Mobile Users Unfazed by Web Threats

Users are under the impression that mobile phones are more secure than PCs, according to the latest Trend Micro survey. A number of users are found not practicing safe browsing when using their mobile phones.

The survey shows that 44% of over 1,000 respondents are lax when it comes to surfing using their mobile phones. The respondents are actually more concerned of losing data such as contact numbers via physical phone loss rather than information loss due to Web threats and phishing or spam attacks. In fact, only 23% utilize security software already installed in their phones. Some even believe there is no use for such software as mobile phones are not as prone to security risks.

Quite unfortunate is the fact that users’ assumption that mobile phones are spared of attacks by cybercriminals is very much incorrect, as mobile threats have been around for the past four years now.

http://blog.trendmicro.com/mobile-users-unfazed-by-web-threats/

Developer denies software to beat Chinese censors is malicious

UltraSurf programmer says the software acts suspiciously, but it’s just trying to put one over on the Great Firewall of China.

Software designed to beat Chinese censorship may behave in ways that seem suspect, but it is all part of the application’s strategy to fool the Great Firewall of China, according to one programmer of the software.

“There are many built-in tricks that do all kinds of things to confuse the firewall,” says David Tian, a scientist for NASA who works spare-time on UltraSurf, the free software designed to promote unrestricted Internet access for citizens of China persecuted for being members of Falun Gang, the religious group the Chinese government is trying to suppress.

Some of those tricks were pointed out last month at the Black Hat security conference by researchers who interpreted the odd behaviors as counterproductive to the anti-censorship goal and as perhaps malicious. After about a month, Tian recently responded to a request made during the conference for reaction to the research.

UltraSurf is a proxy network that masks where traffic is being sent to and received from in an effort to keep the Chinese government’s Internet filters from detecting forbidden communication. It calls for users to download an UltraSurf client, which sends and receives traffic via a network of proxies set up and maintained by UltraReach, a subgroup under the Global Internet Freedom Consortium.

More in http://www.networkworld.com/news/2009/082809-chinese-anticensorship.html

Firefox Add-on Spies on Google Search Results

Trend Micro threat analysts were alerted to the discovery of a spyware (detected as TSPY_EBOD.A) purporting to be an Adobe Flash Player update. Upon execution, the spyware creates a Firefox add-on called “Adobe Flash Player 0.2,” the installer of which uses JavaScript (detected as JS_EBOD.A) and appears to spread via forum posts.

The said add-on injects ads into the user’s Google search results pages. More disturbing, however, is its capability to monitor the user’s browsing activities, particularly his/her Google search queries using the Firefox browser. It then sends the information it gathers to http://{BLOCKED}jupdate.com.

http://blog.trendmicro.com/firefox-addo-spies-on-google-search-results/

If a free scanner says you have infection but it does not say which file….

is infected… dump that free scanner.  Use alternative scanners (online or on-demand scanner)

Webroot Spy Sweeper is offering free scan but if it found infection, there is no information on which file is infected.  People who come across on such like this one in CNET Forums cannot even quarantine the file, leaving the end-user curious whether the detection of Spy Sweeper’s free scan is correct or a false positive.  You have to pay before you can quarantine without information on what it will quarantine or heal? Webroot must be kidding.

AVG false positive on legitimate applications causes trouble

Many AVG users are now asking help in forum on why they could not run legitimate applications such as Firefox, Microsoft Word, CCleaner, Malwarebytes’ Anti-malware etc.  Other users has reported to receive a dialog box that the executable of the program that they are trying to open is is not a valid Win32 application.  While some are getting that a .dll file is missing.

Sample reports yesterday and the other day is here, here and here.  Moderator of CNET, Carol has provided also some links on similar reports mentioned at DSLReports.com

All of the above reports started to happen to end-users that has AVG and allowed AVG to delete/quarantine the infection Sheur2 and PSW.Agent.ABTK.

Looking at the sample AVG activity logs by AVG user at BleepingComputers.com shows that AVG has deleted a lot of legitimate files by legitimate applications including Windows Update file wuauclt.exe by Microsoft and even the AVG executables avgcmgr8.exe!

Running the system file checker utility will help but it will not solve the problem because AVG did not only detect system files but executable of third party applications that SFC will not restore. 

If you are seeing the said problem, make sure to read the activity log of AVG.  Restore the files from AVG vault. Update your AVG definitions soon.

AVG Moderator confirmed on August 28 in a forum post the false alarm and that they have release a new virus detection update.

Hackers scalp Apache

The website of Apache was taken offline for several hours on Friday after the SSH remote administration key on one of its servers was compromised.

It’s unclear at present whether any code on the Apache website was actually modified. Nor do we know how the attack was carried out or who was behind it.

Apache’s web site was restored after DNS records were changed so that servers based in Europe rather than at the main US site were carrying the load.

http://www.theregister.co.uk/2009/08/28/apache_hack/

Apple’s Snow Leopard Brings Compatibility, Security Concerns

Adobe CS3 users are expressing dismay that Snow Leopard compatibility hasn’t been tested while hackers tempt Mac users with malware in Snow Leopard clothing.

Apple’s Snow Leopard update for Mac OS X ships later this week, but compatibility and security worries have already arrived.

Adobe (NSDQ: ADBE) on Tuesday confirmed that its Creative Suite 4 (CS4) line of products is compatible with Snow Leopard, except for Adobe Drive/Version Cue. It also acknowledged that its older CS3 software has not been tested with Apple’s forthcoming operating system.

In an effort to dispel worries that CS3 users would be unable to use their software if they upgraded to Mac OS X 10.6, Adobe Photoshop product manager John Nack subsequently clarified in a blog post that "No one said anything about CS3 being ‘not supported’ on Snow Leopard."

He stopped short however of declaring that CS3 will be fully functional under Snow Leopard, leaving Adobe users who haven’t upgraded to CS4 wondering, like Microsoft Office 2004 users, whether any show-stopping glitches await.

An unofficial, community-compiled Snow Leopard application compatibility list was briefly available at http://snowleopard.wikidot.com/, but the hosting site appears to have been overwhelmed by the visitor traffic and was returning a blank page at the time this article was filed.

With regard to security, Trend Micro said that one its researchers had discovered several Web sites advertising free copies of Snow Leopard. What’s actually offered is malware, specifically, a DNS changing Trojan known as OSX_JAHLAV.K.

"Once executed, OSX_JAHLAV.K decrypts codes, which include a script that downloads other malicious scripts," said Trend Micro’s Bernadette Irinco in a blog post. "The said script then alters the DNS configuration and includes two additional IP addresses in its DNS server. Users are thus possibly redirected to phishing sites and other fraudulent sites. In fact, some of these bogus sites are reportedly hosting FAKEAV (rogue antivirus) variants and components."

According to Trend Micro, OSX_JAHLAV.K may be downloaded without the user’s knowledge following a visit to a malicious Web site. The Trojan, however, has a "low" overall risk rating.

Foxit Corporation, which makes the PDF reading program Foxit for Windows, Linux and various mobile platforms, on Tuesday warned that hackers are distributing software that purports to be Foxit Reader for Mac, a product that hasn’t been released yet.

http://www.informationweek.com/news/hardware/mac/showArticle.jhtml?articleID=219500239

FBI fears free laptops could be malware scam

Beware geeks offering gifts.

Malware authors may have found a new way to skirt firewalls – send some pre-infected laptops in the post.

That’s the fear of the FBI which is investigating the despatch of laptops to US state governors. Five HP laptops were sent to West Virginia Governor Joe Mahchin a few weeks ago.  According to sources familiar with the investigation, other states have been targeted too, with HP laptops mysteriously ordered for officials in 10 states. Four of the orders were delivered, while the remaining six were intercepted.

The West Virginia laptops were delivered to the governor’s office several weeks ago, prompting state officials to contact police, according to Kyle Schafer, the state’s chief technology officer. "We were notified by the governor’s office that they had received the laptops and they had not ordered them," he said. "We checked our records and we had not ordered them."

http://news.techworld.com/security/3200622/fbi-fears-free-laptops-could-be-malware-scam/