s Mac is infected or not.” Apple certainly isn’t the first company to instruct its support representatives to shy away from virus/malware assistance, but it is notable as it is the first major Mac OS X virus that — thanks to some moderate social engineering — is propagating. Apple has yet to issue a public statement about the software’s existence or infection levels. The full memo is after the break. More →
While investigating several Android Market applications that appeared to be duplicates, Reddit user lompolo discovered several apps that provide an extra, and definitely unwanted, service. The applications in question contain an exploit that, when downloaded, automatically root the Android handset. Not only that, the apps — 21 in total — also contain an embedded .apk file that can accept remote code and upload device information (like your IMEI) to a server in California. The malicious bundles were published by user Myournet and some of the individual applications have been downloaded over 50,000 times each. Once alerted of the potential malware, Google investigated and removed the code from the Market and users handsets. Unfortunately, that doesn’t have any effect on data already compromised by downloaders of the rogue applications. Google has yet to publicly comment on the incident.
UPDATE: More information about the exploit and affected applications can be found here. More →
The Duo seems to have been a failed experiment for battery maker Energizer in more ways than one. Sales of the USB nickle-metal battery charging station never really took off, and now, via a press release, the company has announced the monitoring software distributed with the Duo packs a fairly nasty Windows trojan. The rogue code, according to Computerworld: “listens for commands on TCP port 7777… can download and execute files, transmit files stolen from the PC, or tweak the Windows registry. The Trojan automatically executes each time the PC is turned on, and remains active, even if the Energizer charger is not connected to the machine.” Energizer released a statement saying: “Energizer is currently working with both CERT and U.S. government officials to understand how the code was inserted in the software.” More →