NEWS - August 24, 2012

Symantec Security Response Blog:

When it comes to targeting the sexes, generally malware has targeted men by enticing them to view videos or pictures of sexual content—Android malware is no different. For instance, Android.Oneclickfraud attempts to coerce a user into paying for a pornographic service and certain Android.Opfake variants are designed to allow users to view adult videos, but secretly send SMS texts to premium-rate numbers in the background. Recently, however, Symantec discovered Android.Loozfon, a rare example of malware that targets female Android users.

A group of scammers is attempting to lure female Android users in Japan into downloading an app by sending emails stating how the recipient can easily make some money. The email includes a link to a site that appears to be designed to assist women to make money simply by sending emails. When a certain link on the site is clicked, Android.Loozfon is downloaded onto the device. Other links direct the user to a dating service site that likely attempts to charge money to use the service, which supposedly helps women meet rich men. [Screenshot]

If this trick does not work, the criminal group has another trick up its sleeve. It also sends spam that states that the sender of the email can introduce the recipient to wealthy men. When the link included in the body of the email is clicked, the malware is automatically downloaded onto the device.

Continued : http://www.symantec.com/connect/blogs/loozfon-malware-targets-female-android-users

For most of the recorded history of malware, viruses, Trojans and other malicious software have been specialists. Each piece of malware typically targeted one platform, be it Windows, OS X or now, one of the mobile platforms. But the last few months have seen the rise of cross-platform malware that have the ability to infect several different kinds of machines with small variations to their code.

Attackers, like people in other walks of life, tend to specialize. They find something that they're good at, say, writing Windows rootkits or creating OS X Trojans, and they often will stick with that. There's not much reason to branch out if they're having success with something already. For a long time, most malware was written for Windows, because that's where most of the users are. Going after OS X or Linux didn't make a lot of sense.

But that's begun to change lately. One recent example is the Crisis Trojan, which has the ability to infect both Windows and Mac OS X machines. The first version of Crisis that researchers discovered targeted various versions of OS X, and it was a typical data-stealing Trojan, listening in on email and instant messenger communications. The interesting thing about Crisis is not only that there are versions for multiple platforms, but also that the installer for the malware, which masquerades as an Adobe Flash installer, checks to see what operating system it's on and then installs the appropriate version.

Continued : https://threatpost.com/en_us/blogs/rise-cross-platform-malware-082412

"Security pros discuss the most prolific and complex mobile malware threats to appear so far in 2012"

While the amount of malicious software focused on the growing number of mobile devices on the market remains a drop in the bucket next to the amount targeting PCs, attackers are steadily turning the devices in consumers' pockets into targets.

So far this year, several pieces of malware have popped onto the radar and underscored the growing sophistication of cybercriminals targeting mobile devices. After fielding feedback from security pros, here in no particular order is Dark Reading's list of the five most dangerous, sophisticated, and prolific pieces of mobile malware that have appeared thus far in 2012.

1. FakeInst SMS Trojan and its variants
"FakeInst disguises itself as popular apps like Instagram, Opera Browser, [and] Skype, and sends SMS messages to premium-rate numbers," says Jerry Yang, vice president engineering at mobile security firm TrustGo.

"It is selected because it has been widely infected. There are many variants in the FakeInst family, such as RuWapFraud, Depositmobi, Opfake, and JiFake," Yang says. "Sixty percent of total Android malware we found belong to the FakeInst family. Geographically, it mainly exists in Russia. There are also samples found from all over the world."

Continued : http://www.darkreading.com/mobile-security/167901113/security/news/240006056/top-5-deadliest-mobile-malware-threats-of-2012.html

A few days ago Symantec researchers revealed that the Crisis malware is not limited to attacking Mac machines, but has the ability to infect devices running Windows and Windows Mobile, as well as VMware virtual machines.

Unlike the majority of other malware that terminates itself when it detects a VMware virtual machine image on the compromised computer in order to avoid being analyzed, this one mounts the image and then copies itself onto the image by using a VMware Player tool.

The news troubled users of VMware products, but according to Warren Wu, director of datacenter products at Trend Micro, there's very little to worry about.

First things first, the malware has been detected in the wild on less than 100 machines in total, i.e. the rate of infection is extremely limited.

Continued : http://www.net-security.org/malware_news.php?id=2241

Considering the availability of browser-based password management and auto-fill systems and the intuition that you should never put all your eggs in one basket, do the three major browsers offer robust enough security features to justify trusting them with your passwords and, in some cases, credit card information?

Both Google Chrome and Mozilla Firefox's latest iterations store viewable lists of all stored passwords. By default, anyone signed into your Windows account will be able to view passwords or other auto-fill data stored on Firefox and Google's operating systems, according to Eric Geier in PC World. If you are going to use browser-based password storage, Firefox is the most secure option due in large part to a built in master password feature, Geier said. The feature is not enabled by default, but once it's turned on, it encrypts any passwords stored on Firefox and makes it so those signed into your Windows account will need a password to view saved passwords in the Firefox settings.

Furthermore, and perhaps even more securely, if the master password setting is enabled, users will be required to provide that password the first time they use a saved password each browsing session.

Continued : https://threatpost.com/en_us/blogs/which-browser-offers-most-secure-password-storage-082412

From the Webroot Threat Blog:

Last week Adobe announced that they would no longer be supporting Flash for Android. Adobe will be removing Flash from the Android Marketplace and users should be wary of fake Flash apps for their Android Devices. Now to be fair to Adobe, they are not taking flash away from the Android platform but are focusing on the Adobe AIR cross platform runtime environment http://www.adobe.com/products/air.html. The reason Adobe is switching to AIR is to allow app developers to write one program for use on iOS and Android devices.

Let's look at some of the fake Flash apps for Android that we have seen and what they do. This is just a small sampling; there are too many to highlight them all.

This first app we'll look at is one of hundreds of premium SMS Trojans being distributed on third party markets that are fake installers for legitimate applications. What they really do is charge for what may or may not be a download of an already free app. The scam works when the user agrees to their 'Terms' and the app will send out three SMS messages containing SMS short codes that come with a fee. These messages go to a premium service setup by the malware author and will appear as charges on you phone bill. The charges vary depending on the user's location but range around $8-12.

This has appeared many times as Flash Player 11, Flash Payer 10, FlashPlayer, etc. Webroot detects them as Android.FakeInst and has been tracking these type of fake installer for over a year; here, here and here.

[Screenshot] - [Screenshot]

Continued : http://blog.webroot.com/2012/08/23/beware-of-fake-adobe-flash-apps/

he psychology and economics behind the so-called Nigerian advanced fee fraud scams have been recently been explained by Microsoft researcher Cormac Herley in great detail (pdf), and it all boils down to this: the scammers are interested in separating the most gullible users from those who are not very early in the game, in order to avoid spending their time on people who will ultimately see through the bogus emails.

By the same token, people who have fallen for one of these scams are likely gullible enough to fall for them again, and this is what the individuals behind the latest Nigerian scam are betting on: [Screenshot]

GFI's Chris Boyd points out that similar emails pop up from time to time, which means that they are still worth the scammers' while, so he advises users to be on their guard and to warn relatives and friends who belong to the "gullible" type about it.

http://www.net-security.org/secworld.php?id=13476