Android Malware Trend Continues, GingerMaster Targeting Gingerbread

The first piece of malware for Android 2.3 ‘Gingerbread’ has been spotted. Working alongside  NetQin  –  a mobile security firm, security researcher  Xuxian Jiang  has located and detailed the inner workings of GingerMaster, the first piece of malware that attacks Android Gingerbread.

Using Gingerbreak, which is the  the latest exploit for gaining root access to Gingerbread, the malware gathers information about the infected device and sends it to a remote server. In addition to exfiltrating the IMEI, phone number and SIM serial, GingerMaster creates a backdoor root shell, stored in the system partition in an attempt to survive after software upgrades, to allow for an attacker to access the device at will.

The malware also acts as a trojan horse. Registering on a remote server, the application will sit and wait for instructions on a ‘command and control’ channel. This allows for an attacker to remotely trigger events, such as downloading and installing more malware without the user knowing or reading personal information saved on the phone.

With more and more malware for Android popping up, looking to mobile security software  as a means to protect your device is a good choice, but using more common sense with downloading applications from official stores and understanding the risks of giving permissions to apps, is a better way to protect yourself from these threats. While both Google and Apple are looking for ways to implement a “kill switch” for unauthorized devices or applications, this is a reactive measure to an inherent problem with all security implementations – they rely on the user.

Team Develops Accurate Prototype to Detect Fake Sites

Despite the wide use of the internet, there is a surprising lack of awareness amongst most users about fake sites on the net. The number of sites is on the rise and the number of victims is also rising at an accelerating pace. Now a team of researchers from the Arizona Eller College of Management have developed a prototype system that can detect fake websites.

A Phishing attempt

The system can detect fake sites much better than a human can. The article by the team on this development got published in the prestigious journal MIS Quarterly, published by the Management Information Systems Research Center, Carlson School of Management and the University of Minnesota. An MISQ publication is a trophy in one’s research career.


The importance can hardly be over-emphasised. Fake sites are responsible for robbing people of a lot of money or phishing attempts and other such acts of cyber crimes.

Ahmed Abbasi, the lead author of the paper and now a University of Virginia professor of information technology, says:

The problem we’re looking at is quite big. Fake websites constitute much of the Internet fraud’s multi-billion dollar industry, and that is monetary loss…we can’t even quantify the social ramifications. That’s the whole motivation. It is so profitable for fraudsters, and it is slipping through the cracks.

The Methodology

The methodology was two-part.

The first involved checking the easily verifiable information. The prototype checked whether a site’s URL contained http’ instead of an expected https’. Further, it can check when the site was last updated, whether a security key is missing or if the images appear unexpectedly pixelated.

The second part used more hidden information like URL length, number of links and to which sites it is linking to, the character types on the site and how the FAQ section on a site is maintained.

Way forward

Abbasi emphasises the use of great amounts of information for improving the prototype. Fake sites are constantly evolving their look and how they look is not really a criteria any longer, which makes it all the more difficult for a human to detect them. The days of long-held idea of a fake site having a lot of Unicode characters and other unreadable nonsense are gone.

The project is still underway and very much on track. It is, however, a long way from sneaking into our own lives and saving us from a lot of harassment.

Everything You Need to Know About Malware and Microsoft’s Defense

Malware, popular term for malicious software, is a software program designed to damage a user’s computer, a server, or network; or to steal personal or sensitive information of a user or defrauding the user through online scams.

What are Different Types of Malware?

  • Rogue security software: Rogue security software masquerades as legitimate security software or Microsoft Update user interface. Fake alerts scare users into thinking that their computer has been compromised and clicking the suggested link to resolve the issue which instead stealthily   downloads malware to the computer.
  • Password stealers: A password stealer transmits personal information such as user names and passwords that an unsuspicious user enters while browsing the web or using applications on the computer.
  • Keyloggers: A keylogger sends keystrokes or screenshots to an attacker. The information can be then used to ascertain passwords, bank account numbers, or any sensitive information that a user types.
  • Rootkits: A rootkit performs functions that a system administrator cannot easily detect or undo. A rootkit is often installed as part of a bundle of malware, where it hides itself and other malware that performs a more
    dangerous activity.
  • Viruses: Viruses are malware that replicate by infecting other files on the computer, thus allowing the execution of the malware code, and its propagation when those files are activated.
  • Worms: A worm is a self-propagating program that can automatically distribute itself from one computer to another.
  • Trojan horses: A trojan horse is an application that appears legitimate and useful, but performs malicious and illicit activity on an affected computer.
  • Spyware: Spyware collects information, such as the websites that a user visits, without user’s knowledge.

Why is Malware a Serious Problem?

Malware is a common weapon for cyber-criminals against individuals and organizations. Malware writers use constantly evolving techniques to make detecting and removing their software difficult. Often malware are deployed together as part of a large, sophisticated assault to recruit vulnerable computers into botnets. Botnets are attractive to criminals because they are easy to hide behind. Botnets harness the processing power, storage, and bandwidth of attacked computers to generate vast amounts of spam, hack websites, and commit online frauds.

Microsoft’s Strong Pursuit of Rustock

Microsoft has taken its pursuit of the operators of the notorious Rustock botnet to the next level by offering a monetary reward of $250,000 for any information about them that leads to their identification, arrest, and criminal conviction.

Microsoft Digital Crimes Unit

In 2010, the  Microsoft Digital Crimes Unit (DCU), in cooperation with industry and academic experts, had successfully taken down the botnet Waledac in an operation known as Operation b49. This successful operation against Waledac paved the way for future shutdowns in cases where criminals are abusing anonymity to victimize computer users around the world. The Rustock takedown was the next, and the biggest success till date. In March 2011, the Rustock botnet was taken down with help of industry partners and law enforcement. In an operation known as Operation b107, this was a joint effort between the DCU, the Microsoft Malware Protection Center, and Trustworthy Computing known as Project MARS (Microsoft Active Response for Security). Since that time the botnet has stayed dead.

Last month, Microsoft published notices in two mainstream Russian newspapers, the Delovoy Petersburg and The Moscow News, to notify the Rustock operators of the civil lawsuit. The quarter-page ads ran for 30 days to make a good faith effort to contact the owners of the IP address and domain names that were shut down when Rustock was taken offline. Microsoft also created the website specifically dedicated to the case.

However, Microsoft has made clear that keeping the botnet dead or taking action against the perpetrators of this botnet isn’t the only focus. Microsoft intends to effectively reduce digital crime globally by deterring the criminals who seek to profit from botnets. This huge cash bounty testifies to Microsoft’s insistence that the Rustock botnet is responsible for a number of criminal activities.

Rustock was a spam giant with a capacity for sending 30 billion spam mails every day. DCU researchers watched a single Rustock-infected computer send 7,500 spam emails in just 45 minutes a rate of 240,000 spam mails per day. The spam mails included fake Microsoft lottery scams and offers for fake and potentially dangerous prescription drugs. The botnet was estimated to have approximately a million infected computers operating under its control.

Computers are recruited into botnets when malware is installed on them. Botnets are known to be the tool of choice for cybercriminals because they are easy to hide behind. Botnets harness the processing power, storage, and bandwidth of infected computers and can be used to to send spam, conduct denial-of-service attacks on websites, spread malware, facilitate click fraud in online advertising and much more.

The United States had the most botnet infections (2.1 million), far ahead of Brazil, which had the second greatest number of infections (550,000). Korea had the highest rate of botnet infections (14.6 bot computers cleaned per thousand).

WARNING: Fotos_Osama_Bin_Laden.exe Email Attachment Is A Banking Trojan

As if the various Osama Bin Laden video scams on were not enough, a new malware is being spread through emails now. If you receive any emails with an attachment named or something similar, DO NOT OPEN IT.

Banking Trojan

According to F-Secure Labs, an email is doing the rounds of the internet with an attachment named, this could be named differently too as The file contains an executable named Fotos_Osama_Bin_Laden.exe.

The executable does not contain any photos of Osama Bin Laden but is infected with the Trojan-Downloader:W32/Banload.BKHJ, which is a banking Trojan. It installs on the system and will start to monitor your online banking sessions via a Browse Helper Object (BHO) and try to redirect your payments to wrong accounts.

If you have downloaded or clicked on the attachment run an free online scanner or a anti-malware after disabling access to the internet. You might also want to run scans using your Antivirus. If you don’t have one, head over to our Free Antivirus section to find one.

The new Trojan is playing on human curiosity generated by the death of Osama Bin Laden. There are actually no leaked photos or videos of the event. As an advice, please don’t click on any links which tell you that you can watch a censored video or pictures of Osama Bin Laden’s death.

You will not be able to watch any videos or pictures unless the US government releases them. So hold your horses until then and don’t spread the virus of become affected by it.

Microsoft Safety Scanner Scans Your PC For Virus, Spyware and Malicious Software

Over the past couple of years or so, I have used Microsoft Security Essentials as my only virus and malware protection tool. The Free Antivirus tool from Microsoft is definitely worth installing on your PC.

Microsoft Safety Scanner

If you are someone who does not like to install Antivirus on your PC or just want to check whether your current Antivirus is really working well, a new tool from Microsoft will come in handy.

Microsoft Safety Scanner is a free security software from Microsoft which provides users with on-demand scanning while allowing users to remove viruses, spywares, Trojans and another malicious software from their PC. Safety Scanner works along with your current Antivirus software, so you don’t have to uninstall your current AV protection to use it.

One of the bad things about Microsoft Safety Scanner is that it expires every 10 days. Users will have to download a new version to scan your system every ten days which could be annoying considering that it is around 70MB in size. A simple definition update should be added so that users don’t have to download new versions every 10 days.

Users must also note that unlike traditional Antivirus systems the Safety Scanner does not provide continuous protection and should not be used as a replacement for traditional Antivirus software. Microsoft Security Scanner should only be used to additionally scan your PC. If you intend to replace your current Antivirus you might check out our Free Antivirus section to find a suitable alternative.

Additionally, you may also want to read the following articles related to :

Download Microsoft Safety Scanner

Beware of the Fake System Tool


The other day, I spotted a warning at the Microsoft Malware Protection Center. They presented some great information about a piece of malware called    Winwebsec,  which is more commonly seen as “System Tool“. Apparently it’s popping up more often now, so I decided to put out a warning to our readers.

I’ve actually run into this one before, while fixing some of my friends and family’s computers. It wasn’t much trouble to get rid of at the time, but I’ve read that some of the newer versions are more difficult to remove.

An infected computer will start getting fake warnings like the one shown here. These warnings are very realistic. Their purpose is to try to fool you into buying some more fake software that will make things even worse for you.


I looked around and I found one or two good articles that tell you how to remove the fake System Tool, but I decided to put together my own little guide.  Below you’ll find a slideshow that I’ve put together. It will give you a better idea of what to look for and some suggestions on how to remove this Fake System Tool.

If you can’t see the slideshow here, you can view it at Google.  For those interested, here are some cool technical details about this infectious fake.

CARBERP – a New Browser Trojan to Worry About

malwareHow would you feel about a computer infection that could lie to your bank about your online transactions? What would happen if details such as who you are paying and how much, could be changed without you knowing it?

That’s exactly what can happen with the current crop of transactional trojans.   This is called screen injection, HTML overlayor the man-in-the-browser attack.

This type of infection can spy on you while you are online at many banking sites. ATM PINs, social security numbers and answers to secret questions are the types of information that will be stolen.

Previously, we’ve written about the Zeus trojan, which is the current king of the transactional trojans. Zeus used some very unique command-and-controlinterfaces that actually fooled security experts into giving up information. The Zeus trojan was also used to infect hundreds of U.S. Government employees when they opened a fake Christmas Card email from the White House.

If that’s not scary enough, there are more trojans out there that are being bred to compete with Zeus. According to TrustDefender, a well known security provider, a trojan named Carberp has recently added a whole slew of new features. These new features are intended to make it just as useful to black hats as Zeus. Here are some of the features:

  • It can run on non-administrator accounts.
  • It can infect XP, Vista and Seven machines.
  • It doesn’t make changes to the Window registry.
  • It hooks into the web browser to control all internet traffic.
  • It’s able to transmit real-time data to it’s masters.

It also covers it’s identity by appending random data into itself to foil normal anti-virus detection. The fact that it can run in non-admin mode and doesn’t write to the registry also makes it harder to detect. To most security software, Carberp could appear to be a simple browser add-on or extension.

The older Zeus trojan hasn’t been improved recently, and it looks like there’s a battle brewing that will decide the next popular trojan. Carberp is in the running with two or three others, such as SpyEye and Gozi.

It’s a rat race, with security experts always trying to build a better trap for the fast rats that keep breeding even faster rats. The security field profits from this race and so do the hackers.

We are the big losers.

Don’t be Tempted by the Kama Sutra Backdoor Trojan

appleIt’s difficult for some of us to resist clicking links or opening emails with provocative titles. That’s what hackers count on. Recently, one of many successful malware attacks was a file named Real kamasutra.pps.exe. Sophos reported that it really is a PowerPoint slideshow, but don’t get your hopes up. You’d have to infect your computer to see the images.

malwareWhat I will do is warn everyone, once again, not to be fooled by the old double extension trick. Even though you may think .PPS (slideshow), the .EXE on the end of the file makes it an executable file. When it’s launched, the slideshow above actually did display some rather unique images, however, it also installed a backdoor trojan. The trojan, called Troj/Bckdr-RFM, allows hackers to silently gain access to your PC. Once inside they can steal your data, your identity, and use your machine for any number of illegal activities.

Most of the time, you’ll see files with double extensions in email. One of the most famous email exploits was the I LOVE YOU.TXT.VBSfile. The .VBS on the end made it a Visual Basic Script, which installed a virus on millions of PCs back in 2000.

These days, your biggest risks come from clicking shortened links in social networking sites like Twitter and Facebook. Thankfully, most of the short URL providers, like and, try to make sure that the links don’t end up at known bad websites.

If you’ve waited patiently hoping for a glimpse of the images in that Kama Sutra slideshow, visit the Sophos blog.

China Fighting Mobile Malware With Carrier Countermeasures

With the rampant rise of mobile phones around the world, carriers and customers have been facing an increase in malware on their devices. China plans to put an end to phone manufacturers installing covert applications, that rack up revenue by sending premium SMS text messages on behalf of the user. Knownsec, a Chinese security company, says that the majority of devices that are plagued by this problem are knock-off phones using Android – since it allows for easy installation of applications before they reach consumer hands.

The Chinese Ministry of Industry and Information Technology have issued a release in which they indicate that carriers and government agencies will begin to implement countermeasures to fight against malware, which includes inspection of handsets and product quality assurance.

A members of China’s National Computer Network Emergency Response Technical Team says “Traditional security threats that exist on the Internet are spreading to mobile handsets, so we must prepare for them in advance”.

Via ITWorld

Image courtesy of F-Secure Archives