Displaying items by tag: Malware

Remember how everyone was up in arms over the existence of a “Master Key” bug that existed in all versions of the Android operating system? Well it looks like someone has found a way to use the flaw to their advantage. Symantec has found two apps (available in China) that use the Master Key flaw to spread a new form of malware. To give a little background the original flaw was publicly disclosed by Bluebox security on the 3rd of July 2013. It was reported to Google in February 2013. The flaw allows a malicious individual (or group) to alter an application without affecting the apps cryptographic signature. This means that the app looks exactly like a legitimate app bypassing the security at the app store and the phone level.

Yesterday we reported on a breach in Apple’s developer portal. This breach appears to have happened over the course of about three days and resulted in Apple pulling the entire system offline for redesign. At the time of the article (which can be found here) no one had claimed responsibility Apple had not pointed the finger at anyone. Now it seems that a Turkish security researcher is claiming responsibility for the hack, but is saying that he was only looking for bugs in the system to show Apple that the portal was leaking user data.

As with many technologies there is a blind spot during the initial design and testing phase that happens. With SCADA devices this was the possibility that anyone would put them on the internet. These control devices were not built to be exposed like this and because the people that were using them did not follow best practices for protecting them we all know just how vulnerable our core infrastructure is. Even with devices like pacemakers that can be tuned using WiFi there was the failure of imagination that left them open to… well any one to connect to them. This failure of imagination seems to exist in almost any product as the designer continue to say, “no one will think of that”. Today we are seeing this happening to Google and their Google Glass project. It looks like they never thought someone would use QR Codes to infect the device.

There are sharks in the waters of the social networking seas. Of course this is not news to anyone that can read or that has paid any attention to malware trends over the last few years. The sharks have hunters in the form of security companies. However as we all know security companies can miss things and are never ahead of the bad guys. This is the case as a piece of malware once thought safely covered has now resurfaced this is the Zeus Trojan and it is back swimming in the waters of Facebook and other social networks looking for victims.

For those of you out there that might be laboring under the illusion that Apple products are safe and secure we have some bad news for you. Someone has developed a method of poisoning iPhones, iPads, iPods, well basically anything running iOS, through the use of their charging systems. This means that someone could sell you a compromised charger and take over your phone. This type of attack is hardware based and is almost impossible to get rid of; simply resetting the phone is not going to do it. This is also not the first time that someone has used Apple hardware to create a persistent infection. Not all that long ago someone showed how easy it was to infect the batteries on the MacBook and MacBook Pro. Even the Apple Bluetooth keyboard has been used to slip malware into Apple products.

Security experts from Hoax-Slayer posted a warning to Facebook Page owners about e-mails that they receive from the "Facebook Security", in which they were informed of the new system for the protection of sites called "Fan Page Verification Program."

How would you feel if one day you noticed that your GPU was going crazy even when your computer was sitting idle? We imagine that you would start scanning your system for viruses after an initial reboot. Now on top of that imagine how you would feel if your anti-malware scans started pointing fingers at the client software of an online service you typically trust. This is exactly what members of competitive e-sports group ESEA E-Sports Entertainment Association found after a recent update to their client software.

Malware, spyware, viruses these are all things that are part of the modern computing experience. When you are online you always have to be aware of the dangers of these items. Over the years the developers of malware have become more and more clever at disguising their wares from users and anti-malware programs. This is something that you would expect of this group as in many cases they are looking to gather money, information or pull your system into their botnets (which can also equal money). However what you would not expect is for a legitimate company to use the same tactics to build their own spyware to assist governments and law enforcement.

According to security firm Lookout, recently there was 32 apps on Google Play that contained malicious software called BadNews. Applications were from 4 different developer accounts, and were downloaded between 2 and 9 million times. Lookout immediately warned Google, which has suspended the accounts and disabled download of suspicious applications.

At times it seems that the words Microsoft and Malware go hand-in-hand. I do not think that a day goes by that we do not hear about a new malware threat (often simply an old threat that has been modified). This has put Microsoft in an interesting position. They are always working to shore up holes in their operating systems we can see this by the continuous patches and hotfixes that are in existence for Windows (all versions). Of course it is not an easy task to develop an OS that is safe(er) or secure(ish) and still make it easy to operate. However recently we have seen Microsoft go to some extremes in trying to keep up with things… sometimes they appear to go way too far.