Last September, Microsoft and the Kaspersky Labs claimed a big win on the Kelihos botnet, when they took control of the infected computers. Kelihos was sending 4 billion spam messages a day, and it covers all kinds of spam including pharmaceuticals and stocks. Researchers devised an interesting mechanism to direct all the infected computers to communicate with a “sinkhole” or a computer they controlled. In spite of these stringent measures, Kelihos has started showing its face again, and very soon, its owners might regain control.

Not only has Kelihos started showing back on the radar, it is using new encryption techniques to hide its communications. A researcher at Kaspersky has also noted that two different RSA keys are being used; indicating that there might be two different groups controlling Kelihos.

Although researchers can install updates or clean up the infected computers, it is against the law in many geographical regions. A few days ago, Microsoft named Andrey N. Sabelnikov, a Russian citizen, guilty of running Kelihos. However, Russia does not allow extradition of its citizen, and he cannot be brought to a trial. Kaspersky Securelist investigated into the matter, revealing some interesting facts, like

Our investigation revealed that the new version appeared as early as September 28, right after Microsoft and Kaspersky Lab announced the neutralization of the original Hlux/Kelihos botnet.

Clearly, shutting down the Kelihos botnet will be a big challenge, and it will be interesting to see how far Microsoft and Kaspersky go in this case.

Many smartphone offerings in the market today feature easy-to-use interfaces, user-friendly applications, minimal required setup and seemingly limitless customization. However, this ease of use can lull smartphone users into a complacent and even ignorant attitude about their smartphone’s security and safety. Most applications downloaded by users for their smartphones range from games to novelty programs to productivity suites. Few consider that many of these applications can actually be malicious software and even fewer download one of the many readily-available mobile antivirus applications, leaving their smartphones insecure.

Malicious software can be bundled into almost any “disguise” mobile application (especially games and single-purposes “novelty” apps). While application distributors such as the Android Market have extensive measures in place to prevent the distribution of these programs, some malicious applications are nonetheless downloaded by smartphone users. Most of these rogue pieces of software cause no discernible problems with the smartphone, but beneath their often benevolent exteriors, they are compromising security. Some more benign smartphone viruses might simply spy on your location via the phone’s GPS capabilities and on your keyword usage, for the purpose of distributing audience-targeted spam emails or text messages. Others can compromise a smartphone’s security in more sinister ways, gathering and reporting email contents, credit card information, and call statistics. However some others destroy important information.

However, there is a better way to protect your smartphones. Besides downloading only credible and tested apps, a mobile antivirus program can also serve to highly reduce your risk of a security breach by malicious mobile software. Most antivirus apps will present a wide array of features. Perhaps most important and most common is a scan feature which reads and checks all files on the smartphone’s operating system against a database of known malicious software. Once viruses and other unwanted programs are detected, the antivirus application facilitates their deletion and removal, often “quarantining” them to prevent accidental activation or damage as they are removed. Other mobile antivirus application features might include a “real-time protection” module which actively monitors file downloads and stops unauthorized operations, options to remotely “wipe” the device in case of physical theft, and a browser module which checks email and internet links against a database of known malicious sites.

Some popular mobile antivirus programs include AVG Antivirus for Android, Webroot Security and Antivirus (Andriod Market), and VirusBarrier iOS (the App Store).

==== About the Author =====

Sapna Rawat is an SEO for taaza.com, which is a muti-dimensional Indian portal operating in verticals like Education, travel, News, Classifieds, Jobs and finance.

If you thought the site you were browsing was secure simply due to the little s  at the end of HTTP, you may want to re-evaluate.

Security researchers at ACROS  have posted details concerning a vulnerability in versions 14 and 15 of Google’s Chrome browser. The issue comes from an inconsistency that Chrome has when following and rendering redirections to other web pages. This means that an attacker can redirect a visitor to a page that looks identical to a legitimate page, with a real looking HTTPS URL, when infact they are not on the expected page. This can lead to theft of credentials, credit cards and other personal information.

The crux of the issue comes down to Chrome being very quick to update the address bar, even before any of the page content has actually loaded. This allows the researchers to change the destination without it being reflected to the address bar. Most users will “confirm” they are on the correct page simply by reading the address page and matching it with what they are looking at, especially when the majority only visit a handful of specific websites.

While the newest releases of Chrome (16, beta and above) have had this issue resolved, Google’s browser holds a relatively large marketshare of approximately 20% world wide. That’s more than 70 million. If over 75% of those users have updated version, one can speculate that roughly 1.7 million users are susceptible to this attack. With Google’s auto-update mechanism, it’s highly unlikely that there are so many old installations.

At Techie-Buzz alone, more than 1 million of the 3.5+ million visitors use Chrome. Google Chrome has been growing at a very rapid rate, pushing Microsoft’s Internet Explorer and Mozilla’s Firefox lower and lower. Chances are, you’re using Chrome because it’s fast, so if you want to stay as safe as possible, keep Chrome updated and take a look at some of the popular security/privacy extensions.

According to a recent report from Internet security company Kaspersky Labs, India has become the top source of spam emails for the third quarter of 2011.

During this period, about 79.8% of total emails sent were spam and out of this, 14.8% originated in India. The second and third positions are also held by developing nations Indonesia with 10.6% and Brazil with 9.7%. All of the top ten sources are Asian, South American or Eastern European countries.

With limited or no laws at all to tackle the issue of spam, these countries have become the safe haven for criminals looking to exploit the internet community by spamming.

India’s huge internet user base (which is currently the third largest behind China and US) and lack of awareness among the general public about general security practices could have been the reason for India’s rise as the world’s spam capital.

Some of the other important details from the Kaspersky Spam Report are -

· In Q3 of 2011, the share of spam in mail traffic was down 2.7 percentage points compared to the previous quarter, averaging 79.8%.

· The percentage of fraudulent emails in spam traffic increased twenty times, reaching 2%.

· Asia and Latin America remain the most prominent sources of spam.

· The share of partner program spam went up 5.7 times, accounting for 29% of all spam.

· The percentage of emails with malicious attachments grew by 1.17 percentage points and averaged 5.03%.

· The share of phishing emails averaged 0.03%. Three social networks were among the Top 5 organizations targeted by phishers.

You can read the entire report here.

Mobile security is still a nascent market, but most security vendors have already begun investing significantly in an attempt to gain an early lead. Android with its unregulated Market and regular malware scares probably represents the most lucrative platform for security vendors. All the big names including Avira, Kaspersky, McAfee, and Norton have their own Android security solutions. PC Securities Lab has tested twenty of them on a sample set of 251 malwares.

The top performer was Qihoo’s 360 Mobile Safe that correctly identified 236 threats and returned no false positives. Kaspersky and Avast followed with 228 and 227 detections respectively. Qihoo, which managed to edge out more well-known global players, is China’s leading mobile security vendor with more than 40% market share. It’s worth noting that PCSL is also based in China, and it is possible that their sample set had a significant number of local threats that could have given 360 Mobile an edge. The detailed report, which is expected to be published later this week, could shed some light on the sample set.

Popular products like Lookout, Norton, ESET, and Webroot chose to be anonymous, which is just as well because most of them found themselves in the bottom half of the list. The results summary is below.

Microsoft has made the beta for the new version of Microsoft Security Essentials (MSE) available for public widely. Earlier, the beta was only available for a limited number of beta testers.

The download isn’t straightforward though. You need to click the Download Now link on the Microsoft Security Essentials homepage that would take you the MSE beta page on Microsoft Connect (Windows Live ID required). The current beta build is version 4.0.1111.0. The beta is available both as 32-bit edition (8.87 MB) and 64-bit edition (11.04 MB). The software supports Windows XP with Service Pack 3, Windows Vista with Service Pack 1 or 2, and Windows 7 with Service Pack 1.

This latest version includes the following new features and enhancements to better help protect your PC:

• Cleans highly impacting malware infections automatically, with no required user interaction
• Enhanced performance
• Simplified UI
• New and improved protection engine

While, Microsoft Connect is used to engage with beta testers by encouraging participation in surveys to report results or submitting bugs, the MSE Beta page doesn’t have those available at this moment though.

Twitter has recently acquired Whisper Systems, a mobile security and privacy company that specializes in Android security and is still in its beta stage.

Whisper Systems provides security and management solutions that transform consumer phones and tablets into enterprise-ready devices.

The driving factor for Whisper Systems’ work with security, was their dissatisfaction with the state of mobile security. This led them to modify the entire Android stack and include security features at different layers. After rigorous fine-tuning, they came up with a modified Android kernel and called it the  Whisper Core. Whisper Core was the same Android kernel, but with an enterprise-level security. Some of the enterprise security features in Whisper Core were:

• Full disk encryption, SD card encryption and smudge resistant unlock patterns
• Network security though a firewall
• Encrypted backup to the cloud
• Selective app permissions
• An SDK for developers

This was enough to impress Twitter. Now, Whisper Systems will undergo a transition, during which their systems will go offline. Whisper Systems announced their acquisition, saying,

We started Whisper Systems with the goal of improving security and privacy for mobile devices. We were attracted to this not only because we saw it as an opportunity to reinvent the security solutions that never really worked in the PC environment to begin with, but also because the stakes are much higher — due to the nature of mobile devices themselves — and we didn’t like the way that things were looking.

We ended up tackling the full stack — all the way from application-level solutions at the top of the stack, down through a  hardened version of Android, to  kernel modifications  at the bottom of the stack. Along the way, we learned a lot, and developed products that we are proud of.

Now that we have been acquired by  Twitter, we are looking forward to integrating our technology and our expertise into Twitter’s products and services.

With the acquisition of Whisper Systems, Twitter has also acquired security related IP on Android. This will help Twitter create a secure system for its users by integrating security in the Android system itself and minimizing intervention from the user. The Whisper Systems team will start working with Twitter soon.

(Via: @babelsquirrel)

According to a study by McAfee, Katrina Kaif is the most dangerous celebrity in the Indian cyber space. While Katrina has a huge fan following and is one of the most searched celebrities on the Web, this would be an awkward sobriquet. She is followed by Deepika Padukone and Kareena Kapoor in the Most Dangerous Indian Celebrity’ revealed by McAfee after they researched popular culture’s most famous people to reveal the riskiest celebrity sportsmen, actors, and politicians across the Web.

The cyber criminals create malicious software and online threats designed to steal personal information around fans looking for results on search engines using strings such as name of celebrity’ combined with words like free downloads’, hot pictures’, screen savers’, and videos’.

“In a celebrity crazy country such as India, cyber criminals find it very lucrative to use the names of popular figures as keywords to lure people to websites with malicious software. This year’s study found movie stars top the most dangerouslist, while sports stars and politicians are among the safest.

- Venkatasubrahmanyam Krishnapur, Senior Director, McAfee India

The top 10 celebrities in India with the highest risk percentages are:

1. Katrina Kaif
2. Deepika Padukone
3. Kareena Kapoor
4. Saif Ali Khan
5. John Abraham
6. Priyanka Chopra
7. Aishwarya Rai Bachchan
8. Bipasha Basu
9. Aamir Khan
10. Shah Rukh Khan

The study for Most Dangerous Celebrity’ used the McAfee SiteAdvisor site ratings which indicate the sites that are risky to search for celebrity names on the web and calculate an overall risk percentage. McAfee SiteAdvisor technology tests and rates nearly every trafficked site on the Internet and uses red, yellow and green icons to indicate the website’s risk level.

FBI has released details of its Operation Ghost Click which led to the arrest of six operators of an internet fraud ring that had created and distributed a malware called DNSChanger. All of the arrested men were of Estonian descent and worked primarily from Estonia and Russia.

DNSChanger changed the DNS settings of the host computer, so that when a user of the affected system tried to open a webpage, he/she would be re-routed to a website or advertisement as decided by the hackers. The victims were also directed to websites with other potential malware. They had infected about 4 million computers in 100 different countries. United States alone had almost 500,000 DNSChanger infected PCs ranging from those owned by individuals to enterprises to even those used by NASA. The hackers are believed to have gotten at least 14 million dollars from the fraud.

As Janice Fedarcyk, Assistant Director in Charge of FBI’s New York office, read out in a statement,

The harm inflicted by the defendants was not merely a matter of reaping illegitimate income. The defendants also inflicted the following:

They victimized legitimate website operators and advertisers who missed out on income through click hijacking and ad replacement fraud.

Unwitting customers of the defendants’ sham publisher networks were paying for Internet traffic from computer users who had not intended to view or click their ads.

Users involuntarily routed to Internet ads may well have harboured discontent with those businesses, even though the businesses were blameless.

And then there is the harm to the users of the hijacked computers. The DNSChanger malware was a virus more akin to an antibiotic-resistant bacterium. It had a built-in defence that blocked anti-virus software updates. And it left infected computers vulnerable to other malware.

The rogue DNS servers have been replaced by genuine ones so that the affected users do not have to face disruption of internet services. But do note that this process does not remove the actual virus from the affected system. FBI has released a PDF document with details on how to check whether your system is infected. They have also released a range of rogue IP addresses that was used by the gang.

The details on how to find your IP address and help on cleaning up your system is also detailed in the PDF document mentioned above.

Do you, at times, wonder whether your accounts have been compromised? If the answer is yes, you can now verify your doubt by using a service appropriately called PwnedList (Pwn is a jargon used by hackers to imply that an account has been compromised).

It was developed by two security researchers – Alen Puzic and Jasiel Spelman, of DVLabs. They explain the birth of PwnedList as:

The site started out as small research project with a rather simple premise. To discover how many compromised accounts can be harvested programatically in just a couple of hours. Well, needless to say, the results were astonishing. In just under 2 hours we had close to 30,000 accounts, complete with logins and passwords. The truly scary part, however, was the quality of data we were able to collect in such a short amount of time. The accounts we were able to retrieve consisted of email services, social media sites, merchants and even financial institutions. It was clear that something had to be done.

At that moment PwnedList was born. We wanted to create a simple one-click service to help the public verify if their accounts have been compromised as a part of a corporate data breach, a malicious piece of software sneaking around on their computers, or any other form of security compromise.

All you have to do is head to PwnedList.com and enter your email id or username in the text box and click Check. The data is then compared with SHA-512 hashes of harvested account dumps stored as key value pairs. The site says that the entered data is used only once for the search and is not stored. Still, if you don’t want to enter your username/email, you can use the SHA-512 hash of your email (or username) instead.

So, what if your email or username is identified in their database? Immediately change their passwords as well as passwords of your other accounts just to be on the safe side. See my article, The Layman’s Guide to Computer Security  for tips on creating a strong password.