Stories of Android devices being infected with malware are not uncommon these days. We have seen a recent Juniper Networks report which stated that Android malware increased by 472%. Yet another report, this time by McAfee, says nearly all malware in Q3 was targeted at Android.

Given that the operating system and the marketplace are open and without any gate-keepers, it is not surprising at all. What is a benefit to developers (no obstacles to their creativity), comes with a huge price because it is also extremely open for abuse by the bad guys. Now that Android has a huge installed base, it is an easy target for malware infestation.

Today, it was reported that Google has removed 22 apps from the Android market in the past several days because they were bundled with malware. San Francisco security firm Lookout Software claimed that the malware in these apps is called RuFraud, and it essentially send dummy SMS messages to create financial benefit  for the malware makers.

Not to waste the opportunity, Microsoft’s Windows Phone evangelist Ben Rudolph immediately jumped on twitter and created an instant promotion. The tweets read as follows:

Do you have #droidrage from Android malware?Tell me your story…and I might upgrade you to a #windowsphone !

— Ben Rudolph (@BenThePCGuy) December 13, 2011

Been nailed with Android malware and have #Droidrage ?Share you story with me…you might win an upgrade to a #windowsphone !

— Ben Rudolph (@BenThePCGuy) December 12, 2011

More malware on Android! bit.ly/rt7dpD Been hit? Share yr #droidrage story to win a #windowsphone upgrade. 5 best (worst?) win!

— Ben Rudolph (@BenThePCGuy) December 12, 2011

Windows Phone (especially after Windows Phone 7.5 Mango released) has been universally praised for its elegance, simplicity and beauty. The problem for Microsoft is that iOS first, and Android now, have created a certain impression of a smartphone in the minds of consumers. While Android in some ways is a clone of iOS with grids and pages of app icons, Windows Phone is very unique in its approach of Live Tiles and Hubs. It has proven difficult for Microsoft to get this message across easily, and as a result the sales have been dismal.

Promotions like this help in not only getting these devices in the hands of folks using competing platforms, but also creating a buzz around the promotion itself. Note that Ben had earlier run a similar promotion for users of Blackberry affected by a long downtime of Blackberry services. At the time, he had said he received over 1,500 responses!

#DearBlackberry users, Frustrated with your BB? Tell me why you want to upgrade to a #windowsphone – I’ve got 25 to give away.

— Ben Rudolph (@BenThePCGuy) October 12, 2011

This is a very good and opportunistic move by Ben. It assures him the attention of disgruntled users who will be more open to switching, and in return they get a free phone too! That makes it an absolute win-win situation!

The first piece of malware for Android 2.3 ‘Gingerbread’ has been spotted. Working alongside  NetQin  -  a mobile security firm, security researcher  Xuxian Jiang  has located and detailed the inner workings of GingerMaster, the first piece of malware that attacks Android Gingerbread.

Using Gingerbreak, which is the  the latest exploit for gaining root access to Gingerbread, the malware gathers information about the infected device and sends it to a remote server. In addition to exfiltrating the IMEI, phone number and SIM serial, GingerMaster creates a backdoor root shell, stored in the system partition in an attempt to survive after software upgrades, to allow for an attacker to access the device at will.

The malware also acts as a trojan horse. Registering on a remote server, the application will sit and wait for instructions on a ‘command and control’ channel. This allows for an attacker to remotely trigger events, such as downloading and installing more malware without the user knowing or reading personal information saved on the phone.

With more and more malware for Android popping up, looking to mobile security software  as a means to protect your device is a good choice, but using more common sense with downloading applications from official stores and understanding the risks of giving permissions to apps, is a better way to protect yourself from these threats. While both Google and Apple are looking for ways to implement a “kill switch” for unauthorized devices or applications, this is a reactive measure to an inherent problem with all security implementations – they rely on the user.

Despite the wide use of the internet, there is a surprising lack of awareness amongst most users about fake sites on the net. The number of sites is on the rise and the number of victims is also rising at an accelerating pace. Now a team of researchers from the Arizona Eller College of Management have developed a prototype system that can detect fake websites.

A Phishing attempt

The system can detect fake sites much better than a human can. The article by the team on this development got published in the prestigious journal MIS Quarterly, published by the Management Information Systems Research Center, Carlson School of Management and the University of Minnesota. An MISQ publication is a trophy in one’s research career.

Importance

The importance can hardly be over-emphasised. Fake sites are responsible for robbing people of a lot of money or phishing attempts and other such acts of cyber crimes.

Ahmed Abbasi, the lead author of the paper and now a University of Virginia professor of information technology, says:

The problem we’re looking at is quite big. Fake websites constitute much of the Internet fraud’s multi-billion dollar industry, and that is monetary loss…we can’t even quantify the social ramifications. That’s the whole motivation. It is so profitable for fraudsters, and it is slipping through the cracks.

The Methodology

The methodology was two-part.

The first involved checking the easily verifiable information. The prototype checked whether a site’s URL contained http’ instead of an expected https’. Further, it can check when the site was last updated, whether a security key is missing or if the images appear unexpectedly pixelated.

The second part used more hidden information like URL length, number of links and to which sites it is linking to, the character types on the site and how the FAQ section on a site is maintained.

Way forward

Abbasi emphasises the use of great amounts of information for improving the prototype. Fake sites are constantly evolving their look and how they look is not really a criteria any longer, which makes it all the more difficult for a human to detect them. The days of long-held idea of a fake site having a lot of Unicode characters and other unreadable nonsense are gone.

The project is still underway and very much on track. It is, however, a long way from sneaking into our own lives and saving us from a lot of harassment.

Malware, popular term for malicious software, is a software program designed to damage a user’s computer, a server, or network; or to steal personal or sensitive information of a user or defrauding the user through online scams.

What are Different Types of Malware?

• Rogue security software: Rogue security software masquerades as legitimate security software or Microsoft Update user interface. Fake alerts scare users into thinking that their computer has been compromised and clicking the suggested link to resolve the issue which instead stealthily   downloads malware to the computer.
• Password stealers: A password stealer transmits personal information such as user names and passwords that an unsuspicious user enters while browsing the web or using applications on the computer.
• Keyloggers: A keylogger sends keystrokes or screenshots to an attacker. The information can be then used to ascertain passwords, bank account numbers, or any sensitive information that a user types.
• Rootkits: A rootkit performs functions that a system administrator cannot easily detect or undo. A rootkit is often installed as part of a bundle of malware, where it hides itself and other malware that performs a more
  dangerous activity.
• Viruses: Viruses are malware that replicate by infecting other files on the computer, thus allowing the execution of the malware code, and its propagation when those files are activated.
• Worms: A worm is a self-propagating program that can automatically distribute itself from one computer to another.
• Trojan horses: A trojan horse is an application that appears legitimate and useful, but performs malicious and illicit activity on an affected computer.
• Spyware: Spyware collects information, such as the websites that a user visits, without user’s knowledge.

Why is Malware a Serious Problem?

Malware is a common weapon for cyber-criminals against individuals and organizations. Malware writers use constantly evolving techniques to make detecting and removing their software difficult. Often malware are deployed together as part of a large, sophisticated assault to recruit vulnerable computers into botnets. Botnets are attractive to criminals because they are easy to hide behind. Botnets harness the processing power, storage, and bandwidth of attacked computers to generate vast amounts of spam, hack websites, and commit online frauds.

Microsoft has taken its pursuit of the operators of the notorious Rustock botnet to the next level by offering a monetary reward of $250,000 for any information about them that leads to their identification, arrest, and criminal conviction.

In 2010, the  Microsoft Digital Crimes Unit (DCU), in cooperation with industry and academic experts, had successfully taken down the botnet Waledac in an operation known as Operation b49. This successful operation against Waledac paved the way for future shutdowns in cases where criminals are abusing anonymity to victimize computer users around the world. The Rustock takedown was the next, and the biggest success till date. In March 2011, the Rustock botnet was taken down with help of industry partners and law enforcement. In an operation known as Operation b107, this was a joint effort between the DCU, the Microsoft Malware Protection Center, and Trustworthy Computing known as Project MARS (Microsoft Active Response for Security). Since that time the botnet has stayed dead.

Last month, Microsoft published notices in two mainstream Russian newspapers, the Delovoy Petersburg and The Moscow News, to notify the Rustock operators of the civil lawsuit. The quarter-page ads ran for 30 days to make a good faith effort to contact the owners of the IP address and domain names that were shut down when Rustock was taken offline. Microsoft also created the noticeofpleadings.com website specifically dedicated to the case.

However, Microsoft has made clear that keeping the botnet dead or taking action against the perpetrators of this botnet isn’t the only focus. Microsoft intends to effectively reduce digital crime globally by deterring the criminals who seek to profit from botnets. This huge cash bounty testifies to Microsoft’s insistence that the Rustock botnet is responsible for a number of criminal activities.

Rustock was a spam giant with a capacity for sending 30 billion spam mails every day. DCU researchers watched a single Rustock-infected computer send 7,500 spam emails in just 45 minutes a rate of 240,000 spam mails per day. The spam mails included fake Microsoft lottery scams and offers for fake and potentially dangerous prescription drugs. The botnet was estimated to have approximately a million infected computers operating under its control.

Computers are recruited into botnets when malware is installed on them. Botnets are known to be the tool of choice for cybercriminals because they are easy to hide behind. Botnets harness the processing power, storage, and bandwidth of infected computers and can be used to to send spam, conduct denial-of-service attacks on websites, spread malware, facilitate click fraud in online advertising and much more.

The United States had the most botnet infections (2.1 million), far ahead of Brazil, which had the second greatest number of infections (550,000). Korea had the highest rate of botnet infections (14.6 bot computers cleaned per thousand).

As if the various Osama Bin Laden video scams on Facebook were not enough, a new malware is being spread through emails now. If you receive any emails with an attachment named Fotos_Osama_Bin_Laden.zip or something similar, DO NOT OPEN IT.

According to F-Secure Labs, an email is doing the rounds of the internet with an attachment named Fotos_Osama_Bin_Laden.zip, this could be named differently too as Photos_Osama_Bin_Laden.zip. The file contains an executable named Fotos_Osama_Bin_Laden.exe.

The executable does not contain any photos of Osama Bin Laden but is infected with the Trojan-Downloader:W32/Banload.BKHJ, which is a banking Trojan. It installs on the system and will start to monitor your online banking sessions via a Browse Helper Object (BHO) and try to redirect your payments to wrong accounts.

If you have downloaded or clicked on the attachment run an free online scanner or a anti-malware after disabling access to the internet. You might also want to run scans using your Antivirus. If you don’t have one, head over to our Free Antivirus section to find one.

The new Trojan is playing on human curiosity generated by the death of Osama Bin Laden. There are actually no leaked photos or videos of the event. As an advice, please don’t click on any links which tell you that you can watch a censored video or pictures of Osama Bin Laden’s death.

You will not be able to watch any videos or pictures unless the US government releases them. So hold your horses until then and don’t spread the virus of become affected by it.

Over the past couple of years or so, I have used Microsoft Security Essentials as my only virus and malware protection tool. The Free Antivirus tool from Microsoft is definitely worth installing on your PC.

If you are someone who does not like to install Antivirus on your PC or just want to check whether your current Antivirus is really working well, a new tool from Microsoft will come in handy.

Microsoft Safety Scanner is a free security software from Microsoft which provides users with on-demand scanning while allowing users to remove viruses, spywares, Trojans and another malicious software from their PC. Safety Scanner works along with your current Antivirus software, so you don’t have to uninstall your current AV protection to use it.

One of the bad things about Microsoft Safety Scanner is that it expires every 10 days. Users will have to download a new version to scan your system every ten days which could be annoying considering that it is around 70MB in size. A simple definition update should be added so that users don’t have to download new versions every 10 days.

Users must also note that unlike traditional Antivirus systems the Safety Scanner does not provide continuous protection and should not be used as a replacement for traditional Antivirus software. Microsoft Security Scanner should only be used to additionally scan your PC. If you intend to replace your current Antivirus you might check out our Free Antivirus section to find a suitable alternative.

Additionally, you may also want to read the following articles related to Online Security:

• Tips to Keep Your Computer Safe and Secure
• Protect Yourself from Internet Threats [Detailed Instructions]
• Things To Do Before Throwing Away Your Old PC

Download Microsoft Safety Scanner

[Windows]

The other day, I spotted a warning at the Microsoft Malware Protection Center. They presented some great information about a piece of malware called    Winwebsec,  which is more commonly seen as “System Tool“. Apparently it’s popping up more often now, so I decided to put out a warning to our readers.

I’ve actually run into this one before, while fixing some of my friends and family’s computers. It wasn’t much trouble to get rid of at the time, but I’ve read that some of the newer versions are more difficult to remove.

An infected computer will start getting fake warnings like the one shown here. These warnings are very realistic. Their purpose is to try to fool you into buying some more fake software that will make things even worse for you.

I looked around and I found one or two good articles that tell you how to remove the fake System Tool, but I decided to put together my own little guide.  Below you’ll find a slideshow that I’ve put together. It will give you a better idea of what to look for and some suggestions on how to remove this Fake System Tool.

How would you feel about a computer infection that could lie to your bank about your online transactions? What would happen if details such as who you are paying and how much, could be changed without you knowing it?

That’s exactly what can happen with the current crop of transactional trojans.   This is called screen injection, HTML overlayor the man-in-the-browser attack.

This type of infection can spy on you while you are online at many banking sites. ATM PINs, social security numbers and answers to secret questions are the types of information that will be stolen.

Previously, we’ve written about the Zeus trojan, which is the current king of the transactional trojans. Zeus used some very unique command-and-controlinterfaces that actually fooled security experts into giving up information. The Zeus trojan was also used to infect hundreds of U.S. Government employees when they opened a fake Christmas Card email from the White House.

If that’s not scary enough, there are more trojans out there that are being bred to compete with Zeus. According to TrustDefender, a well known security provider, a trojan named Carberp has recently added a whole slew of new features. These new features are intended to make it just as useful to black hats as Zeus. Here are some of the features:

• It can run on non-administrator accounts.
• It can infect XP, Vista and Seven machines.
• It doesn’t make changes to the Window registry.
• It hooks into the web browser to control all internet traffic.
• It’s able to transmit real-time data to it’s masters.

It also covers it’s identity by appending random data into itself to foil normal anti-virus detection. The fact that it can run in non-admin mode and doesn’t write to the registry also makes it harder to detect. To most security software, Carberp could appear to be a simple browser add-on or extension.

The older Zeus trojan hasn’t been improved recently, and it looks like there’s a battle brewing that will decide the next popular trojan. Carberp is in the running with two or three others, such as SpyEye and Gozi.

It’s a rat race, with security experts always trying to build a better trap for the fast rats that keep breeding even faster rats. The security field profits from this race and so do the hackers.

We are the big losers.

It’s difficult for some of us to resist clicking links or opening emails with provocative titles. That’s what hackers count on. Recently, one of many successful malware attacks was a file named Real kamasutra.pps.exe. Sophos reported that it really is a PowerPoint slideshow, but don’t get your hopes up. You’d have to infect your computer to see the images.

What I will do is warn everyone, once again, not to be fooled by the old double extension trick. Even though you may think .PPS (slideshow), the .EXE on the end of the file makes it an executable file. When it’s launched, the slideshow above actually did display some rather unique images, however, it also installed a backdoor trojan. The trojan, called Troj/Bckdr-RFM, allows hackers to silently gain access to your PC. Once inside they can steal your data, your identity, and use your machine for any number of illegal activities.

Most of the time, you’ll see files with double extensions in email. One of the most famous email exploits was the I LOVE YOU.TXT.VBSfile. The .VBS on the end made it a Visual Basic Script, which installed a virus on millions of PCs back in 2000.

These days, your biggest risks come from clicking shortened links in social networking sites like Twitter and Facebook. Thankfully, most of the short URL providers, like Goo.gl and Bit.ly, try to make sure that the links don’t end up at known bad websites.

If you’ve waited patiently hoping for a glimpse of the images in that Kama Sutra slideshow, visit the Sophos blog.