Entries Tagged "malware"

Page 31 of 50

Android Malware

The Android platform is where the malware action is:

What happens when anyone can develop and publish an application to the Android Market? A 472% increase in Android malware samples since July 2011. These days, it seems all you need is a developer account, that is relatively easy to anonymize, pay $25 and you can post your applications.

[…]

In addition to an increase in the volume, the attackers continue to become more sophisticated in the malware they write. For instance, in the early spring, we began seeing Android malware that was capable of leveraging one of several platform vulnerabilities that allowed malware to gain root access on the device, in the background, and then install additional packages to the device to extend the functionality of the malware. Today, just about every piece of malware that is released contains this capability, simply because the vulnerabilities remain prevalent in nearly 90% of Android devices being carried around today.

I believe that smart phones are going to become the primary platform of attack for cybercriminals in the coming years. As the phones become more integrated into people’s lives—smart phone banking, electronic wallets—they’re simply going to become the most valuable device for criminals to go after. And I don’t believe the iPhone will be more secure because of Apple’s rigid policies for the app store.

EDITED TO ADD (11/26): This article is a good debunking of the data I quoted above. And also this:

“A virus of the traditional kind is possible, but not probable. The barriers to spreading such a program from phone to phone are large and difficult enough to traverse when you have legitimate access to the phone, but this isn’t Independence Day, a virus that might work on one device won’t magically spread to the other.”

DiBona is right. While some malware and viruses have tried to make use of Bluetooth and Wi-Fi radios to hop from device to device, it simply doesn’t happen the way security companies want you to think it does.

Of course he’s right. Malware on portable devices isn’t going to look or act the same way as malware on traditional computers. It isn’t going to spread from phone to phone. I’m more worried about Trojans, either on legitimate or illegitimate apps, malware embedded in webpages, fake updates, and so on. A lot of this will involve social engineering the user, but I don’t see that as much of a problem.

But I do see mobile devices as the new target of choice. And I worry much more about privacy violations. Your phone knows your location. Your phone knows who you talk to and—with a recorder—what you say. And when your phone becomes your digital wallet, your phone is going to know a lot more intimate things about you. All of this will be useful to both criminals and marketers, and we’re going to see all sorts of illegal and quasi-legal ways both of those groups will go after that information.

And securing those devices is going to be hard, because we don’t have the same low-level access to these devices we have with computers.

Anti-virus companies are using FUD to sell their products, but there are real risks here. And the time to start figuring out how to solve them is now.

Posted on November 25, 2011 at 6:06 AMView Comments

Full Extent of the Attack that Compromised RSA in March

Brian Krebs has done the analysis; it’s something like 760 companies that were compromised.

Among the more interesting names on the list are Abbott Labs, the Alabama Supercomputer Network, Charles Schwabb & Co., Cisco Systems, eBay, the European Space Agency, Facebook, Freddie Mac, Google, the General Services Administration, the Inter-American Development Bank, IBM, Intel Corp., the Internal Revenue Service (IRS), the Massachusetts Institute of Technology, Motorola Inc., Northrop Grumman, Novell, Perot Systems, PriceWaterhouseCoopers LLP, Research in Motion (RIM) Ltd., Seagate Technology, Thomson Financial, Unisys Corp., USAA, Verisign, VMWare, Wachovia Corp., and Wells Fargo & Co.

News article.

Posted on October 28, 2011 at 3:21 PMView Comments

Official Malware from the German Police

The Chaos Computer Club has disassembled and analyzed the Trojan used by the German police for legal intercept. In its default mode, it takes regular screenshots of the active window and sends it to the police. It encrypts data in AES Electronic Codebook mode with—are you ready?—a fixed key across all versions. There’s no authentication built in, so it’s easy to spoof. It sends data to a command-and-control server in the U.S., which is almost certainly against German law. There’s code to allow the controller to install additional software onto the target machine, but that’s not authenticated either, so it would be easy to fool the Trojan into installing anything.

Detailed analysis in German. F-Secure has announced it will treat the Trojan as malware. I hope all the other anti-virus companies will do the same.

EDITED TO ADD (10/12): Another story. And some good information on the malware. Germany’s Justice Minister is calling for an investigation.

Posted on October 13, 2011 at 6:03 AMView Comments

U.S. Drones Have a Computer Virus

You’d think we would be more careful than this:

A computer virus has infected the cockpits of America’s Predator and Reaper drones, logging pilots’ every keystroke as they remotely fly missions over Afghanistan and other warzones.

[…]

“We keep wiping it off, and it keeps coming back,” says a source familiar with the network infection, one of three that told Danger Room about the virus. “We think it’s benign. But we just don’t know.”

EDITED TO ADD (10/13): No one told the IT department for two weeks.

Posted on October 10, 2011 at 6:38 AMView Comments

New Bank-Fraud Trojan

Nasty:

The German Federal Criminal Police (the “Bundeskriminalamt” or BKA for short) recently warned consumers about a new Windows malware strain that waits until the victim logs in to his bank account. The malware then presents the customer with a message stating that a credit has been made to his account by mistake, and that the account has been frozen until the errant payment is transferred back.

When the unwitting user views his account balance, the malware modifies the amounts displayed in his browser; it appears that he has recently received a large transfer into his account. The victim is told to immediately make a transfer to return the funds and unlock his account. The malicious software presents an already filled-in online transfer form ­ with the account and routing numbers for a bank account the attacker controls.

Posted on August 8, 2011 at 12:47 PMView Comments

Attacking PLCs Controlling Prison Doors

Embedded system vulnerabilities in prisons:

Some of the same vulnerabilities that the Stuxnet superworm used to sabotage centrifuges at a nuclear plant in Iran exist in the country’s top high-security prisons, according to security consultant and engineer John Strauchs, who plans to discuss the issue and demonstrate an exploit against the systems at the DefCon hacker conference next week in Las Vegas.

Strauchs, who says he engineered or consulted on electronic security systems in more than 100 prisons, courthouses and police stations throughout the U.S. ­ including eight maximum-security prisons ­ says the prisons use programmable logic controllers to control locks on cells and other facility doors and gates. PLCs are the same devices that Stuxnet exploited to attack centrifuges in Iran.

This seems like a minor risk today; Stuxnet was a military-grade effort, and beyond the reach of your typical criminal organization. But that can only change, as people study and learn from the reverse-engineered Stuxnet code and as hacking PLCs becomes more common.

As we move from mechanical, or even electro-mechanical, systems to digital systems, and as we network those digital systems, this sort of vulnerability is going to only become more common.

Posted on August 2, 2011 at 6:23 AMView Comments

1 29 30 31 32 33 50

Sidebar photo of Bruce Schneier by Joe MacInnis.