Security firm Intego on Monday announced that it had discovered a new variant of the Flashback malware called Flashback.S that continues to use a Java vulnerability Apple has already patched. This variant requires no password to install, and it places its files into the user’s home folder in “~/Library/LaunchAgents/com. java.update.plist” and “~/.jupdate.” Once Fashback.S is installed, it will then delete all files and folders in “~/Library/Caches/Java/cache” in order to delete the applet from the infected Mac, and avoid detection. The virus is actively being distributed, although it will not install if it finds Intego VirusBarrier X6, Xcode or Little Snitch installed on the Mac it tries to attack.
Security firm Sophos on Tuesday indicated that a surprisingly high level of malware has been found on Mac computers — the firm’s research revealed that one in every five Mac computers is harboring some kind of Windows malware. Of the 100,000 customers sampled through Sophos’s antivirus offerings, 20% of users were found to be carrying one or more instances of Windows malware. The firm highlighted that Windows malware on a Mac won’t cause any harm, however, unless the computer also runs a Windows partition in addition to OS X. The company’s research found that just 2.7% of Macs that installed the company’s free anti-virus software were infected by OS X malware. Nearly all of the OS X malware discovered was an iteration of the “Flashback” trojan called “Flshplyr.” Sophos said that cybercriminals may find Macs to be targets because OS X users are less likely to be running an anti-virus software, however Macs can get viruses and the right software can keep a user’s computer safe. A second pie chart follows below. More →
Security firm Trusteer warned this week of a trojan that is capable of stealing an individual’s credit card information from hotels. The firm’s intelligence team discovered the remote access trojan being sold on underground forums for $280. The malware is designed to capture screenshots from point-of-sale applications that access credit card numbers and expiration dates. These systems are located on front-desk computers at hotels, and they are often unmanaged and do not contain anti-virus protections software that would stop a trojan of this type. The malware’s creators also include instructions on how to use VoIP-based social engineering to trick front-desk clerks into installing the trojan. More →
Apple on Friday issued a second software update to address a security flaw on its OS X operating system that has allowed a massive botnet to form. The update, “Java for OS X 2012-002,” is only available for desktop and laptop PCs running OS X Lion 10.7; Apple issued a similar update last week for both Lion and Snow Leopard, and the exploit was seemingly addressed properly the first time on the Snow Leopard OS. Russian anti-virus experts revealed earlier this week that the “Flashback” trojan virus had utilized a Java vulnerability to infect more than 600,000 Mac computers worldwide. The trojan is capable of intercepting sensitive data such as passwords and other personal information, and transmitting the data back to a host. A separate firm later published instructions detailing how to detect and remove the virus, and Apple’s new update should be the last step in protecting its systems from further attacks. Apple had not yet published details surrounding the new update on its website at the time of this writing. More →
The idea that Macs don’t get viruses is now officially a thing of the past. Of course Mac malware has been around for years, but now a massive botnet has been discovered that takes this relatively small issue and makes it a widespread problem. While hackers indeed target Windows PCs far more frequently, a trojan horse virus discovered earlier this year has reportedly now been found to affect more that half a million Mac computers worldwide. Russian anti-virus vendor Dr. Web has discovered that malware called “BackDoor.Flashback.39″ is currently present on at least 600,000 Macs. The trojan has the capability to use a java vulnerability to intercept passwords and other private data, and then transmit the information back to the person or group that deployed it. Apple has since patched the vulnerability, but security experts at F-Secure have published a simple guide to help Mac users determine whether or not they are infected, and then remove any malicious files from their computers that are tied to the Flashback trojan. A link to F-Secure’s guide can be found below. More →
Hacker group “Anonymous Operations” has confirmed that the custom Linux-based operating system released under its name earlier this week is not a platform it developed. “The Anon OS is fake,” the group posted on Twitter Wednesday evening. “It is wrapped in trojans.” The desktop operating system was released earlier this week by individuals claiming ties with Anonymous. It is based on popular Linux distribution Ubuntu, and it ships with a number of hacking tools pre-installed. According to Anonymous, it also ships with a variety of malware. The team behind Anonymous-OS responded to the group’s claims, denying that its platform contains any malicious software. “The #anonops on their twitter account say ‘That Anonymous-OS is wrapped in trojans,’ ” the group wrote on its Tumblr blog. “Please people… in our world, in Linux and opensource world, there is not virus. If any user believe that Anonymous-OS ‘is wrapped in trojans’ or ‘backdoored OS by any Law enforcement Company or Hacker’ please don’t download it! But don’t mislead the world that Linux is dangerous and has trojans!” Anonymous-OS has been downloaded more than 25,000 times.
Google announced on Thursday that the company has begun to take a more active approach to keeping malware out of the Android Market. The search giant is using a new service called “Bouncer” to search through the Market for potential malware. Bouncer will scan new applications, ones already in the Market, and developer accounts for known malware, spyware, trojans and misbehaving apps. The service has been running for some time and between the first and second halves of 2011, the company reports a 40% decrease in the number of potentially-malicious downloads from the Android Market. The drop comes as security companies have been reporting that instances of malicious applications are on the rise. Google also said Android is designed to prevent malware from doing any critical damage. “In addition to using new services to help prevent malware, we designed Android from the beginning to make mobile malware less disruptive,” the company wrote on its blog. “In the PC model, malware has more potential to misuse your information. We learned from this approach, designing Android for Internet-connected devices.” More →
Twitter finally appears to be preparing a new wave of attacks on the malicious spammers that have overrun the popular social network during the past year. Web security firm Dasient on Monday announced that it has been acquired by Twitter. ”Since its inception, Dasient has been focused on solving web-scale security problems involving malware and other types of online abuse,” the firm noted in a blog post. “In 2009, Dasient launched its web anti-malware platform, capable of scanning URLs and websites for the presence of harmful content. In 2010, Dasient launched the industry’s first anti-malvertising service to protect ad networks and publishers from the scourge of malicious ads. Over the last year, we have been very active in securing the ads and content of the some of the industry’s largest ad networks and web sites.” The firm is seen as playing a large role in securing new self-service advertising efforts Twitter is preparing to roll out in the near future. A secondary benefit to end users, however, is that the link-spam currently plaguing members of the social network may be quelled as part of Twitter’s efforts with Dasient technology. More →
Apple sold 925 iPhone 4S handsets each minute during the device’s debut weekend, and it sells 81 iPads every 60 seconds on average. Research In Motion sells 103 BlackBerry phones, Amazon sells 18 Kindle Fire tablets and Microsoft sells 11 Xbox 360 consoles every minute. More than 700 computers are purchased around the world every 60 seconds, and 232 of them are infected by malware. That malware stat seems surprisingly low, however, when you consider that 2 million people watch online porn every minute. Read on for more. More →
Microsoft’s senior director of Windows Phone communications Bill Cox said Thursday that more than 3,200 people replied to Microsoft’s request for stories about malware-infected Android smartphones. Microsoft had asked Android users to send in their malware horror stories and said it would provide free Windows Phone devices to those with the best tales. It isn’t clear if the number of responses actually represents Android users with malware troubles, or if the number of submissions was padded by people looking to get lucky and score a free phone. It’s no secret there are a number of malicious Android applications in the market; mobile security firm Lookout Mobile Security recently reported that more than $1 million was stolen from Android users in 2011 through the use of malicious apps. Still, Windows Phone isn’t exactly a post child for security, either. A flaw was recently discovered that allows a simple text message sent to a Windows Phone to render its messaging hub completely useless. More →
The Carrier IQ scandal has shifted attention from malicious mobile threats to carrier-sourced spyware over the past month, but a new report suggests the threat of more serious mobile malware continues to intensify. More than $1 million was stolen from Android smartphones alone in 2011 according to Lookout Mobile Security, which pulled data from more than a million apps and 15 million handsets around the world to compile its 2012 Mobile Threat Predictions report. The likelihood of an Android user encountering malware grew from 1% to 4% in 2011, and Lookout expects the trend to continue in 2012. Read on for more. More →
Investment in mobile security will increase 44% annually through 2015 according to a recent research report from Canalys. Reportedly, just 4% of smartphones shipped last year were sold with security software pre-installed. Canalys suggests that, by 2015, more than 20% of all smartphones and tablets will run some form of security software and mobile security will be a $3 billion market. The research firm attributes the growth to an increase in pressure from enterprise customers, and it expects the usage of client security products such as antivirus software, VPN encryption and firewalls will grow an average of 54.6% annually to 2015. “Enterprises must adopt a holistic view of mobile security, as there is no single solution that provides complete protection,” research analyst Nushin Hernandez said. “A more robust approach, even compared to that used to protect typical notebooks and desktops, is needed.” Read on for the full press release from Canalys. More →
A new report recently issued by the security firm McAfee suggests that the number of malware applications targeting Android devices jumped 76% during the second quarter of this year, making Android the “most attacked” mobile operating system. “This year we’ve seen record-breaking numbers of malware, especially on mobile devices, where the uptick is in direct correlation to popularity,” senior vice president of McAfee labs Vincent Weafer said. Android users typically install the malware accidentally and assume the app is from a safe and legitimate developer. The most prevalent malware-infected modified applications were:
- Android/Jmsonez.A - a calendar app that sends SMS texts to a premium rate number.
- Android/Smsmecap.A – a fake comedy app that sends SMS texts to everyone in the user’s address book.
- Android/DroidKungFu – malware that is capable of installing its own software and updates.
- Android/DrdDreamLite – capable of sending data back to the attacker.
McAfee also noted a number of popular Android Trojans that have been making their way through devices. In addition, the company released compelling figures for how much a hacker can sell stolen email addresses for. In the United States, for example, 10,000,000 addresses can be sold to spammers for roughly $300. Read on for McAffee’s full press release, which includes several data points for PCs, too. More →