Android malware steals info from one million phone owners

Updated A developer of Android apps has been accused of using their apps to steal information from more than one million smartphone users.

 

John Hering and Kevin MaHaffey, of mobile security firm Lookout, told the Black Hat security conference in Las Vegas that they discovered that a wallpaper app developed by Jackeey Wallpaper (who have created over 70 different applications for the Google Android mobile operating system) secretly transmitted affected phones’ numbers, subscriber identifiers, and voicemail numbers to a server in Shenzen, China.

 

Over a million people are believed to have downloaded the app – which Sophos has not yet seen – from the Android Market (Google’s equivalent to the Apple iPhone AppStore).

 

This isn’t the first time that the Android smartphone operating system has apparently been targeted by malware, of course.

 

One of the challenges that owners of smartphones running the Android operating system face is that it is not as closely monitored as Apple’s equivalent, and adopts a more relaxed philosophy as to what apps can be published.

 

Although there’s much criticism that Apple has received for the way it controls the iPhone environment, it’s clear that the only malware attacks we’ve seen to date on that platform (such as Duh and the infamous rickrolling Ikee worms) have affected users who have chosen to jailbreak their iPhones and escape the relative safety of the AppStore.

 

Yes, malware has previously emerged for jailbroken iPhones, but the malicious applications have not made it onto users’ devices via Apple’s highly guarded AppStore.

 

It remains to be seen how many users will treat security as a factor when choosing between the rival mobile operating systems.

 

Update Some media reports suggested incorrectly that voicemail passwords were accessed by the wallpaper app, and it’s important to make clear that this is not true.

 

 

Read More…

 

AVG Rescue CD A powerful toolset for rescue & repair of infected machines

The AVG Rescue CD is a powerful must-have toolkit for the rescue and repair of infected machines. It provides essential utilities for system administrators and other IT professionals and includes the following features:

• Comprehensive administration toolkit
• System recovery from virus and spyware infections
• Suitable for recovering MS Windows and Linux operating systems (FAT32 and NTFS file systems)
• Ability to perform a clean boot from CD or USB stick
• Free support and service for paid license holders of any AVG product
• FAQ and Free Forum self-help support for AVG Free users

 

 

Key technologies

 

• Anti-virus: protection against viruses, worms and Trojans
• Anti-spyware: protection against spyware, adware and identity theft
• Administration toolkit: system recovery tools

 

The AVG Rescue CD is essentially a portable version of AVG Anti-Virus supplied through Linux distribution. It can be used in the form of a bootable CD or bootable USB flash drive to recover your computer when the system cannot be loaded normally, such as after an extensive or deep-rooted virus infection. In short, the AVG Rescue CD enables you to fully remove infections from an otherwise inoperable PC and render the system bootable again.

 

Apart from the usual AVG functions (malware detection and removal, updates from internet or external device, etc.), the AVG Rescue CD also contains the following set of administration tools:

• Midnight Commander – a two-panel file manager
• Windows Registry Editor– simple registry editor for more experienced users
• TestDisk – powerful hard drive recovery tool
• Ping – to test the availability of network resources (servers, domains, IP addresses)
• Common Linux programs and services– vi text editor, OpenSSH daemon, ntfsprogs etc.

 

Free of charge

 

The AVG Rescue CD is a free-to-use product that anyone can download. This also covers any new program versions and virus database updates. If you have any other paid AVG license, you are also entitled to receive our full technical support.

 

Download:

Download Rescue CD (for CD creation)

Download Rescue CD (for USB stick)

 

 

Removal of W32/VB.LN Worm (IM-Worm.Win32.VB.ln, W32/VB-DGA, WORM_VB.GMM) (Manual)

Removal of W32/AutoRun.NAN Worm (Worm.Win32.AutoRun.nan, Worm:W32/AutoRun.GF) (Manual)

Kaspersky Lab detects new version of Conficker worm (Net-Worm.Win32.Kido.js)

Kaspersky Lab, a leading developer of secure content management solutions, announces that a new version of the malicious program Kido (aka Conficker and Downadup) has been detected.

 

Read more

Removal of W32/AutoRun.PYK Worm (Manual)

The Real Face of KOOBFACE

A year after its first discovery, Koobface is still generating a lot of noise, no thanks to its high activity level over the past several weeks. But one year is a long time for a malware to stay alive. Storm didn’t make it out of its first year. Waledac has been around for a while, but it sleeps and wakes up only when it wants to. But Koobface? It has continued to maintain its success and just seems to keep on improving.

 

Although not as large and widespread compared to Storm or Waledac during their heydays, Koobface is a revolutionary malware in the sense that it is the first Web 2.0 threat to enjoy continuous success, which is significant in a time when social network sites reign supreme.

 

This is why we see it as important that we understand this threat, because the computing landscape is evolving and user behavior is changing, and with a malware like Koobface threatening the computing landscape, it is a Trend Micro duty stay on top of these threats.

 

If you want to know more about Koobface, feel free to read our research here: The Real Face of KOOBFACE.

 

New Version of Fujacks Worm ( W32.Fujacks.CB ) Discovered By Symantec

W32.Fujacks.CB is a worm that spreads through removable drives and network shares. It may download files on to the compromised computer.

Note: This threat has been renamed from Trojan.Matem.

Threat Assessment

Wild

• Wild Level: Low
• Number of Infections: 0 – 49
• Number of Sites: 0 – 2
• Geographical Distribution: Low
• Threat Containment: Easy
• Removal: Easy

Damage

• Damage Level: Medium
• Payload: Downloads a remote file on to the compromised computer.
• Modifies Files: Modifies the hosts file.

Distribution

• Distribution Level: Medium
• Target of Infection: Shared drives

 Writeup By: Fergal Ladley and Asuka Yamamoto

For More TECHNICAL DETAILS ( Click Here )

How To Remove Win32/Mabezat, Win32/Mabezat.A, Win32/Mabezat.B, Worm.Win32.Mabezat.b

Overview

This description is for a worm that is capable of spreading through removable devices and network shares.

The characteristics of this worm in regards to file names, folders created etc. will differ from one version to another. Hence, this is a general description.

Read more

Three Months Later: Where’s DOWNAD?

Exactly three months ago, the whole IT sector was waiting with bated breath for April 1. The latest DOWNAD/Conficker variant–WORM_DOWNAD.KK–was poised to strike. We know that on that day, it would attempt to access 500 of 50,000 websites and download new malicious files. This led to fears–somewhat misplaced–that new, possibly damaging payloads could cause severe problems, not just for systems already affected by DOWNAD but the Internet as a whole. Many sectors assumed the worst.

Read more

Next Page »