Archive for June 19th, 2012

Android – Fake Security application is Mobile Zeus malware

Fake Android Security App is Mobile Zeus Malware in Disguise

QUOTE: A new variant of the Zeus banking malware is masquerading as a security app in order to lure users trying to protect their Android devices from…malware.  The fake security app, called the Android Security Suite Premium, is actually the latest Zeus malware, Denis Maslennikov, a Kaspersky Lab researcher, wrote on SecureList on Monday. Once Android Security Suite Premium is installed on the mobile device, it displays a blue shield icon on the menu and a fake “activation code” when executed, according to the blog post. The app first appeared in early June, and there are at least six different versions.

The malicious app can intercept incoming text messages and forward them to remote command-and-control servers. Depending on the user, the messages could include sensitive data, such as password reset links or even one-time passwords. Any of the six C&C servers could send instructions to the app to uninstall  itself, collect and transmit system information, and installing other malicious applications.

Android – Top five malware attacks detected in the wild

Sophos has published the top five malware attacks circulating for the Android smartphone

Android – Top five malware attacks detected in the wild

QUOTE: The release of a brand new version of Sophos’s free anti-virus for Android (it actually does much more than just anti-virus, hence our marketroids call it Sophos Mobile Security) makes this an opportune time to update users on the Android malware landscape. SophosLabs has examined the stats produced by installations of Sophos Mobile Security, which is now being used on Android smartphones and tablets in 118 different countries around the world – and it’s making for interesting reading about which malware is being most frequently encountered on the platform.

These malicious apps can send and read SMS messages, potentially costing you money. In fact, it can even scan your incoming SMS messages and automatically remove warnings that you are being charged a fee for using premium rate services it has signed you up for.

1. Andr/PJApps-C. When Sophos Mobile Security for Android detects an app as Andr/PJApps-C it means that we have identified an app that has been cracked using a publicly available tool. Most commonly these are paid for apps that have been hacked. They are not necessarily always malicious, but are very likely to be illegal.

2. Andr/BBridge-A. Also known as BaseBridge, this malware uses a privilege escalation exploit to elevate its privileges and install additional malicious apps onto your Android device. It uses HTTP to communicate with a central server and leaks potentially identifiable information.

3. Andr/BatteryD-A. This “Battery Doctor” app falsely claims to save battery life on your Android device. But it actually sends potentially identifiable information to a server using HTTP, and aggressively displays adverts.

4. Andr/Generic-S. Sophos Mobile Security generically detects a variety of families of malicious apps as Andr/Generic-S. These range from privilege escalation exploits to aggressive adware such as variants of the Android Plankton malware.

5. Andr/DrSheep-A. Remember Firesheep? The desktop tool that can allow malicious hackers to hijack Twitter, Facebook and Linkedin sessions in a wireless network environment? Andr/DrSheep-A is the Android equivalent of the tool.

Apple iOS6 improves iPhone and iPad application security

Apple will be implementing new security controls for apps as noted in the following link:

Apple iOS6 improves iPhone and iPad application security

QUOTE:  The next version of Apple’s mobile operating system, iOS 6, will request explicit permission before allowing third-party applications to access user information. It’s a privacy upgrade that could benefit Apple’s hundreds of millions of iPhone and iPad customers.  In the new iOS 6, Apple will force apps to get user permission before accessing Contacts, Calendars, Reminders and Photos, MacRumors reported. The enhanced security feature, outlined in the “Data Privacy” section of Apple’s iOS 6 Release Notes, was announced at the company’s Worldwide Developers

MS12-037 patch protects against New IE based exploits circulating

The Microsoft Security Updates for June 2012 contain an important Internet Explorer fix that the ISC rates as “Patch Now”.  As new exploits are circulating, it is important to ensure users are up-to-date on all security updates

MS12-037 patch protects against New IE based exploits circulating

QUOTE:  A critical Internet Explorer vulnerability, announced and patched by Microsoft in June’s Patch Tuesday, is being exploited in the wild.  The vulnerability is CVE-2012-1875 (don’t expect any detail – this link is just boilerplate stuff), patched in MS12-037.  SophosLabs has seen numerous attempts to exploit this vulnerability (Sophos products detect it as Exp/20121875-A).  Cunningly-crafted JavaScript code – which can be embedded in a web page to foist the exploit on unsuspecting vistors – is circulating freely on the internet.