malware

When good Android apps go bad -- a security lesson

Security researchers testing Google's Bouncer malware detection system for Android apps have managed to submit a benign app and then slowly update it to add malicious functionality, one of the researchers told CNET today.

Nicholas Percoco, head of Trustwave's SpiderLabs, and colleague Sean Schulte will be discussing their research during a session at Black Hat and Defcon next week in Las Vegas entitled "Adventures in Bouncerland."

After Google launched its Bouncer system to protect apps in the Google Play Android market in February, the researchers wanted to see if they could turn a good app that … Read more

Mahdi 'Messiah' malware targeted Israel, Iran PCs

A data-stealing Trojan capable of recording keystrokes, screenshots and audio and stealing text and image files has infected about 800 computers, mostly in Iran and Israel, over the last eight months, researchers said today.

The malware, dubbed "Mahdi" (also "Madi") because of references in the code to the word for the Islamic Messiah, included strings in Farsi and dates in the Persian calendar format in communications with a command-and-control server in at least one of the variants, and a server that was located in Iran for at least one campaign, according to a blog post from … Read more

Dropbox users get spammed via personal e-mail accounts

David P. was the first Dropbox user to post on the company's Web site forum titled "Email-Address leaked from Dropbox" yesterday. He wrote that he received spam from an email address he uses only for Dropbox.

"So I guess you have a security problem with your user account data," he wrote. "And this sucks a lot."

As of this writing, there are now 106 posts in the forum of people complaining of receiving e-mail spam from online casinos and gambling sites via the online file storage service. The majority of the users are … Read more

Android's Jelly Bean aims to be hard to hack

New features on Google's latest Android mobile OS -- Jelly Bean 4.1 -- beef up the system's security over all other past OS iterations. With Jelly Bean's design, Google has aimed to defend against hacks that install viruses and other malware on mobile devices using the system.

"Android has stepped its game up mitigation-wise in the new Jelly Bean release," security researcher Jon Oberheide wrote in an analysis published this week.

Oberheide notes that the central difference between Jelly Bean and other Android systems is that it incorporates Address Space Layout Randomization (ASLR), which … Read more

Intel OS X binary of latest multiplatform malware discovered

Earlier this week security company F-Secure uncovered a new Web-based malware attack that uses Java to identify and distribute platform-specific malware binaries to OS X, Windows, and Linux installations. In the company's first findings, the malware being issued for OS X was a PowerPC binary, which prevented it from running on many Macs using Snow Leopard and Lion; however, new developments have unveiled an x86 binary for the malware.

This new variant of the malware is essentially the same as the previous findings, with the exception that it will run on Lion and Snow Leopard systems without the need … Read more

Malware went undiscovered for weeks on Google Play

Security researchers have discovered malware hosted on the Google Play marketplace that went weeks undetected masquerading as games.

Android.Dropdialer, a Trojan that sends costly text messages to premium-rate phone numbers in Eastern Europe, had gone undiscovered for two weeks in the form of two game titles, Symantec researcher Irfan Asrar wrote in a blog post yesterday. The two games -- "Super Mario Bros." and "GTA 3 - Moscow city" -- were uploaded to Google Play on June 24 and generated 50,000 to 100,000 downloads, Asrar said.

"What is most interesting about this … Read more

Facebook connects users to free antivirus software

Facebook is now directing users who think their computer might be infected to sites where they can get free antivirus software.

The Malware Checkpoint for Facebook sends people either to sign up for Microsoft Security Essentials or McAfee Scan and Repair. Mac users are referred to an Apple Security Updates site.

Facebook already notifies users when the site detects a possible malware infection on an individual machine, and provides these users free antivirus software to clean up the infection. The social network has now opened up its anti-malware campaign to all users in order to them them proactively protect themselves, … Read more

New Web exploit targets multiple platforms

Researchers at F-Secure have uncovered a new exploit that attempts to install a backdoor malware program on Windows, Linux, and OS X machines. As with other malware, this uses social engineering approaches to try tricking users, but in addition it runs a check to see what operating system the user is running and then issues a malware installer for that platform.

The attack was found on a Columbian transport Web site, where once visited, a Java applet would run using a self-signed certificate. On all platforms this certificate will flag a warning that notifies the user it is not from … Read more

DNSChanger apocalypse: Like Y2K, but even snoozier

Despite the dire warnings about the Internet going dead for thousands of people today, I am happy to report that it's all business as usual. You may proceed to the cute cat videos.

After months of warnings, the FBI pulled the plug on servers that were set up to block a Trojan that was hijacking computers by changing their DNS settings to go to rogue servers and serving up ads. The government set up legitimate DNS servers so infected computers wouldn't lose their online access, but turned off that network today, potentially stranding thousands of computers from the … Read more