Archive for October 11th, 2011

Skype – New R2D2 Listening Agent discovered

This new development is still being analyzed by security firms: 

Backdoor Snoops on Skype, MSN, and Yahoo! Messenger
http://blog.trendmicro.com/backdoor-snoops-on-skype-msn-and-yahoo-messenger/
http://www.f-secure.com/weblog/archives/00002250.html

QUOTE: We recently came across reports about a hacker group that was able to detect a backdoor which was found capable of monitoring online activities and recording calls when using Skype. However, apart from its routines, it garnered media attention because of its claims that the discovered backdoor may be used by German Law Enforcement.  The malware, which we detect as BKDR_R2D2.A is known as “R2D2″. Based on our analysis, this malware is capable of the following functionalities:

  • Listen to chat conversations for applications such as Skype, Yahoo! Messenger, MSN Messenger and SipGate x-lite.
  • Record audio calls when using Skype
  • Monitor web browsing activities with browsers SeaMonkey, Navigator, Opera, Internet Explorer and Mozilla Firefox.
  • Take screenshots on the affected system.

Windows 8 – Striving to improve memory management

The new Metro UI may allow for Windows 8 to load resources to memory as they are opened and needed.

Windows 8 – Striving to improve memory management
http://www.pcmag.com/article2/0,2817,2394426,00.asp

QUOTE: Microsoft’s Windows 8 is aiming to minimize a PC’s memory usage through efficient design, allowing it to run on hardware originally designed for Windows 7.  In a blog post, Bill Karagounis, the group program manager of the Windows Performance team, said that the group’s goal with Windows 8 was always to ship with the same performance requirements as Windows 7. Interestingly, Karagounis wrote that the reason for doing this was to minimize the power consumption used by Windows 8 when running on a tablet.  Microsoft has said that the “Metro” UI also eliminates the need to load all portions of the desktop, saving memory. And Windows 8 is simply more efficient in using memory, Karagounis added.

Windows 8 – PC Magazine’s list of articles
http://www.pcmag.com/Windows-8

Android Malware – Symantec Research Study of Monetary Incentives

The Symantec research study provides an excellent overview regarding monetary incentives for Android mobile computing malware.

Android Malware – Symantec Research Study of Monetary Incentives
http://securitywatch.pcmag.com/malware/288932-how-android-malware-makes-money

QUOTE: In the old, old days researchers wrote virus code to prove a point and lone coders released malware that disseminated a message or simply vandalized computers. Modern malware is all about money. Symantec has just released a report on the various techniques used to make a profit from Android-focused malware. Given that Android is now the most widespread mobile platform, it’s a wide-open field for malefactors seeking to cash in.

Premium rate billing is one simple technique to skim some cash. In this case a Trojanized Android application performs some useful or entertaining function, but secretly sends SMS short codes that bill the caller  $10, $50, or even more. The attacker splits the fee with the phone service carrier. Apps can send text messages without any visible indication, making this a better choice than forced dialing of premium rate telephone numbers.

Some apps literally spy on the victim, recording phone calls and texts and tracking GPS location. It’s true that on installation the victim must agree to specific permissions, but many users just routinely give an OK to all such requests. Malicious apps that poison search engine results can drive traffic to malicious Web sites, either to encourage download of more malware or to generate income based on pay-per-view or pay-per-click advertising.

Symantec – Motivations of Recent Android Malware
http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/motivations_of_recent_android_malware.pdf

QUOTE: The following categories of attack are highlighted in the study:

1. Premium Rate Number billing (calls or text messaging)
2. Spyware
3. SEO Poisoning
4. Pay per click
5. Pay per install of apps
6. Adware
7. Mobile Transaction Authorization Number (MTAN) Stealing