spyware
Latest
FBI turning to private sector to hack phones, exploit unknown security holes
Thanks to the NSA PRISM revelations we've all lost our innocence about government cyber-spying, but how far down that rabbit-hole has law-enforcement gone? Revelations from the Def Con hacking conference in Las Vegas show that such tactics are old hat for another US anti-crime department: the FBI. For instance, one ex-official said that the bureau's analysts (shown above) can routinely turn on the microphones in laptops and Android devices to record conversations without a person's knowledge. On top of such in-house expertise, a private sector cottage industry has sprung up around cyber surveillance, marketing programs that can also hack handheld devices and PCs. One company even markets "zero day" bugging software that exploits unknown security holes -- meaning crime lords can't just patch their browsers to avoid detection. [Image credit: Wikimedia Commons]
EFF takes the fight to Carrier IQ, requests reinforcements
If we didn't love the EFF already, we'd be proposing marriage now that it's managed to reverse-engineer Carrier IQ's pernicious monitoring software. CIQ exists in phones in three parts, the app itself, a configuration file and a database -- where your keystrokes and coded "metrics" are logged before being sent to the company. Volunteer Jared Wierzbicki cracked the configuration profile and produced IQIQ, an Android app that reveals what parts of your activity are being monitored. Now the Foundation is posting an open call for people to share their data using the app in order to decipher what personal data was collected and hopefully decrypt the rest of the software. Hopefully, our thoughts can soon turn to who's gonna play the part of Trevor Eckhart in the All the Presidents Men-style biopic.
WikiLeaks' Spy Files shed light on the corporate side of government surveillance
WikiLeaks' latest batch of documents hit the web this week, providing the world with a scarily thorough breakdown of a thoroughly scary industry -- government surveillance. The organization's trove, known as the Spy Files, includes a total of 287 files on surveillance products from 160 companies, as well as secret brochures and presentations that these firms use to market their technologies to government agencies. As Ars Technica reports, many of these products are designed to get around standard privacy guards installed in consumer devices, while some even act like malware. DigiTask, for example, is a German company that produces and markets software capable of circumventing a device's SSL encryption and transmitting all instant messages, emails and recorded web activity to clients (i.e., law enforcement agencies). This "remote forensic software" also sports keystroke logging capabilities, and can capture screenshots, as well. Included among DigiTask's other products is the WifiCatcher -- a portable device capable of culling data from users linked up to a public WiFi network. US-based SS8, Italy's Hacking Team and France's Vupen produce similar Trojan-like malware capable of documenting a phone or computer's "every use, movement, and even the sights and sounds of the room it is in," according to the publication. Speaking at City University in London yesterday, WikiLeaks founder Julian Assange said his organization decided to unleash the Spy Files as "a mass attack on the mass surveillance industry," adding that the technologies described could easily transform participating governments into a "totalitarian surveillance state." The documents, released on the heels of the Wall Street Journal's corroborative "Surveillance Catalog" report, were published alongside a preface from WikiLeaks, justifying its imperative to excavate such an "unregulated" industry. "Intelligence agencies, military forces, and police authorities are able to silently, and on mass, and [sic] secretly intercept calls and take over computers without the help or knowledge of the telecommunication providers," wrote Wikileaks in its report. "In the last ten years systems for indiscriminate, mass surveillance have become the norm." The organization says this initial document dump is only the first in a larger series of related files, scheduled for future release. You can comb through them for yourself, at the source link below.
Samsung reportedly installing keylogger software on laptops (update: it's a false-positive)
We'll start by saying that we've reached out to Samsung for a response here, but as of now, no reply has been given -- neither a confirmation nor a refusal of truth. Why bother mentioning that? If this here story proves true, Sammy could have a serious problem on its hands -- a problem that'll definitely start with a rash of negative PR, and a quandary that could very well end the outfit up in the courtroom. According to a report by Mohamed Hassan over at Network World, Samsung allegedly took the initiative to install a keylogger into his recently purchased R525 and R540 laptops. The app was noticed right away after a security scan on both systems, with StarLogger popping up with the c:\windows\SL directory. Where things really get strange is on the support line; reportedly, a supervisor informed Mr. Hassan (after an earlier denial) that the company did indeed install the software at the factory in order to "monitor the performance of the machine and to find out how it is being used." Unfortunately, it's difficult to say if this is a widespread issue, or if the tale is entirely correct, but we get the feeling that Samsung will have little choice but to respond in some form or fashion here shortly. Naturally, we'll keep you abreast of the situation -- meanwhile, you may want to reconsider that hate-filled comment you're about to bang out on your Samsung laptop, and instead, feast your eyes on the video just past the break. Update: Kudos to Samsung for hitting this head-on. An hour after we inquired for comment, a company spokesperson tossed over this official quote: "Samsung takes Mr. Hassan's claims very seriously. After learning of the original post this morning on NetworkWorld.com, we launched an internal investigation into this issue. We will provide further information as soon as it is available." Update 2: Samsung's official Korean language blog, Samsung Tomorrow, has a posted an update calling the findings false. According to Samsung, the confusion arose when the VIPRE security software mistakenly identified Microsoft's Slovene language folder ("SL") as Starlogger, which Sammy was able to recreate from an empty c:\windows\SL folder (see image above). So yeah, move along, it's much ado about nothing -- the R525 and R540 laptops are perfectly safe. Update 3: Even GFI Software has stepped up and confirmed the good news; furthermore, it'll be changing the way it structures things so as not to set off any more false-positives.
Visualized: preconceived notions about personal computer security
See that chart up there? That's a beautiful visualization of a dozen folk models surrounding the idea of home computer security, devised by Michigan State's own Rick Wash. To construct it (as well pen the textual explanations to back it), he interviewed a number of computer users with varying levels of sophistication, with the goal being to find out how normal Earthlings interpreted potential threats to their PC. His findings? A vast amount of home PCs are frequently insecure because "they are administered by untrained, unskilled users." He also found that PCs remain largely at risk despite a blossoming network of preventative software and advice, and almost certainly received an A for his efforts. Hit the source link for more, but only after you've spiffed up, thrown on a pair of spectacles and kicked one foot up on the coffee table that sits in front of you.
New trojan MusMinim-A written for Mac OS X
On Saturday, information security firm Sophos reported a new "backdoor Trojan" designed to allow remote operations and password "phishing" on systems running Mac OS X. The author of the Trojan refers to his or her work as "BlackHole RAT" and claims the malware is still in beta. Indeed, Sophos, who re-named the threat "OSX/MusMinim-A," says the current code is a very basic variation of darkComet, a well-known Remote Access Trojan (RAT) for Microsoft Windows. The source code for darkComet is freely available online. The biggest threat from MusMinim appears to be its ability to display fake prompts to enter the system's administrative password. This allows the malware to collect sensitive user and password data for later use. The Trojan also allows hackers to run shell commands, send URLs to the client to open a website, and force the Mac to shut down, restart or go to sleep arbitrarily. Other "symptoms" include mysterious text files on the user's desktop and full screen alerts that force the user to reboot. Additionally, the malware threatens to grow stronger. "Im a very new Virus, under Development, so there will be much more functions when im finished," the author of the Trojan claims via its user interface. Sophos believes the new malware indicates more hackers are taking notice of the increasingly popular Mac platform. "[MusMinim] could be indicative of more underground programmers taking note of Apple's increasing market share," says Sophos on its blog. Another line from the malware's user interface supports the idea that hackers' interest in Mac OS X is growing. "I know, most people think Macs can't be infected, but look, you ARE Infected!" In an apparent response to the increase in malware threats on the Mac, Apple is reportedly working with prominent information security analysts like Charlie Miller and Dino Dai Zovi to strengthen the overall security of Mac OS X Lion, the company's forthcoming major update to its desktop operating system. It's the first time Apple has openly invited researchers to scrutinize its software while still under development. Mac OS X Lion is scheduled to be released this summer. In the meantime, Sophos tells Mac users to be cautious when installing software from less trustworthy sources. "Trojans like this are frequently distributed through pirated software downloads, torrent sites, or anywhere you may download an application expecting to need to install it," they say. Also, "patching is an important part of protection on all platforms" to prevent hackers from exploiting security vulnerabilities in web browsers, plug-ins and other applications. [via AppleInsider]
The Road to Mordor: Hacked!
"My kinship had just finished an instance run about a week-and-a-half ago and was in the process of reloading back into the world when I got the message that I was being disconnected because I had just logged into the Brandywine server. Huh? Suspecting the worst, I immediately hit up the Turbine Account page and changed my password then re-logged back into the game, which would boot the hacker offline just like I had been booted minutes earlier. "I was lucky and did that before the hacker had time to switch servers to where my active characters are. Other kinmates have not been so lucky." So goes the frightening tale of Pumping Irony's Scott, who shares this in the hopes that others may avoid a similar scare. Unfortunately, it seems as though stories such as these are becoming more and more common in Lord of the Rings Online, where the worst threat to your quest may not be the eye of Sauron but the malicious intent of hackers gutting your account while you're offline. Today we're going to step off the path for a temporary side trail into the gloomy undergrowth of account security and an MMO under siege.
BBC crafts malicious smartphone app to prove a point... we guess
You may surmise that Auntie Beeb is only good for news distribution from across the pond, but as it turns out, the BBC is apparently giving at least a few of its employees a little of that oh-so-coveted "20 percent time." In an effort to prove just how easy it is to create a smartphone application that can gank all sorts of personal information, a staffer at the organization spent just a few weeks learning enough code to create a "crude game." In play, the app would gather contact information, copy text messages and log the phone's current location; afterwards, it would shoot all of that information to a specified email address, but not before putting a serious hurting on the battery. All told, the spyware took up around 250 lines of the 1,500 making up the whole program, and thankfully for us all, the BBC decided against submitting the program into any app stores. Phew. So, the point? It's pretty easy to craft an ill-willed app, so as with anything in life, download with care -- and keep an eye on atypical battery drain, eh?
Judge throws out Microsoft WGA spyware case
Windows Genuine Advantage software might be many things (annoying and by no means error-free, to name but two) but it ain't spyware -- at least according to a judge in the District Court for the Western District of Washington, who dismissed the lawsuit that we first caught wind of back in '06. The news comes a month after the plaintiffs failed to have the suit certified as a class action, which is never a good sign -- and which bears out Microsoft's assertion that the case is "fictional" and from an "alternate universe." Zing! Both parties are being mum on the subject of any settlement that might have been reached, but if it were us we'd have at least held out for one of those world famous Windows 7 Whoppers.
Breakfast Topic: What are you doing to protect your account?
While it is certainly nothing new, it seems that you can't spit without hitting someone who has, or has had, a compromised account. These WoW account predators are getting more clever by the day, with using everything from keyloggers, sham contests, betas and security checks, to even grabbing an account and immediately attaching an authenticator to it. Now, any moderately-savvy internet user would just scoff, and say that they take all necessary precautions -- what's there to worry about? Fair enough, but what about those who, well, don't? Blizzard has said time and time again about safe-guarding your account information, yet people still jump onto those fake Cataclysm betas and fancy new mount prizes. Make something idiot-proof, and they'll build a better idiot, eh? That being said, what are you doing to protect your prized polygons? Do you have a good anti-virus installed? A malware scanner? If you don't have an authenticator, how come? It's only about the price of a grande Starbucks drink, and will provide a longer-lasting effect of happiness and joy to your life. Discuss amongst yourselves!
Microsoft Security Essentials anti-virus software is now live and free
In a move that's sure to please a few million Windows users and break the hearts of a handful of anti-virus companies, Microsoft has now finally made the non-beta version of its Security Essentials software available to the general public, and it's not even asking that you throw a launch party to get it for free. For those not in on the beta or following Microsoft's exciting forays into freeware, the software promises to cover all the security basics and fend off viruses, spyware and other malicious software, and Microsoft even assures us that it'll "run quietly in the background" and only intrude on your life when an action is required. You'll also, of course, get free updates on a regular basis, and it'll work just fine whether you use Windows XP, Vista or Windows 7 -- hit up the link below to grab a copy.[Thanks to everyone who sent this in]
Etisalat BlackBerry update was indeed spyware, RIM provides a solution
Um, yikes? An unexpected (and unwanted) surprise struck some 145,000 BlackBerry users in the UAE this time last week, when an official looking prompt coerced many of the aforesaid Etisalat customers to follow through with a software update. Rather than bringing about performance enhancements, the SS8-built app enabled the carrier to keep tabs on customers' messages. According to RIM: "Etisalat appears to have distributed a telecommunications surveillance application... independent sources have concluded that it is possible that the installed software could then enable unauthorized access to private or confidential information stored on the user's smartphone. Independent sources have concluded that the Etisalat update is not designed to improve performance of your BlackBerry Handheld, but rather to send received messages back to a central server." Like we said, yikes. The zaniest part is that Etisalat isn't backing down, still assuring the world that the upgrades were "required for service enhancements." At any rate, RIM has made remarkably clear that the update wasn't one authorized by the company, and it's even providing an app remover for those who'd prefer their BlackBerry to be in working order and, you know, not forwarding all their email to some dude in an Etisalat supply closet. Good on you, RIM. Bad on you, Etisalat.[Thanks, Gerald]Read - Confirmation of spywareRead - RIM app remover
BlackBerry update in UAE reportedly surveillance software in disguise
There's not much in the way of official statements on this one just yet, but itp.net is reporting that a recently pushed out update for all BlackBerry users on the UAE-based carrier Etisalat is not a "performance enhancement patch" as advertised, but rather some spyware that could potentially give Etisalat the ability to keep an eye on its customers' messages. The first suspicions about the update apparently arose when users noticed dramatically reduced battery life and slower than usual performance from their phones, which led to a bit of detective work from programmer Nigel Gourlay, who pegged the software down as coming from electronic surveillance company SS8. While it's not switched on by default, the software can reportedly let Etisalat flip the switch on phones one by one and monitor their emails and text messages -- or it could if it hadn't completely bogged down the network. Apparently, the software wasn't designed for such a large scale deployment, which resulted in the slowdown and battery drain as some 100,000 BlackBerrys constantly tried and failed to sign in to the one registration server for the software.[Via The Register]
Better safe than sorry? Trend Micro Smart Surfing for Mac
Earlier this week, PC security app vendor Trend Micro announced a new product aimed at Mac users. Smart Surfing for Mac (US$69.95 per user per year) provides antivirus, anti-spyware, anti-rootkit, and web threat protection, and also has a two-way firewall built in. This, of course, brings up the old debate for Mac users. On the one hand, our 10% of the personal computing market is virtually free of the virus and malware attacks that plague the Windows world. On the other hand, should you be concerned enough to consider purchasing protection that might be overkill?Some of the features of Smart Surfing for Mac could be very useful for users who might otherwise be in danger of certain nefarious schemes. For example, it blocks visits to dangerous websites and has anti-phishing capabilities. While I know enough to check the real URL of links in emails by simply hovering my cursor above them, there are a frightening number of people who don't do this and who are at real risk of phishing scams. Parents might like Smart Surfing for Mac for their kids, as it restricts access by content categories, controls IM access, and also lets you block certain websites.Are products like Smart Surfing for Mac expensive overkill, or are they cheap insurance against the remote chance of actually getting hit with a Mac virus, malware, or a scam? Let's hear your opinion in the comments section!
'MacGuard' double-plus ungood, avoid
The fine folks at Intego sent out a warning this morning about MacGuard, a bogus piece of software that claims to clean up your system and remove adware, spyware, and trojans. It doesn't. According to the warning, MacGuard is simply a clone of a Windows app called WiniGuard. The company releasing the software, Innovagest 2000 SL, may be using the credit card numbers they harvest during the purchase process for "nefarious purposes." WiniGuard "hijacks the user's desktop and typically displays exaggerated or false claims of spyware found to frighten the user into paying for the program," according to Sunbelt Malware Research Labs. While our fine readers wouldn't get suckered into such a scheme, parents, grandparents, aunts and uncles might not be so educated. If you know someone with a Mac who might fall for this, do them a favor and forward them this warning. The MacGuard website is at macguard.net.
McAfee report reveals the most dangerous web domains
In an era where clicking on the wrong link while browsing the web could mean your account will get hacked, and one of your guild members clicking on the wrong link means your guild bank could get emptied as well, it's always good to protect yourself and keep abreast of web security issues. In that vein, it's worth checking out a new report released by McAfee called Mapping the Mal Web Report Revisited. It tested 9.9 Million websites in 265 domains to find out which ones had a higher risk of exposing visitors to malware, spam, and malicious attacks via a red, yellow, and green system.
Azeroth Security Advisor: WoW is watching you, part 2
Every week, computer security expert Jon Eldridge is your Azeroth Security Advisor. He will delve into the darkest reaches of computer security rumor and bring the facts back home even if they're wriggling at the end of a pike. His goal is to provide useful information to gamers who don't think about security much and flame fodder for those self appointed experts who need to rationalize the cost of their expensive certifications. Like any good security force he's a mercenary at heart and is happy to take subject requests from the user community that he serves. So feel free to leave a comment below or just sit back and enjoy the show. Welcome back to the Azeroth Security Advisor. Last week I discussed two of the three ways Blizzard keeps an eye on your computer. This week I'll cover the controversial Warden program whose discovery in Oct 2005 by Greg Hoglund caused a great deal of outrage and confusion not unlike accidentally joining a pickup group full of rogues. Reactions have been so strong that some trolls dwelling in their parents basements are still alternately posting "OMFG BLIZ HACKZ CALL COPS!!!" or "U SIGNED EULA SO STFU N00B!!!!!" depending on which of their medications are kicking in at the time. Most people forgot to care one way or the other within a few weeks and went back to life as usual. Lucky for Blizzard apathy is the universal solvent for organized resistance otherwise they might be facing a class action lawsuit by now. The Warden's core mission is to continuously audit your PC for suspicious activity while you play. First it reads all the DLL's loaded into the WoW process space, which is a perfectly legitimate activity any way you slice it. After that, the Warden ditches its friendly park ranger hat for a ski mask and takes a look around the rest of your PC. It reads the text in the title bar of every window you have open including that really embarrassing Furry fan site you don't want your friends to know about. Yes Nekudotayim, Bliz knows about your pr0nz.! The Warden then creates a hash code (think fingerprint) of each window title and compares the results to a list of "banning hashes" for potential matches and subsequent divine retribution.
Azeroth Security Advisor: WoW is watching you, part 1
Every week, computer security expert Jon Eldridge is your Azeroth Security Advisor. He will delve into the darkest reaches of computer security rumor and bring the facts back home even if they're wriggling at the end of a pike. His goal is to provide useful information to gamers who don't think about security much and flame fodder for those self appointed experts who need to rationalize the cost of their expensive certifications. Like any good security force he's a mercenary at heart and is happy to take subject requests from the user community that he serves. So feel free to leave a comment below or just sit back and enjoy the show. If you play World of Warcraft you agreed to the Terms of Use Agreement and End User License Agreement even if you don't know it. If you're like most gamers you "agreed" with all the forethought and consideration of a lab rat agreeing to run a maze in exchange for a yummy pellet of rat chow. Scurry, scurry, click, click... yum! Let's face it, when you're just two clicks away from playing the hottest MMORPG on the planet those screens usually go by just as fast as they appear. But what else besides deep fat fried MMO goodness is contained within the WoW client you're running? One of things you agreed to while merrily clearing those pesky EULA and Terms of Use screens after every patch is that Blizzard "MAY" monitor your PC's RAM and CPU processes for "unauthorized" 3rd party programs that by Blizzard's "sole determination" may or may not be deemed naughty. Naughty in this case includes but is not limited to teleporting, data mining, exploiting bugs, facilitating bots and generally doing an end run around the game mechanics for fun and profit. In reality the WoW.exe DOES monitor your system, silently, thoroughly, and every 15 seconds.
Your kids, Green.com and Spyware
Is it okay to just be a little cynical when a marketing company such as InterActiveCorp (IAC) announces a new virtual world where kids can learn how to help the environment and "do good deeds in fun ways"? Especially when the current site at that address sells coupon books? No? Not okay? Well, it's possible that this could be the one kid-oriented site that doesn't try to sell children things under the guise of education... but the odds are against it. IAC, owners of such sites as Match.com, Ask.com, LendingTree and Ticketmaster, also announced Zwinktopia, a site where kids can earn (or buy) Zbucks to customize and equip their avatars -- Zwinkies -- which they may take offsite and share with friends or place on their MySpace pages. In the future, children will come home from school, sit at their computers, and actively seek out marketing so that they can earn the Neopoints, Zbucks, KidCash, Popularity Pennies and whatever else they feel they need to farm to have all the latest avatars and accessories. When children raised on virtual worlds graduate to MMOs, will they even notice the grind or understand the objections to RMT?An additional warning to parents eager to let their children enjoy the pleasures of Zwinktopia -- the toolbar you must install in your browser is known to install a lot of adware and spyware on your computer. Here's the explanation from their site: "Bonus: Also includes Smiley Central™, Cursor Mania™, Popular Screensavers™, the MyWebSearch® search box and Search Assistant - relevant search results in response to incorrectly formatted browser address requests." Install at your own risk (the links under each add-on lead to a page where the risks of each are discussed. Suffice it to say that once you install the toolbar, everything you do on your computer will be watched and reported upon.)
Malwarez project grows virtual 3D organisms from vicious code
Ever had an urge to really get a visual on what masterfully written predatory code would look like if allowed to grow into a 3D organism? Okay, so maybe that hasn't been on the forefront of your mind recently, but there's no denying that Alex Dragulescu's Malwarez project is quite the source of eye candy. According to its maker, the aforementioned initiative is a "series of visualization of worms, viruses, trojans and spyware code," and their "frequency, density and grouping are mapped to the inputs of an algorithm that grows a virtual 3D entity." Who knew viruses could look so dreamy?[Thanks, Danger Mouse]
