Collaborating Viruses Showing Up

Two computer viruses are collaborating to defeat clean-up operations. Microsoft researcher Hyun Choi has found that the pair of viruses foil removal by regularly downloading updated versions of their malware partner.

It is the first time that such a defense plan has been noticed before. Choi said that the Vobfus and Beebone viruses, were regularly found together. Vobfus was the first to arrive on a machine, he said, and used different tactics to infect victims. Vobfus could be installed via booby-trapped links on websites, travel via network links to other machines or lurk on USB drives and infect machines they are plugged into.

Once installed, Vobfus downloaded Beebone which enrolled the machine into a botnet. After this the two start to work together to regularly download new versions of each other. If Vobfus was detected and remediated, it could have downloaded an undetected Beebone which can in turn download an undetected variant of Vobfus.

Vobfus become a persistent problem since 2009 when it first appeared.

Source

Malware Infections On Android Rising

An increasing number of Android phones are infected with mobile malware programs that are capable of turning the handsets into spying devices, according to a report from Kindsight Security Labs, a subsidiary of telecommunications equipment vendor Alcatel-Lucent.

The vast majority of mobile devices infected with malware are running the Android operating system and a third of the top 20 malware threats for Android by infection rate fall into the spyware category, Kindsight said in a report released Tuesday that covers the second quarter of 2013.

The Alcatel-Lucent subsidiary sells security appliances to ISPs (Internet service providers) and mobile network operators that can identify known malware threats and infected devices by analyzing the network traffic.

Data collected from its product deployments allows the company to compile statistics about how many devices connected to mobile or broadband networks are infected with malware and determine what are the most commonly detected threats.

The malware infection rate for devices connected to mobile networks is fairly low, averaging at 0.52%, Kindsight said in its report. These infected devices include mobile phones as well as Windows laptops that use a mobile connection through a phone, a 3G USB modem or a mobile hotspot device.

In January the number of infected mobile phones accounted for slightly more than 30% of all infected devices connected to mobile networks, but by June they grew to more than 50%.

The vast majority of infected mobile phones run Android. Those running BlackBerry, iOS and other operating systems represent less than 1% of infected mobile devices, Kindsight said.

When calculated separately, on average more than 1% of Android devices on mobile networks are infected with malware, Kindsight said in its report.

The malware threat most commonly seen on Android devices was an adware Trojan program called Uapush.A that sends SMS messages and steals information, Kindsight said. Uapush.A was responsible for around 53% of the total number of infections detected on Android devices.

Source

Phishing Attacks Increasing

Security researchers at Kaspersky Lab have reported significant growth in phishing attacks over the last year.

In a study entitled “The Evolution of Phishing Attacks”, Kaspersky said it found 37.3 million out of its 50 million customers running its security products that were at risk of being phished from 2012 to the present, an 87 percent increase over the same period between 2011 and 2012.

“The nature of phishing attacks is such that the simplest types can be launched without any major infrastructure investments or in-depth technological research,” Kaspersky said in the report.

“This situation has led to its own form of ‘commercialization’ of these types of attacks, and phishing is now being almost industrialized, both by cybercriminals with professional technological skills and IT dilettantes.”

The security firm explained that overall, the effectiveness of phishing, combined with its profitability for criminals and how simple the process is to undertake has led to a steadily rising number of these types of incidents.

Kaspersky noted that most of the victims in 2012-2013 were located in just ten countries, that is, Russia, the US, India, Germany, Vietnam, the UK, France, Italy, China and Ukraine. These 10 countries were home to 64 percent of all phishing attack victims during this time.

In addition to a rise in the number of users attacked, the number of servers involved in phishing attacks also increased, Kaspersky said, without giving any exact numbers. Though the firm did reveal that internet giants like Yahoo, Google, Facebook and Amazon are the top targets of malicious users.

“Online game services, online payment systems, and the websites of banks and other credit and financial organizations are also common targets,” the firm added, warning users to stay vigilant when entering personal data.

Source

McAffee See Sure In Spam

The first three months of 2013 have seen a surge in spam volume, as well as a growing number of samples of the Koobface social networking worm and master boot record (MBR) infecting malware, according to antivirus vendor McAfee.

After remaining relatively stable throughout 2012, spam levels rose during the first quarter of 2013, reaching the highest volume seen in the past two years, McAfee said in a report released Monday.

The amount of spam originating from some countries rose dramatically, McAfee said. Spam from Belarus increased by 540% while spam originating in Kazakhstan grew 150%.

Cutwail, also known as Pushdo, was the most prevalent spam-sending botnet during the first quarter, McAfee said.

The increased Pushdo activity has recently been observed by other security companies as well. Last month, researchers from security firm Damballa found a new variant of the Pushdo malware that’s more resilient to coordinated takedown efforts.

On the malware front, McAfee has also seen a surge in the number of Koobface samples, which reached previously unseen levels during the first quarter of 2013. First discovered in 2008, Koobface is a worm that spreads via social networking sites, especially through Facebook, by hijacking user accounts.

The number of malware samples designed to infect a computer’s master boot record (MBR) also reached a record high during the first three months of 2013, after increasing during the last quarter of 2012 as well, McAfee said.

The MBR is a special section on a hard disk drive that contains information about its partitions and is used during the system startup operation. “Compromising the MBR offers an attacker a wide variety of control, persistence, and deep penetration,” the McAfee researchers said in the report.

The MBR attacks seen during the first quarter involved malware like StealthMBR, also known as Mebroot; Tidserv, also known as Alureon, TDSS and TDL; Cidox and Shamoon, they said.

Source

LinkedIn Beefs Up

LinkedIn has re-tooled its search engine with changes designed to make it easier for members to find information on the business networking site, whose volume of content has increased and grown more diverse in recent years.

Launched in 2003, LinkedIn initially focused on giving professionals a place to feature their resumes and career bios, as well as connect with peers and colleagues, but the site has progressively become more interactive and houses a much larger repository of data beyond individual profiles.

For example, almost 3 million companies have set up corporate pages, more than 1.5 million groups have been created, the site features a jobs section, and individuals and publishers are able to post and share comments and links to articles.

So it’s not surprising for LinkedIn to focus on improving its search engine, which fielded 5.7 billion queries last year.

LinkedIn members have until now had to run separate queries for groups, companies, jobs and other professionals, but that’s changing with the upgraded search engine.

“Now, all you need to do is type what you’re looking for into the search box and you’ll see a comprehensive page of results that pulls content from all across LinkedIn including people, jobs, groups and companies,” Johnathan Podemsky, a LinkedIn product manager, wrote in a blog post on Monday.

Users can still segment results, so as to see only job results, for example.

The LinkedIn search engine is also gaining auto-complete and suggested-searches functionalities to help people fine-tune query terms. In addition, the search engine will log members’ search queries and “learn” from them in order to deliver more relevant results.

It will also be possible for users to save search queries and be alerted about new or changed search results. The advanced search option has also gained more search filters, including location, company and school.

However, the search engine still doesn’t include content from the company’s SlideShare site, which about 60 million monthly visitors use to upload, share, rate and comment on primarily slide presentations, but also documents, videos and webinars.

Also, the search improvements are being applied to the main site, not to the mobile apps, although doing so is something the company is looking into, according to a spokeswoman.

LinkedIn started to roll out the new search features on Monday, and expects to finish delivering them to every member worldwide in the coming weeks.

As of the end of 2012, LinkedIn had topped 200 million registered members located in more than 200 countries.

Source

AT&T Gets GM

AT&T Monday said it will provide LTE wireless services to most General Motors automobiles starting in 2014 in the U.S. and Canada.

A multi-year agreement between AT&T and GM subsidiary OnStar calls for vehicles to continue getting OnStar’s safety and security services while adding information and entertainment services for backseat drivers, AT&T said.

Millions of vehicles will be affected, as AT&T rolls out LTE to reach 300 million people in the U.S. by the end of 2014.

The AT&T-GM announcement is part of an explosion in the number of devices connected to the Internet, many of them wirelessly, in what some have termed the “Internet of Things.”

“The is a big announcement for connected devices,” Glenn Lurie, president of emerging enterprises and partnerships at AT&T, said in an interview at Mobile World Congress here.

Source…

Passwords Continue As The Weakest Link

Passwords aren’t the only failure point in many recent widely publicized intrusions by hackers.

But passwords played a part in the perfect storm of users, service providers and technology failures that can result in epic network disasters.  Password-based security mechanisms — which can be cracked, reset and socially engineered — no longer suffice in the era of cloud computing.

The problem is this: The more complex a password is, the harder it is to guess and the more secure it is. But the more complex a password is, the more likely it is to be written down or otherwise stored in an easily accessible location, and therefore the less secure it is. And the killer corollary: If a password is stolen, its relative simplicity or complexity becomes irrelevant.

Password security is the common cold of our technological age, a persistent problem that we can’t seem to solve. The technologies that promised to reduce our dependence on passwords — biometrics, smart cards, key fobs, tokens — have all thus far fallen short in terms of cost, reliability or other attributes. And yet, as ongoing news reports about password breaches show, password management is now more important than ever.

All of which makes password management a nightmare for IT shops. “IT faces competing interests,” says Forrester analyst Eve Maler. “They want to be compliant and secure, but they also want to be fast and expedient when it comes to synchronizing user accounts.”

Source…

Is NFC Catching On?

Near Field Communication (NFC) is steadily gaining adoption in the U.S. for sharing data and music among smartphones, but the technology faces years of slow growth as a replacement for physical wallets.

NFC will take a minimum of three more years to grab hold as a technology that enables so-called mobile wallets as a replacement for credit cards and cash in the U.S., according to a consensus of five analysts. And by “grab hold,” these analysts mean being used by only 10% of mobile phone users to make digital purchases.

Gartner analyst Avivah Litan predicts that NFC payments will hit the 10% threshold in 2015, compared to the process of SMS (texting) payments that is expected to represent 50% of mobile payment volume globally in that same year. “We’re still on the edge when it comes to NFC innovation,” Litan says. “It will take a decade before it’s mainstream across the globe.”

Dozens of new smartphones that run Android, BlackBerry and Windows, and that include an NFC chip, launched last year. But Apple notably did not put NFC in its new iPhone 5 when the phone launched in September. That move “surely had a significant detrimental impact on industry adoption of NFC,” Litan says, given Apple’s influence in the mobile market.

Apple justified the move by saying that consumers already could use its Passbook app, which shows barcodes on the display, instead of NFC. The barcodes contain information that can be scanned by optical readers to let users board planes and redeem movie tickets — tasks that Apple notes are “the kinds of things consumers need today.”

Some have criticized Apple for omitting NFC from the iPhone 5, which has led to a widespread reassessment of NFC’s immediate future, especially in the U.S.

Source…

Cloud Storage Specs Approved

The International Organization for Standardization (ISO) has ratified the Cloud Data Management Interface (CDMI), a set of protocols defining how businesses can safely transport data between private and public clouds.

The Storage Networking Industry Association’s (SNIA) Cloud Storage Initiative Group submitted the standard for approval by the ISO last spring. CDMI is the first industry-developed open standard specifically for data storage as a service.

“There is strong demand for cloud computing standards and to see one of our most active consortia partners contribute this specification in such a timely fashion is very gratifying,” Karen Higginbottom, chairwoman of the ISO committee, said in a statement. “The standard will improve cloud interoperability.”

The CDMI specification is a way to create an interface for accessing data in the cloud by preserving metadata about information that an enterprise stores in the cloud. With metadata associated with the information, companies can retrieve data no matter where it’s stored.

“With the metadata piece, it’s also complementary with existing interfaces. The standard can be used with Amazon, for file or block data and it can use any number of storage protocols, such as NFS, CIFS or iSCSI,” said SNIA Chairman Wayne Adams.

Based on a RESTful HTTP protocol, CDMI provides both a data path and control path for cloud storage and standardizes a common interoperable format for securely moving data and its associated data requirements from cloud to cloud. The standard applies to public, private and hybrid deployment models for storage clouds.

Source…

I.T. Spending On The Rise

Worldwide IT spending remains on track to increase by 6% in 2012 despite the grim economic conditions in Europe, thanks to strong software, storage, smartphone and tablet sales, according to IDC.

While 2012 has been a tough year for many IT vendors, they have done better overall than many expected in the first half of the year, IDC said.

For example, software spending has been robust, even in parts of the world where the economy has been weakest, as businesses hope software tools and applications will help them implement cost-reduction strategies.

The 6% growth compares to a 7% increase in worldwide IT spending last year. IDC expects 6% growth in 2013.

Software, storage, enterprise network and mobile device markets have offset weaker sales in servers, peripherals and PCs. However, the launch of Windows 8 during the fourth quarter should help the PC market recover next year, IDC said.

U.S. IT spending will grow by 5.9% in 2012, compared to 8.5% last year. However, the strength of the dollar during the first six months of the year means that IT spending in dollar terms will grow just 4% for the full year.

Source…

« Previous Page — Next Page »