virus
Latest
Google Transparency Report now tracks malware and phishing sites
Google's Transparency Report has long warned us about the dangers of government overreach, but that's not the only threat online -- there's plenty of malware to go around. Accordingly, Google is expanding its report to show the volumes of virus-infected and phishing sites found through the company's Safe Browsing technology. The data includes both attacking and victim pages, and it shows how well web hosts cope with successful infections. Combined, the new information doesn't paint a pretty picture. Google spotted a total of 67,909 compromised sites just in mid-June, and it still takes over a month for most affected webmasters to scrub their servers clean. The Safe Browsing data isn't very reassuring, then, but it is a friendly reminder to be careful on the web.
Virus-based sensors find superbugs in minutes, may lead to safer surfaces
Viruses usually have to be rendered inert to work in humanity's favor, as anyone who has received a flu shot can attest. Auburn University has bucked that trend by discovering a way to put active viruses to work in not only diagnosing sickness, but in preventing it in the first place. It's using bacteria-hating (and thankfully harmless) viruses as biosensors to quickly identify superbugs, or antibiotic-resistant bacteria that can sometimes prove fatal. As the viruses change color once they've reached impervious bacterial strains, in this case variants on Staphylococcus, they can reveal superbugs within 10 to 12 minutes -- a potentially lifesaving interval when current purification-driven methods can take hours. Auburn would like to eventually use what it has learned to develop more effective antibacterial glass and similar surfaces. If successfully put into practice, either breakthrough could mitigate what's already a major medical crisis. [Image credit: Bob Blaylock, Wikipedia]
Security Researcher Brian Krebs outs the man behind the Flashback malware
In April 2012, security researchers discovered a new piece of malware targeting OS X users. The malware was dubbed "Flashback" and reportedly infected more than 600,000 Mac users, including about 200 machines on Apple's Cupertino campus. The malware was able to infect so many machines because it was cleverly masqueraded as a fake Adobe Flash installer. Once active, the malware would inject ads from pay-per-click providers into search results instead of sourcing the ads from Google. The security firm Symantec estimated that the malware had the potential to net its creators upwards of US$10,000 a day, but further analysis indicated that the actual payout was much lower. From our analysis we have seen that, for a three-week period starting in April, the botnet displayed over 10 million ads on compromised computers but only a small percentage of users who were shown ads actually clicked them, with close to 400,000 ads being clicked. These numbers earned the attackers $14,000 in these three weeks, although it is worth mentioning that earning the money is only one part of the puzzle -- actually collecting that money is another, often more difficult, job. Many PPC providers employ anti-fraud measures and affiliate-verification processes before paying. About a week after the malware was first publicized, Apple issued a software update to remove the malware from affected machines. Over the past few months, investigative reporter and former Washington Post journalist Brian Krebs did a bit of sleuthing and was able to piece together a number of clues which purport to reveal the identity of the man behind the Flashback malware. By lurking on forum threads on a Russian-language site dedicated to black-hat SEO, the art of deceptively manipulating search results for monetary gain, Krebs was eventually able to acquire some revealing information. In a private message obtained by Krebs, he found that one user with the handle "mavook" was looking to get an invitation to Darkod, a cybercrime forum. In order to prove his bonafides, mavook took responsibility for the Flashback botnet while boasting that he specializes "in finding exploits and creating bots." Krebs adds: The senior member that Mavook petitions is quite well-known in the Russian cybercrime underground, and these two individuals also are well-known to one another. In fact, in a separate exchange on the main BlackSEO forum between the senior member and a BlackSEO user named JPS, the senior member recommends Mavook as a guy who knows his stuff and can be counted on to produce reliable attack tools. Following that, Krebs took a look at mavook's profile page and saw that his personal homepage was at one point mavook.com. Krebs was then able to look at old WHOIS registration records and come up with a name -- Maxim Selikhanovich, a 30-year-old from Saransk, Russia. The full details behind Krebs' investigation are rather interesting and worth checking out in their entirety.
Plague, Inc. gets a new virus, delivered in an interesting way
Plague Inc. is one of the most popular strategy games on the App Store: It's a title with the gory premise of you controlling a plague running around the world, trying to infect as many people as possible before the rest of humanity can come up with a cure. The game's latest update is out this week, and it adds a new virus to play with called the "Necroa" virus. This virus reanimates dead people and causes them to want to attack the living -- in other words, it creates zombies, and the update comes with an extra opposition force called Z Com to mix up the strategy a little bit. But even more interesting than the new update to the game is how it's being distributed. If you can beat (or have beaten) Plague Inc. on the highest difficulty, you get the new content for free. If you can't, then you can get the content via an in-app purchase of US$1.99. I haven't seen an app do that before. Of course, a lot of apps have sold convenience items via in-app purchase, or used purchased items to let players reach goals faster, but I haven't ever seen a developer make an item available based on difficulty. We'll have to see exactly how that works for them as the update goes forward. In the meantime, the update is live right now, and you can download Plague Inc., if you haven't yet, for 99 cents.
Kaspersky Labs preps its own OS to guard vital industry against cyberwarfare
Kaspersky Labs' namesake Eugene Kaspersky is worried that widely distributed and potentially state-sponsored malware like Flame and Stuxnet pose dire threats to often lightly protected infrastructure like communication and power plants -- whatever your nationality, it's clearly bad for the civilian population of a given country to suffer even collateral damage from cyberattacks. To minimize future chaos and literally keep the trains running, Kaspersky and his company are expanding their ambitions beyond mere antivirus software to build their own, extra-secure operating system just for large-scale industry. The platform depends on a custom, minimalist core that refuses to run any software that isn't baked in and has no code outside of its main purposes: there'll be no water supply shutdowns after the night watch plays Solitaire from an infected drive. Any information shared from one of these systems should be completely trustworthy, Kaspersky says. He doesn't have details as to when the OS will reach behind-the-scenes hardware, but he stresses that this is definitely not an open-source project: some parts of the OS will always remain confidential to keep ne'er-do-well terrorists (and governments) from undermining the technology we often take for granted.
Verizon intros Mobile Security app for Android, wants to keep you safe
McAfee's been offering mobile protection services on Android for a while now, but Verizon's taking it a step further and bringing an application tailored specifically for its own customers with help from the Intel-owned outfit. The Mobile Security app -- which is also powered by Asurion -- aims to assist the Big Red crowd by protecting their devices from many "digital and physical threats," giving Android (2.1 or later) users the ability to lock, set up alarms, wipe data and locate handsets remotely. As it stands, Verizon's splitting the Mobile Security utility into three different setups, including a free-of-charge Basic, the Premium for $2 per month and, for those who want to be extra careful, a Premium with Total Equipment Coverage that adds a $1 monthly charge to the current TEC fees. We'll let your levels of paranoia decide whether or not you actually need any of these -- but alas, the link is down below for folks interested in checking out the shielding app.
Google quietly snaps up internet security firm VirusTotal for an undisclosed amount
Having recently wrapped up the Motorola Mobility acquisition, Google's now moving onto different pastures and spending its cash elsewhere -- more specifically on an outfit known as VirusTotal. And, as the internet security company confidently points out, the deal is "great news for you, and bad news for malware generators because Google's infrastructure will ensure that our tools are always ready, right when you need them." As for the Android creator, well, let's just say it, too, is happy to have the VirusTotal team aboard -- who, in the process, joins the likes of Sparrow and QuickOffice as part of Mountain View's most recent purchases. Google's official response on the matter can be found below, courtesy of The Next Web. Security is incredibly important to our users and we've invested many millions of dollars to help keep them safe online. VirusTotal also has a strong track record in web security, and we're delighted to be able to provide them with the infrastructure they need to ensure that their service continues to improve.
Malware invades Apple's App Store for iOS, only harasses Windows users
Windows users can't catch a break with viruses, even when they're getting software for their Apple device. An app called "Instaquotes Quotes Cards for Instagram" was found to contain a worm called "Worm.VB-900," which isn't a threat to iOS itself or any other MacOS platform. However, users who tend to their apps with a Windows machine are susceptible to the baddie -- also known affectionately as Mal/CoiDung-A. Any antimalware should detect it since it's been up to no good since 2009, but Cupertino has already pulled the app and the vendor is working on a virus-free version. Just goes to show -- if you're on a PC, it pays to watch out for worms when you bite into a strange Apple.
Apple removes claim of virus immunity
As small as the threat may be, Mac users can no longer claim immunity from attack by malicious software online. Many Mac users are starting to recognize this new reality and now Apple does, too. As noted in a recent PC World article, Apple has quietly removed the claim "It doesn't get PC viruses" from its OS X website and replaced it with the phrase "It's built to be safe." Also changed is the paragraph header "Safeguard your data. By Doing Nothing," which now says "Safety. Built right in." It's a subtle difference, but it's enough to show that Apple recognizes the importance of Mac security. Mac OS X is growing as a desktop platform and increasingly will be the target of malicious attacks. Recently, the Flashback botnet infected over 670,000 computers worldwide, most of which were running Mac OS X. This botnet exploited a hole in Java that was patched by Apple in a subsequent update to OS X.
Stuxnet pinned on US and Israel as an out-of-control creation
Ever since Stuxnet was discovered, most of the accusing fingers have been pointed at the US, Israel or both, whether or not there was any evidence; it was hard to ignore malware that seemed tailor-made for wrecking Iranian centrifuges and slowing down the country's nuclear development. As it turns out, Occam's Razor is in full effect. An exposé from the New York Times matter-of-factly claims that the US and Israel coded Stuxnet as part of a cyberwar op, Olympic Games, and snuck it on to a USB thumb drive that infected computers at the Natanz nuclear facility. The reason we know about the infection at all, insiders say, is that it got out of control: someone modified the code or otherwise got it to spread through an infected PC carried outside, pushing Obama to either double down (which he did) or back off. Despite all its connections, the newspaper couldn't confirm whether or not the new Flame malware attack is another US creation. Tipsters did, however, deny that Flame is part of the Olympic Games push -- raising the possibility that there are other agencies at work. [Image credit: David Holt, Flickr]
White House announces anti-botnet initiative
The White House has been drumming up momentum for tighter internet privacy laws for a while now, and today it's furthering that online safety agenda with a new initiative for combating botnets. Washington just announced a pilot program for fighting viruses, citing a whopping five million PCs infected worldwide this year. The program will use principles outlined by the Industry Botnet Group, with the main goal being to educate internet users on the dangers of cyberspace while preventing botnets from spreading by sharing data about infected computers. The White House is working with the Information Sharing and Analysis Center to develop and implement the "botnet pilot," presumably to enact those anti-virus principles.
Exploit uses firewalls to hijack smartphones, turns friends into foes
Normally, firewalls at cellular carriers are your best friends, screening out malware before it ever touches your phone. University of Michigan computer science researchers have found that those first lines of defense could be your enemy through a new exploit. As long as a small piece of malware sits on a device, that handset can infer TCP data packet sequence numbers coming from the firewall and hijack a phone's internet traffic with phishing sites, fake messages or other rogue code. The trick works on at least 48 carriers that use firewalls from Check Point, Cisco, Juniper and other networking heavy hitters -- AT&T being one of those providers. Carriers can turn the sequences off, although there are consequences to that as well. The only surefire solution is to either run antivirus apps if you're on a mobile OS like Android or else to run a platform that doesn't allow running unsigned apps at all, like iOS or Windows Phone. Whether or not the exploit is a serious threat is still far from certain, but we'll get a better sense of the risk on May 22nd, when Z. Morley Mao and Zhiyun Qian step up to the podium at an IEEE security symposium and deliver their findings.
Researchers use virus's rogue traits to create electricity from motion
Viruses are the swarming bullies of biology, but it turns out their alarming self-replication could one day power your iPod. We've seen them in batteries before, but researchers at Berkeley Labs have now coated electrodes with modified M13 bacteriophage, a harmless bacteria-eating virus, to create the first ever organic piezoelectric material -- which can convert force to electricity. The team explained that such a substance would be non-toxic, organize naturally into thin layers and self-regenerate, giving it a possible advantage over chemical options. In theory, by attaching a thin film of it to your shoes, power could be generated when walking, lending volts to the myriad electronics we pack around nowadays. To see a finger-powered video demo of our frequent-enemies making themselves useful for a change, stroll on past the break.
Apple issues Leopard update with Flashback removal tool
Folks still rocking Apple's Leopard may have been feeling left out after Lion and Snow Leopard both got an update for addressing that Flashback malware. If you're one of them, you'll be glad to know that Apple has finally issued a Leopard fix that comes with a removal tool for the vulnerability afflicting its big cats. In addition to a 1.23MB Flashback update, Apple also released a second 1.11MB fix for Leopard that disables versions of Adobe Flash Player that don't have the requisite security updates. Both should further whittle down the number of Apple computers affected by the Flashback trojan. For the actual updates, feel free to pounce on the source links below.
Twenty percent of Macs examined infected with Windows malware
Sophos looked at 100,000 Mac computers and found that one in every five has some form of malware. This might sound alarming, but before you stare at your machine in disgust, you should get some perspective. The survey looked at 100,000 OS X machines that are running Sophos's free Mac anti-virus software. Sophos found that this 20 percent figure is for malware that targets Windows-based computers. Though it can be used as a vector to infect other Windows machines, it won't affect Mac users on OS X. Sophos did find that 1 in 36 Macs (2.7 percent) were infected with OS X malware. Though less than 3 percent may be concerning, it's not as alarming as the 20 percent figure that's making its way into headlines.
Kaspersky Lab: Macs not invulnerable to malware
The writing is on the wall. Our time of innocence is gone. Researchers from Kaspersky Labs claim Mac market share has finally reached the critical point, and the platform is now an attractive target for online criminals. Kaspersky told Ars Technica and other press on Thursday that, "Mac users can expect "more drive-by downloads, more Mac OS X mass-malware, and more cross-platform exploit kits with Mac-specific exploits." It's not all doom and gloom. Infections in the wild are still sparse, and Apple may slow the spread of future threats with the introduction of Gatekeeper in Mac OS X Mountain Lion. Among other things, Gatekeeper will prevent users from "unknowingly downloading and installing malicious software." If you don't want to wait for Gatekeeper, there's also several good antivirus solutions like Avast and Sophos that are available now for Mac users to download.
Around 140,000 Apple machines still infected with Flashback malware, says Symantec
By now, we're all quite familiar with the Java-driven trojan that's affected thousands of Apple's rigs, and while the numbers seem to have drastically dropped since the first Cupertino fix, there's still a plethora of machines carrying the bug. According to Symantec, the number of infected computers is now at around 140,000, seeing a decline of over 460,000 since April 9th. Still, the security outfit remains puzzled by the fact, as it expected the digits to be somewhere near the 99,000 mark by now. Perhaps this is due to some folks not even being aware of Flashback's existence, or maybe not checking for software updates as often as most of us. Either way, we hope you've already used one of the tools Apple handed you.
Flashback malware removal tools released by security firms
While Apple has said it "is developing software that will detect and remove the Flashback malware" that has affected up to 600,000 Macs worldwide, it has yet to release any fix. In lieu of that a few security and antivirus firms have gone ahead and released their own Flashback removal tools. Kaspersky Lab, a Russian antivirus firm, has released the Flashfake Removal Tool. The firm asks that you first check here to see if your Mac is infected with Flashback. If your Mac is, then you can download Flashfake to rid your Mac of the malware. A second antivirus firm, F-Secure, has also released their own Flashback Removal Tool. Their tool works by creating "a log file (RemoveFlashback.log) on current user's Desktop. If any infections are found, they are quarantined into an encrypted ZIP file (flashback_quarantine.zip) to the current user's Home folder. The ZIP is encrypted with the password 'infected.'" Before Kasperky Lab's and F-Secure's removal tools, users had to manually remove the malware by using OS X's Terminal, which some might have found confusing. There's no word from Apple yet on when their own removal tool will become available.
Apple publishes support page for Flashback malware, is working on a fix
After the Flashback / Flashfake Mac trojan was exposed by Russian site Dr. Web, Apple has finally responded by publishing a support page about the issue and promising a fix. If you haven't heard by now, the malware exploits a flaw in the Java Virtual Machine, which Oracle pushed a fix for back in February, but Apple didn't patch until a botnet consisting of as many as 650,000 Macs was identified on March 4th. Antivirus maker Kaspersky has confirmed the earlier findings, and released a free tool affected users can run to remove the trojan from their computers. Other than the update already delivered for computers running OS 10.6 and 10.7 Apple recommends users on 10.5 and earlier disable Java in their browser preferences. What isn't mentioned however, is when its fix is incoming or any timetable on its efforts with international ISPs to cut off the IP addresses used by the network. This is not the first time Macs have fallen prey to malware and as their market share grows will likely not be the last, so don't think just opting for OS X is automatically keeping you a step ahead security-wise. Check the links below for more information about what the malware does, and how to get rid of it.
Google's 'Bouncer' service scans the Android Market for malware, will judge you at the door
Google has had its fair share of malware-related problems in the Android Market, but that's hopefully about to change, now that the company has announced a new security-enhancing service. Codenamed "Bouncer," Mountain View's new program sounds pretty simple, in principle: it just automatically scans the Market for malware, without altering the Android user experience, or requiring devs to run through an app approval process. According to Hiroshi Lockheimer, Android's VP of Engineering, Bouncer does this by scanning recently uploaded apps for spyware, trojans or any other lethal components, while looking out for any suspicious behavior that may raise a red flag. The service also runs a simulation of each app using Google's cloud-based infrastructure, and regularly checks up on developer accounts to keep repeat offenders out of the Android Market. Existing apps, it's worth noting, will be subject to the same treatment as their more freshly uploaded counterparts. Lockheimer went on to point out that malware is on the decline in the Market, citing a 40 percent drop between the first and second halves of 2011, and explained some of Android's fundamental security features, including its sandboxing and permission-based systems. Head for the source link below to read the post in full.
