Are pornographic images invading your Facebook news feed? We have yet to see it here at BGR, but ZDNET recently reported that “gory, violent pictures” and “hardcore pornography” are spreading across the social network. Facebook says it is getting to the bottom of the problem, but hasn’t yet revealed a solution or how the fiasco started. “Protecting the people who use Facebook from spam and malicious content is a top priority for us and we are always working to improve our systems to isolate and remove material that violates our terms,” Facebook spokesperson Andrew Noyes said. “We have recently experienced an increase in reports and we are investigating and addressing the issue.” It is unclear who is behind the attack. As The Washington Post points out, the flood could be a trick played by the now infamous hacker group Anonymous, in celebration of Guy Fawkes Day, which occurred on November 5th, but the group typically stakes its claim on major attacks. The images, which are apparently spreading like a wild fire, could also be the result of unsuspecting users having been tricked into clicking malicious links. Updated with statement from Facebook. More →
A new report recently issued by the security firm McAfee suggests that the number of malware applications targeting Android devices jumped 76% during the second quarter of this year, making Android the “most attacked” mobile operating system. “This year we’ve seen record-breaking numbers of malware, especially on mobile devices, where the uptick is in direct correlation to popularity,” senior vice president of McAfee labs Vincent Weafer said. Android users typically install the malware accidentally and assume the app is from a safe and legitimate developer. The most prevalent malware-infected modified applications were:
- Android/Jmsonez.A – a calendar app that sends SMS texts to a premium rate number.
- Android/Smsmecap.A – a fake comedy app that sends SMS texts to everyone in the user’s address book.
- Android/DroidKungFu – malware that is capable of installing its own software and updates.
- Android/DrdDreamLite – capable of sending data back to the attacker.
McAfee also noted a number of popular Android Trojans that have been making their way through devices. In addition, the company released compelling figures for how much a hacker can sell stolen email addresses for. In the United States, for example, 10,000,000 addresses can be sold to spammers for roughly $300. Read on for McAffee’s full press release, which includes several data points for PCs, too. More →
AT&T announced on Thursday that it has teamed up with Juniper Networks to offer improved mobile security options for its customers. AT&T said that it expects the first “phase” of its security roll-out to be available to businesses, organizations and customers later this year when it launches the AT&T Mobile Security application. It can help businesses enforce security policies, manage enterprise and personal devices, and enable anti-virus protection with monitoring and control tools. In addition, the application can protect consumers from viruses and malware. “Mobile security is the ‘next frontier’ for our continued effort to mitigate cyber-threats and to help protect our customers’ information,” said Ed Amoroso, chief security officer, AT&T. Read on for the full press release. More →
Adobe has issued a security bulletin about a critical security flaw found in Adobe Flash Player affecting the Windows, Macintosh, Linux, Solaris, and Android operating systems. The vulnerability, labeled CVE-2011-0609, “could cause a crash and potentially allow an attacker to take control of the affected system.” The company reports that exploits are already in the wild — most prevalently attached to Flash (.swf) and Excel (.xls) files. Adobe notes that it is “aware” of exploits for Adobe Reader and Acrobat, but explains that “Adobe Reader X Protected Mode mitigations would prevent an exploit of this kind from executing.” The company has stated that it will issue a patch for its Flash Player sometime during the week of March 21st. Curiously, the company writes, “Because Adobe Reader X Protected Mode would prevent an exploit of this kind from executing, we are currently planning to address this issue in Adobe Reader X for Windows with the next quarterly security update for Adobe Reader, currently scheduled for June 14, 2011.” June? Wow. Now might be a good time to enable Protected Mode on Adobe’s PDF reader. More →
See also: This article’s headline.
[Via Giz] More →
The Duo seems to have been a failed experiment for battery maker Energizer in more ways than one. Sales of the USB nickle-metal battery charging station never really took off, and now, via a press release, the company has announced the monitoring software distributed with the Duo packs a fairly nasty Windows trojan. The rogue code, according to Computerworld: “listens for commands on TCP port 7777… can download and execute files, transmit files stolen from the PC, or tweak the Windows registry. The Trojan automatically executes each time the PC is turned on, and remains active, even if the Energizer charger is not connected to the machine.” Energizer released a statement saying: “Energizer is currently working with both CERT and U.S. government officials to understand how the code was inserted in the software.” More →
As deep as we are into S60 3rd Edition’s lifespan, malware was sure to rear its ugly head at some point. In fact, we are still pretty impressed that it’s taken as long as it has. While this newly-discovered worm is not the first instance of S60 malware, it certainly appears to be the most tenacious and dangerous. Dubbed “Sexy View” or SymbOS/Yxes.A!worm, the malware indeed contains a valid Symbian Signed certificate and runs the process “EConServer.exe”. It performs three known attacks: First, it seeks out certain running processes on your handset and terminates them. Then it gathers phone numbers from the handset’s contact list and transmits SMS messages to as many numbers as it can collect. The sent messages contain a URL and if an S60-toting recipient visits the address, his or her handset may become infected as well. Lastly, the worm gathers certain sensitive information about the handset such as IMEI and phone number, and posts the data to a remote server. In other words, this worm is bad news. For the time being, “Sexy View” is thought to only affect OS 9.1 devices though it may also affect OS 9.2. So, S60 users, if you find your contacts pinging you to ask why you’re sending them messages with odd URLs, it may be time to head to the clinic. Both Fortinet and F-Secure claim their mobile antivirus solutions will combat the worm but if you confirm your handset is infected, wiping it should solve your problem for free.
Mac users who think they’ve stumbled upon greatness in the form of an alleged copy of iWork ’09 on torrent sites take note – it contains a nasty trojan known as OSX.Trojan.iServices.A. First identified by Integro Security, the trojan works like so:
When installing iWork 09, the iWorkServices package is installed. The installer for the Trojan horse is launched as soon as a user begins the installation of iWork, following the installer’s request of an administrator password. This software is installed as a startup item (in /System/Library/StartupItems/iWorkServices, a location reserved normally for Apple startup items), where it has read-write-execute permissions for root. The malicious software connects to a remote server over the Internet; this means that a malicious user will be alerted that this Trojan horse is installed on different Macs, and will have the ability to connect to them and perform various actions remotely. The Trojan horse may also download additional components to an infected Mac.
It’s important to note that while this is by no means the first trojan virus outbreak that Mac users have had to deal with, it is of special interest. Unlike trojans of years past, this is the first time hackers have taken the time to concoct a malicious script to be embedded in software that a lot of people are keen to get and actively contact remote severs to cause even more damage to infected systems. If you think your system is infected, there is a simple process to cleaning your system but it does require a complete wipe unfortunately. Open Terminal and enter the following:
- sudo su (enter password)
- rm -r /System/Library/StartupItems/iWorkServices
- rm /private/tmp/.iWorkServices
- rm /usr/bin/iWorkServices
- rm -r /Library/Receipts/iWorkServices.pkg
- killall -9 iWorkServices
- Wipe, reformat and reinstall OS X from your master disc
Moral of the story: Buy your software or risk paying the price in other ways.
After a wave of attention surrounding a post on Apple’s support pages over the past few days, Cupertino has decided to pull the page from its site. The post in question encouraged “the widespread use of multiple antivirus utilities so that virus programmers have more than one application to circumvent, thus making the whole virus writing process more difficult.” As Apple’s OS X has yet to have any significant threats posed against it, the blogosphere questioned both the necessity and integrity of the recommendation, noting that two of the three recommended antivirus applications were available for sale from the Apple Store. Here we are a day or so later and Apple has removed the page from its site, stating:
We have removed the KnowledgeBase article because it was old and inaccurate. The Mac is designed with built-in technologies that provide protection against malicious software and security threats right out of the box. However, since no system can be 100 percent immune from every threat, running antivirus software may offer additional protection.
If that’s the case, then why pull the article? Is Apple now comfortable leaving its computer users vulnerable and open to an attack? Some speculate that Apple removed the note due to poor and confusing wording but if that were the case, surely the company would have merely clarified its position and recommendation rather than removing it completely. Right? Hopefully Apple will further clarify its position over the coming days as for the time being, some might say it looks like the company was looking to make a quick buck from less savvy users. After all, Apple doesn’t even require the use of antivirus software on its own in-store display units or the internal computers used by store employees.
It looks like the care free days when Mac owners could sit back and relax without having to worry about malware are indeed coming to an end – maybe. Last month we told you about two new pieces of OS X malware that had been discovered and while neither poses a significant threat in most people’s eyes, it is clearly a sign of things to come. As loyal and vocal as Mac computer users are, until recently they hardly represented a significant portion of the market. As such, those responsible for creating end user-targeted malware focused on Windows since it was the clear and overwhelming market leader. Now that Apple’s computer market share is growing however, Mac user complacency with regards to viruses might lead to some big and easy scores for malware. Apple recently posted the following technical note as a result:
Apple encourages the widespread use of multiple antivirus utilities so that virus programmers have more than one application to circumvent, thus making the whole virus writing process more difficult.
The page goes on to recommend three antivirus solutions for OS X, two of which are offered for sale in the Apple Online Store. For the time being, we still haven’t heard any reported cases of a virus actually finding its way to a Mac computer in a real life situation so the following question is posed: Has Apple just firmed up its deals with antivirus providers or are we really in store for a hail storm of Mac malware sooner than we think? In either case, at least we won’t be seeing the commercial above air again any time soon.