Sign up for our Technology Newsletter 
Microsoft’s Vista Infection Rates Climb
Microsoft said last week that an uptick in more security exploits on Windows Vista can be attributed to the demise of support for the operating system’s first service pack.
Data from the company’s newest security intelligence report showed that in the second half of 2011, Vista Service Pack 1 (SP1) was 17% more likely to be infected by malware than Windows XP SP3, the final upgrade to the nearly-11-year-old operating system.
That’s counter to the usual trend, which holds that newer editions of Windows are more secure, and thus exploited at a lower rate, than older versions like XP. Some editions of Windows 7, for example, boast an infection rate half that of XP.
Tim Rains, the director of Microsoft’s Trustworthy Computing group, attributed the rise of successful attacks on Vista SP1 to the edition’s retirement from security support.
“This means that Windows Vista SP1-based systems no longer automatically receive security updates and helps explain why there [was] a sudden and sharp increase in the malware infection rate on that specific platform,” said Rains in a blog post last week.
More Trojan Malware Found On Macs
Following the outbreak of the Flashback Mac Trojan, security researchers have identified two more cases of Mac OS X malware. The good news is most Mac owners have little reason to worry about them.
Both cases are variants on the same Trojan, called SabPub, Kaspersky Lab Expert Costin Raiu wrote on Securelist.
The first variant is known as Backdoor.OSX.SabPub.a. Like Flashback, this new threat was likely spread through Java exploits on Websites, and allows for remote control of affected systems. It was created roughly one month ago.
Fortunately, this malware isn’t a threat to most users for a few reasons: It may have only been used in targeted attacks, Raiu wrote, with links to malicious Websites sent via e-mail, and the domain used to fetch instructions for infected Macs has since been shut down.
Furthermore, Apple’s security update for Flashback helps render future Java-based attacks harmless. In addition to removing the Flashback malware, the update automatically deactivates the Java browser plug-in and Java Web Start if they remain unused for 35 days. Users must then manually re-enable Java when they encounter applets on a Web page or a Web Start application.
The second SabPub variant is old-school compared to its sibling. Instead of attacking through malicious Websites, it uses infected Microsoft Word documents as vector, distributed by e-mail.
Remote Access Tools Threatens Smartphones
March 7, 2012 by admin
Filed under Smartphones
Comments Off on Remote Access Tools Threatens Smartphones
Malware tools that allow attackers to gain complete remote control of smartphones have become a major threat to owners around the world, security researchers say.
In a demonstration at the RSA Conference 2012 here Wednesday, former McAfee executives George Kurtz and Dmitri Alperovitch, who recently founded security firm CrowdStrike, installed a remote access tool on an Android 2.2-powered smartphone by taking advantage of an unpatched flaw in WebKit, the default browser in the OS.
The researchers showed an overflow audience how the malware can be delivered on a smartphone via an innocuous looking SMS message and then be used to intercept and record phone conversations, capture video, steal text messages, track dialed numbers and pinpoint a user’s physical location.
The tools used in the attack were obtained from easily available underground sources, Kurtz said. The WebKit bug, for instance, was one of 20 tools purchased from hackers for a collective $1,400.
The remote access Trojan used in the attack was a modified version of Nickispy a well-known Chinese malware tool.
Learning how to exploit the WebKit vulnerability and to modify the Trojan for the attack, was harder than expected, said Kurtz. He estimated that CrowdStrike spent about $14,000 in all to develop the attack.
But the key issue is that similar attacks are possible against any smartphone, not just those running Android, he said.
WebKit for instance, is widely used as a default browser in other mobile operating systems including Apple’s iOS and the BlackBerry Tablet OS. WebKit is also is used in Apple’s Safari and Google’s Chrome browsers.
Several mobile remote access Trojans are already openly available from companies pitching them as tools that can be used to surreptitiously keep tabs on others.
RIM Hopes Apps Will Help Sales
January 18, 2012 by admin
Filed under Consumer Electronics
Comments Off on RIM Hopes Apps Will Help Sales
Research In Motion is highlighting the native and Android apps available on its struggling PlayBook at the Consumer Electronics Show as it gets ready to launch the first major overhaul of the tablet’s software in February.
The company is showing the PlayBook OS 2.0 in its booth, demonstrating the Android apps that will finally be available to users of the tablet. RIM said in March last year that it would release a player that would let users of the tablets run apps designed for Android, and that capability will finally be available with PlayBook OS 2.0.
Popular games such as Cut the Rope and Plants vs. Zombies will be available in the store, said Alec Saunders, vice president of developer relations and ecosystem development. The apps appear and work like any other app; users don’t have to launch a separate player to run them.
Not just any Android app will be accessible to users, and that’s by design, Saunders said. “We don’t want to enable an open marketplace the way the Android Market is,” he said. Android developers must use a software package to make their apps compatible with the PlayBook, and then they must submit it to RIM’s standard app curation process. The company hopes to weed out the malware and pirated apps that often appear in the Android Market, he said.
When PlayBook OS 2.0 becomes available, “some number of thousands” of Android apps will be available in the market, Saunders said. The company has been working with some of the aggregator marketplaces to port apps and attending Android meetups to encourage developers to make their apps available to PlayBook users, Saunders said.
RIM is taking pains to attract as many developers as possible by supporting as many languages and frameworks as possible. “One thing we’re focused on is providing a rich palette of tools developers can use,” Saunders said. RIM has developed ports for a number of frameworks and languages to make it easy for developers to use whatever tools.
DoJ Charges Clickjacking Perpetrators
Comments Off on DoJ Charges Clickjacking Perpetrators
The U.S. Department of Justice is charging seven individuals with 27 counts of wire fraud and other computer-related crimes, accusing the group of hijacking 4 million computers across 100 countries in a sophisticated clickjacking scam.
According to the indictment, the defendants had set up a fake Internet advertising agency, entering into agreements with online ad providers that would pay the group whenever its ads where clicked on by users. The group’s malware, which it had planted on millions of user computers, would redirect the computers’ browsers to its advertisements, thereby generating illicit revenue.
The malware worked by capturing and altering the results of a user’s search engine query. A user would search for a popular site, such as ones for Netflix, the Wall Street Journal, Amazon, Apple iTunes and the U.S. Internal Revenue Service. Whenever the user would click on the provided link, however, the browser would be redirected to another website, one that the group was paid to generate traffic for.
The malware the group used also blocked antivirus software updates, which left users vulnerable to other attacks as well, according to the DOJ.
Spam Is At A Two-Year High
Spam – particularly the kind with malicious attachments – is enjoying a growth spurt, reaching a two-year high overall, which includes the spike last fall just before the SpamIt operation folded its doors, a security firm says.
In fact spam traffic is about double what it was then, according to M86 Security Labs, which analyzes spam levels across selected domains.
“After multiple recent botnet takedowns, cybercriminal groups remain resilient clearly looking to build their botnets and distribute more fake AV in the process,” the company says in its blog. “It seems spammers have returned from a holiday break and are enthusiastically back to work.”
This report coincides with a report yesterday from Internet security company Commtouch, which says a spike in email-attached malware has just ended, but that further waves are expected.
M86 says in its blog that most of the spam is generated by the Cutwail botnet, and malicious spam accounted for 13% of the mix over the past week, which is unusually high, but even that spiked to 24% yesterday.
AES Encryption Cracked
CRYPTOGRAPHY RESEARCHERS have identified a weakness in the Advanced Encryption Standard (AES) security algorithm that can crack secret keys faster than before.
The crack is the work of a trio of researchers at universities and Microsoft, and involved a lot of cryptanalysis – which is somewhat reassuring – and still does not present much of a real security threat.
Andrey Bogdanov, from K.U.Leuven (Katholieke Universiteit Leuven), Dmitry Khovratovich, who is full time at Microsoft Research, and Christian Rechberger at ENS Paris were the researchers.
Although there have been other attacks on the key based AES security system none have really come close, according to the researchers. But this new attack does and can be used against all versions of AES.
This is not to say that anyone is in immediate danger and, according to Bogdanov, although it is four times easier to carry out it is still something of an involved procedure.
Recovering a key is no five minute job and despite being four times easier than other methods the number of steps required to crack AES-128 is an 8 followed by 37 zeroes.
“To put this into perspective: on a trillion machines, that each could test a billion keys per second, it would take more than two billion years to recover an AES-128 key,” the Leuven University researcher added. “Because of these huge complexities, the attack has no practical implications on the security of user data.” Andrey Bogdanov told The INQUIRER that a “practical” AES crack is still far off but added that the work uncovered more about the standard than was known before.
“Indeed, we are even not close to a practical break of AES at the moment. However, our results do shed some light into the internal structure of AES and indicate where some limits of the AES design are,” he said.
He added that the advance is still significant, and is a notable progression over other work in the area.
“The result is the first theoretical break of the Advanced Encryption Standard – the de facto worldwide encryption standard,” he explained. “Cryptologists have been working hard on this challenge but with only limited progress so far: 7 out of 10 for AES-128 as well as 8 out of 12 for AES-192 and 8 out of 14 rounds for AES-256 were previously attacked. So our attack is the first result on the full AES algorithm.”
“TDL-4″ Botnet Is Practically Indestructible
Comments Off on “TDL-4″ Botnet Is Practically Indestructible
A new and improved botnet that has infected more than four million computers is “practically indestructible,” software security experts say.
“TDL-4,” the name for both the bot Trojan that infects PCs and the ensuing collection of compromised computers, is “the most sophisticated threat today,” said Kaspersky Labs researcher Sergey Golovanov in a detailed analysis Monday.
“[TDL-4] is practically indestructible,” Golovanov said and others agree.
“I wouldn’t say it’s perfectly indestructible, but it is pretty much indestructible,” said Joe Stewart, director of malware research at Dell SecureWorks and an internationally-known botnet expert, in an interview today. “It does a very good job of maintaining itself.”
Golovanov and Stewart based their assessments on a variety of TDL-4′s traits, all which make it an extremely tough character to detect, delete, suppress or eradicate.
Because TDL-4 installs its rootkit on the Master Boot Record (MBR), it is invisible to both the operating system and more, importantly, security software designed to sniff out malicious code.
Further,what makes the botnet indestructible is the combination of its advanced encryption and the use of a public peer-to-peer (P2P) network for the instructions issued to the malware by command-and-control (C&C) servers.
“The way peer-to-peer is used for TDL-4 will make it extremely hard to take down this botnet,” said Roel Schouwenberg, senior malware researcher at Kaspersky, ”The TDL guys are doing their utmost not to become the next gang to lose their botnet.”
Apple Website Is Ripe For Hacking
July 4, 2011 by admin
Filed under Around The Net
Comments Off on Apple Website Is Ripe For Hacking
According to the Ethical Hacking group YGN, Apple’s website for developers is virtually wide open and gives the opportunity for hackers to introduce malware such asphishing attacks to gain access to subscriber’s vital personal information.
One group known as Networkworld identified three holes on Apple’s website that arbitrary URL redirects, cross-site scripting and HTTP response splitting. That said, these holes could allow hackers to arbitrarily redirect to other websites and make phishing attacks against developers login credentials more successful.
Download Defense Added To Chrome Browser
Comments Off on Download Defense Added To Chrome Browser
Google has updated Chrome to version 12, adding a new feature that warns users when they’ve downloaded files from dangerous Web sites.
New to Chrome 12 is a tool that flags questionable files pulled from the Web. Chrome now shows an alert when users download some file types from sites that are on the Safe Browsing API (application programming interface) blacklist, which Google maintains.
The messages reads: “This file is malicious. Are you sure you want to continue?” If they wish, users can ignore the warning and install the file on their system’s hard drive.
“This warning will be displayed for any download URL that matches the latest list of malicious websites published by the Safe Browsing API,” said Google last April when it debuted the feature in an earlier edition of Chrome.
Safe Browsing already identifies suspicious or unsafe sites, then adds them to a blacklist. Chrome, Mozilla’s Firefox and Apple’s Safari all tap into Safe Browsing to warn users of risky sites before they actually visit them.