THERE IS A NEW ANDROID INFECTION OUT THERE

[AND IT'S QUITE, THE "TIGER"]

From Trend Micros Blog - "Mobile security researchers reported the emergence of an Android malware called Tigerbot. The said malware is actually an app called Spyera, which we detect as ANDROIDOS_TIGERBOT.EVL. The said app was found in third party Chinese app stores.

We tried to analyze this app to check if it is indeed malicious. Below are our findings:

Installation
When installed, ANDROIDOS_TIGERBOT.EVL shows a different icon, usually that of a legitimate application. Some malware use the same routine to trick users into thinking that it is a harmless file. The fact that Tigerbot uses the same installation routine raises questions on the intention of this application.

Capabilities
READ THE FULL ARTICLE ON TM's BLOG HERE!



Survey scams are web pages that require users to disclose sensitive information in exchange for a supposed prize they won or a free item. Users are typically lead to these pages via malicious wall posts that leverage celebrities, events, or other popular news items. Below are some of the scam activities that we have previously seen targeting Facebook users:

• Free iPad 3 Scams Steer Users to Bad Sites
• Cybercriminals Leverage Whitney Houston’s Death
• Free ‘Breaking Dawn Part 2′ Tickets Scam Spreads in Facebook

This, along with many other similar threats, is blocked by the Smart Protection Network™ – and thanks to our new partnership, by Facebook as well. The infographic below shows how Trend Micro protects Facebook users from malicious attacks by using the data from the Smart Protection Network™.

This is from an article on Trendmicro's Blog, which you can read HERE.

DON'T BE FOOLED BY CURRENT EVENTS

Last week it was the Olympics, this week it's N.Korea's Rocket launch. From Trendmicro's Blog:

"During the second of week of April, the most talked about news was North Korea’s failed attempt to launch a rocket. As expected, the bad guys are on the prowl for the next social engineering bait and the said news item was found the be the fitting choice.

The file we found was named North Korea satellite launch eclipses that of Iran.doc. The said file, detected as TROJ_ARTIEF.DOC, may arrive as an attachment to an email message. Once executed, this Trojan exploits the vulnerability in RTF Stack Buffer Overflow Vulnerability (CVE-2010-3333) to drop the backdoor BKDR_POISON.DOC onto the system."

Read the whole story HERE.

FOR THOSE OF YOU WHO HEARD THAT THE MAC INFECTION HAD BEEN CONTAINED

[IT ISN'T]

CLICK ON CHART FOR LINK TO STORY

Google Warns 20,000 Websites That Could Be Infected With Malware

"Google has warned 20,000 websites that they might be hacked and injected with JavaScript redirect malware, Google said.
In a message sent this week, Google said that some pages of the website may be hacked. "Specifically, we think that JavaScript has been injected into your site by a third party and may be used to redirect users to malicious sites," the Google Search Quality team said." Read the entire article on PC WORLD.

YIKES!!

I MEANT "SKYPE"

Fake Skype Encryption Software Cloaks DarkComet Trojan - Yes Skype users, I suggest you read about the latest Trojan you can pick up via the internet of course. Read the story HERE.

I SMELL A RAT. DO YOU SMELL A RAT?

[RAT = Remote Access Trojan]

Fresh off PCWorlds website (1hr 15min ago):

"Computer Trojan Horse Steals Credit Card Details From Hotel Reception Software"

A remote access computer Trojan (RAT) designed to steal credit card details from hotel point-of-sale (PoS) applications is being sold on the underground forums, researchers from security firm Trusteer said in a blog post on Wednesday.

Read the full article HERE.

New Mac OS X Trojan unearthed. Call it SabPub

The folks at Kaspersky Lab report that there's new Mac malware in the wild, called Backdoor.OSX.SabPub.a. There are at least two variants being spread through Java exploits.

FULL STORY HERE

DROID....?

" ..the first quarter of 2012 veered away from attacks that led to data loss and, instead, focused on mobility. The mobile threat incidents we’ve seen in the first quarter remained true to one of 2012 predictions—Android-based smartphones will continue to be a likely target for cybercrime. Trend Micro, in fact, identified approximately 5,000 new malicious Android apps in just the first three months of the year most likely due to the increase of Android user base."

Read the entire article HERE.

TAKING A SLIGHT DETOUR FROM "DOOM & GLOOM"

Actually, I'll have some "Doom & Gloom" virus info towards the end of this post, but I thought I'd put my into-the-near-future goggles on and see what is in store for us this year.

First on my list is a plan Walmart spear-headed to turn your DVD's into digital, streaming video (followed by Dreamworks this week). The idea is to get rid of all the clutter an space your DVD and Blu-Rays use, for streaming video copies available via (insert company name here) their "Cloud". I'm not sure I'm ready to turn in something physical for something that isn't and let a not-quite-security-proof concept called the "Cloud", take care of things for me. What are your thoughts about this?

Next on the list are SSD drives (solid-state drives which are much like a very large USB flash drive, only taking place of your motorized, platter spinning hard disk you now use). 60 GB SSD's are now in the $80-$95 price range, which would make your PC/Laptop boot time really snap. Would I trust one of these to store vital data, photo's, music, or movies on? No. For a MS Windows boot drive - yes.

Firefox 3.6 users pay attention: Mozilla will stop upgrades and security fixes to this version by next week. It makes no sense for you to be at 3.6 at this point and upgrade to the latest, most secure version available, which is Firefox 11 (yes, ELEVEN). While not a great analogy, it's like using I.E. 6 when you can us I.E. 8 and be more secure while on the Internet.

A rough version of Windows 8 has been available for download for about a month now, and there are ways to use your iPad to remote connect into a PC running Windows 8 beta so you can see how it would work on a touch screen. Windows 8 (at this time) is supposed to come in 4 versions - Home, Business, ARM-Chip devices, and Large Enterprise.

Regarding the huge breach in Apples OS (600K and counting), APPLE has released a standalone removal program namedFlashback Malware Removal Tool, which the company says “removes the most common variants of the Flashback malware.” And if you have recently downloaded a new app to your iPhone or iPad, you may have come across APPLES new security layer, which makes you verify your login, password, come up with 3 security question/answers, and finally, give them an alternate email address for verification. Oh, and speaking of APPS....ADOBE has a Photoshop APP for both Android and IOS devices for $9.99.

On Trendmicro's Security Blog, they have discovered multi-threat Trojans that blend several variations within it's payload. Direct from their Blog: Days after Microsoft released six bulletins, we now have just spotted a number of Trojanized RTF files circulating in-the-wild. The said files are exploiting CVE-2012-0158, which is included in MS12-027. That particular bulletin affects a number of Microsoft programs, particularly versions of MS Office, Visual FoxPro, Commerce Server, BizTalk Server, as well as SQL Server." Read the rest of the story HERE.

MAC INFECTIONS STATS

Android Trojan Found in Japanese-Themed Apps

Full story HERE.

ANDROIDS USERS BEWARE OF ANOTHER KIND OF BIRD

Yes, a malware-ridden version of "Angry Birds" -

"According to the security experts at Sophos, there is one particular version of the app which has become widespread enough to cause concern. The program disguises itself as a completely legitimate download of the popular mobile game, but then digs deep within your handset's operating system and installs code that may compromise any information you have stored."
FULL STORY HERE.

FROM THE TRENDMICRO BLOG:

Ransomware Takes MBR Hostage

We have encountered a ransomware unlike other variants that we have seen previously. A typical ransomware encrypts files or restricts user access to the infected system. However, we found that this particular variant infects the Master Boot Record (MBR), preventing the operating system from loading. Based on our analysis, this malware copies the original MBR and overwrites it with its own malicious code. Right after performing this routine, it automatically restarts the system for the infection take effect. When the system restarts, the ransomware displays the following message:

This message prompt informs affected users that the PC is now blocked and that they should pay 920 hryvnia (UAH) via QIWI to a purse number (12 digits) – 380682699268. Once paid,they will receive a code that will unlock the system. This code will supposedly resume operating system to load and remove the infection. This particular variant has the “unlock code” in its body. When the unlock code is used, the MBR routine is removed.

Trend Micro detects this ransomware as TROJ_RANSOM.AQB and the infected MBR as BOOT_RANSOM.AQB.

FULL STORY HERE.

Utah breach 10X worse than originally thought
SSNs on 280K exposed; names, birth dates of another 500K compromised

Computerworld - "The scope of a data breach involving a Medicaid server at the Utah Department of Health is much worse than originally thought. State officials now say that close to 280,000 Social Security Numbers may have been exposed in the incident instead of 25,000, as originally believed."

Read article HERE.

Apple's security code of silence: A big problem

"Security industry insiders have long known the Mac platform has its holes. The Flashback Trojan is the first in-the-wild issue that's confirmed this, and big-time. More will follow unless Apple steps up its game."

Read more HERE.

JUST A REMINDER ABOUT MICROSOFT, AND TUESDAY....

Critical Microsoft Patch Fixes Windows, Office, and IE

"Microsoft last week said it will issue six security updates next week, four of them critical, to patch 11 bugs in Windows, Internet Explorer, Office, SQL Server and its virtual private networking platform. One of the updates, labeled Bulletin 4, looks like the one that should top the to-do list next Tuesday when Microsoft ships its monthly security updates, said a security expert. "

And you'll find this article HERE.

CONTINUING COVERAGE OF THE RECENT "MAC-ATTACK":

Mac Malware Outbreak Is Bigger than 'Conficker'

"The Conficker botnet compromised an estimated seven million plus Windows PCs around the world at its peak. Seven million is obviously much larger than 600,000, but Windows also has a significantly higher number of PCs in use around the world." [Credit - PC World]

Read the entire article HERE.

Microsoft slates critical Windows, Office, IE patches next week, including 'head-scratcher'

[I just read this article from Computer World's website.]

Reveals Patch Tuesday's agenda, plans to fix 11 flaws with six security updates

"Microsoft today said it would issue six security updates next week, four of them critical, to patch 11 bugs in Windows, Internet Explorer, Office, SQL Server and its virtual private networking platform."

Read the article HERE.

MISCELLANEOUS RAMBLINGS....

Apparently the Apple bot-net infection is larger than first reported, with the US having the most infected percentage. As I've always said - "Once APPLE gets a higher percentage of the market, it will become a target", thus, APPLE users - buy a decent anti-virus package. You are no longer in an exclusive club - welcome to our nightmare.

"N" EQUALS WHAT???

Every wireless device that is sold today comes with "N" capabilities, but what you (as the buyer) should verify, is that whatever adapter is in your Laptop, or USB Desktop, it is a true dual-band device. A-N will run fine on 2.4MHz, but if you've gone to the trouble of buying a dual-band router, you should know where your "N" is going. If it's on the 2.4GHz band, you will see some improvement, however to really shine, your device should be able to match your Dual-Band router's 2.4/5ghz spec's and designate your "N" for the 5GHz range. If you're doing any streaming audio or video within your network you will notice the difference immediately.

Along with that, choose your WiFi router carefully because many do not have the ability to help you with streaming content (DLNA, or, Digital Living Network Alliance). Go to Amazon.com and check out the N600 wireless router. Only one supports this, while the other Netgear routers do not (even the more expensive model), and I can tell you that:"There is a difference".

Google patches Chrome for second time in eight days
Fixes 12 flaws and updates bundled Flash Player to patch two more

Yes Chromites, there are security holes in your browser too.

Full story HERE.

WHAT EVERY BUSINESS SHOULD HAVE

If you're thinking about free Valium dispensers or Robot workers, you're not playing in my ballpark tonight. Every business should have a detailed schematic/layout of their network along with a flow chart and login/passwords that they can keep in a PDF file, or, locked up in a file cabinet.

Maybe you think your business is too small. No business is too small, because when problems arise, if you don't have your own personal IT staff to fill-in-the-blanks, your downtime can be quite unacceptable. You don't have to sign a service contract with an outside source (unless you want to), but you should, at the least, hire a company to come in, take inventory, see how your network flows, and let them whip up a nice Visio drawing which will come in handy when disaster strikes. There are plenty of companies out there who can do this for you [Including SugarlandPC], so let's get it done before problems arise.

I HERE IT FROM CUSTOMERS WHO HAVE A VIRUS LADEN WINDOWS PC, AND EVERYONE HAS HEARD HOW SAFE APPLE PC'S ARE - SO, THIS IS FOR YOU!

600,000 Infected Macs Found In Botnet

"A Mac trojan horse spotted by security analysts since last year has infected more than 600,000 Apple computers, says Dr. Web, a Russian antivirus vendor."

READ THE FULL ARTICLE HERE.

Facebook Security Hole Found on iPhone, Android Devices

"A security flaw in Facebook’s mobile apps can be easily tapped by thieves searching for personal information about you. The problem is that Facebook's app for iOS and Android devices doesn't encrypt your login credentials, making them a sitting duck for bad apps or a poisoned USB connection."

READ THE ARTICLE HERE.

SOMETHING NEW TO KEEP FACEBOOK USERS ON THEIR TOES

"A new configuration of the Ice IX malware is tricking its victims into exposing their credit card details when they try to access their Facebook accounts, according to security firm Trusteer..."

STORY HERE.

GOOD NEWS FOR FIRE FOX USERS

As of late, I've noticed an increasing numbers of computers infected via JAVA exploits [including fake Java update pop-ups] Today I read an article on PC World about Mozilla's attempt to lessen the chances of your PC becoming infected through one of these security holes.

"Mozilla has blacklisted unpatched versions of the Java plug-in from Firefox on Windows in order to protect its users from attacks that exploit known vulnerabilities in those versions."

Read the article HERE.

MORE ABOUT THE BREACH OF CREDIT CARD DATA

"A conference call held Monday by payment processing vendor Global Payments Inc. to explain a computer intrusion that exposed data on at least 1.5 million credit and debit card holders, left unanswered questions about the breach."

READ THE FULL ARTICLE "Global Payments Breach Raises Questions" HERE.

HERE'S ONE FOR APPLE USERS

Yes, a variant (different version) of an older Trojan is making it's rounds through the Internet -


"A new variant of the Flashback Trojan that appeared last year can install itself on a Mac without need for an administrator's password."

Read the article HERE.

(actually two for APPLE)

Rare Mac Trojan Exploits Microsoft Office for Mac

"A new Mac backdoor Trojan exploits a 2009 vulnerability in Microsoft Office to break into the computers of Tibet sympathizers, though it has potential to target other OS X users."


Read the article HERE.