New malware exploits flaw in old versions of Office for Mac

By on May 4, 2012 at 7:30 PM.

New malware exploits flaw in old versions of Office for Mac

Malware exploits flaw in old versions of Office for Mac

Microsoft researchers recently discovered a piece of Mac OS X malware that exploits a three-year-old flaw in old versions of Office for Mac. The threat uses a multi-stage attack, just like a Windows virus would. While Microsoft did fix the problem in 2009, the software giant notes that not every machine is up-to-date. The company’s data indicates, however, that the malware is not widespread. “No operating system that exists outside a laboratory is entirely immune to malware,” Microsoft stated on its blog. “As different operating systems continue to gain in popularity they attract more attention from would-be attackers – especially since, as we see in the example analysis above, the techniques and understanding needed to do so may be much the same as those used against other platforms. And even though an operating system may include many risk-reducing mitigation technologies, any machine’s defenses against vulnerabilities are directly related to how current its security updates for applications are kept.” Microsoft concludes by warning users of Office 2004 for Mac, Office 2008 for Mac or Open XML File Format Converter for Mac to update their software in order to protect themselves from possible threats. More →

No Comments

Numerous websites found to contain malware specifically targeting Android devices

By on May 3, 2012 at 5:40 PM.

Numerous websites found to contain malware specifically targeting Android devices

Android malware found on numerous websites

Hacked websites are frequently used to infect PCs with malware, however the team at Lookout Mobile Security has discovered that hacked websites are specifically targeting Android-powered mobile devices for the first time. The malware, called NotCompatible, is a Trojan that poses as a system update but acts like a proxy redirect. After visiting an infected website, the Android mobile web browser will automatically begin downloading the NotCompatible malware, which is named “Update.apk.” Like any drive-by downloads, to become infected a user needs to install the downloaded application. The malware is found on a number of websites, but all have relatively low traffic. Lookout notes that the threat does not appear to cause any direct harm to an infected device, although it could potentially be used to gain illicit access to private networks by turning an infected Android device into a proxy. If an Android device has the “Unknown sources” settings disabled — thus disabling sideloading — the NotCompatible malware will be unable to install. More →

No Comments

Religious websites contain more malware than porn sites

By on May 3, 2012 at 12:40 PM.

Religious websites contain more malware than porn sites

Religious websites contain more malware than porn

People who browse religious websites are more likely to have their computers infected with a virus than those who visit pornographic websites, according to Symantec’s annual “Internet Security Threat Report.” The firm found that websites with religious or ideological themes had triple the average number of threats than those featuring adult content. “It is interesting to note that websites hosting adult/pornographic content are not in the top five, but ranked tenth,” Symantec said. “We hypothesize that this is because pornographic website owners already make money from the Internet and, as a result, have a vested interest in keeping their sites malware-free; it’s not good for repeat business.” The report was based on information gathered from more than 200 countries through the Symantec Global Intelligence Network. Symantec blocked a total of 5.5 billion attacks last year, an 81% increase from 2010. More →

No Comments

WTF is CISPA?

By on May 2, 2012 at 12:25 PM.

WTF is CISPA?

WTF is CISPA

The United States House of Representatives voted last Thursday to pass a piece of legislation called the Cyber Intelligence Sharing and Protection Act, or CISPA. The controversial bill now sits in the hands of the Senate and faces further modifications if it hopes to gain approval from the White House, which has already gone on record with a veto threat. Legions of Internet users expressed outrage when the bill was passed, and numerous protests are being staged. According to President Obama’s office, the bill would allow “broad sharing of information with governmental entities without establishing requirements for both industry and the government to minimize and protect personally identifiable information,” but what exactly is CISPA? Greg Vokes of Paralegal.net sought to make the answer as easy to digest as possible, and the result is a terrific infographic titled “WTF is CISPA?” that can be viewed below in its entirety. More →

No Comments

Skype exploit reveals users' remote and local IP addresses

By on May 1, 2012 at 10:15 PM.

Skype exploit reveals users' remote and local IP addresses

Skype exploit reveals IPs

A new security vulnerability in Skype has been discovered that allows a third-party script to reveal users’ remote and local IP addresses, according to GHacks. The script, which was uploaded to Github, allows users to lookup the IP addresses of any online Skype accounts. The code then initiates the contact addition process, but does not complete it. The log file will instead display the local and remote IP of the requested Skype user, even if the user is not added to the list of contacts. An IP address can be used to determine the location and Internet service provider of the user, and the only method of protecting against this vulnerability would be to use a virtual private network or proxy to hide the IP address. More →

No Comments

Flashback OS X malware estimated to generate creators $10,000 per day

By on May 1, 2012 at 4:40 PM.

Flashback OS X malware estimated to generate creators $10,000 per day

Flashback OS X virus generates $10K per day

The “Flashback” virus that originated on a series of WordPress blogs and went on to infected more than 600,000 Mac computers last month may have generated its creators thousands of dollars each day. According to antivirus software firm Symantec, the Flashback malware has been generating revenue for its authors by hijacking users’ ad clicks, and due to the widespread nature of the infection, the authors could have been generating up to $10,000 per day. “Flashback specifically targets search queries made on Google and, depending on the search query, may redirect users to another page of the attacker’s choosing, where they receive revenue from the click,” the firm explained, adding that Google never receives the intended ad click. Symantec notes that ad-clicking Trojans are nothing new and a botnet of 25,000 infections could generate an author up to $450 per day. More →

No Comments

U.S. House passes CISPA

By on April 26, 2012 at 7:00 PM.

U.S. House passes CISPA

The United States House of Representatives has voted to pass the controversial Cyber Intelligence Sharing and Protection Act (CISPA), talk of which has swept the Internet over the past few weeks. The House vote was moved up to Thursday night, and CISPA passed as 248 members of Congress voted for the bill and 168 voted against. The bill is sponsored by Representatives Mike Rogers (R-Michigan) and Dutch Ruppersberger (D-Maryland), and it now faces further modifications in the Senate if it is to avoid being vetoed by the White House. President Barack Obama has indicated that he intends to veto the bill if it makes it to his desk, noting that as it is written now, the legislation would allow “broad sharing of information with governmental entities without establishing requirements for both industry and the government to minimize and protect personally identifiable information.” The American Civil Liberties Union issued a statement following the vote. “Cybersecurity does not have to mean abdication of Americans’ online privacy,” said ACLU legislative counsel Michelle Richardson. “As we’ve seen repeatedly, once the government gets expansive national security authorities, there’s no going back. We encourage the Senate to let this horrible bill fade into obscurity.” More →

No Comments

Apple is 10 years behind Microsoft on security, expert says

By on April 26, 2012 at 5:35 PM.

Apple is 10 years behind Microsoft on security, expert says

Apple may be the most valuable company in the world, but when it comes to security, the Cupertino-based company doesn’t hold a candle to Microsoft. Kaspersky Lab co-founder and chief executive Eugene Kaspersky on Wednesday told CBR that Apple is a decade behind Microsoft in terms of computer security. “I think they are ten years behind Microsoft in terms of security,” Kaspersky said. “For many years I’ve been saying that from a security point of view there is no big difference between Mac and Windows. It’s always been possible to develop Mac malware, but [Flashback] was a bit different. For example it was asking questions about being installed on the system and, using vulnerabilities, it was able to get to the user mode without any alarms.” More than 600,000 Macs were infected by the Flashback trojan virus before it was discovered earlier this month and the exploit it used to infect OS X PCs was patched. “Apple will understand very soon that they have the same problems Microsoft had ten or 12 years ago,” Kaspersky said. “They will have to make changes in terms of the cycle of updates and so on and will be forced to invest more into their security audits for the software.”

More →

No Comments

Though risks are minimal, one in five Mac computers found to contain Windows malware

By on April 24, 2012 at 11:00 PM.

Though risks are minimal, one in five Mac computers found to contain Windows malware

Security firm Sophos on Tuesday indicated that a surprisingly high level of malware has been found on Mac computers — the firm’s research revealed that one in every five Mac computers is harboring some kind of Windows malware. Of the 100,000 customers sampled through Sophos’s antivirus offerings, 20% of users were found to be carrying one or more instances of Windows malware. The firm highlighted that Windows malware on a Mac won’t cause any harm, however, unless the computer also runs a Windows partition in addition to OS X. The company’s research found that just 2.7% of Macs that installed the company’s free anti-virus software were infected by OS X malware. Nearly all of the OS X malware discovered was an iteration of the “Flashback” trojan called “Flshplyr.” Sophos said that cybercriminals may find Macs to be targets because OS X users are less likely to be running an anti-virus software, however Macs can get viruses and the right software can keep a user’s computer safe. A second pie chart follows below. More →

No Comments

Malware found to steal credit card data from hotel payment systems

By on April 20, 2012 at 8:20 PM.

Malware found to steal credit card data from hotel payment systems

Security firm Trusteer warned this week of a trojan that is capable of stealing an individual’s credit card information from hotels. The firm’s intelligence team discovered the remote access trojan being sold on underground forums for $280. The malware is designed to capture screenshots from point-of-sale applications that access credit card numbers and expiration dates. These systems are located on front-desk computers at hotels, and they are often unmanaged and do not contain anti-virus protections software that would stop a trojan of this type. The malware’s creators also include instructions on how to use VoIP-based social engineering to trick front-desk clerks into installing the trojan. More →

No Comments

Second Mac trojan discovered, also exploits Java vulnerability

By on April 16, 2012 at 1:15 PM.

Second Mac trojan discovered, also exploits Java vulnerability

The “Flashback” trojan virus affecting at least 600,000 Macs was discovered last week that is capable of intercepting passwords and other private data. The discovery prompted Apple to release a Java update for OS X users that removed a number of common variants of the virus. Securelist on Saturday found another Mac trojan that is also spread through Java exploits, however. The malware, called Backdoor.OSX.SabPub, can take screenshots of a user’s current session, execute commands on an infected machine and connect to a remote website to transmit the data. It is not clear how users get infected with the trojan, but because of the low number of instances and the trojan’s backdoor functionality, Securelist speculates that it is most likely used in targeted attacks, possibly launched through emails containing a URL pointing to two one of websites hosting the exploit. More →

No Comments

BlackBerry 7 rated most secure operating system

By on April 11, 2012 at 8:15 PM.

BlackBerry 7 rated most secure operating system

Trend Micro on Wednesday named Research In Motion’s BlackBerry 7 OS as the most secure mobile operating system in a new report titled “Enterprise Readiness of Consumer Mobile Platforms.” The security firm compared four of the top mobile operating systems — Android 2.3, iOS 5, Windows Phone 7.5 and BlackBerry 7 — and found the Waterloo-based company’s platform best met the demands of enterprise users. BlackBerry 7 scored a 2.89 rating, which was based on a number of factors including built-in security, application security, authentication, device wipe, device firewall and virtualization. RIM was followed by Apple’s iOS 5 with a 1.7 rating, Microsoft’s Windows Phone 7.5 with a 1.61 rating and Google’s Android 2.3 operating system with a 1.37 rating. Researchers from Trend Micro, Altimeter Group and Bloor Research praised the Blackberry 7 operating system for its corporate grade security and manageability, while the iPhone’s lack of removable storage and Windows Phone 7.5′s for overall performance were applauded. Google’s Android platform received negative comments, however, with researchers claiming the platform’s fragmentation has proven to be a barrier for enterprises. More →

No Comments

Major Android vulnerability gives apps access to sensitive data without permission

By on April 11, 2012 at 3:15 PM.

Major Android vulnerability gives apps access to sensitive data without permission

The security of the Android mobile platform has always been a topic of debate. Due to Google’s open ecosystem and less invasive app policing policies, researchers argue that the Google Play marketplace is home to numerous malicious apps. Reports have surfaced over the past few years that claimed even applications from legitimate companies — such as Facebook, Skype and Path — were exploiting Android permissions and secretly accessing data. Paul Brodeur of Leviathan Security had a simple question: what data can an app access when it has no permissions? What he found may be shocking. More →

No Comments