2010年8月13日 星期五

FW: NABU Trend Micro Weekly News Summary 08/07/10 - 08/13/10


-------------------------------------------
From: Andrea Mueller (MKT-US)
Sent: Saturday, August 14, 2010 5:33:00 AM
To: Newsbank; All of Trend Corporate Marketing Department;
All of Trend Global PR; All of US Sales; All of US Marcom Dept.
Cc: Steve Quane (Seg GM-SMB); Thomas Miller (SAL-US); 'Mark Vangel';
Darren Blank (SAL-US); Alan Wallace (MKT-US); Tobias Lee (MKT-US);
Natalie Severino (MKT-US); Dan Conlon (MKT-UK); Mark Beyer (MKT-DE);
Colin Richardson (MKT-UK); Steve Mungall (SAL-US)
Subject: NABU Trend Micro Weekly News Summary 08/07/10 - 08/13/10
Auto forwarded by a Rule


 

logo

NABU Trend Micro Weekly News Summary

Fri, 13 Aug 2010

View mobile version.

Word version.

RSS.



Trend Micro Quotes

Hot

Business heavyweights plan security awareness campaign
The Tech Herald, By Steve Ragan, Tue, 10 Aug 2010, 722 words
"We've been planning this for three years," Trend Micro's David Perry told The Tech Herald during a conversation at Black Hat recently. "What we're looking to do is come up with basic education for the consumer, because we haven't got a chance from doing it from the top down, we have to do it from the bottom up. Our best model is World War II, how they spread messages about 'don't waste anything' and 'loose lips sink ships'."


Researchers show private web browsing history is not so private
ComputerWeekly.com, By Staff, Fri, 13 Aug 2010, 302 words
"If someone is capable of tracking your browsing habits in this way, they are probably also tech-savvy enough to know about commercial spyware, which could much more effectively track your computer use," says [Trend Micro's Rik] Ferguson.

Sexy malware coming to smartphones
Computerworld: Security is Sexy, By Darlene Storm, Thu, 12 Aug 2010, 712 words
Sex and "sexy malware" played a part in one of the first alerts of mobile botnets aimed at the Symbian. Sexy Space was a variant of another mobile malware called Sexy View. It was capable of downloading new SMS templates from a remote server in order to send out new SMS spam. "No malware for a mobile device has been known to do that before," said Rik Ferguson, senior security advisor for Trend Micro.

Demand Media a Home to Badware, Researchers Say
PCWorld, By Robert McMillan, IDG News, Wed, 11 Aug 2010, 994 words
Paul Ferguson, a researcher with Trend Micro, said that he had heard complaints too. "Apparently they don't seem to place a lot of value in policing their content," he said.



Editorial Comments: The story also appears at SFGate.

Click fraud botnet unpicked Browser hijack scam runs through rogue traffic broker
The Register, By John Leyden, Wed, 11 Aug 2010, 787 words
David Sancho, a security researcher at Trend Micro's Labs, explained that the scam uses short-lived bots to redirect web traffic from compromised machines. Surfers seeking to visit Yahoo, for example, might be redirected via a third-party service before arriving at their destination, earning an unscrupulous broker a few cents in the process. In other cases surfers visiting the New York Times, for example, may be served ads from an ad-broker other than the licensed agent, Double Click.

Hypervisor as virtualization's enforcer? Some experts advocate putting more security features into the hypervisor layer, but others say that would be a disaster waiting to happen.
Computerworld, By Robert L. Mitchell, Tue, 10 Aug 2010, 687 words
"The simplicity of deploying security in an agentless manner is very appealing and easier to manage," says Bill McGee, senior director of data center security product development at Trend Micro.

Earnings Coverage

TABLE-Trend Micro -6mth group results
Reuters News, Tue, 10 Aug 2010 22:00:32 PST, 133 words , English
Aug 11 (Reuters) - TREND MICRO INC CONSOLIDATED FINANCIAL HIGHLIGHTS (in billions of yen unless specified) 6 months ended 6 months ended Full year ended Jun 30, 2010 Jun ...

Trend Micro 1H Group Net Profit Y6.77B, Down 23.5% On Yr
Dow Jones International News, Tue, 10 Aug 2010 22:00:00 PST, 82 words , English
Trend Micro Inc. (4704.TO) Tokyo 1st Half Ended June 30 GROUP 2010 2009 Revenue Y47.22 bln Y47.16 bln Operating Profit 11.61 bln 14.26 bln Pretax Profit 11.95 ...

Trend Micro Mentions

How to protect a group of office PCs from viruses Safeguarding multiple office computers from malware doesn't have to be difficult or expensive, as Simon Edwards shows in our step-by-step guide.
IT Pro Tutorials, By Simon Edwards, Fri, 13 Aug 2010, 1100 words
Small businesses face many of the same internet threats that large enterprises have to contend with. One big difference is the available budget and manpower, with small companies struggling to afford even one member of staff with the sole responsibility of keeping computer systems safe.

Browser hijackers raking in millions Trend Micro warns of sophisticated networks controlled by criminal gangs
V3.co.uk, By David Neal, Tue, 10 Aug 2010, 572 words
Criminal networks are making gangs millions of pounds a year through browser hijacker Trojans which redirect users to sponsored advertising, according to research from security vendor Trend Micro.

Metastorm seeks to accelerate the strategic socialization of the enterprise for process improvement
ZDNet: Briefings Direct, By Dana Gardner, Tue, 10 Aug 2010, 601 words
Metastorm, the business process management (BPM) software provider that recently released two cloud-based business collaboration products, is betting on what it calls the "socialization of the enterprise." We're seeing more social media techniques and approaches entering the enterprise, from Saleforce.com's Chatter to the forthcoming beta of HP's 48Upper. The trend is undeniable. A recent Trend Micro survey reveals social media use in the workplace has risen from 19 percent to 24 percent in the last two years.

Malware Stealing Digital Certificates Raises Security Concerns
eWeek, By Brian Prince, Fri, 6 Aug 2010, 685 words
Trend Micro has uncovered a variant of the Zeus Trojan using an expired digital certificate belonging to Kaspersky Lab, while the Stuxnet malware is known to have used certificates stolen from legitimate companies.

McAfee: Malware Threats at All-Time High, IT Managers Targeted with Fake Invoices
ReadWriteWeb, By Klint Finley, Tue, 10 Aug 2010, 292 words
This post is part of our ReadWriteEnterprise channel, which is a resource and guide for IT managers and technologists in the Enterprise. The channel is sponsored by Intel. As you're exploring solutions for your enterprise, check out this helpful resource from our sponsors: All New 2010 Intel Core vPro Processors and Microsoft Office 2010: Your Best Choice for Business PCs. (Trend Micro)

Waledac zombie attacks rise from the grave As hard to kill as a horror movie baddie
The Register, By John Leyden, Fri, 13 Aug 2010, 344 words
Updated Update: Trend Labs has reclassified the malware as a Bredolab variant instead of Waledac. That means the central premise of out original story - that Waladec - is back from the grave - is wrong.

Koobface Hackers Now Monitor Victims
SPAMfighter News, By Staff, Wed, 11 Aug 2010, 390 words
According to the security vendor Trend Micro, the masterminds behind the notorious Koobface worm (that attacks users of social networking websites) have now added a new code created to examine the success of their endeavors.

Koobface Virus Resurfaces on YouTube, Tracks Users
InfoPackets, By Carlo Orlando, Tue, 10 Aug 2010, 328 words
The 'Koobface' virus is once again making its rounds, freshly updated and even tougher to combat. It's responsible for delivering spyware payloads and also sniffing out passwords and credit card numbers of unsuspecting users. (Trend Micro)

Apple QuickTime Movie Player Installs Malware
SPAMfighter News, By Staff, Wed, 11 Aug 2010, 381 words
Researchers at Trend Micro (an Internet security firm) have found that Apple QuickTime movies are being exploited to download malware. The 7.6.6 version of QuickTime Player allows movie files to activate the download of files and cybercriminals are taking advantage of this by downloading malware from malicious websites.

Kasperky's TDSS Killer lives on
Computerworld: Defensive Computing, By Michael Horowitz, Mon, 9 Aug 2010, 409 words
Back in February, the TDSS rootkit was hot news. Microsoft had issued a patch to Windows that caused some systems to blue screen at startup.

Social Media Policy - The 6 Essentials Security Plays Key Role in Writing Rules for Safe Social Networking
Bank Info Security, By Upasana Gupta, Contributing Editor, Wed, 11 Aug 2010, 1207 words
It's impossible to overestimate the impact of social media. (Trend Micro)

The Security Industry Needs to do More Around Web Threats User education, standard definitions, and product testing are lacking
NetworkWorld.com Community, By joltsik, Tue, 10 Aug 2010, 345 words
If you aren't familiar with web threats you should be. A web threat uses the ubiquity of the WWW as a threat vector to propagate malicious exploits and payloads. Web threats lead to infected PCs with keyboard loggers, botnet code, or traditional worms and viruses. (Trend Micro)

Fake Malicious Software Removal Tool peddles fake AV
Help Net Security, By Zeljka Zorz, Thu, 12 Aug 2010, 148 words
A fake Malicious Software Removal Tool using the actual icon of the legitimate software has been spotted by Trend Micro researchers.

Middle East Witnesses Striking Increase in Infected Systems
SPAMfighter News, By Staff, Fri, 13 Aug 2010, 330 words
Internet security firm, Trend Micro, stated that the number of systems infected with malware had been rising in the GCC. As per the data compiled by the security firm, there were almost 740,097 active infected systems across the GCC in April 2010, an increase of 116% in less than one year.

Andriod Malware

New Android Malware Texts Premium-rate Numbers
PCWorld, By Jeremy Kirk, IDG News, Wed, 11 Aug 2010, 578 words
Researchers at Russian security company Kaspersky Lab say they've discovered the first malicious software program to target Google's Android mobile operating system. (Trend Micro)

Editorial Comments: This story also appears at Macworld, TechWorld and Computerworld.

Android gets its first texting malware
CNET UK, By Asavin Wattanajantra, Wed, 11 Aug 2010, 337 words
The first malicious malware for Android phones has been detected by a security firm. Russian company Kaspersky says the SMS Trojan malware has already infected a number of mobile phones. It works by getting an Android owner to install a file -- disguised as Windows Media Player, according to Trend Micro -- with the .apk Android extension. Once installed, the Trojan uses the system to send text messages to premium-rate numbers without the owner's knowledge, making money for the hacker.

First SMS Android Trojan
Help Net Security, By Zeljka Zorz, Wed, 11 Aug 2010, 202 words
Further investigation by Trend Micro reveals that the application sends SMS messages to premium rate numbers, and since the user has consented to it upon installation, the application continues to do that without asking further permission.

Kaspersky Lab has identified the first SMS Trojan targeting Android devices.
IT Pro For Business, By Tom Brewster, Thu, 12 Aug 2010, 305 words
Talking about the new Android Trojan, Trend Micro's advanced threats researcher, Ivan Macalintal, said: "This income-generating scheme is a low-hanging fruit for cyber criminals."

 

Full Text

Business heavyweights plan security awareness campaign

"We've been planning this for three years," Trend Micro's David Perry told The Tech Herald during a conversation at Black Hat recently. "What we're looking to do is come up with basic education for the consumer, because we haven't got a chance from doing it from the top down, we have to do it from the bottom up. Our best model is World War II, how they spread messages about 'don't waste anything' and 'loose lips sink ships'."


- - -

From both the government and private sectors, including security vendors and federal agencies, a new information awareness campaign is set to kick off in October that reaches out to Internet users in order to spread basic security concepts.

The National Cyber Security Alliance (NCSA), along with the Anti-Phishing Working Group (APWG), has officially announced the creation of a public campaign that will develop Internet safety awareness for the overall public.

The public-private messaging convention will seek ideas and information from the usual suspects in the security world, including Trend Micro, ESET, Symantec, McAfee, RSA, and AVG, as well as private sector giants Microsoft, Google, Visa, Wal-Mart, Yahoo, VeriSign, Verizon, PayPal, Facebook, Costco and others.

"We've been planning this for three years," Trend Micro's David Perry told The Tech Herald during a conversation at Black Hat recently.

"What we're looking to do is come up with basic education for the consumer, because we haven't got a chance from doing it from the top down, we have to do it from the bottom up. Our best model is World War II, how they spread messages about 'don't waste anything' and 'loose lips sink ships'."

Aside from the expected security industry and private sector partners, the U.S. government is on board as well, including the U.S. Department of Justice, the FBI, DHS, U.S. Department of Commerce, the U.S. Federal Trade Commission, and the IRS.

Perry said that the partnership aims to tell the public two things. "One, control your impulses online. Two, safe computer hygiene."

Hygiene means many things, such as the use of anti-Virus software, the use of firewalls, and other security layers. Impulse control aims at getting users to think before they download anything. The kickoff for the campaign is set for National Cyber Security Awareness Month in October.

During the ramp-up for the awareness campaign, the public-private messaging convention did some early studies, which showed a majority of those surveyed feel a personal responsibility to be safer online.

 "We were very surprised to find out the public is concerned about Internet security," Perry said.

The study, which included more than a thousand Americans, revealed the need for simple, easy-to-understand resources and tips to help ensure their safety and security online. With that in mind, the public-private convention plans to deliver.

The survey data made an interesting comparison, in that those who took part likened security awareness to the level of awareness given to environmental matters. In addition, they said that their concerns over information theft due to Internet crime are just as serious as their worries over job loss and lack of healthcare coverage.

"Losing their identity, personal or financial information to a criminal gang is a daunting fear for Americans, one that ranks with job security and access to healthcare," said APWG Secretary General Peter Cassidy in a statement.

"It's no wonder that many Americans are already taking steps to protect their online lives," he added, noting that the survey data showed an anxious need to gather more information on how to stop the loss and control their lives online. "Clearly, they crave personal control."

While the task of a public awareness campaign has been on the table for years, this is the first time major steps have been taken to push such efforts on a massive scale, with a serious involvement from more than just government and security notables.

Nothing is set in stone, but it is entirely possible for a new breed of PSAs to come from this initiative.

PSAs that could include not just ID Theft awareness, but awareness aimed at other risky activities online, like as blindly following links in email to fake awareness campaigns that lead to Malware, such as those "shocking" videos that are seen on Facebook.

http://www.thetechherald.com/article.php/201032/6002/Business-heavyweights-plan-security-awareness-campaign

Back to top


Researchers show private web browsing history is not so private

"If someone is capable of tracking your browsing habits in this way, they are probably also tech-savvy enough to know about commercial spyware, which could much more effectively track your computer use," says [Trend Micro's Rik] Ferguson.


- - -

Many of you will have seen the TV advert highlighting the privacy mode in Internet Explorer 8, which allows a husband to "browse for a present for his wife" without leaving any evidence on the family computer. Well, before you peruse those lingerie sites, be warned: researchers at Carnegie Mellon University have found ways to detect which sites were visited with the mode enabled.

Collin Jackson, assistant research professor at the university, says many websites encrypt their data for security reasons by automatically establishing a secure key with the user's computer. Even if private browsing is enabled, details relating to the key remain stored on the computer's hard drive, allowing a hacker to establish that a particular site has been visited. A hacker could guess what sites you have been to based on traces left behind, says Jackson.
These attacks on privacy "do not require a great deal of technical sophistication and could easily be built into forensics tools", he adds.

Although the work clearly shows that there are weaknesses in browsers' private-browsing implementations, says Rik Ferguson - a UK-based security researcher at Trend Micro - any attacker with the knowledge to exploit the weaknesses would probably look to other attacks first, which may yield more detailed information.

"If someone is capable of tracking your browsing habits in this way, they are probably also tech-savvy enough to know about commercial spyware, which could much more effectively track your computer use," says Ferguson.

The lesson? If you want to visit websites in secret, use someone else's computer.

http://www.computerweekly.com/blogs/it-downtime-blog/2010/08/researchers-show-private-web-b.html

Back to top


Sexy malware coming to smartphones

Sex and "sexy malware" played a part in one of the first alerts of mobile botnets aimed at the Symbian. Sexy Space was a variant of another mobile malware called Sexy View. It was capable of downloading new SMS templates from a remote server in order to send out new SMS spam. "No malware for a mobile device has been known to do that before," said Rik Ferguson, senior security advisor for Trend Micro.


- - -

Your smartphone is like a minicomputer, getting smarter and more powerful while enabling greater functionality with each new mobile device that is released. It's exciting to customize your cell phone with any type of application you want. Google and Apple, alone, offer more than 250,000 apps  such as games, productivity and financial tools, and other apps. In fact, the apps craze is moving at such a fast pace, it might prove difficult to keep up with the malicious software that is sometimes a "bonus" in the app download. One thing is certain, your cell phone is not safe. Mobile phones are now targeted by malware writers and cell phones can even be lassoed into botnets.

"Mobile phones are a huge source of vulnerability," Gordon Snow, assistant director of the Federal Bureau of Investigation's Cyber Division, told the Wall Street Journal. "We are definitely seeing an increase in criminal activity." Snow also told WSJ that the FBI's Cyber Division is working on cases based on tips about malicious apps that can compromise banking or be used for espionage. The FBI does not allow its employees to download apps on FBI-issued smartphones.

After the Schmoocon hacker conference last year, security researchers presented a vulnerability that was considered so dangerous to Google's mobile OS Android that owners were warned not to use the phone's web browser. And now the Android is being hit with its first SMS trojan in the wild. It seems Android owners are getting wise about protection at a rapid pace. DroidSecurity's free antivirus was clocked at 2.5 million downloads last week.

Last year at Black Hat security conference, researchers were able to attack an iPhone via SMS. "Consumers should be aware that iPhone security is far from perfect and that a piece of software downloaded from the App Store may still be harmful," wrote software engineer Nicolas Seriot in a research paper detailing iPhone security holes.

Apple, Blackberry, Android, Windows mobile, and Symbian smartphones all have been under siege; none are immune from attacks. Yet we can't quench our desire for apps. So what is a cell phone owner to do? Think of it sort of like safe sex. You can still engage in it, but you need to be wise and to take precautions in order to avoid complications.

Sex and "sexy malware" played a part in one of the first alerts of mobile botnets aimed at the Symbian. Sexy Space was a variant of another mobile malware called Sexy View. It was capable of downloading new SMS templates from a remote server in order to send out new SMS spam. "No malware for a mobile device has been known to do that before," said Rik Ferguson, senior security advisor for Trend Micro. Trend Analysts had "heated internal discussions" about whether Sexy Space qualified as botnet code. It took a little bit of social engineering to get users onto a malicious site where it was unknowingly downloaded. Part of its lure was that the vendor seemed to point to "Playboy." Many users were caught without protection and voila! Sexy mobile malware gave a whole new meaning to phone sex.

Speaking of sex and phones, the dating site OKCupid.com conducted research on nearly 10,000 smartphone users. iPhone owners are getting much more sex than Blackberry or Android owners. Women iPhone users get the most action of anyone. OkCupid's results are listed on the graphs below.

 


It may prove interesting to see if the heaviest hit mobile malware sectors will mirror this sex and cell phone study, with iPhone on top, followed by Blackberry and then Android. Take precautions; be wise before you take "home" an app that you don't know well enough to trust. And by all means, please use protection! 

http://blogs.computerworld.com/16721/sexy_malware_coming_to_mobile_phones

Back to top


Demand Media a Home to Badware, Researchers Say

Paul Ferguson, a researcher with Trend Micro, said that he had heard complaints too. "Apparently they don't seem to place a lot of value in policing their content," he said.


- - -

As Demand Media gears up for its initial public offering, anti-spam advocates and online crime fighters say that the company needs to clean up its act.

In a report, released late Tuesday, HostExploit, a volunteer badware-tracking group, found that Demand Media's Internet service provider (ISP) business is hosting an abnormally large number of malicious Web pages, and far too many of the command-and-control servers that are used to send directions to hacked computers.

In fact, HostExploit currently ranks Demand Media as the worst ISP in the world, a ranking that's based on how the ISP is used to distribute spam and malicious software.

Demand Media is best known as the operator of low-cost Web sites such as eHow, LiveStrong.com, and Cracked. But it also runs the world's second-largest domain name registration business, and sells Web hosting services too, through brands such as eNom.

Like all service providers Demand Media has to deal with scammers abusing its network. The criminals register domains or rent servers to host their scam Web sites -- often doing this through other companies that resell Demand Media's services. The criminals will hack legitimate customers and use their servers, too. For ISPs, staying on top of this fraud is just part the business, but some companies pull this off this better than others.

Over the past year, Demand Media has had a hard time keeping up with the criminals, cybercrime watchers said Tuesday.

For example, the number of botnet command and control servers hosted by Demand's services is now ten times what it was back in January, said Jart Armin the pseudonymous researcher who co-authored the HostExploit report. "This isn't something that they don't know about," he said. "This is just badness and they don't give a damn."

Demand Media has about the same amount of malicious activity on its networks -- relative to the company's size -- that HostExploit found on the notorious McColo Internet service provider two years ago, Armin said. "They've got a lot of the same characteristics," he said. After HostExploit and others drew attention to McColo's bad activity, it was dumped by its upstream service providers and eventually forced out of operation.

In the case of Demand Media, however, Armin and his fellow researchers hope to pressure the company to clean up its act.

Demand Media is no McColo. It's a large and successful company that filed for an initial public offering last Friday. Based on the expected strike price, Demand Media hopes to raise $125 million through the IPO. Some observers say that the company may be distracted as it looks to bring itself public. Smoking out criminal activity, after all, doesn't do much to boost profits.

After being provided with an advance copy of the report Tuesday, Demand Media said it was unable to immediately comment on the matter. The company is in a quiet period ahead of its IPO.

In June however, responding to allegations that it was profiting from pharmaceutical spam, the company told GigaOm that, "eNom is the largest domain name wholesaler and we take this responsibility very seriously. We cooperate with multiple law enforcement agencies, as this is our policy and meets ICANN requirements. Customers suspected of using eNom products and services for illegal purposes are investigated and appropriate action is taken."

Demand Media may have had no comment on the HostExploit report, but that didn't prevent others from weighing in.

StopBadware, a group that tracks malicious Web sites on the Internet, has seen a steady rise in infected Web sites on Demand Media's networks, according to Maxim Weinstein, executive director of the Internet safety organization. One year ago, Demand Media was host to about 4,300 bad Web sites. Now that number is closer to 7,400, Weinstein said.

Paul Ferguson, a researcher with Trend Micro, said that he had heard complaints too. "Apparently they don't seem to place a lot of value in policing their content," he said.

That hardly makes Demand Media unique, however. It's often easier for service providers to turn a blind eye to problems on their network instead of hiring IT staffers to respond to such reports. A lot of hosting providers and registrars have similar problems, Ferguson said.

But according to Armin, the concentration of problems at Demand Media is abnormal.

For example: take Demand Media's domain name registration services. Although the company has registered just over 8 percent of the world's domain names, it has also been used to register about one-third of all known fake pharmacy Web sites, Armin said. "That can't be a statistical error," he said. "When you say, '35 percent of all the illicit pharma in the world is registered through Demand Media and eNom,' that's a problem."

The company has also been slow to crack down spammers that are using its network, said Richard Cox, the chief information officer with Spamhaus, an anti-spam group. Spamhaus has identified 13 spamming operations that are operating out of Demand Media's eNom network, for example. Typically, ISPs move quickly to remove any reported spammers, but that hasn't been the case with eNom, he said. "We would like to see eNom take their responsibility seriously," Cox said. "They're not very good at cleaning up the mess."

Armin said that he and the other researchers who helped compile his report want to help end the problems. "They could clean up and get themselves out of a lot of this badness around their systems in a heartbeat," Armin said. "And that's ultimately what this is about."

Robert McMillan covers computer security and general technology breaking news for The IDG News Service. Follow Robert on Twitter at @bobmcmillan. Robert's e-mail address is robert_mcmillan@idg.com

http://www.pcworld.com/businesscenter/article/203035/demand_media_a_home_to_badware_researchers_say.html

Back to top


Click fraud botnet unpicked Browser hijack scam runs through rogue traffic broker

David Sancho, a security researcher at Trend Micro's Labs, explained that the scam uses short-lived bots to redirect web traffic from compromised machines. Surfers seeking to visit Yahoo, for example, might be redirected via a third-party service before arriving at their destination, earning an unscrupulous broker a few cents in the process. In other cases surfers visiting the New York Times, for example, may be served ads from an ad-broker other than the licensed agent, Double Click.


- - -

Cybercrooks use of botnets to make money by sending spam or launching denial of service attacks has become a well-understood business model.

But the controllers of networks of compromised PCs have other ways of turning an illicit profit, including using rogue traffic brokers to defraud reputable brands. Trend Micro's write-up of a click fraud scam sheds light onto this less well-known but highly lucrative cyberscam.

Trend Micro has been on the trail of one particular gang of click fraud crooks for over 18 months. The gang is originally from Estonia, although there are loose connections with the UK, which hosts a shell company for a click broker selling web traffic that plays an important role in the complex scam.

David Sancho, a security researcher at Trend Micro's Labs
, explained that the scam uses short-lived bots to redirect web traffic from compromised machines. Surfers seeking to visit Yahoo, for example, might be redirected via a third-party service before arriving at their destination, earning an unscrupulous broker a few cents in the process. In other cases surfers visiting the New York Times, for example, may be served ads from an ad-broker other than the licensed agent, Double Click.

Each of these actions might rake in as little as one or two pence, but with 150,000 bots in the network and multiple traffic hijacking incidents revenues of millions of dollars a year become possible.

The scam relies on short-lived bots, one of several factors that makes the overall fraud "not as conspicuous as spambots," Sancho explained.

The fraud hinges on the use of browser Trojan malware that redirects victims away from the sites they want to visit. Searches still work as normal but once victims click a search result or a sponsored link, they are instead re-directed to a foreign site so the hijacker can monetize fraudulent clicks via a traffic broker. These middlemen sell stolen or hijacked traffic back to legitimate web firms.

"For example, we have seen that Yahoo! search result clicks were resold back to Yahoo! via an intermediate traffic broker. In another example, stolen Google clicks were resold to LookSmart," Trend Micro researcher Feike Hacquebord explains.

One traffic broker, Onwa Ltd from St Petersburg, Russia, is clearly in on the scheme because it develops "back-end software for obscure, fake search engines that form a facade for click-fraud" that has no legitimate purpose. Onwa, which has been trading since at least 2005 and operates shell companies in the United Kingdom and Seychelles, also maintains an its own infrastructure for spoofed Google websites, Trend Micro reports.

Legitimate traffic brokers have also been roped into the scam, using fake search sites that act as intermediaries for traffic actually generated via click-fraud from compromised machines. The Alexa ratings of these sites are sometimes artificially inflated using bots to make them appear more trustworthy.

Browser hijacking is just the sort of behaviour that prompts end users to clean up their machines, so the typical bot has a life expectancy of just six days. The crooks compensate for this short life by constantly infecting new systems. More than two million computers have been infected with the browser hijacker so far this year, and Trend expects this will reach as much as four million by the end of 2010.

These browser hijackers come with an added DNS component. Every day, the gang releases new malware samples that change systems' DNS settings to a unique pair of foreign servers. The cybercrooks use networks consisting of multiple servers that are hosted in various data centres around the world to pull off this aspect of the scam.

Even after a browser hijacker component is purged from the infected machine, the DNS changer can still remain active so that hijacking traffic remains possible, increasing the lifespan of the bots. The botnet replaces Double Click with Clicksor ads once the rogue DNS component is activated, a form of stealth click-fraud that is difficult to detect.

Trend's Sancho indicated that it had passed a file on the scam to law enforcement authorities, but declined to discuss where any investigation might be heading.

A full write-up of the scam, complete with illustrations, can be found in a blog post by Trend Micro here.

http://www.theregister.co.uk/2010/08/11/click_fraud_botnet/

Back to top


Hypervisor as virtualization's enforcer? Some experts advocate putting more security features into the hypervisor layer, but others say that would be a disaster waiting to happen.

"The simplicity of deploying security in an agentless manner is very appealing and easier to manage," says Bill McGee, senior director of data center security product development at Trend Micro.


- - -

Computerworld - Citing performance and security benefits, virtualization vendors are shoving more add-on software into the hypervisor layer. VMware Inc., Citrix Systems Inc. and Microsoft Corp. all allow for third-party software execution at this layer of their virtualization technologies, says Neil MacDonald, an analyst at Gartner Inc.

Virtualization security: Is that a good thing? Yes -- and no -- say users and experts.

Early virtual machine management software resided on top of a host operating system. That went away with the development of the hypervisor -- a thin layer of software that runs directly on the hardware. A hypervisor has two advantages: It's not affected by vulnerabilities in an underlying operating system that hosts it, and it's small -- less than 100MB for VMware ESXi -- and therefore provides a very small target for attacks. "When you have that small of a footprint, the opportunities for exploits and errors go down dramatically, " says KC Condit, senior director of information security at Rent-a-Center Inc.

But that's changing. Companies like Trend Micro Inc. are beginning to offer software designed to be inserted at this layer. Doing so can improve security and give a performance boost. "The simplicity of deploying security in an agentless manner is very appealing and easier to manage," says Bill McGee, senior director of data center security product development at Trend Micro. But as more third-party software vendors insert code into the hypervisor layer, for security and other functions, the layer could get more crowded, with more updates required and a bigger attack surface.

Eric Baize, senior director for the RSA Security Practice at RSA, the security division of EMC Corp., says pushing security down to the virtualization layer is ultimately a good thing. "The more it's built in, the easier it is to deploy and manage," he contends. Eventually, he predicts, security will be rolled into the core virtual infrastructure and third-party add-ons will no longer be needed.

But others worry that the current trend may set the stage for a new set of risks.

Kris Lovejoy, vice president at IBM Security Solutions, IBM's security consultancy, doesn't think additional complexity in the hypervisor is necessarily a good idea. Most IT organizations already struggle with patch management, configuration management and change management at the operating system level. The problem could be "way worse" at the hypervisor layer, he says.

Venu Aravamudan, senior director of product marketing for VMware's server business unit, says third-party vendors that plan to include software in VMware's hypervisor layer through its VMsafe program must meet a "rigorous" certification process. So far, certified products include antivirus, intrusion-protection, anti-rootkit, firewall and network-monitoring tools. "The third-party solutions will add up over time, but customers can be assured that it will be a controlled program," he says.

But analysts remain wary about creating opportunities for vulnerabilities in the hypervisor layer. "My gut says that unless you're really diligent in managing all of that stuff, it's going to create a [security] hole. I'm bearish on the concept," says John Kindervag, an analyst at Forrester Research Inc.

Aravamudan points out that only a part of the code goes into the hypervisor. "In general, this footprint is not large," he says. The rest sits in a secure virtual machine and uses a "minimal" amount of kernel capability. "We clearly will ensure that the hypervisor doesn't double in size because you're adding all of those components," he says.

Nonetheless, MacDonald says he's still wary of advising Gartner's clients to add a lot of third-party code into the hypervisor layer. "The best advice is to keep it thin and hardened from a security perspective." he says. "Putting additional code into the hypervisor increases the attack surface."

Robert L. Mitchell writes technology-focused features for Computerworld. You can follow Rob on Twitter at twitter.com/rmitch or subscribe to his RSS feed. His e-mail address is rmitchell@computerworld.com.

http://www.computerworld.com/s/article/9179910/Hypervisor_as_virtualization_s_enforcer_

Back to top


TABLE-Trend Micro -6mth group results

Aug 11 (Reuters) - TREND MICRO INC CONSOLIDATED FINANCIAL HIGHLIGHTS (in billions of yen unless specified) 6 months ended 6 months ended Full year ended Jun 30, 2010 Jun 30, 2009 Dec 31, 2009 LATEST YEAR-AGO YEAR-AGO H1 RESULTS H1 RESULTS RESULTS Sales 47.22 47.16 (+0.1 pct) Operating 11.61 14.26 (-18.6 pct) Recurring 11.95 15.46 (-22.7 pct) Net 6.77 8.85 (-23.5 pct) EPS Y50.68 Y66.27 Diluted EPS Y50.51 Y66.18 Annual div -Q2 div nil nil

NOTE - Trend Micro Inc is a leading utility software maker.

For latest earnings estimates made by Toyo Keizai, please double click on .

Back to top


Trend Micro 1H Group Net Profit Y6.77B, Down 23.5% On Yr

Trend Micro Inc. (4704.TO) Tokyo 1st Half Ended June 30 GROUP 2010 2009 Revenue Y47.22 bln Y47.16 bln Operating Profit 11.61 bln 14.26 bln Pretax Profit 11.95 bln 15.46 bln Net Profit 6.77 bln 8.85 bln Per share Earnings 50.68 66.27 Diluted earnings 50.51 66.18 Results are based on Japanese accounting standards.

[ 11-08-10 0600GMT ]

Back to top


How to protect a group of office PCs from viruses Safeguarding multiple office computers from malware doesn't have to be difficult or expensive, as Simon Edwards shows in our step-by-step guide.

Small businesses face many of the same internet threats that large enterprises have to contend with. One big difference is the available budget and manpower, with small companies struggling to afford even one member of staff with the sole responsibility of keeping computer systems safe.

One solution is to use systems management software, but this isn't cheaper either, and requires costly hardware. Trend Micro has launched a new hosted security service that aims to provide small businesses with a low-cost and easy-to-use alternative. It does not even require a server.

We have looked at the ways you can use Trend Micro Worry-Free Business Security Services to lock down and manage the security of the computers in your office or even your home.

 

1. The web dashboard

 

1 . The web dashboard 1 The service's main interface is a web-based 'dashboard', from which you manage the PCs in your organisation. This webpage is accessible from any internet-connected computer so you can log in from anywhere to check on the status of the computers and to activate various tasks. You could, for example, direct all PCs in a particular department to update themselves, or run a full system scan. The main screen displays a snapshot of your network's health. If any of the PCs have out of date anti-virus updates you'll see a notification here.

 

2. Installing the client software

 

2 . Installing the client software 2 The first task you're most likely to want to do is to install the client software on each computer you want to protect. Click on the Computers tab and choose the Add button from the toolbar. Select the Add Computers option. By default this will generate a URL that you can paste into an email, which you then send to the user of a PC. They should follow this link and install the software. To save bandwidth, you can choose to download the installation file once and share this to all computers on the network using your existing file server or shared folder.

 

3. The client software's status screen


3 . The client software's status screen
3 When the client software is installed on a PC it will contact Trend Micro's online system and check to see how you have set things up. Initially at least, it will register itself so you'll see the system's name, the version numbers of its operating system, security software and protection statistics. When you start to set policies, the client will note these changes and apply them to the PC it is running on. Such changes might include scheduling a system scan or enabling POP3 email scanning.

 

4. Group computers together for easier administration


4 . Group computers together for easier administration
4 You can also group computers together. This makes it easier to apply different security policies to different groups of computers, either now or in the future. New computers will appear in the Desktop (Default) group. Create a new group using the Add button (choose Add Group instead of Add Computers) and then drag one or more computers from the Default group into the appropriate one. You might, for example, want to lock down PCs that run accounts software but allow more freedom to marketing staff.

 

5. Command a group of computers to perform a system scan or other task

 

5 . Command a group of computers to perform a system scan or other task 5 Now that you have PCs organised into groups, you can command a whole set of computers to perform a task. In this example we are commanding all PCs in the 'Creative Dept.' to run a system scan straight away. You can choose to schedule a scan instead, perhaps timed to run during the night so that it does not reduce the systems' performance during a busy day. To scan a group of computers, simply click the Scan button on the web dashboard. By default the server takes the strain of the scanning, which should improve the performance of the desktop PCs.

 

6. Setting user priveliges for the client software

 

6 . Setting user priveliges for the client software 6 Unless you decide otherwise, each PC user can run a manual anti-virus scan whenever they like. They may also disable the firewall (if you have turned this feature on), schedule scans, edit the list of approved URLs and prevent the client software from updating itself. Whether or not you allow all of these privileges will depend on your company policy and your approach to devolving power to your staff.

 

Step 7

7. Applying restrictions to a group of computers


7 . Applying restrictions to a group of computers
7 You can apply restrictions to each computer or to groups of computers. In this example we have decided to allow the Creative Dept. group to run manual scans but not to schedule them. Neither can they edit the approved URL list nor disable the firewall. There are other settings in play, including one called Client Security. When set to High, this prevents the user (or an attacker) from changing the software's files and Registry entries.

http://www.itpro.co.uk/626014/how-to-protect-a-group-of-office-pcs-from-viruses

Step 8

8. The firewall options in the client software

 

8 . The firewall options in the client software 8 You may choose to enable the client-side firewall, which can work instead of or alongside the default firewall software built into Windows. The firewall interface in the client software is basic, and is particularly austere if you have disabled changes from the client. It appears alongside options to install a couple of toolbar utilities. These are the TrendProtect and Transaction Protector Toolbars. TrendProtect aims to warn of malicious or inappropriate websites, while Transaction Protector provides extra privacy protection when using wireless networks.

 

Step 9

9. Firewall options in the web-based dashboard


9 . Firewall options in the web-based dashboard
9 The web-based dashboard, on the other hand, lets you choose from three main basic levels for the firewall – High, Medium and Low. Low is essentially 'off', while High blocks everything. Adding exceptions to these rules is easy. Click the Add button at the bottom of the Exceptions list to add a new firewall rule, or select an existing one and choose Edit to make changes. The intrusion detection system can be turned on or off with a single click.

 

Step 10

Next

10. Get reports


10 . Get reports
10 If you buy Worry-Free Business Security Services, then it's likely you're strapped for time and money and therefore won't be watching the status windows of the web dashboard on a regular basis. Luckily you can still keep up to date with what's happening on your network by using the Report tab. You could choose to have a regular report generated that lists the most infected PCs (or groups of PCs), the most common threat discovered on your network and which computers are always running with old updates. Reports are saved in PDF format and can be sent automatically by email - even to multiple addresses.


http://www.itpro.co.uk/626014/how-to-protect-a-group-of-office-pcs-from-viruses

Back to top


Browser hijackers raking in millions Trend Micro warns of sophisticated networks controlled by criminal gangs

Criminal networks are making gangs millions of pounds a year through browser hijacker Trojans which redirect users to sponsored advertising, according to research from security vendor Trend Micro.

In a blog post, the vendor explained that a criminal gang could generate several million pounds a year in profits with a network of around 150,000 bots just by hijacking search results.

These botnets need constant feeding, as computers may get removed from it. In order to make up for these losses, Trend said that herders are "constantly infecting" new systems - tens of thousands of machines every day, in fact.

In the case of one botnet, more than two million computers have been infected this year, and this is likely to double by the winter.

The botnet criminal is a patient one, according to Trend, which said that, rather than make a quick buck, they prefer to wait until the botnet is fully formed and is able to harvest the most cash from victims.

"Most cyber crime gangs are not interested in just making a quick profit or in retiring early," advanced threats researcher Feike Hacquebord wrote in the blog post.

"They treat cyber crime as a serious and lucrative business venture, and are happy to patiently expand their criminal networks while trying to hide their malicious activities from the rest of the world. By victimising many users, it can earn millions of dollars in profit annually."

Typically, bot networks are made up of more than 100 servers spread across the world. Their bosses are cash rich and able to quickly scale up and take advantage of any criminal activities that come their way. Because of this, Trend said, the "collateral damage that their activities cause is huge".

Browser hijacker Trojans redirect victims away from the sites they want to visit. By doing this they are encouraged to visit sponsored links, for which the gangs get cash.

"Browser hijackers are popular because search result clicks convert well. It is a lucrative and easy way to capitalise on the success of legitimate search engines," the firm said.

"With a network of 150,000 bots, gangs can make several millions of US dollars every year from hijacking search results alone."

Typically, targeted attacks relate to words or phrases relating to the finance industry, such as 'loans', and in one case a botnet was hijacking over one million clicks a day.

These clicks have to be monetised, though, and Trend said that they would be sold via a broker to legitimate firms, such as Yahoo, Google or Ask, which can cause some confusion.

"For example, we have seen that Yahoo search result clicks were resold back to Yahoo via an intermediate traffic broker. In another example, stolen Google clicks were resold to LookSmart," the company said.

This brokering is a sophisticated business in itself, and Trend singled out one in Russia, called Onwa Ltd, that "must have full knowledge of the fraudulent nature of the traffic it resells".

Onwa allegedly has its own infrastructure of spoofed Google sites which are used in hijacking schemes.

Other more scrupulous brokers may be fooled into accepting clicks from botnets, as the criminals build up a network of fake accounts, businesses and web sites that purport to prove their authenticity.

Trend warned that botnet herders will only get more sophisticated and add more tools to their trade in the future.

http://www.v3.co.uk/v3/news/2267936/trend-micro-warns-browser

Back to top


Metastorm seeks to accelerate the strategic socialization of the enterprise for process improvement

Metastorm, the business process management (BPM) software provider that recently released two cloud-based business collaboration products, is betting on what it calls the "socialization of the enterprise." We're seeing more social media techniques and approaches entering the enterprise, from Saleforce.com's Chatter to the forthcoming beta of HP's 48Upper. The trend is undeniable. A recent Trend Micro survey reveals social media use in the workplace has risen from 19 percent to 24 percent in the last two years.

Strategies to resist the socialization of the enterprise may be futile. So Metastorm is suggesting enterprises embrace it, using tools that foster rather than squash social productivity in the workplace.

Part of that process is moving away from standalone products like Yammer and Socialtext and integrating social capabilities, profiles and collaboration with a richer enterprise experience, according to Laura Mooney, vice president of corporate communications at Metastorm, maker of Smart Business Workspace, a rich internet application that aims to empower knowledge workers to become more engaged and productive.

BriefingsDirect caught up with Mooney to discuss the issues around social enterprises.

BriefingsDirect: What's your perspective on the business trend toward social enterprises?

Mooney: Companies don't necessarily want to move away from stand-alone tools, but stand-alone tools are not necessarily well-integrated into the day-to-day operations and activities that employees are engaged in from a decision-making perspective.

As people got used to the instant ability to collaborate in their social life with using social networking capabilities, we discovered they wanted that same experience in the office environment in a way that would add business value. By tying social capabilities into the BPM foundation their work is already running on, employees can initiate that collaboration where it makes sense.

Metastorm focus on helping organizations, the people within the company, map out their strategy, understand the way different components of their business inter-operate and overlap, and then automate and execute business processes and try to improve these business processes on a day-to-day basis.

BriefingsDirect: Do tools like Facebook have a place in the enterprise from a productivity perspective?

Mooney: At work, Facebook is really not applicable to what I'm doing. But within this business process modeling tool, I have the ability to invite people that I can see online to participate in a process review session online, so we can all look at the same model and we can annotate, draw on it, and share it and get feedback. In that way, this is very meaningful to my day-to-day job.

Rather than getting on the phone or scheduling a conference call, trying to create a WebEx, and then trying to keep track of what it was we talked about, all of that would be captured.

It becomes useful also for audit purposes because a lot of companies can't just change core business processes without some sort of audit trail. Having that audit ability is important from a business perspective versus random social networking. Social media is not necessarily trackable.

BriefingsDirect: Do you have any insight into the customer demand that's sort of driving these traditional software vendors to play in the enterprise to the other world?

Mooney: It has to do with companies being so virtualized these days, especially the large organizations. Not only do they have multiple offices in different locations and most likely different countries, but there's a shift toward telecommuting so everyone is not necessarily in the office at the same time. Knowing that these technologies exist, there is this effort to figure out how to adapt this for a distributed business environment to increase the productivity and effectiveness of employees.

http://www.zdnet.com/blog/gardner/metastorm-seeks-to-accelerate-the-strategic-socialization-of-the-enterprise-for-process-improvement/3800

Back to top


Malware Stealing Digital Certificates Raises Security Concerns

Trend Micro has uncovered a variant of the Zeus Trojan using an expired digital certificate belonging to Kaspersky Lab, while the Stuxnet malware is known to have used certificates stolen from legitimate companies.

Two recent examples of malware utilizing digital signatures belonging to legitimate companies have put a spotlight on the question of what to do about it.

Researchers at Trend Micro recently found a variant of the Zeus Trojan that used a certificate belonging to Kaspersky Lab's ZbotKiller product, which ironically is designed to destroy Zeus. Though the certificate was expired, the idea was for the malware to use it to look legitimate.

Unlike in the case of the Stuxnet malware, which installs drivers digitally signed by RealTek Semiconductor and JMicron Technology, the authors of the Zeus variant did not actually steal the certificate and sign files with it. Instead, they simply cut and pasted the signature from another file, explained Roel Schouwenberg, senior antivirus researcher with Kaspersky.

"The new variant of Zeus simply contains a signature which was copy-pasted from another file," Schouwenberg said. "This doesn't produce a valid signature nor does it involve a breach of our certificate integrity, unlike the case with Stuxnet versus RealTek and JMicron."

According to Schouwenberg, the problem can partly be addressed by Microsoft.

"Whenever you're trying to install new software which is signed, Windows asks you, Do you trust Publisher X? That gives the user a clear indication where the software is coming from," he explained. "So that happens when the signature is valid. However, when the digital signature isn't valid Windows simply treats the file as an unsigned file … If Windows would simply alert the user that the certificate was invalid and the file should not be run we would be a lot better off."

The RealTek certificate used to sign the Stuxnet drivers expired in June; the JMicron certificate expires in July of 2012. Since Stuxnet is now believed to have been out for more than a year, it's possible such a warning wouldn't have helped many users infected by the worm. However, it could help address the problem of malware writers copying certificates—something that has been done for years now, Schouwenberg said.

Microsoft said it has been in contact with Kaspersky and is evaluating the incident. However, Gartner analyst John Pescatore noted the problem is bigger than the operating system.

"It isn't just Windows, it is pretty much every browser, every OS," Pescatore said. "If a certificate is expired or invalid, some popup is shown to the user. But since legitimate software vendors often fail to renew certificates on time, users get trained to just click thru the popups, and the use of the certificate becomes meaningless—it is like the FBI warning at the start of every DVD movie.

"Now, it would be a good thing for the [Certificate Authority/Browser Forum] to come up with some agreed upon standards for how to handle different issues—an expired cert warning should be very different than a warning for a cert where the signature is invalid, etc," he continued. "And they need to do a lot of education [of] users to make the difference clear."

While Stuxnet provides a high-profile example, an attack where digital certificates are actually stolen is quite rare, said Ben Greenbaum, senior research manager for Symantec Security Response.

"It involves getting inside an organization and stealing their private PGP key that is used for actually signing files," Greenbaum said.

Stuxnet's success in utilizing a stolen certificate does not make the certificates themselves irrelevant, he added.

"Maintaining secure control over private signing certificates has always been the key to the proper operation of application signing, and given the rarity of threats that utilize stolen certificates, I think that in general organizations do a pretty good job of this," he said. "It might be easier to think of it in this way: If one person loses a key to their house or has it stolen, that doesn't mean all door locks have all of a sudden become useless or irrelevant."

http://www.eweek.com/c/a/Security/Malware-Stealing-Digital-Certificates-Raises-Security-Concerns-448564/

Back to top


McAfee: Malware Threats at All-Time High, IT Managers Targeted with Fake Invoices

This post is part of our ReadWriteEnterprise channel, which is a resource and guide for IT managers and technologists in the Enterprise. The channel is sponsored by Intel. As you're exploring solutions for your enterprise, check out this helpful resource from our sponsors: All New 2010 Intel Core vPro Processors and Microsoft Office 2010: Your Best Choice for Business PCs. (Trend Micro)

Spam is starting to level out, but malware is at an all-time high according to McAfee's second quarter threat report released today. Fake alerts have dropped off slightly while highly targeted malware using trending keywords on social media and search engines has increased. McAfee also warned of an inventive e-mail scam targeting IT managers with fake invoices for computer purchases.

McAfee fake Buy.com ad

Predictably, there was flurry of malware targeting World Cup fans, but each new event or trend brings its own threats. McAfee's social media and search engine findings are consistent with reports from Baraccuda and Symantec released at BlackHat late last month.

The report warns that domain-level URL blocking is no longer adequate. Much malware is now embedded in legitimate web sites, such as images on Wikipedia entries and Facebook profiles. According to the report, only 6% of the malicious URLs discovered by McAfee were a the path level - that number has increased to 16% this quarter.

McAfee notes that while signature based virus protection still protects against many threats, malware creators are releasing new versions every day to avoid detection. McAfee recommends real-time protection such as its Artemis product. Trend Micro and Kaspersky also offer real-time protection products.

McAfee notes that AutoRun is still the most commonly exploited vulnerability on Windows machines and recommends disabling AutoRun if it's not necessary.

http://www.readwriteweb.com/enterprise/2010/08/mcafee-malware-threats-at-all.php

Back to top


Waledac zombie attacks rise from the grave As hard to kill as a horror movie baddie

Updated Update: Trend Labs has reclassified the malware as a Bredolab variant instead of Waledac. That means the central premise of out original story - that Waladec - is back from the grave - is wrong.

"An unfortunate combination of human and machine errors let to the mislabeling of this threat as Waledac. Apologies for the confusion," it said.

Attacks designed to draft new recruits into the infamous Waledac spambot network are back from the dead, months after the zombie network was effectively decapitated.

Court-issued takedown orders against scores of Waledac-related domains were combined with the disruption of the botnet's peer-to-peer communications and traditional server takedowns to shut down Waladec's command and control structure back in February.

The Microsoft-led operation was rightly hailed as a big success but did nothing to clean up an estimated 90,000 infected bot clients even though it stemmed the tide of spam from these machines. Left without spam templates or instructions, these machines have remained dormant for months.

However, over recent weeks, the botnet is making a comeback of sorts. Spammed messages containing malicious attachment harbouring Waladec agents and disguised as tax invoices or job offers and the like have begun appearing, Trend Micro warns.

The same run of spam messages is also being used to spread fake anti-virus and other scams unrelated to Waledac, and there's no sign that a new command and control structure, much less a fresh round of spamming, has begun.

Nonetheless, security watchers are monitoring the development anxiously. "Waledac is making a comeback of sorts even if its main C&C servers have been removed from the picture," writes Jonathan Leopando of Trend Micro. "Even if you can deal with one aspect of a threat, others can still cause problems down the road."

The last E-variant of the infamous Conficker worm downloaded Waledac spam clients and SpyProtect 2009, a scareware product, onto compromised PCs back in April 2009, but previous distribution methods for the malware have largely focused on infected email attachments, as with the latest attack.

http://www.theregister.co.uk/2010/08/13/waledac_zombie_attacks_return/

Back to top


Koobface Hackers Now Monitor Victims

According to the security vendor Trend Micro, the masterminds behind the notorious Koobface worm (that attacks users of social networking websites) have now added a new code created to examine the success of their endeavors.

Koobface is basically a computer worm that targets the Microsoft Windows users and finally tries to successfully inject malware to collect sensitive information from the victims such as bank details and credit card numbers. Koobface was first acknowledged in December 2008, and a more powerful version appeared in March 2009.

Joey Costoya, Advanced Threat Researcher at Trend Micro, disclosed that the new tracking code had been spotted on bogus YouTube pages identical with the bot that allowed the gang behind Koobface to examine the page hits, as reported by ITPRO on August 2, 2010.

The tracking code employs a hit counter web service for the monitoring process. Data seen by the researcher from the hit count page confirmed that the gang began using the monitoring method on 28 July 2010. According to the security firm, there had been 126,717 exclusive page hits since then.

Joey Costoya, Advanced Threat Researcher at Trend Micro explained that some days ago those pages started to incorporate a small JavaScript code which facilitated the Koobface gang to straight away watch page hits, as reported by V3 on August 2, 2010.

He further stated that the tracking code was positioned at the end of the page, which was pressed way beneath, by many <br> [line break] tags.

As per the reports, the gang monitors the activity on an hourly basis that enables the gang to compare the user activity (on the basis of time of day) and the infection count of Koobface.

Commenting on the methodology of cybercriminals, the security experts said that it demonstrated the escalating sophisticated methods employed by the cyber criminals to improve the success of their plans. Koobface had earlier targeted online services including shared content and had attacked a number of many prominent websites since its inception.

In the year 2009, it struck Facebook as well as Google Reader users and was titled as a dangerous threat by F-Secure.

Hence, the security researchers recommended users to install all the essential security solutions into the systems and always keep them updated. Besides, users should keep themselves alert about various ongoing security threats.

http://www.spamfighter.com/News-14910-Koobface-Hackers-Now-Monitor-Victims.htm

Back to top


Koobface Virus Resurfaces on YouTube, Tracks Users

The 'Koobface' virus is once again making its rounds, freshly updated and even tougher to combat. It's responsible for delivering spyware payloads and also sniffing out passwords and credit card numbers of unsuspecting users. (Trend Micro)

"Several weeks ago Koobface added ... hijacking functionality that blocks access to security sites, tipping users off to the fact that something might be wrong with their systems. Since then the authors have taken a giant leap toward invasiveness with the installation of a fake anti-virus Trojan," said Mcafee researchers. (Source: avertlabs.com)

Koobface Now Tracking its Visitors

The updated Koobface variant was recently discovered appearing on popular online destination YouTube. A series of bogus YouTube pages encrypted with JavaScript plus the virus gave its creators a chance to monitor page hits and to determine the volume of visitors on a daily basis.

Joey Costoya, a researcher at Trend Micro, explained that the JavaScript code can be seen at the very bottom of a bogus page, buried deep below numerous HTML (hyper text markup language) tags. It's suggested that the page hit counter would be used by the malware creators to test traffic on a specific page and then plan their next move.

'Thousands' Affected within Days

According to the security researchers, the Koobface creators started their monitoring methods on July 28th, 2010. In that short window of time, 126,717 unique page hits were recorded. (Source: itpro.co.uk)

Some analysts have discredited the page hit counter, however. While it may serve to measure the volume of people visiting the compromised YouTube pages, it does guarantee that the same number of users were infected. (Source: itpro.co.uk)

Since its inception, Koobface has been notorious for targeting online services containing shared content. In addition to Facebook and YouTube (two very attractive options for malware peddlers) the virus has also been known to infect Google Reader users. It has been ranked a 'serious threat' by security company F-Secure.

http://www.infopackets.com/news/security/2010/20100809_koobface_virus_resurfaces_on_youtube_tracks_users.htm

Back to top


Apple QuickTime Movie Player Installs Malware

Researchers at Trend Micro (an Internet security firm) have found that Apple QuickTime movies are being exploited to download malware. The 7.6.6 version of QuickTime Player allows movie files to activate the download of files and cybercriminals are taking advantage of this by downloading malware from malicious websites.

Benson Sy, Threat Research Engineer at Trend Micro, came across two .MOV files (001 Dvdrip Salt.mov and salt dvdrpi [btjunkie][xtrancex].mov) and both used the recent Angelina Jolie starrer movie 'Salt', as reported by TrendLabs on July 30, 2010. TrendLabs identified these two malicious movie files as TROJ_QUICKTM.A.

Marco Dela Vega, Senior Threat Researcher at Trend Micro
, said that both the files pretended to contain Salt, but he became suspicious when he noticed the remarkable small size of those files as compared to the normal movie files, as reported by HELP NET SECURITY on July 30, 2010.

When these files are loaded in QuickTime Player, they don't display any movie rather they open a download prompt for malware files appearing to be either an updated codec or an additional player installation.

The first .MOV file links to http ://{BLOCKED}.{BLOCKED}.53.196/stat1/pix1.php, which further directs the users to another link. Afterwards, it asks the users to run or save the file. Trend micro identified the file as TROJ_TRACUR.SMDI.

This Trojan can also be downloaded from remote websites through other malware or downloaded mistakenly by a user while surfing malicious websites.

On the contrary, the second .MOV file links to http://play.{BLOCKED}nstaller.com/0.c, which redirects to http://player.{BLOCKED}nstaller.com/d77.php. It further downloads a file TROJ_DLOAD.QWK identified by Trend Micro. Like the previous file, it also asks the users to save or run the file.

The security experts explained that the capability to download a file was an attribute of QuickTime movies; hence, cyber criminals were using social engineering instead of vulnerabilities.

The experts further commented that this issue was not related to the vulnerability reported by Secunia (a security services provider). Secunia lately reported a highly dangerous vulnerability that affected the new version of Apple QuickTime Player for Windows. If the vulnerability was effectively exploited, then the arbitrary code could be inserted by the attacker and the computer could be compromised.

http://www.spamfighter.com/News-14909-Apple-QuickTime-Movie-Player-Installs-Malware.htm

Back to top


Kasperky's TDSS Killer lives on

Back in February, the TDSS rootkit was hot news. Microsoft had issued a patch to Windows that caused some systems to blue screen at startup.

The problem was traced to a rootkit that Microsoft called Alureon, but is also known as TDSS, Tidserv and TDL3. The update to Windows had modified the kernel and this invalidated some hard coded displacement branch addresses in the rootkit. 

According to Trend Micro, TDSS was first seen in 2008 and "... was known for its ability to exist in systems without being discovered and the challenge it presents in terms of cleanup."

For many Windows users, the blue screen of death at boot-up was their first indication that they were infected with TDSS.

Back in February, I removed TDSS from someone's computer using a free program from Kaspersky called TDSSKiller.

Today, I stumbled across the fact that Kaspersky has been actively maintaining their TDSSKiller program which I mention here for two reasons.

First, TDSSKiller is a simple, small program and a minute devoted to its use could be an eye-opener for anyone running Windows. Also, you'd be hard pressed to know about it.

Kaspersky doesn't mention the updates to the proram in the news section of their website. A search on Kaspersky.com for it returns: "Sorry, there were no results found for TDSSKiller." Searching for it on their downloads page is also futile.

Heck, two people from Kaspersky just wrote (on August 5th) a long detailed article on the TDSS rootkit and failed to mention that they have a free removal program.
 
But they do (download it here) and it was recently updated to boot (on August 4th).  

Back in February, version 2.2.4.0 of the program was text mode only; now, version 2.4.1.0, has a user-friendly GUI (shown below)

Kasperky's TDSS Killer Program


Kasperky's TDSS Killer Program

Kaspersky even offers assistance in using the program, see How to remove malware belonging to the family Rootkit.Win32.TDSS. In addition to the GUI output, TDSSKiller also writes a log file to the root of the C disk with a name like

TDSSKiller.2.4.1.0_dd.mm.yyyy_hh.mm.ss_log.txt
  
If the direct link provided above goes bad in the future you should also be able to download TDSSKiller from Kaspersky's Consumer Support Utilities and Removal Tools and Virus-fighting utilities pages.   
  
TDSSKiller.exe takes only seconds to run and may well be worth your time. 

http://blogs.computerworld.com/16691/kasperkys_tdss_killer_lives_on

Back to top


Social Media Policy - The 6 Essentials Security Plays Key Role in Writing Rules for Safe Social Networking

It's impossible to overestimate the impact of social media. (Trend Micro)

Popular sites such as Facebook, LinkedIn and Twitter have had a phenomenal impact in the workplace - both as a corporate channel for communication and marketing, as well as a vehicle for employees to communicate both professionally and personally.

The latter is a key point. According to a new survey conducted by Trend Micro, a global internet content security company, employees increasingly are using social networks while in the office and on the clock. The survey looked at the habits of 1,600 internet users from the U.S., UK, Germany and Japan and found that over the past two years alone, social web use in the workplace has risen from 19% to 24%.

It is debatable how much the rise in social networking has compromised employee productivity, but it's indisputable that much of this activity is occurring in the absence of formal policies.

"In its simplest terms, there is anarchy in the absence of social media policy and training," says John Pironti, ISACA board member and president of IP Architects, LLC. "Without proper direction and clarity, it is hard to enforce appropriate consequences on someone."

Because of this anarchy, organizations are starting to take action. Fear of compromised productivity, reputational damage, data loss and inappropriate behavior is leading many employers to introduce strict controls on staff access to social media sites. Robert Half Technology, an IT staffing company, recently reported that 54 percent of U.S. companies have banned workers from using social networking sites while on the job. The study found that 19 percent of companies allow social networking use only for business purposes, while 16 percent allow limited personal use.

Organizations such as Navy Federal Credit Union have implemented a social media policy for all employees, addressing appropriate conduct on social networks. "The policy provides clear rules for those authorized to communicate on behalf of Navy Federal and rules for those that are not authorized, but choose to engage in social networks," says Aisha Rasul, project manager, delivery channels at Navy Federal Credit Union.

Such policies are being developed by organizations across industry. In short, a social media policy outlines the corporate guidelines or principles of communicating in the online world. A social media policy involves identifying and training employees who are representing the company and have a public facing presence.
The Must Haves
The foundation for a social media policy is based in understanding how social networking is beneficial or harmful to your organization, says Brett Wahlin, information security officer at McAfee. "There is no right or wrong to it. At McAfee, we believe promoting social media is a good thing."

The company therefore, has implemented a rather hands-off policy without too many encumbrances to employees.

Wahlin, however, thinks that the nature of the business, industry and sensitivity of information are what really dictate these policies.

Among the "must haves" when drafting a social media policy:

    * 1) Get User/Business Input -- go to the users to ask them how they want to leverage this medium to promote their business goals. "The policy should be one of personal responsibility," says Pironti. Clear expectations should be specified in terms of employee behavior, time spent and acceptable use of social media with personal and corporate accounts, and these expectations should be aligned with other corporate policies with similar objectives like Internet use. "The business owners need to be the creators of this policy," Pironti says.

    * 2) Set a General Code of Ethics -- providing guidance on the positive behavior expected from all employees regardless of channel. For instance, employees should be directed to act ethically and not divulge trade secrets or other valuable intellectual property.

    * 3) Establish Clear Rules of Engagement -- that include an evaluation process for authorized communicators to know when they should and should not engage in a public dialog. "We strive to engage with reputable people -- not those linked to dubious sites or obscene content," says Navy Federal's Rasul. These rules spell out employee expectations in terms of tone, language to be used, as well as situations that demand an employee response like correcting misguided information related to interest rates or loans.

    * 4) Monitor -- social media activity. "[You need] an ongoing initiative where ownership rests with information security," says Wahlin. How do employees use social media? How much time are they spending? Which sites do they visit? Who are their fans or followers? Answers to these questions are lead indicators for assessing risks and threat factors. "More than often, our roles go just beyond looking for data or anomalies," Wahlin says. "It gets to the level of intelligence gathering"

    * 5) Provide Training -- on an ongoing basis. "Embrace but educate," says Pironti. Social media is a powerful tool and comes with its own benefits and challenges. Companies should invest in adequate training programs to remind the users of their responsibilities and outline clearly what is acceptable and appropriate vs. not. Send frequent messages to employees on the misuse of social media. Draw upon case studies to understand the consequence of bad behavior or reputational damage to the company.

    * 6) Take Disciplinary Action -- when necessary. Enforcement standards need to be set and implemented against employees that do not follow social media policy effectively. Example: when source codes are made public by employees or pornographic photos are posted.
      Role of Security Professionals
      "Security professionals should act as consultants to the process by playing a key role in policy shaping discussions," says Wahlin. Bring to the attention of business owners the threats and risks associated with such an undertaking, which includes discussing the critical trait of social media - that the information posted is online forever.

      Employees must realize that social media is a public and highly social forum where controls go beyond the limits of an individual's network, as friends of friends will typically send invitations and links. Again, business owners should be aware that social media companies are there to make money and will engage in some sort of data mining or selling of information, so "companies need to assume that privacy doesn't exist," says Pironti.

      Security professionals should educate the business owners on the threats of using technology and the consequence of not having a policy in place by outlining potential risks associated and making it a risk conversation.

      More, security leaders need to be involved on a constant basis with business owners to be proactive with foreseen and real-time social network changes that may pose risks, as well as "provide details and develop a response plan for items that need to be escalated to security," says Rasul. For instance, high risk issues such dubious links, phishing attacks and insider threat should immediately brought to security's attention.

      The effectiveness, however, of a social media policy ultimately boils down to organizations asking the question: What is our policy on effective social media use at work?

      "Just as the internet changed our lives, the use of social media will officially change businesses at work," Wahlin says. "Being prepared to embrace this change is the only choice left for organizations."

Back to top


The Security Industry Needs to do More Around Web Threats User education, standard definitions, and product testing are lacking

If you aren't familiar with web threats you should be. A web threat uses the ubiquity of the WWW as a threat vector to propagate malicious exploits and payloads. Web threats lead to infected PCs with keyboard loggers, botnet code, or traditional worms and viruses. (Trend Micro)

Traditional threats like email viruses and automated Internet worms still exist, but the bad guys now find the web more more effective. With the web, cybercriminals can use dynamic links, scripts, URLs, or files to infect PCs. Even worse, they regularly exploit sites like Facebook for social engineering attacks.

This is a very serious threat -- each and every enterprise should be implementing web threat defenses. There are a number available from companies like Blue Coat, Cisco, McAfee, Symantec, Trend Micro, and Websense. Unfortunately, this activity isn't as urgent as it should be because:

1. Users don't always understand. Security threat morph and grow more sophisticated all the time and many users simply can't keep up with the changes. There hasn't been enough user education about web threats.

2. The industry hasn't done a good job of bridging this gap. Some vendors insist that exploits are the same thing as malicious code threats. They aren't and this type of rhetoric confuses the market. Others simply position web threat management as the next security point tool Du Jour. This doesn't really help users understand the context here.

Independent product testing would help educate users and illustrate the types of threats we face. NSS Labs is poised to test a number of products but since this space is somewhat immature, many vendors are hesitant to step up to the plate. This is unfortunate as it places business concerns over security protection.

To address web threats, users have to demand help from their vendors. This help should come in the form of education services, product testing, and a contextual framework of where web threat management fits within overall information security. This needs to happen now, not when products mature and a high percentage of PCs are already infected.

http://www.networkworld.com/community/node/64792

Back to top


Fake Malicious Software Removal Tool peddles fake AV

A fake Malicious Software Removal Tool using the actual icon of the legitimate software has been spotted by Trend Micro researchers.

Even a first glimpse of the scanning alert looks pretty legitimate, but it's the "Software searching" screen which signals that something might be off:



What? Well-known antivirus solutions are not able to remove the found malware, but Shield EC ANtivirus  can? Quick to the purchase! A click on the Finish button takes the victim to a billing page where name, address and credit card number is required to buy the $99,90 priced offered anti-virus solution.

It's easy to see how this approach might fool the inexperienced computer user, but for those who know what warning signs to look for, there are two very obvious ones: the file size is way to small (412,672 Bytes) and the tool is not digitally signed.

http://www.net-security.org/malware_news.php?id=1428

Back to top


Middle East Witnesses Striking Increase in Infected Systems

Internet security firm, Trend Micro, stated that the number of systems infected with malware had been rising in the GCC. As per the data compiled by the security firm, there were almost 740,097 active infected systems across the GCC in April 2010, an increase of 116% in less than one year.

This recent hike is a part of a historical trend in the GCC. In the span of five years (2004-2009), the region witnessed an increase of 8,140% in the number of infected systems.

The security firm also disclosed that Saudi Arabia had been frequently attacked over the years. Between 2004 and 2009, the number of active and infected systems rose by a striking 45,072%. In the same period, the rate of infection in the UAE increased by 4,553%.

In Kuwait, it increased by 1,545% while in Qatar, it rose by 4,468%. Bahrain witnessed the infection rate of 6,047% and Oman 8,921% for the same period.

Ian Cochrane, Marketing Manager, Trend Micro Middle East and Africa, stated that the number of infected systems indicated that hackers were quite proficient in their job. The visible infections got almost double in nearly one year. Lack of efficient security measures in this region facilitated hackers to taste success, as per the reports by ITP on August 5, 2010.

Cochrane stated that in order to curb the hackers' growth, it was necessary to recognize the regions vulnerability and effective measures should be taken.

Dave Rand, CTO Trend Micro, said that the reliance on web increased the vulnerability and most of the people did not even know that their systems were hacked. Protection on the Internet was not a difficult task. Users should use professional security software which included regular scanning, exercise private caution, etc., as per the reports by AMEinfo on August 1, 2010.

Further, users are advised to install anti-malware software on their systems in order to remain protected and safe.

http://www.spamfighter.com/News-14928-Middle-East-Witnesses-Striking-Increase-in-Infected-Systems.htm

Back to top


New Android Malware Texts Premium-rate Numbers

Researchers at Russian security company Kaspersky Lab say they've discovered the first malicious software program to target Google's Android mobile operating system. (Trend Micro)

The application masquerades as a media player, according to a Kaspersky blog post. But if it is installed, the rogue application begins secretly sending SMSes (Short Message Service) to a premium rate number presumably belonging to the hackers who created it.

There have been isolated cases of spyware programs that run on the Android platform, an open-source mobile operating system created by Google. But the fake media player application, which Kaspersky dubbed "Trojan-SMS.AndroidOS.FakePlayer.a," is the first one believed to specifically target Android, Kaspersky said.

"Kaspersky Lab recommends that users pay close attention to the services that an application requests access to when it is being installed," the company said. "That includes access to premium rate services that charge to send SMSes and make calls."

The application is simply called "Movie Player," according to Lookout, a company that makes mobile phone security and management software. The malware does apparently warn users they may be charged for SMSes if they install it. The SMSes costs "several dollars," Lookout's blog said.

Lookout suggested that Android users check the permissions of the media player applications and revoke any that mention charging for SMSes. The malware may not spread far, however, for a couple of reasons.

"So far this has only affected Android smartphone users in Russia and only works on Russian networks," Lookout said. "As far as we know, there is no indication that this app is in the Android Market."

Google said in a statement that users see a screen after downloading an application that explains what information and system resources that application can access, such as their phone number or the SMS function.

"Users must explicitly approve this access in order to continue with the installation, and they may uninstall applications at any time," Google said. "We consistently advise users to only install apps they trust. In particular, users should exercise caution when installing applications outside of Android Market."

As another defense against this malware, users can set their phone to only download applications that are in the Android Market

Mobile devices have not been afflicted by malicious software to the extent of desktop OSes such as Windows, but security analysts have said they expect that to change as smartphones become more widely used and gain more capabilities.

Last year, Trend Micro analyzed a piece of mobile malware known as "Sexy Space," which ran on Symbian S60 OS devices. Infected phones would send SMSes to everyone in the phone's contact list with a link to a website. If someone clicked the link, they would then be prompted to install Sexy View, which purported to offer pornography-related content.

In 2005, the Symbian Series 60 OS was targeted by Comwar, a worm that spread via Bluetooth and MMS (Multimedia Messaging Service). The first for-profit mobile malware, Redbrowser, was discovered in 2006.

Redbrowser used a social-engineering ploy written in Russian to lure users to manually install it, which limited the rate at which it spread. The malware sent SMSes to a phone number that charged around US$6 per message, targeting even lower-end mobile devices running the J2ME (Java 2 Mobile Edition) software, which at the time ran on some 1 billion devices from vendors such as Nokia, Motorola and Research in Motion.

http://www.pcworld.com/businesscenter/article/203036/new_android_malware_texts_premiumrate_numbers.html

Back to top


Android gets its first texting malware

The first malicious malware for Android phones has been detected by a security firm. Russian company Kaspersky says the SMS Trojan malware has already infected a number of mobile phones. It works by getting an Android owner to install a file -- disguised as Windows Media Player, according to Trend Micro -- with the .apk Android extension. Once installed, the Trojan uses the system to send text messages to premium-rate numbers without the owner's knowledge, making money for the hacker.

The fake app doesn't appear in the Android Market, and the only way it could be put on your phone is if you install it yourself. You would also have to change your settings to allow apps from outside of the Market. Kaspersky doesn't reveal how Android owners are being conned into installing the app.

Mobile phones have suffered text-messaging Trojan attacks in the past, but this is the first time it has hit Android, though spyware has already been found on a few Android-carrying devices.

Security firms have been vocal about mobile malware for years, obviously because -- until now -- it's been an untapped goldmine.

The danger is growing for the mobile platform, however, since Android smart phones are becoming more popular. Hackers tend to target the more complex systems, as that's where the money is -- phones, of course, have built-in money-spending mechanisms, so they're much easier to make a profit from than PCs.

"The IT market research and analysis organisation IDC has noted that those selling devices running Android are experiencing the highest growth in sales among smart phone manufacturers.

"As a result, we can expect to see a corresponding rise in the amount of malware targeting that platform," says Kaspersky mobile researcher Dennis Maslennikov.

The iPhone 4 has recently suffered its own problems with hackers.

Security firm Veracode teamed up with the BBC to develop a smart phone game that allows the owner to be spied on, exposing how easy it was to breach iPhone 4 security.

http://crave.cnet.co.uk/mobiles/android-gets-its-first-texting-malware-50000303/

Back to top


First SMS Android Trojan

Further investigation by Trend Micro reveals that the application sends SMS messages to premium rate numbers, and since the user has consented to it upon installation, the application continues to do that without asking further permission.


- - -

The first SMS Trojan made specifically for smartphones running Google's Android OS has been detected by Kaspersky, and it seems that quite a few devices have been infected already.

The Trojan masquerades as a seemingly innocuous media player application and it misuses the Windows Media player icon. When installing the application, it even says which things you will allow it to do:



Further investigation by Trend Micro reveals that the application sends SMS messages to premium rate numbers, and since the user has consented to it upon installation, the application continues to do that without asking further permission.

Similar (1, 2) Trojans have already been detected in the past, but this is the first one that seems to be written specifically for Android-running devices, which is a sign that cyber crooks have noticed the increasing popularity of the platform.

Users are urged to pay attention to what data and functions the application asks access to during the installation process.

http://www.net-security.org/malware_news.php?id=1427

Back to top


Kaspersky Lab has identified the first SMS Trojan targeting Android devices.

Talking about the new Android Trojan, Trend Micro's advanced threats researcher, Ivan Macalintal, said: "This income-generating scheme is a low-hanging fruit for cyber criminals."


- - -

The first SMS Trojan targeting Android phones has been identified and has been sending out messages from victims' mobiles to premium rate numbers.

This Trojan-SMS breaks into Android phones via a specially-crafted media player application, which features the standard Android extension .APK, Kaspersky Lab claimed.

As soon as it is installed on the phone, the malware sends out SMS texts to premium rate services, with revenue from this landing in the hands of the cyber criminals.

"The IT market research and analysis organisation IDC has noted that those selling devices running Android are experiencing the highest growth in sales among smartphone manufacturers," said Denis Maslennikov, mobile research group manager at Kaspersky Lab.

"As a result, we can expect to see a corresponding rise in the amount of malware targeting that platform."

The security company is planning to roll out Kaspersky Mobile Security for Android in early 2011, Maslennikov added, and the Trojan-SMS.AndroidOS.FakePlayer.a has been logged on anti-virus databases.

A similar technique to this Android attack was seen earlier this year, but was targeting the Symbian OS.

Trend Micro discovered a malicious app running on the S60 platform that sent a message from the user's device, although it was unsure why at the time.

Talking about the new Android Trojan, Trend Micro's advanced threats researcher, Ivan Macalintal, said: "This income-generating scheme is a low-hanging fruit for cyber criminals."

"What makes it unique is the use of Android as the targeted platform and, with the increasing popularity and usage of Android, we can expect more malicious code served up in that alley," he added in a blog post.

http://www.itpro.co.uk/625924/hackers-hit-android-with-sms-malware

Back to top


 

 

沒有留言: