Nokia’s now mostly retired Symbian operating system still sits in a resounding first place with just under three quarters of all malware, but Android now has a malware problem that is growing exponentially according to the security company’s quarterly threats report…

Last quarter the Android mobile operating system (OS) became the most “popular” platform for new malware. This quarter Android became the exclusive platform for all new mobile malware. The Symbian OS (for Nokia handsets) remains the platform with the all-time greatest number of malware, but Android is clearly today’s target.

They say that SMS-sending trojans are still the biggest threat but that trojans that record phone calls to steal sensitive information are now beginning to appear.

While Google’s problems with malware on their Android platform are well known it should be pointed out that this report makes no mention at all of either Apple’s iOS, Microsoft’s Windows Phone or RIM’s Blackberry apps security.  It is odd that the chart they provide doesn’t single out these operating systems at all, merely referring to “Others” at around 10% of the malware problem.

Ten percent of all smartphone malware however is still a huge issue and assuming that 10 percent is split equally three ways (which is just an assumption to highlight a point), while it would only be about 16% of the total malware available for Android, we’re still talking about huge numbers indeed.

Mobile malware is a continuing problem and one I highlight as often as I can.  The reason for this being that this malware can cost you real money in premium rate texts or other mobile charges that can’t occur on your PC.  It’s entirely within the gift of your mobile operator as to whether they will refund such costs, but as the mobile malware problem escalates it will become more and more likely that operators will simply blame the user for downloading and installing the malware (which is fair to be honest) and refuse to issue any credits.

As the introduction to the report the company says…

The third quarter of 2011 offered its fair share of noise and signal: Malware continues to be produced daily at high levels, but we often miss its sophistication—which lies buried beneath the big numbers.  McAfee Labs saw some significant increases this quarter in stealth malware techniques, often referred to as rootkits, especially from the TDSS family. We also observed the continued emphasis on mobile malware, specifically targeting the Android operating system. In fact, this quarter Android was the sole target of mobile malware writers. A true portent indeed!

Unfortunately the mobile malware problem generally is receiving precious little widespread publicity.  While IT Enthusiasts might be increasingly aware of the need to install an anti-virus package on their handsets, the bulk of consumers will still see the their smartphones as embedded OS devices that will just work in the way their TV or toaster does.  They won’t necessarily see it as a device that can be infected and compromised.

While the report is clearly intended to shock, without the exact figures for iOS, Windows Phone and Blackberry’s being released it is hard to guage overall how bad the problem is and to make a judgement over how much more of a target Android is over the next platform.

The alternative is an application like F-Secure’s Online Scanner which can be started from a web browser. This particular application is a Java app which means that the latest Java Runtime Environment (JRE) needs to be installed on the system.

Users can visit the official website to start a scan of their computer system right away. The online application uses up to date virus and threat definitions that F-Secure maintains for all of their products.

When you start the online app you are asked to select a scan mode. Available for selection are quick scan, which only scans the most important files and folders of the system, a full scan or a custom scan. Custom scan can be configured on an extra screen in the program interface.

Here it is then possible to scan all or only selected folders and file types. The program itself will scan for malware, spyware, rootkits using a database of known virus signatures and heuristics to identify unknown threats.

The program then downloads files from the Internet which may take some time depending on the Internet connection. The scan time depends largely on the selected mode and the speed of the system.

The application displays a summary after the scan highlighting potentially malicious files. These files can be deleted from the system and send to F-Secure as a sample (handy if heuristics identified an unknown threat that F-Secure has no information about).

The program is easy to use and comes with enough customizations for advanced uses. I would not recommend relying solely on online scanners for security though, but would recommend them for additional security scans on a regular basis. You can check out our overview of online virus scanners here.

Wallace denies the charges which carry a jail term of up to 10 years and has been released on $100,000 bail by the authorities.

Prosecutors have said that Wallace earned “substantial revenue” from selling the personal data harvested by his app which propagated by posting itself to the walls of the friends of victims.  The spam was sent, and the personal data harvested between November 2008 and March 2009.

Facebook successfully sued Wallace in 2009 and a federal judge ordered him not to access their service.  Prosecutors are claiming this is an order Wallace ignored and violated on countless occasions.

Facebook is not the only service to have been hit by Wallace.  In 2008 he lost a civil prosecution brought by MySpace for sending junk messages on their network.

Facebook spam and malware apps is clearly a growing problem that isn’t going away.  Malware writers and criminals are taking advantage of the lack of knowledge most computer users have about what the threats to their personal data are, and how to look for them.

It is getting more and more common to see fake videos posted to walls, apparently by friends, with subjects such as “Daddy walked in on her” or “World’s worst hen night prank”.  The simple rule to follow with video is that the video, when clicked directly, will play in the wall view.  If it takes you to another page, even if it looks like Facebook and asks you to click to allow it permission it’s malware.

This is the same for all other malware links on the service.  If you suspect you have already authorised malware on your Facebook account follow these simple instructions to remove them.

1. Click on Account in the top right of the Facebook screen
2. Next click on Privacy Settings
3. Under Apps and Websites click Edit your settings
4. On the next page in the Apps you use section click Edit Settings
5. Here you can revoke permissions for all but the most essential Facebook apps that you like to use

It is also wise never to include your home address, home telephone number or mobile telephone number in your profile as this is information that is most valuable to spammers.  If your friends want to know your personal details they’ll always ask you in a secure direct message and you can tell them directly.

It is also wise to check your general Facebook privacy settings with you can do in Account > Privacy Settings.  Here you can see if your personal information is shared just with your friends, their friends or with everybody on Facebook.  Any information shared publicly will also be visible to search engines and could include sensitive information about you.

It is because Facebook have tightened privacy controls in the last year that we’re seeing more and more malware apps that want permission to access your personal information.  Giving an app permission is the same as making the writers of that app a friend, as they will then have access to all the information about you that you put on the social network, including photographs and status messages.

By far the safest way to protect yourself on Facebook is not to put sensitive and personal information there in the first instance.

Simply download and unzip Autoruns from the link below. It is a standalone utility that does not require installation. Add it to a flash drive for portable use and easy access.

http://technet.microsoft.com/en-au/sysinternals/bb963902.aspx

From the Zip file, double-click the autoruns.exe Application listed first. The application opens quickly, and you should see a tabbed interface.

This is the main window for Autoruns. The list shows all software that will run when you start your PC. Most of the programs presented are legitimate and are not malware. It takes some practice to identify malware processes. To disable a program from launching temporarily, uncheck the box next to the entry. To permanently prevent a program from launching, highlight and delete it. You will have to uninstall the program from your computer, as this deletion does NOT remove the software. If you recognize the software name, it is most likely legitimate. Check the Logon tab, as this is where malware will most typically appear. You may want to check the Hide Microsoft and Windows entry setting under Options to hide operating system files from being displayed. This reduces the list you have to go through significantly.

It should be noted that malware will adopt recognizable software names. One way to spot malware is by looking under the Publisher column. If there is no entry or if the publisher’s name is something that you do not recognize, then it is probably malware. If you suspect a recent infection, open the EXE or DLL file for the software and look at the “last modified” date. If it is a recent date and you have not installed any software recently, that is malware. Updates will have a Publisher clearly listed and are confined to operating system updates. These will have recent dates but are not malware. Generally, malware can be found in the C:\Windows folder or the C:\Windows\System32 folder.

This is what a malware entry will look like. In this case, Diskfix and SearchHelper are the culprits. These were not intentionally installed; they were installed by a Trojan downloader. Note that they have generic icons and the filenames are random characters. This is the mark of malware.

These two executable files were found in the C:\Windows\System32 folder using Autoruns.

Once the malware has been identified, you can temporarily disable them, permanently delete them, find them in Task Manager to terminate the processes, delete the files from your hard drive, or move them to a folder that will confine them from restarting. Do all of the above if you are sure that it is malware. Once you have made the changes, reboot the computer and start Autoruns again to see if the programs are still listed there. Next, check the Task Manager to see if they are running. If everything is clear on those fronts, you have succeeded in manually cleaning your PC of hidden malware and your locked antivirus program should be running well again.

If you are not sure about a specific program or file listed in Autoruns, you could use an online virus scanner like Virus Total to scan it. Another option is to research the file name on the Internet.

When a system gets infected by nasty trojans or worms, like those of the Trojan Downloader or Win32.VB family, then it is often to late to use conventional security tools to remove it.

Casir is a click and run tool that does not require expertise or advanced tech knowledge to run. You can start the portable software from a local hard drive, removable device or even an optical disc if you want. Please note that you need elevated privileges for some of the program’s functionality. The interface looks clean, and all that is really needed is to click the Start button to initiate the system scan.

Unlike other antvirus software, Casir will not scan all files on all connected drives and devices. It identifies, cleans and removes a fixed set of computer worms, trojans and other forms of malicious software.

So what exactly is Casir doing when it finds an infection or insecure system settings?

• Can lift restrictions that have been set by malicious software.
• Can remove processes and services added by malware.
• Removes the same processes and scripts from the system so that they won’t be started again.
• Removes malicious autostart entries.
• Cleans up all storage devices, including hard drives, floppy drives, removable drives and memory cards.
• Cleans up the Windows Registry, removes keys and traces left by the malicious software.

Casir removes all detected part of malware on the system, before it starts a CDS Job. This is basically a deep scan of the system. It will scan all files, Services, Registry information and memory resident processes for malicious traces. The developers have added this scan to counter malware that tries to avoid detection by randomizing Registry keys, file names and locations. A log is generated and saved in the system folder.

A click on Targets in the application interface opens the list of malware that is currently being detected by Casir.

Casir is anice to have security software for Windows, especially since it is a portable program. It can easily be added to a tools collection on an USB stick or DVD.

The program itself is compatible with 32-bit and 64-bit editions of the Microsoft Windows operating system. It can be downloaded directly from the developer website. (via)

Rkill is a free utility offered by bleepingcomputers.com. Here are the links to give you the different versions:

• http://download.bleepingcomputer.com/grinler/rkill.com
• http://download.bleepingcomputer.com/grinler/rkill.exe
• http://download.bleepingcomputer.com/grinler/rkill.scr
• http://download.bleepingcomputer.com/grinler/eXplorer.exe
• http://download.bleepingcomputer.com/grinler/iExplore.exe

The different versions are offered as many malware processes will execute through various paths. You will need it at some point when operating a PC. This will not remove malware or repair damage caused by malware. This will simply stop the processes from running. Once you download, you can save the file and run a security scan. It is doubtful that you will find any security risks, but just stay on the safe side and check before running the utility. Once you start Rkill, this screen will open:

This process can take a long time to complete. You can temporarily disable antivirus and anti-spyware programs as they will often recognize Rkill as a threat and disable it. It may sound crazy to disable antivirus software and it is not a move without risk. It is better to go into your antivirus software and create an exception for the Rkill version that you use and leave the rest of the antivirus running as is. After Rkill is prepared, it will indicate that it is terminating malware processes.

Close applications to make this faster. The “Please be patient” message is no joke. You might wait 30 minutes and you might also wait for hours. The wait is worth it. When Rkill has completed its task, it will show a screen like this:

Please note that Rkill’s main purpose is to prepare the system for the disinfection of malicious software. That’s why you see Chrome and rundll32.exe in the list above. It does not mean that those processes are malicious.

The next thing to do is open your antivirus software and run a scan. A prior scan did not pick those cookies up before running Rkill. The advantage is obvious. Select all and delete from quarantine. It is a good idea to use MalwareBytes, another free utility to run a basic malware scan. This can be run in conjunction with the antivirus scan on Windows 7 as long as your PC processor can handle the load. The general rule is to run MalwareBytes separately to avoid confusion. It has been found favorable to run a good antivirus scan first and then run MalwareBytes. Obtain the free download for MalwareBytes here:

Use the free download or purchase the full version. The free download is sufficient as long as your antivirus is up to date. After following the prompts, MalwareBytes will open and you should just run a quick scan. It will detect any remaining malware that your antivirus may have missed. By running the antivirus before MalwareBytes, everything was removed. When MalwareBytes completes a scan, it shows a screen with the results. Nothing was found here because my resident malware protection removed the malware already.

That is all there is to it. If in doubt about malware, try Rkill and see what is actually going on in the background.

Please note that Malwarebytes is just a suggestion. There are other free tools out there that you can use to scan your system, Dr. Web Cure It for instance.

The company quickly developed a script to identify computer systems that were causing that search traffic. Computer users who are infected with that specific type of malware will now receive a notification that their computer is infected at the top of their web results.

It reads: Your computer appears to be infected. It appears that your computer is infected with software that interrupts your connection to Google and other sites. Learn how to fix this.

A link is provided to a Help Center article that explains how to fix the issue on the infected computer. Google offers three suggestions on that page:

• Install or update antivirus software
• Perform a system scan
• Provide Feedback

Interestingly enough, Google suggests to use Google to find a proper antivirus software or use one of the suggested antivirus products. The latter link leads to a page where three anti-spyware programs are offered: Malwarebytes’ Anti-Malware, Sypware Doctor and MacScan. Not really the type and number of programs one would expect on such a page.

Google users who come here researching their infection could download and use one of the following programs as well, which are often suggested in case of infections: Avast Antivirus, Microsoft Security Essentials or Dr. Web Cure It.

Google has released further information on the type of infection yesterday. The company believes that a couple million machines are infected by the malware, which has made their way on computers as a fake antivirus software.

The malware sends traffic to Google through a number of proxy servers. Google has not revealed any more information about the purpose of the virus. A possible scenario among others is click fraud.

Google does not really aid the use in removing the infection from the system. But that’s on the other hand not the company’s job. They could rework their support pages to include more antivirus solutions and information, but the main aspect here is that they notify users of the infection. (via)

This move is definitely in the interest of users who work on infected machines. It is likely that it limits the damage caused by said malware significantly.

They praise Internet Explorer’s SmartScreen filter for protecting users against significantly more social malware than any other current browser, and by the looks of the chart below this is by some significant margin.

In their report the firm describe socially-engineered malware as…

Socially-engineered malware attacks pose a significant risk to individuals and organizations by threatening to compromise, damage, or acquire sensitive personal and corporate information; statistics from 2008 – 2010 show that this trend is increasing at a rapid rate. According to a recent study by AVG, users are four times more likely to be tricked into downloading malware than be compromised by an exploit; criminals continue to increase their use of malware as a cybercrime attack vector. Anti-virus researchers report detecting between 15,000 and 50,000 new malicious programs per day, Kaspersky Lab has even reported detecting up to “millions per month.”

They go on to describe IE’s SmartScreen filter as…

The SmartScreen Filter protection offered by Windows Internet Explorer 9 has two components: URL Reputation, which is included in IE8 and Application Reputation, which is new to IE9. IE9 caught an exceptional 92% of the live threats with SmartScreen URL reputation, and an additional 8% with Application Reputation. IE9 with SmartScreen offers the best protection of any browser against socially engineered malware. Protection against malware targeting European users matched our broader findings from the Q3 2010 global test.

The results are quite something, and other browser makers, Apple, Mozilla and Google will no doubt fight back rigorously with strong statements that their browsers are every bit as safe and secure as Internet Explorer, if not more so.

In the tests though, Internet Explorer 8, the previous generation of Microsoft’s browser, caught 90% of all live threats with IE9 catching 92% and reaching 100% of all threats when the known reputation of applications was factored in.

This is compared to the other browsers.  Apple’s Safari caught just 13% of live threats, Mozilla FIrefox 4 also caught 13% which had dropped from the 19% the browser caught in the same tests last year.  Opera 11 caught only 5% of all threats and Google’s Chrome browser caught, again, just 13% of all live threats.

StartScreen is not a widely talked about feature of Microsoft’s browser.  The company describes it as…

a feature in Internet Explorer that helps detect phishing websites. SmartScreen Filter can also help protect you from downloading or installing malware (malicious software).

They say that is “analyses web pages” as you visit them to “determine iof they have any characteristics that might be suspicious”, “checks the sites you visit against a dynamic list of reported phishing sites and malicious software sites” and “checks files you download from the web against a list of reported malicious software sites and programs known to be unsafe.”

This feature though is only as good as the people who keep the information up to date, which means that a 92% success rate today might not mean you’ll get that tomorrow.

Every week, new social malware is being discovered that is trying to trick users into installing it and surrendering personal information such as their credit card details with ever increasing believability.  The recent attacks on Apple Mac users by Mac Defender is an example of just how convincing this software can be.

The weak link with malware and viruses will always be the user, as it will always be this person who has to click or select something in order for malware to infect their PC.  It’s commonly said that the only safe PC is one that’s still in the box and has never been switched on.

The news, which was reported by ComputerWorld, said that four new malware apps were discovered on Friday by Lookout Security that were infected by a variant of the DroidDream Light virus.  This is now the third time this year that this particular malware has been found in the Google marketplace.

Yesterday though, North Carolina State University researchers found new malware that would force Android phones to text premium rate numbers.  According to ComputerWorld, Google has been forced to pull over 80 infected applications from its app store since March this year.

In a poor attempt to defend themselves, Google said in a blog post that “Fortunately the malware was available in the Android Market for a short period of time so the number of downloads was limited to 1,000-5,000.”  How the company can possible claim that up to 5,000 people’s smartphones and tablets have been infected is ‘fortunate’ would need explaining to many people.

Ever increasing volumes of malware are being found on the Android marketplace and security researchers from across the world are warning repeatedly about the dangers posed by downloading them.  These malware apps can do everything from texting and calling premium rate numbers, to stealing your personal and contacts information and email and other log-in information.

Currently the Android platform offers no protection from these apps and Google simply aren’t being proactive enough in preventing them from appearing on their app store to begin with.

The problem stems from the open nature of the platform.  App developers don’t have to submit apps for rigorous testing in the way they do for Apple and Microsoft smartphone and tablet platforms.  This is one of the factors that has allowed Android to become so popular in the last year and to build up huge numbers of available apps.

Furthermore, the open-course nature of the operating system gives malware writers unfettered access to Android source-code which they can use to refine and test their malware, to make sure that it remains as hidden and as deadly as possible.

Neither of these are problems facing Apple, Microsoft, RIM or HP on their own platforms.  The problem is compounded however by a lack of clear communication and information from Google to their customers.  Most Android users will be completely unaware that any malware problem exists on the platform.  Obviously Google aren’t too keen to highlight this to them as it would clearly damage sales, and harm the reputation of their operating system.

Also, the company has made no moves towards tightening up control of their own app store, or locking down specific features within the OS to prevent malware from actioning requests unless specifically called by the user.

Clearly something is going to have to give.  Android is the most vulnerable operating system currently available and either Google will have to step in soon and take positive action to defend their platform against the threat, or the ever growing volume of negative publicity their action is bringing will eventually come to the attention of the mainstream press.

Xuxian Jiang, an assistant professor of computer science at North Carolina State University offered this advice to Android users keen to avoid malware on their devices.  He said to make certain that the permissions an app requests from you match the permissions you would expect that app to have, while Lookout security said “Use common sense to ensure that the permissions an app requests match the features the app provides”.

Over four million and a half million PCs have become infected with the TDL trojan in the last three months.  In a report on the new botnet, security researchers at Kaspersky labs said “The owners of TDL are essentially trying to create an ‘indestructible’ botnet that is protected against attacks, competitors, and anti-virus companies.”

TDL installs itself into the Master Boot Record of Windows, where anti-virus programs often fail to look and uses a new encryption method for protecting communication between the infected PC and the operators.  This makes it very difficult to trace the traffic from the PC and locate the people controlling the botnet.

In addition, this botnet doesn’t use direct communication between machines, but instead uses a peer-to-peer system, such as those used in file sharing.  This decentralises the communication, making it even harder to trace.

In their report the researchers said “It’s definitely one of the most sophisticated botnets out there.”

The majority of infections so far have been reported in the USA (28%) with India second in the infected list at 7%.  The infection rates are rising sharply though, and there’s been no reporting yet from Microsoft on whether the enhanced protection and security in Windows 7 will help defend against infection.

It’s clear that the best way to fight the TDL trojan so far will be in individual machines, though it is still common for millions of people to leave their computers open to infection by not understanding the risks involved and how they can protect against them.

There are also still millions of people running Windows XP still and the hugely insecure Internet Explorer 6 web browser.  This will aid the distribution and infection rates for TDL.  Finally it is critically important that people have Windows Update activated on their computers.

The trojan has been distributed via booby-trapped websites.  It has so far been discovered lurking on porn and pirate movie websites, along with some sites offering storage for photos and video files.

Kaspersky removed the virus diligently enough, but it had left her with an annoying and recurring Windows Defender 0X80070006 error code whenever she started her PC.  This code, if you do a quick search on Google is “Application failed to initialise” though it was clear to me straight away what had happened and it’s so common I thought I’d write it up here.

Windows Defender has been a staple component of Windows since the famous XP Service pack 2 that introduced it.  It’s a basic anti malware app that runs automatically in the background on your PC and helps keep it free of nasties.  It’s no substitute for a commercial anti-malware app though, MalwareBytes being my all-time favourite, and as such many third-party anti-virus programs disable it when you install them.  Kaspersky is no exception to this but on this occasion, as also happens so many times, something went wrong and Windows Defender wasn’t disabled, or wasn’t disabled correctly.

This is a simple-enough problem to fix and can be done in just a few simple steps.  I thought I’d talk you through those steps here.

The first thing to do is to open the Servicespanel in Windows.  While Windows Defender is to all intents and purposes a program, it’s not installed as a normal program.  Instead it runs as a Windows service, much in the same way your print spooler or your firewall does.

The best way to find services is just to type the word services into the search box in the Start Menu.  You’ll see in figure 1 that the services panel has an icon that’s a couple of cogs, a large one and a small one (it’s highlighted here).  Click on this option to open the services panel.

Fig 1

When the services panel opens you’ll see a very long list of a great many Windows services as in Figure 2, they’ll by default all be listed in alphabetical order.  Scroll down the list until you find Windows Defender.

Once you have Windows Defender visible in the services panel, right-click on it and select Properties from the context menu that appears.

Fig 2

After you’ve selected the properties for Windows Defender, a small dialog window will appear showing all the options for that service.  You can see this in Figure 3.  In the centre of this window is an option to select the service’s Startup Type.  This is the option you’ll want to change as, most likely, your new anti-virus software has failed to disable Windows Defender and its service is still running.

Just changing this Startup Type behaviour to Disabled and pressing the OK button in the window is enough to fix the problem.  You can now close the services window and restart your PC.  Now you won’t get the error any more as Windows Defender will no longer be running and there won’t be any conflicts between it and your new anti-virus software.

Fig 3

It can be verytempting to look down the list in the Services panel to see what else you may or may not need.  By default Windows 7 is very good at only running services that are actually required.  You may find that the Tablet PC Input Service is running, and if you don’t have a touch-enabled computer you can safely disable this service too.  I would alwaysadvise against shutting down any other services however.  Some are required for Windows to start and operate, and others are required by third-party software (including your anti-virus software).

You should always be extremely careful disabling Windows services unless you know exactly what they are!  Doing so could cause your computer to become unstable or even unable to start.

The malware spreads in a way similar to several that have recently been passed to Windows machines. It calls itself Mac Defender or Mac Security, and encourages a user to download it from a web page with an infected link or advertisement. It appears at a glance to be a legitimate piece of antivirus software. Once downloaded, it asks the user to enter a username and password to allow for a system scan. Then it installs, complete with a nifty menu item. It lets the user know that the computer has been infected with viruses and offers to fix the problem for a small fee. Once the user has entered a credit card, the scareware says it was denied and asks for another. Clever. Once installed, the software uncontrollably brings up porn websites.

While security companies scramble for a fix, Apple refuses to comment on the situation, neither confirming nor denying the existence of the bug. In an internal document leaked to the internet, support staff were told not to admit to the bug at all, and not to help with uninstallation.

While this kind of malware is becoming downright common for windows, Apple is not used to dealing with this type of situation. There are very few Apple bugs. The reason is not, necessarily, that Apple is any more secure than Windows. It’s more likely that Apple has had a small, if loyal, market share up until now. Macs are becoming more popular, though. If there is safety in obscurity, then as Apple’s obscurity disappears, so does the safety factor.

Apple’s tendency towards secrecy will not serve it well here. Acknowledging the problem would give mac users peace of mind, and would let them know that a fix is coming. Being open with the public about security problems is, in general, smarter for a company than trying to hide them. Apple has not had to face this enough yet to get that point.

Any Apple fan will tell me how much better Macs are than PCs. Okay. Whether that’s true or not, though, you have to admit that as Apple becomes more popular, the company will have to face some of the problems that Windows has been facing for years. This is just one of the first. Yay, Apple, look at the positives. This is a good sign, right …?

What are your thoughts? If you are on a mac, do you agree with the experts who still say that an antivirus program is not necessary for the Mac? Will you install one? How do you think Apple should handle this? In your opinion, are they on the right track?

These links, when clicked, will take you through to another website where you will be required to perform additional actions such as clicking further links in order to view the the video (which doesn’t exist!)

In performing these actions you will be giving the malware writers valuable information, especially if you ”like” the app and have personal information such as your home address, telephone and mobile phone numbers and your email address on your Facebook profile.  Such malware, and there are a great many on Facebook and other social networks at the moment, could even require you to download and install a plugin or codec to watch the video.  Such a file will certainly be malware of some variety such as a bot or keylogger.

Simply clicking on the main link for most of these “apps” will post a link to your wall saying that you like it.  This is most commonly how these malware apps will spread.  Should you see one on the wall of a friend, you may want to notify them or post a message under it informing people of its real purpose.

The tsunami which hit Japan last week after a massive 8.9 magnitude earthquake has killed thousands of people, with up to 10,000 people still missing from a single coastal town, and caused billions of dollars of damage including critical damage to one nuclear reactor and further damage to two others.

Past events where spammers and malware writers have tried to exploit users on Facebook and other social networks have included the death of Michael Jackson and the Indonesian tsunami of 2004.

Here at gHacks we wish to send our continuing sympathies for those people from around the world who have been affected by the earthquake, and especially to those people in Japan who are continuing to be affected by this tragedy.

We urge you to pass the word around about these malware links and, if you can afford it, to donate a small amount of money to help those in need through your local Red Cross, Red Cresecent or other disasters charity.

Some variants of the worm contain a link to a PDF document, this PDF contains malware that opens access to the users’ email address book.  It’s becoming increasingly common for Adobe’s file formats to be used for viruses and malware since increased security in newer versions of Microsoft Windows have made it a much harder target.

The worm will immediately spread by sending a copy of itself to everyone in the users’ address book.  It will also attempt to remove or disable any security software on the PC so that it can remain undetected.  Finally it will look for open network links to other computers and attempt to auto-run itself on those machines.

The worm isn’t widespread but so far some major corporations have been hit including NASA, Disney and the insurance giant AIG.

Security firm Kaspersky said the new worm has similarities to the now infamous I Love You bug  of ten years ago.  “The difference with those earlier attacks is that the e-mails typically carried the malicious file itself and didn’t rely on a link to a downloading site…But the technique used to entice users to click on the attachment or malicious link is the same: offer the user something he wants to see.”

As always our advice is to virus check any attachment before you open it, if you even need to open it at all.

The controversial system collected the URLs of websites visited by its customers and the ISP failed to inform either its customers or the ICO before its launch.

Mark Schmid, TalkTalk’s Director of Communication said in a statement “We were simply looking at the urls accessed from our network, we weren’t looking at customer behaviour so we didn’t feel we were obliged to inform customers.  This is all about protecting customers. It is not designed to provide us with data for any other purpose.”

The system scanned the websites visited by TalkTalk customers to aid the company in detailing websites that could contain malware or viruses.

British Telecom had proposed a similar service called Webwise which was heavily criticised by the British public.  BT also conducted trials without informing customers which led to accusations of intercepting private data.

Online privacy is an issue of which the public is becoming increasingly aware, which can only be a positive thing.

Now, NeoWin is reporting that the new licensing scheme for Android apps has been cracked less than a month after coming on-line.

The “Licensing Service for Android Applications” was supposed to provide developers a “secure mechanism to manage access to all Android Market paid applications.”  In theory, the new licensing system would verify against the Android Market licensing server, which would in turn verify the application against existing sales records. If no sales records were found, the application would show an error explaining that it was not properly licensed.

The man responsible for cracking the security has published a paper on his websitein which he details how to reprogram a Java app, which is the language most Android apps are written in, to change its status from unlicensed to licensed.

He says…

I am very much against piracy, and very much pro-Google. I have spent more time researching copy protection for my applications than development of the applications themselves.  Our findings show that most (any?) apps can be easily patched and stripped of licensing protection, making them an easy target for off-Market, pirated distribution. By corollary, this means that sites dedicated to pirating apps can continue to do so, using a few automated scripts mixed with some smarts.

He also provides a video demonstrating his findings.  Google have not yet commented on the crack.

The scam, reported by the BBC, tricks users into installing a rogue application that then posts spam messages to all their contacts.  The spam messages then containing links through to malicious websites.

The messages will try to get your attention by using messages such as “OMG, shocking video” and they appear to come legitimately from a friend.

The rogue application takes advantage of the fact that many users don’t properly understand their privacy settings on Facebook and will not know how to deactivate the app later on which, by the way you can do by clicking on “Account” in the top right corner of the window then “Application Settings” and pressing the “x” next to the offending app.

Once a user has installed the app it then posts a message to their profile along the lines of “I just got the dislike button, so now I can dislike all of your dumb posts lol!!!” in order to try and tempt their friends to install the app too.

You should always be careful what apps you install in Facebook and if something looks too good to be true, it probably is!

The virus, discovered by Kaspersky Labs, is believed to be the first booby-trapped application for the operating system.  In a security advisory, Kaspersky say “ the fake media player was most prevalent among Russian Android users. The risk to Android owners worldwide is believed to be low.”

Needless to say there are a huge number of smartphone users who, though app stores are installing large volumes of programs on their phones without really knowing if they are hiding any malicious payloads.  This is a problem that’s only going to get worse over time.

“We can expect to see a corresponding rise in the amount of malware targeting that platform,” said Denis Maslennikov, mobile research group manager at the firm.

There are a significant amount of Java applications that behave in this way, as the BBC has proven recently with it’s own malicious app to prove how easy it is to write such code, but this is the first believed to have been written specifically for the Android operating system.

Both Apple and Google monitor the apps that are available for download through their app stores and Microsoft have also said they will do the same with their forthcoming Windows Phone 7 Operating System.  Somehow though this virus has still made it through the testing process.

A spokesperson for Google told the BBC…

“Google has a system in place that can revoke malicious applications and stop them running on handsets.  Our application permissions model protects against this type of threat.  When installing an application, users see a screen that explains clearly what information and system resources the application has permission to access, such as a user’s phone number or sending an SMS.  Users must explicitly approve this access in order to continue with the installation, and they may uninstall applications at any time.  The spokesperson said the firm advises users to “only install apps they trust”.

The malware takes the form of a game that spies on the smartphone’s owner and was built using the standard software toolkits that are available  to everyone.  In a report on the experiment today, Experts says that this makes the malware much harder to spot.

There is evidence that criminals are now beginning to target smartphones with their complete lack of virus protection, in order to gain personal details that can be used for identity theft and other crimes.

Chris Wysopal, the co-founder and head of technology at security firm Veracode, who helped the BBC develop its malware, said that smartphones are not at the point PCs were at in 1999, at the birth of the popular internet.

“At that time malicious programs were a nuisance. A decade on and they are big business, he said, with gangs of criminals churning out malware that tries to steal saleable information.”  He said.  “Mobiles offered a potentially more tempting target to those criminals.”

Simeon Coney, of mobile security form Adaptive mobile said…

“In a mobile network the device is intrinsically linked to a payment plan, to a user’s credit,” he said. Nothing happens on a mobile network, no call is made or text is sent, without money changing hands.  Criminals have tapped into that revenue stream by getting phone owners to dial or contact premium rate numbers. Now they are turning their attention to applications and the lucrative information they scoop up.”

The Java application from the BBC was put together in only a few weeks and  gathered contacts, text messages and also gathered the phones’ location.  IT then sent this information to a specially set-up email address.

The malware was only 250 lines of code, with the entire program only 1500 lines of code.  The BBC say in their report that there can be benefits to the way some phone OS manufacturers vet programs.  Apple vets every program for the iPhone and iPad and Blackberry maker RIM and Google can easily switch off malicious applications through use of a code-signing system.  Microsoft’s Windows Phone 7 operating system will also see all programs vetted.

The last time the BBC conducted an experiment like this they took control of a botnet, but when the experiment was over left a message on the screens of the infected PCs worldwide and instructed the botnet to self-destruct.

The latest threat is another with Adobe’s name on it.  The company has already come under heavy criticism this year for major flaws in it’s Acrobat and Flash platforms, this new threat is more of the same with the Acrobat reader for the iPhone.

The BBC is reporting that experts are saying the threat has yet to be exploited and are urging Apple and Adobe to find a fix before it is.

The threat would affect all devices running Apple’s iOS operating system, the iPhone, ipod and iPad, none of which run anti-virus software.

Graham Cluley, a computer security expert with Sophos, told BBC News that the exploit used the same principle as Jailbreakme – a utility that lets iPhone 4 owners run non-Apple approved applications – although it uses the exploit in a benign way.

“It uses the same tricks as you do when jailbreaking,” said Mr Cluley.  “We always thought that Apple’s Mobile Safari would be the main vulnerability.  “At present, we have yet to see any of these exploits out in the wild, but it is only a matter of time,” he warned.

The method exploits a weakness in the Safari web browser to automatically open an infected PDF.  The irony of this being that so far the only way to secure yourself against it is to unlock your device and install unapproved software on it.

Neither Apple for Adobe have so far commented on the threat or said when a patch might be available.