One of the big disadvantages over releasing an ‘open’ operating system is that because of its ‘openness’ it is also much more prone to malware attacks, as Microsoft has had to deal with over the years.

The ‘open’ operating system in this case is Android and according to security company Symantec the Android Market is undergoing a major malware infestation. The company reported today that a bug going by the name Android.Counterclank has infected between 1 million and 5 million Android users.

Symantec also noted that this slimy piece of malware has the highest distribution of any malware identified so far this year and may actually be the largest malware infection seen by Android users in the operating systems short life.

Here is the list of apps that are carrying this latest piece of nastiness (courtesy of SlashGear)

So if you are an Android user you might want to check and make sure that you haven’t installed any of the infected apps, and if you have then uninstall it and reboot as soon as possible.

Android Market is being hit with its largest malware infection yet according to Symantec is a post from: The Inquisitr

Twitter, the popular social network with over 200 Million users, acquired a spam and malware protection company. Anyone who uses the site is often familiar with accounts getting hacked and the sometimes abundant spam that gets targeted at you.

They’ve managed to put a system in place over the years that helps crack down on that and accounts that just spam the daylights out of whoever, whenever, and they’ve done a pretty good job at it.

Now, with the help of a spam and malware protection service, the social network can further improve their efforts to crack down on these annoyances and provide a better experience for everyone.

Via Mashable:

“Gearing up for Twitter’s self-serve advertising launch — currently in beta stage with only a small selection of advertisers — the company announced its acquisition of spam and malware protection service Dasient on Monday.”

“Dasient will be integrated into Twitter’s “revenue engineering team because they have a deep understanding of advertising-platform security issues,” says Rachael Horwitz, a spokesperson for Twitter. The team will be very valuable as Twitter continues to expand its ad products.”

This is a smart move for the company as more advertisers equals more dollars. If too many have a bad experience with spam, normal, every day users as well, that negatively affects the service and could have them potentially go elsewhere.

“Protecting users from potential spam and malware attacks is important for the company’s image and reputation. Sites overrun with malware get blacklisted by search engines.”

Do you have a Twitter account?

Twitter Goes On The Defensive, Acquires Malware Protection Service is a post from: The Inquisitr

It’s kind of interesting to sit here and watch as the whole Android space begins to suffer from malware infections something that the Windows world had to deal with for much of its history, and gave the Microsoft platform a lot of bad press in the process.

There isn’t a week that doesn’t go by that we don’t hear about some sort of malware making the Android rounds and this week is no different as we find out that Google had to go on a cleaning spree of the Android Marketplace due to a major infestation of malware targeting SMS apps.

According to a post at ReadWriteWeb the reports are from Lookout Mobile Security who says that the apps are generally pirated clones or add-ons of popular games as well as other apps that send premium SMS messages without a user’s consent.

Google was informed by Lookout of nine of these apps, referred to as RuFraud apps, which Google removed from the marketplace but overnight the maker of the apps posted another 13 of them; which apparently have now been pulled as well.

Estimates on downloads of these apps range from 10,000 (Sophos) to 14,000 (Lookout). Sophos notes that these types of apps easily get through to the Android Market because the cost of becoming a developer in the Android Market is less than what a malicious hacker could make by putting these apps in the wild, even if they were only available for a short amount of time.

via ReadWriteWeb

Unlike with Windows though it seems that Google is getting off easy when it comes to public reaction to this type of malware infesting the marketplace, and it is only going to get worse.

Google has to remove 22 SMS apps infected with malware is a post from: The Inquisitr

Having been around this computer thing, and the online world, for a long time I am never surprised when I hear of some new vector being exploited by malware and the people that create them. So hearing that Facebook has become the newest platform of these jerk-offs doesn’t come as any great shock.

Just like the new one that is apparently making the rounds on Facebook right now through their chat service. It works by hijacking a users’ chat in order to spread a download link to a piece of software that will install a Dorkbot malware program when clicked on.

The malware gives the malware author access to the accounts of the infected user, which in turn allows it to send the same malware infected link to their friends, according to the folks over at the Sophos Naked Security blog.

Sophos is also reporting that Facebook’s own anti-virus hasn’t been able to detect the trojan and as a result it is continuing to spread through the net via Facebook.

The download link points to an image of two blonde women, however, it has been infused with a malicious screensaver. When the malicious program begins to execute, it attempts to download more malware files hosted on a compromised Israeli website. The worm has been developed using Visual Basic 6.0 and “contains numerous Anti-VM tricks directed against VMware, Sandboxie, Virtual Box, etc.,” according to the Dutch CSIS Security Group, which first detected the spread of the worm.

via Techie-Buzz

With some 800 million users, not all of whom are technically literate or security conscious, this kind of infection attack is going to see a large degree of success and it means that Facebook has to be more proactive in this area.

Malicious malware link is being served up through Facebook chat is a post from: The Inquisitr

If you plan to buy your loved ones, friends and co-workers iTunes gift certificates this holiday season you might want to avoid e-mail offers for the cards. A group of 11 specialists are warning buyers of fake certificates that offer no monetary value while placing malware on the users computer.

The emails, which read “iTunes Gift Certiicate” provide readers with a 50% off option that will then give them a code that can be used for music downloads. Once a user downloads the file via attachment their computer is immediately infected.

In order to have users activate the malware the file says they must open the file ”Gift_Certificate_iT2718.zip which in turn created a “backdoor” into the users computer which then allows the hackers to grab personal information such as credit cards and passwords.

Making matters worse the system creates a link to a remote server which allows for further contamination of the PC.

Holiday buyers are warned that other gift card scams are also circulating, including a popular option from a fake Starbucks account.

Even if an email looks very real, unsolicited emails should be ignored and remember that if an offer is “too good to be true” it likely is and should be avoided.

Fake iTunes Gift Certificates Leading To Malware Infections is a post from: The Inquisitr

A special thanks to MalwareCity and BitDefender for providing this awesome infographic.

The History Of Computer Viruses [Malware Infographic] is a post from: The Inquisitr

While Mac users like to brag on and on about how they don’t get viruses and other types of malware on their shiny objects of perfection recent events are proving otherwise, and to the degree that Apple has started to include their own anti-malware scanning engine as part of OS X.

The problem is that as smart as apple might think it is at catching all those nasties flocking to infect those awesome Mac machines the people writing the current crop of Mac oriented malware files are just as smart, as evidenced by their newest tactic to infect Mac machines.

Taking a note out of the old Windows malware writers guide the newest Mac trojan, which is actually just a variation of one already out in the wild, will nuke the built-in XProtectUpdater files.

The trojan, called Trojan-Downloader:OSX/Flashback.C, is delivered through a fake Flash Player installer and once the admin passwords are entered as a part of the install Flashback.C hunts down its prey by decrypting the paths within XPathUpdater and unload the XProtectUpdater daemon. Once that is done it overwrites those files with blank space, which in turns nukes the key files that XProtect needs so it can get regular updates.

The trojan can be removed using malware/ virus scanning software. You can find more information on F-Secure’s page for Flashback.C.

via Ars Technica

Mac trojan now equipped with OS X anti-virus nuking ability is a post from: The Inquisitr

According to the Norton Cybercrime Report for 2011, more than two thirds of online adults have been a victim of cybercrime in their lifetime. Every second, 14 adults become a victim of cybercrime, resulting in more than one million cybercrime victims every day.

Globally, the most common type of cybercrime is computer viruses and malware with 54 percent of the 19,636 respondents to the study saying that they have experienced it in their lifetime. Online scams (11 percent) and phishing messages (10 percent) follow.

Among adults, men between 18 and 31 years old who access the Internet from their mobile phone as more likely victims of cybercrime.

Despite the severity of cybercrime, people are obviously not in tune with reality. This is manifested by the fact that while 74 percent of respondents say they are aware of cybercrime, many are still not taking precautionary measures: they do not protect their personal information online; about 47 percent do not review their credit card statements for fraud; and 61 percent don’t use complex passwords or change them regularly.

Adam Palmer, Norton Lead Cybersecurity Advisor, stressed the seriousness of cybercrime, saying:

“There is a serious disconnect in how people view the threat of cybercrime. Cybercrime is much more prevalent than people realize. Over the past 12 months, three times as many adults surveyed have suffered from online crime versus offline crime, yet less than a third of respondents think they are more likely to become a victim of cybercrime than physical world crime in the next year. And while 89 percent of respondents agree that more needs to be done to bring cybercriminals to justice, fighting cybercrime is a shared responsibility. It requires us all to be more alert and to invest in our online smarts and safety.”

Don’t you think it’s high time to change your year-old password?

Study Reveals More Than 1 Million CyberCrime Victims Daily is a post from: The Inquisitr

When it comes to things like viruses, trojans, and other forms of malware Windows has always been the biggest bulls-eye in the computing world. Both Mac and Linux have claimed that because of the way that they are coded it is next to impossible for those platforms to become infected.

Of course anyone with half a brain would be able to also point out that the whole point of malware was to infect the broadest number of computing devices as possible and that up until recently neither Mac OS X nor Linux had a big enough platform footprint to make them worthwhile targets.

That of course has changed with the proliferation of smartphones and other mobile computing devices. We are already see, as both the Mac and iOS powered devices increase their marketshare, that contrary to pontificating Apple fanbois blatherings these two Apple platforms are now in the sights of malware creators.

This only left Linux, which like Mac OS is just another off-shoot of the UNIX platform, as the virgin territory for malware writers, that was until Android, which is based off of Linux, came along.

Android powered mobile devices have taken a commanding lead in sales and don’t look to be slowing down anytime soon and it is because of this popularity that Android users will start finding themselves as a great big target for malware infections.

A prime example of this happening is the latest report that according to Lookout Security there are between 30,000 and 120,000 Android users infected with a brand new variation of the already in the wild called Droid Dream.

This new variation, thought to be written by the same developers, is called Droid Dream Lite and is known to have infected over 50 applications, which Google has apparently removed from the Android Marketplace.

While the name of the malware might seem to be “harmless” it is in fact even more dangerous that its fore-bearers, as outlined by Sara Perez at ReadWriteWeb:

Droid Dream Light is a stripped down version of the original DroidDream, says Lookout. Its malicious components are invoked upon the receipt of a “android.intent.action.PHONE_STATE intent” – for example, an incoming phone call. That means that this variant is not dependent on the manual launch of the malicious application in order to trigger it into action. Instead, explains Lookout via blog post:

The broadcast receiver immediately launches the <package>.lightdd.CoreService which contacts remote servers and supplies the IMEI, IMSI, Model, SDK Version and information about installed packages.  It appears that the DDLight is also capable of downloading and prompting installation of new packages, though unlike its predecessors it is not capable of doing so without user intervention.

In other words, despite the malware’s designation of “Light,” in some ways it’s actually more malicious as it requires no user actions to take place in order for it to launch.

As much as some Apple and Android fanbois might want to bury their heads in the sand the fact is that the Windows only party is over. Malware authors now have more targets to aim for and those targets will only get bigger as Apple and Android products continue to surge ahead in sales.

The battleground of malware no longer just Windows as Android users get hit is a post from: The Inquisitr

The other day John Gruber of Daring Fireball fame and unofficial spokesman for Apple wrote a post full of quotes from other dated posts where the writers were brazen enough to suggest that Mac’s long safe harbor against malware, trojans, and viruses would come to an end one day.

I’ve written much the same thing on more than one occasion but it is always nice when you have some pro’s to back you up as Sophos is today.

In a post by Chester Wisniewski on the Sophos blog he warns that they have come across a JavaScript fake scanner meant to convince Mac users that their computers are infected.

This step is extra important on OS X as users will have to install the malware and enter in their administrative credentials for the privilege of infected themselves.

Even worse, the attackers are poisoning search terms and images related to Mother’s Day. Simply searching Google for seemingly innocent content to honor your mum could end up with a malware infection.

Mac users who happen upon a poisoned search result it will pop up a fake anti-virus scanner written in JavaScript that looks just like the OS X Finder application.

Oh dear me, is that some wolves I hear howling in the distance?

Fact is that the day will come when Macs, iPhones, iPads become equal opportunity targets for malware and all those other nasties out there and no amount of quote stuff into a quasi post by John Gruber will change that.

It’s just a matter of time.

Hey Gruber, You Might Want to Reconsider Crying Wolf is a post from: The Inquisitr

Some of you may remember when one of the more popular tech related YouTube videos floating around was what people thought the web browser or the fact that Google was the Internet. Well taking that idea of going to the street one step further the folks at F-Secure went out into the streets of San Francisco to see what the “average person” knew about malware.

Just as with the browser video the responses, and general lack of understanding, comes as no surprise. While some of the responses are funny the over all response to the questions is pretty scary and shows why malware succeeds the way it does.

What people don’t know about computer security is hilarious – yet scary is a post from: The Inquisitr

As smartphones continue to grow in popularity and use the idea of them becoming an increasingly important vector for people who want to steal your information. At the Intel Security Conference in Hillboro, Oregon, two researchers plan on showing off a new security flaw in Android based handsets.

Jon Oberheide and Zach Lanier, two security researchers, have a proof of concept application that will silently download additional apps that will have full privileges on the handset.

An application demonstrating the previously undisclosed flaw is a another new Angry Birds app, promising new levels. As you may have guessed, this “new” app isn’t an official Rovio app, its a proof of concept created by Oberheide and Lanier that will install a number of different programs that could be capable of silently tracking a handsets location, stealing contacts or sending premium rate text messages.

[....]

The worrying aspect of Oberheide and Lanier’s new flaw is that it bypasses this in-built security check, allowing malicious apps to download other programs in the background without any notification to the user.

via The Next Web

When contacted Google noted that it was unaware of the flaw but was investigating.

New Android threat – applications can silently download nasty apps is a post from: The Inquisitr

One of the standards ways that anyone with a modicum of Web and software experience will be able to tell the good from the bad is how the company tries to sell you on their products.

For malware developers looking to trick you into buying their software and thereby infecting your machines scare tactics are pretty well the norm.

On the other hand security software companies try to take a more responsible approach in selling their products, without scaring you into handing over your credit card information.

Unfortunately though it seems that one reputable company has decided that scare tactics is actually the right way to go. This is evidenced by the sales upgrade notices that some ZoneAlarm customers are seeing popping up on their systems.

Now ZoneAlarm, before it was purchased by Check Point, was one of the first security software packages to be given away for free. I used it in the early days of their product life cycle but became very dissatisfied with the product after it kept crashing my machine. That hasn’t stopped it from becoming one of the more popular of the security packages that people install on their machines.

Except now the company seems to be taking a page out of the malware developer handbook and flashing scary warning messages to users.

Needless to say this has pissed off more than a few ZoneAlarm customers but as a CheckPoint representative told Ars Technica

“We thought we were being proactive with our virus message,” a Check Point spokesperson told Ars. “After listening to consumer feedback, we realized that it was misinterpreted and have turned the pop-up message off… It was never our intent to lead customers to believe they have a virus on their computer. This was purely an informative message about a legitimate and serious virus that also included information about the differences in protection of various products, and how to get protection against it.”

In other words a scare tactic to encourage users to upgrade to the more expensive version of the product.

Can’t sell enough security software? Scare your users into buying. is a post from: The Inquisitr

While I try and fight off my yearly bout with the flu I thought that this post would be kind of apropos – virus, flu, ya okay bad attempt at humor.

Anyway AV Test has released their results for their 2010 list of best anti-virus programs for Windows 7.

During the 2nd quarter of 2010 we have tested 19 security products in the areas protection, repair and usability. The “Protection” covers static and dynamic malware detection, including real-world 0-Day attack testing. In case of “Repair”, we check the system disinfection and rootkit removal in detail. The “Usability” testing includes the system slow-down caused by the tools and the number of false positives. A product has to reach at least 12 points total in order to receive a certification. 13 products have fulfilled our requirements and received an AV-Test certificate. The test reports can be found here:

The list of those that have received certification is rated from best to worst with the top four getting high marks for both anti-virus and malware protection.

1. AVG : Internet Security 9
2. G Data : Internet Security 2010/2011
3. Panda : Internet Security 2010
4. Symantec : Norton Internet Security 2010
5. F-Secure : Internet Security 2010
6. Kaspersky : Internet Security 2010
7. PC Tools : Spyware Doctor with AntiVirus 7.0
8. BitDefender : Internet Security Suite 2010
9. Avira : Premium Security Suite 10.0
10. Microsoft : Security Essentials 1.0
11. Avast : Internet Security 5.0
12. Eset : Smart Security 4.0
13. Webroot : Internet Security Essentials 6.1

My personal favorite is Microsoft Security Essentials in large part due to its small resource footprint and its ability to do its job without constantly bugging me with notifications.

The best anti-virus applications for 2010 is a post from: The Inquisitr

It never fails that when some-one using Windows posts a question regarding security and malware the most common response has been things like get real security buy a Mac or I use a Mac so I don’t have to worry about malware like you Windows users. Through out all this I have always maintained, and taken an immense amount of flack because of I have no problem telling these better than thou folks that their day will come.

In both cases where I have written here about Apple and the potential for malware infection I have gotten slammed but I still stand by what I have written.

There’s a lot of talk going on in the tech blogosphere about the newest release of OS X, Snow Leopard,coming to market with a built-in malware scanner. Now that it has shipped we are seeing exactly what lies behind the real thing and it turns out to be not much more than an XML styled file called XProtect.plist that at this point only contains the signature information for two trojans.

And this

For years Windows users have had to suffer the better than thou abuse from Mac users and now; as more than a few Windows users have said – myself included, the tables have indeed turned. So all you Windows users out there bookmark that Apple advisory. Then the next time some Mactard starts making fun of you because of things like viruses and how they don’t have to worry about such mundane things – slap them with that link.

Man did I get bitched out over those opinions but the thing is – Apple is still updating; albeit secretly, the files involved in providing malware protection on the Macs. Even though compared to what is available for Windows the updates are still pretty rudimentary as the team at Sophos found when they took a look at the newly updated XProtect.plist file

Although there is no mention of it that we could find in Apple’s release notes for Mac OS X 10.6.4, or the accompanying security bulletin, Apple has updated XProtect.plist – the rudimentary file that contains elementary signatures of a handful of Mac threats – to detect what they call HellRTS.

HellRTS, which Sophos products have been detecting as OSX/Pinhead-B since April, has been distributed by malicious hackers disguised as iPhoto, the photo application which ships on modern Mac computers.

If you did get infected by this malware then hackers would be able to send spam email from your Mac, take screenshots of what you are doing, access your files and clipboard and much more.

Security by obfuscation is the most dangerous kind and this is exactly the kind that Apple is practicing and as I have said before – as Apple’s popularity continues to grow so is the target it is presenting to all those malware creators out there.

Just a matter of time.

image courtesy of Sophos

But I thought Macs didn’t need security software? is a post from: The Inquisitr

I just got the following email in my inbox and as you can see it looks pretty legit

The only problem is that when you click the link you end up being sent to a non-Twitter page at

h ttp://forum.tabrizchat.eclick.ir/lumps.html

Now normally I wouldn’t even give this a second thought as the address it was sent to wasn’t one that I had listed with Twitter but I had just blocked and reported some-one on Twitter so for some reason (I’m blaming lack of coffee) I decided to click the link.

DUMB.

When I saw the actual address show up in Chrome’s address bar I immediately closed the window so I don’t know exactly what is on the other end of the link but it probably isn’t good.

If this has already been passed around my apologies but like I said – better safe than sorry.

WARNING: A new Twitter phishing attack is a post from: The Inquisitr

It’s bad enough when regular sites get hijacked by people who want to fill your computer with all kinds of spyware and other assorted types of malware but when they start manipulating Google search results I think one could say things are getting out of control.

The team over at Sunbelt Software, developers of the Vipre security software, have a post up about just this fact. The way it works is that these malware serving sites are set up to use Google as a referrer and have massaged the served up links in search results to lead you directly to compromised sites.

Apparently one of the ways you can tell if the URL is dangerous is if you see a /?p or ?/t in it and while Google does seem to catch some of the dangerous links it doesn’t catch them all as you can see from this image courtesy of Sunbelt

The amount of search terms that can lead you into this dark world of dangerous search results is dizzying. While the security guys might like to think of it a a fun pass time it sin’t somethign for the average user to play around with.

Alex from the Sunbelt blog says that the use of search results like this is massive and points to a list of search terms used in a recent blackhat run on Google. This is only a potion of his whole list but it will give you an idea

2010 Military Pay Charts
Aileen Quinn
Amelia Earhart
Anglicanism
Arsenio Hall
Astate
Banco Del Tesoro Venezuela
Bedava Ingilizce
Bianchini .
Bitty Schram Fired
Black Parade
blackberry storm 9520
Blast Off
Bobblehead .
Bravo project runway .
Cafe World
cfnm youtube
Charlie Manuel
child stuck in balloon
Chris Cooley Blog .
Chris Mckendry
Christian Audigier
Collin Wilcox Paxton
Collin Wilcox Paxton .

As they use to say on Hill Street Blues – be careful out there.

Google – the new playground of malware scum is a post from: The Inquisitr

In the battle to keep computer networks safe we are use to using tools like resourcing hogging anti-virus and other malware scanning methods. The problem is that in many cases this is more like fighting a rear-guard action as malware creators change and adapt quicker than the tools we use to fight them.

This may change due to some new thinking and following one of nature’s scrappiest fighters – the common ant.

Using a concept called swarm intelligence security researchers are trying to create a digital version of those pesky little insects that have ruined more than one picnic.

“In nature, we know that ants defend against threats very successfully,” explains Professor of Computer Science Errin Fulp, an expert in security and computer networks. “They can ramp up their defense rapidly, and then resume routine behavior quickly after an intruder has been stopped. We were trying to achieve that same framework in a computer system.”

Source: Science Daily – Ants Vs. Worms: New Computer Security Mimics Nature

The project at Pacific Northwest National Laboratory (PNNL) has already successfully used this idea of digital ants to track down a worm that they let loose into a network of 64 computers. As a result the project has been extended and two of the researchers, Wes Featherstun and Brian Williams, will be incorporating their research into their master’s theses.

This type of security isn’t something that we will probably see anytime soon on our personal computers as it is more oriented to protecting large networks like the ones at universities, governments, and large corporations.

Swarm intelligence for cutting edge cyber security is a post from: The Inquisitr

According to Steven Musil at cnet Security The New York Times is in the midst of a battle to get rid of a what they are terming “an unauthorized advertisement”.

In typical fashion the ad warns readers that their computer could be infected with some sort of virus and then redirects the reader to a site offering “antivirus software”. The site readers are being redirected to is best-virus03.com and is a hijacking site that takes over your browser and will attempt to install software.

As one cnet reader told Musil

One CNET reader described how the pop-up ad essentially hijacked his browser, preventing him from navigating away from the site.

"They took me to an ‘antivirus site,’ which kept attempting to scan my computer and install software. Using the back button kept reloading the virus page," the reader said. "It was not possible to close the page, necessitating a force quit."

At this point other than a short blurb in the newspaper’s Media & Advertising section NYT isn’t saying a whole hellva lot.

Rogue ad battle at New York Times is a post from: The Inquisitr

For almost as long as there has been OS wars the mantra of the penguin herders has been that the likelihood of Linux ever being vulnerable to tings like viruses and trojans was next to nil. This was something that they liked to hold over the heads of all us dumb Windows users – much like the Mac contingent does as well.

How many times have we heard the chant … “you want to be safe use Linux – Windoze is for losers” or some such similar childishness?

Well now Windows users can tell all those Linux lording geeks to stuff it because just as with any operating system there are weaknesses that can be exploited (usually the person behind the keyboard) and Linux is no different. Regardless of how the Tux lovers might pontificate about the security of Linux the fact is that Linux can be exploited which is exactly what a security researcher has found with the discovery of a cluster of Linux servers that is being used as a special ops kind of botnet. As well it is being used to distribute malware to unsuspecting web surfers.

Each of the infected machines examined so far is a dedicated or virtual dedicated server running a legitimate website, Denis Sinegubko, an independent researcher based in Magnitogorsk, Russia, told The Register. But in addition to running an Apache webserver to dish up benign content, they’ve also been hacked to run a second webserver known as nginx, which serves malware.

"What we see here is a long awaited botnet of zombie web servers! A group of interconnected infected web servers with [a] common control center involved in malware distribution," Sinegubko wrote here. "To make things more complex, this botnet of web servers is connected with the botnet of infected home computer(s)."

Source: The Register – Linux webserver botnet pushes malware

While it is unclear how the infection began Sinegubko suggests that it may be because on nothing more than careless administrators who had their passwords sniffed – hence my comment about the biggest security weakness being from behind the keyboard regardless of operating system. Current the network consists of about 100 nodes running the Apache webserver on different distros of Linux.

Linux not so pure and safe after all is a post from: The Inquisitr