Google announced on Thursday that the company has begun to take a more active approach to keeping malware out of the Android Market. The search giant is using a new service called “Bouncer” to search through the Market for potential malware. Bouncer will scan new applications, ones already in the Market, and developer accounts for known malware, spyware, trojans and misbehaving apps. The service has been running for some time and between the first and second halves of 2011, the company reports a 40% decrease in the number of potentially-malicious downloads from the Android Market. The drop comes as security companies have been reporting that instances of malicious applications are on the rise. Google also said Android is designed to prevent malware from doing any critical damage. “In addition to using new services to help prevent malware, we designed Android from the beginning to make mobile malware less disruptive,” the company wrote on its blog. “In the PC model, malware has more potential to misuse your information. We learned from this approach, designing Android for Internet-connected devices.”

Read

Twitter finally appears to be preparing a new wave of attacks on the malicious spammers that have overrun the popular social network during the past year. Web security firm Dasient on Monday announced that it has been acquired by Twitter. ”Since its inception, Dasient has been focused on solving web-scale security problems involving malware and other types of online abuse,” the firm noted in a blog post. “In 2009, Dasient launched its web anti-malware platform, capable of scanning URLs and websites for the presence of harmful content. In 2010, Dasient launched the industry’s first anti-malvertising service to protect ad networks and publishers from the scourge of malicious ads. Over the last year, we have been very active in securing the ads and content of the some of the industry’s largest ad networks and web sites.” The firm is seen as playing a large role in securing new self-service advertising efforts Twitter is preparing to roll out in the near future. A secondary benefit to end users, however, is that the link-spam currently plaguing members of the social network may be quelled as part of Twitter’s efforts with Dasient technology.

Read

Apple sold 925 iPhone 4S handsets each minute during the device’s debut weekend, and it sells 81 iPads every 60 seconds on average. Research In Motion sells 103 BlackBerry phones, Amazon sells 18 Kindle Fire tablets and Microsoft sells 11 Xbox 360 consoles every minute. More than 700 computers are purchased around the world every 60 seconds, and 232 of them are infected by malware. That malware stat seems surprisingly low, however, when you consider that 2 million people watch online porn every minute. Read on for more.

Website design firm GO-Globe recently spread a variety of technology-related stats out across an infographic and the result helps us put a lot of things in perspective. Beyond the scary amount of Internet porn watched around the world, we can see just how entrenched various consumer electronics and digital goods and services have become in modern life.

Eleven million conversations take place using various instant messaging platforms every 60 seconds, 2,100 people check in using foursquare and 1,100 acres of virtual land are farmed in FarmVille. Thirty-eight tons of e-waste is generated around the world every minute, though we’re not sure if that stat includes all of the virtual land in FarmVille.

Every minute, $219,000 worth of payments are made using PayPal, $10,000 of which is sent from mobile devices. EBay is used to purchase over 950 items each minute and more than 180 of those purchases are made using mobile phones or tablets.

Surprisingly, perhaps, physical media maintains a huge presence in our lives despite the advent of the digital age. Four hundred and fifty Windows 7 discs are sold, 1,400 Redbox DVDs are rented and a staggering 2.6 million CDs containing 1,820 terabytes of data are created each minute. Four thousand USB devices are sold every 60 seconds as well, along with 2,500 ink cartridges.

It’s amazing how much happened every 60 seconds in 2011 and as the year draws to a close, we can’t wait to see what each minute will hold in 2012.

Microsoft’s senior director of Windows Phone communications Bill Cox said Thursday that more than 3,200 people replied to Microsoft’s request for stories about malware-infected Android smartphones. Microsoft had asked Android users to send in their malware horror stories and said it would provide free Windows Phone devices to those with the best tales. It isn’t clear if the number of responses actually represents Android users with malware troubles, or if the number of submissions was padded by people looking to get lucky and score a free phone. It’s no secret there are a number of malicious Android applications in the market; mobile security firm Lookout Mobile Security recently reported that more than $1 million was stolen from Android users in 2011 through the use of malicious apps. Still, Windows Phone isn’t exactly a post child for security, either. A flaw was recently discovered that allows a simple text message sent to a Windows Phone to render its messaging hub completely useless. 

[Via WinRumors]

Read

The Carrier IQ scandal has shifted attention from malicious mobile threats to carrier-sourced spyware over the past month, but a new report suggests the threat of more serious mobile malware continues to intensify. More than $1 million was stolen from Android smartphones alone in 2011 according to Lookout Mobile Security, which pulled data from more than a million apps and 15 million handsets around the world to compile its 2012 Mobile Threat Predictions report. The likelihood of an Android user encountering malware grew from 1% to 4% in 2011, and Lookout expects the trend to continue in 2012. Read on for more.

“2011 was a watershed year in terms of the types threats we saw emerging,” Lookout co-founder and CTO Kevin Mahaffey said in a statement. “Threats had greater sophistication and were deployed using more innovative and efficient distribution methods. In 2012, we expect to see the mobile malware business turn profitable. What took 15 years on the PC platform has only taken the mobile ecosystem two years.”

The firm highlights mobile pickpocketing — malware that steals money by making unauthorized use of carrier billing features — mobile botnets and browser attacks as specific threats that will intensify in 2012. Android users in particular now have a 36% chance globally of clicking an unsafe link, and those odds increase to 40% in the U.S. according to Lookout. The firm’s full press release follows below.

Lookout Unveils 2012 Mobile Threat Predictions: Mobile Pickpocketing, Botnets and Automated Repacking Will Be On the Rise

More than $1 Million Stolen from Android Users in 2011; Likelihood of Annual Malware Infection Rises to 4%

San Francisco – December 14, 2011 – Lookout Mobile Security, the global leader in mobile security, today unveiled its 2012 Mobile Malware Predictions, based on data collected from its Mobile Threat Network, which includes more than one million apps and 15 million user devices worldwide. Mobile threats are on the rise – Lookout estimates that mobile threats successfully stole more than one million dollars from Android users in 2011. In 2012, Lookout predicts that the criminal business of malware will be more profitable than ever before as the possibility of monetizing mobile devices grows and the cost of infecting devices lessens.

In the report, Lookout reveals that the annual likelihood of an Android user encountering malware today has increased to 4% up from a 1% likelihood measured at the beginning of 2011. Web-based mobile threats are also an important component of Lookout’s research, and the company found Android users worldwide have a 36% chance of clicking on an unsafe link in 2011. In the United States, the likelihood of encountering an unsafe link is higher than the global average at 40%. Additionally in the report, Lookout anticipates the methods that would-be thieves will use to target mobile users directly and discusses tips for consumers to protect themselves.

“2011 was a watershed year in terms of the types threats we saw emerging. Threats had greater sophistication and were deployed using more innovative and efficient distribution methods,” said Kevin Mahaffey, co-founder and chief technology officer at Lookout. “In 2012, we expect to see the mobile malware business turn profitable. What took 15 years on the PC platform has only taken the mobile ecosystem two years.”

Mobile Malware Monetization Trends

Mobile Pickpocketing (SMS/call fraud). In 2012, Malware writers will continue to steal money directly from consumers by accessing their mobile devices’ ability to charge phone bills via SMS billing and phone calls. Earlier this year, Lookout identified GGTracker, the first mobile malware that steals money from users in the U.S and earlier this week Lookout identified another Android Trojan, RuFraud, targeting Eastern European users.

Botnets. To date, Lookout notes botnet networks have yet to be used at scale. In 2012, Lookout anticipates malware writers could secretly integrate thousands of mobile devices into extensive botnet-like networks to distribute spam, steal private info, and install other malware. DroidDream and Geimini are examples of botnets.

Vulnerable Phones. Due to the difficulty of updating software and patching vulnerabilities on mobile phones, malware writers will continue to exploit iOS and Android OS at a pace greater than vulnerabilities can be resolved.

Mobile Malware Distribution Trends

Automated Repackaging. Malware writers will develop tools that enable the automatic repackaging of malicious applications. Lookout has seen instances where several infected apps were packaged by the same developer within a matter of seconds – quicker than someone could do manually – so the means for automated repackaging may already be in existence.

Browser Attacks. As with PC-based threats in the past, malware writers will attempt to profit via Web-based distribution like email, text messages and fraudulent websites. Even iOS devices have been targeted by websites designed to jailbreak them. In 2012, Lookout expects a continued increase in mobile phishing and messages linked to websites that automatically install malware.

Malvertising. Instances of malvertising (genuine-looking advertisements that link back to fraudulent sites) will continue to increase. Given this method has been successful with Trojans like GGTracker, we expect other malware writers to try similar distribution tactics.

For the in-depth predictions, data and accompanying graphics, please see Lookout’s Mobile Malware Predictions: http://blog.mylookout.com/blog/2011/12/12/2012-mobile-threat-predictions.

Investment in mobile security will increase 44% annually through 2015 according to a recent research report from Canalys. Reportedly, just 4% of smartphones shipped last year were sold with security software pre-installed. Canalys suggests that, by 2015, more than 20% of all smartphones and tablets will run some form of security software and mobile security will be a $3 billion market. The research firm attributes the growth to an increase in pressure from enterprise customers, and it expects the usage of client security products such as antivirus software, VPN encryption and firewalls will grow an average of 54.6% annually to 2015. “Enterprises must adopt a holistic view of mobile security, as there is no single solution that provides complete protection,” research analyst Nushin Hernandez said. “A more robust approach, even compared to that used to protect typical notebooks and desktops, is needed.” Read on for the full press release from Canalys.

Mobile security investment to climb 44% each year through 2015

Canalys today announced its updated worldwide mobile security forecast, estimating an average investment growth of 44.2% per year, reaching $759.8 million by the end of 2011 and turning into a $3 billion market opportunity in 2015.[1]

According to Canalys figures, only 4% of smart phones and pads shipped in 2010 had some form of mobile security downloaded and installed, highlighting a low end-user awareness level and the relative infancy of the market. Mobile security uptake is anticipated to rise rapidly over the next four years, as enterprises conform more strictly to data protection and compliance practices, and consumers begin to understand the impending security threat to their personal data. Canalys forecasts that by 2015 over 20% of smart phones and pads will have mobile security software installed.

Over the next two years, Canalys expects device management to drive adoption of mobile security-related products, with businesses deploying solutions to track, monitor and authorize corporate data access, as consumers bring their devices into the workplace. These solutions will increasingly be tied to enterprise app stores, so that only approved apps can be downloaded and only devices with approved apps installed can access corporate resources.

After that period, the threat landscape is predicted to become extremely volatile, as more hackers target mobile devices as a means to financial gain. Enterprises and consumers alike will increasingly implement mobile security solutions to remove problems that have already infected their devices. This will turn mobile client security into the main driver, with device management a required layer in a more complete solution. Canalys expects mobile client security, which includes anti-virus, firewall, messaging security, web threat security, VPN functionality and encryption, to grow on average by 54.6% each year to 2015.

Until now, North America has led mobile security adoption, primarily due to enterprises adhering to data compliance regulations. Investment in the more mature Western European markets is poised to accelerate though, as enterprise mobility and consumerization trends pick up speed. Developing countries in Latin America, Asia, Africa and the Middle East will experience a sharp rise in mobile security investment from 2013 to 2015, as Android continues to gain headway as the preferred operating system in more price-sensitive markets. Canalys expects a strong parallel to emerge between Android operating system growth and the volume of mobile malware threats, as the potential for more people to download compromised applications rises.

‘We’re encouraging enterprises to build a framework for mobile security that encompasses people, policies, processes and technologies,’ said Canalys Research Analyst Nushin Hernandez. ‘This vision will also create the most opportunity for channel partners, if they can step in and act as the main point of strategic consulting across multivendor product offerings.’

Today, enterprises around the world are struggling to manage a growing mobile workforce, using multiple devices and operating systems and increased data consumption. Mobility multiplies the number of attack vectors open to cyber-criminals and renders corporate data more vulnerable through physical loss of devices. Users, meanwhile, have a tendency to treat smart phones and pads as low risk, without understanding the security implications of using these devices to access corporate data and networks.

‘Enterprises must adopt a holistic view of mobile security, as there is no single solution that provides complete protection,’ said Hernandez. ‘A more robust approach, even compared to that used to protect typical notebooks and desktops, is needed.’

Operators must also ensure that their customers’ data is protected along with their own information, assets, intellectual property and brand. Mobile operators globally are experiencing increasing mobile malware attacks and are spending more time and money on recovery. Canalys anticipates attack sophistication levels to rise with time. Providing service providers with a high-level of security from a network perspective, regardless of device or operating system type, will be a key differentiator from a security vendor perspective.

Canalys expects channel-led deals to work best with vendors that offer value-add services, such as management and installation support. “Vendors will have to equip channel partners with the necessary technical training and tools, especially specialization programs, to enable them to advise on the best mobility security practices, policies and solutions,” said Hernandez. “Channel partners in turn are advised to build up their portfolios and explore the possibility of acquiring or joining forces with resellers that sell device management solutions.”

A new report recently issued by the security firm McAfee suggests that the number of malware applications targeting Android devices jumped 76% during the second quarter of this year, making Android the “most attacked” mobile operating system. “This year we’ve seen record-breaking numbers of malware, especially on mobile devices, where the uptick is in direct correlation to popularity,” senior vice president of McAfee labs Vincent Weafer said. Android users typically install the malware accidentally and assume the app is from a safe and legitimate developer. The most prevalent malware-infected modified applications were:

• Android/Jmsonez.A -  a calendar app that sends SMS texts to a premium rate number.
• Android/Smsmecap.A – a fake comedy app that sends SMS texts to everyone in the user’s address book.
• Android/DroidKungFu – malware that is capable of installing its own software and updates.
• Android/DrdDreamLite – capable of sending data back to the attacker.

McAfee also noted a number of popular Android Trojans that have been making their way through devices. In addition, the company released compelling figures for how much a hacker can sell stolen email addresses for. In the United States, for example, 10,000,000 addresses can be sold to spammers for roughly $300. Read on for McAffee’s full press release, which includes several data points for PCs, too.

McAfee Q2 2011 Threats Report Shows Significant Growth for Malware on Mobile Platforms

Report Shows Record Growth for Malware and Rootkits; Major Hacktivist Activity

SANTA CLARA, Calif.–(BUSINESS WIRE)–McAfee today released the McAfee Threats Report: Second Quarter 2011, showing that the amount of malware targeted at Android devices jumped 76 percent since last quarter, to become the most attacked mobile operating system. 2011 has also resulted in the busiest ever first half-year in malware history, including a first-ever appearance of Mac fake AV and a significant uptick in rootkits, suggesting that McAfee’s comprehensive malware “zoo” collection will reach a record 75 million samples by the year’s end.

“This year we’ve seen record-breaking numbers of malware, especially on mobile devices, where the uptick is in direct correlation to popularity”

“This year we’ve seen record-breaking numbers of malware, especially on mobile devices, where the uptick is in direct correlation to popularity,” said Vincent Weafer, senior vice president of McAfee Labs. “Overall attacks are becoming more stealth and more sophisticated, suggesting that we could see attacks that remain unnoticed for longer periods of time. High-profile hacktivist groups have also changed the landscape by drawing a line between attacks for personal gain and attacks meant to send a message.”

The report also details specific activity shaping the way cybercriminals operate, such as cybercrime “pricebooks” that determine the going rate for large email address lists, and acts of hacktivism and cyberwar.

2011 On Track to Reach Record “Malware Zoo”

With an approximate 12 million unique samples for the first half of 2011, a 22 percent increase over 2010, this has been the busiest first half-year in malware history. With the addition of Q2’s numbers, the grand total of total malware samples in McAfee’s database has reached approximately 65 million, and McAfee researchers estimate that this “Malware Zoo” will reach at least 75 million samples by the year’s end.

Android Nabs Top Spot for Most Mobile Malware

With the vast amount of personal and business data now found on user’s mobile phones, mobile malware is steadily increasing, often mimicking the same code as PC-based threats. In the second quarter of 2011, Android OS-based malware surpassed Symbian OS for the most popular target for mobile malware developers. While Symbian OS and Java ME remain the most targeted to date, the rapid rise in Android malware in Q2 indicates that the platform could become an increasing target for cybercriminals – affecting everything from calendar apps, to comedy apps to SMS messages to a fake Angry Birds updates.

Fake Anti-Virus for Apple, Rootkits and Stealth Malware Reach New Terrain

There are more Mac users than ever before, and as organizations increasingly adopt Macs for business use, Apple now has become more a target for malware authors. Though historically the Apple platform has been unaffected by fake anti-virus (fake AV) software, activity in Q2 indicates that it is now being affected. Although this type of fake AV is the first of its kind, McAfee Labs does expect fake AV in general will drop off over time.

Another malware category that is demonstrating recent steady growth is stealth malware. The tactic of hiding malware in a rootkit is used by cybercriminals to make malware stealthier and more persistent, and has seen this type of attack gain in prominence over the past year, with high-profile attacks such as Stuxnet. Stealth malware has increased more rapidly in the last six months than in any previous period, up almost 38 percent over 2010.

Acts of Hacktivism and Cyberwar Make Their Mark

Acts of hacktivism, primarily from the groups Anonymous and LulzSec, were among some of the most prominent cyber news generators for Q2. The report details hacktivist activity from Q2, with at least 20 global attacks reported in Q2 alone, and with the majority allegedly at the hands of LulzSec. The report also outlines acts of cyberwar that occurred in Q2, including attacks on United States’ Oak Ridge National Laboratory, and an attack on South Korea’s National Agricultural Cooperative Federation.

Email “Black Market” for Spammers

Though spam is still at historic low levels, due in part to the Rustock takedown, McAfee Labs still expects to see a sharp rise in activity over the coming months. A common method for cybercriminals to increase their volume of spam activity is to purchase a bulk list of emails in order to flood as much spam as possible to a widespread group of people. Whether it’s a botnet or a rental service, prices vary for such enterprises, often by location. For instance, in the United States, the going rate for 1 million emails is $25, whereas in England 1.5 million emails are worth $100.

For more information on trends related to hacktivism, cyberwar, web threats and malware, please download a full copy of the McAfee Threats Report: Second Quarter 2011 at http://www.mcafee.com/us/resources/reports/rp-quarterly-threat-q2-2011.pdf

AT&T announced on Thursday that it has teamed up with Juniper Networks to offer improved mobile security options for its customers. AT&T said that it expects the first “phase” of its security roll-out to be available to businesses, organizations and customers later this year when it launches the AT&T Mobile Security application. It can help businesses enforce security policies, manage enterprise and personal devices, and enable anti-virus protection with monitoring and control tools. In addition, the application can protect consumers from viruses and malware. “Mobile security is the ‘next frontier’ for our continued effort to mitigate cyber-threats and to help protect our customers’ information,” said Ed Amoroso, chief security officer, AT&T. Read on for the full press release.

AT&T Invests in Mobile Device Security Platform

Agreement with Juniper Networks Helps Build Innovative Service Portfolio to Protect Devices from Security Threats

Recognizing the need to protect consumer and enterprise mobile devices from the increasing number of cyber attacks, AT&T* is investing in a new mobile security platform. It will allow customers to better protect their devices against security threats.

AT&T has executed an agreement with Juniper Networks to deliver this security capability and additional services based on the platform in the future. This new agreement is part of AT&T’s mobile security strategy to manage and protect smartphones and customer information.

AT&T’s strategy – which is distinguished from other approaches to mobile security – is to provide a comprehensive security solution that will integrate wireline and wireless security policies for consumer, enterprise and government customers.

The first phase of the platform – the AT&T Mobile Security application – is expected to be available later this year and is based on the Juniper Networks® Junos® Pulse solution.

The AT&T Mobile Security application will help:

• Businesses and Organizations
  • Maintain compliance with government regulations
  • Enforce security policies
  • Manage personal or enterprise-owned devices
  • Enable anti-virus, anti-malware, and application monitoring and control

• Consumers
  • Protect mobile devices with anti-virus, anti-malware, and application monitoring and control

“Enterprises drive employee productivity by anytime access to network resources, but the implications of data loss and malware proliferation creates real concerns for enterprise IT security. AT&T’s vision and approach to mobile security is the right one at the right time”, said Christine Liebert, senior analyst for Security Services at IDC. “AT&T is offering enterprises the ability to remotely remove or encrypt data on mobile devices and to have this function centrally administered. This should help businesses control what type of data can be downloaded to a smartphone or tablet, one of the biggest enterprise security risks.”

“Mobile security is the ‘next frontier’ for our continued effort to mitigate cyber-threats and to help protect our customers’ information,” said Ed Amoroso, chief security officer, AT&T. “With the help of Juniper Networks and the power of AT&T Labs and the AT&T Mobility Security Research Center behind us, we’ll be able to deliver new security capabilities to provide peace of mind to companies and consumers alike.”

“We are proud to work with AT&T to help them protect their most important asset, their customers,” said Mark Bauhaus, executive vice president and general manager of the Device and Network Services business group at Juniper Networks. “Teaming with AT&T to bring this unique and comprehensive mobile security solution to market will enable a vast number of consumers and enterprises to have state-of-art security features in their mobile life and be better protected from malicious threats.”

Brooklyn-based artist Kyle McDonald finds himself in hot water after secretly photographing Apple Store customers while they shopping for computers. “I thought maybe we could see ourselves doing this we would think more about our computers and how we’re using them,” McDonald told Mashable. Without the staff’s knowledge, the 25-year-old installed software on computers at two Apple Store locations in New York that used their integrated webcams to capture photos every 60 seconds. The software then automatically sent the photos to McDonald. The electronic artist published his project on his site and a dedicated Tumblr blog, and eyebrows were raised soon after. Mashable reports that McDonald was soon approached by the U.S. Secret Service, and his personal computers have been confiscated as part of the investigation into alleged computer fraud. McDonald says he did get Apple Store security guards’ permission to take photos in the stores, and he also asked permission while photographing patrons — with his handheld camera. McDonald makes no mention of gaining Apple’s permission to install software on display computers that secretly snaps photos and sends them to McDonald behind the scenes. A video of McDonald’s project can be viewed below.

Read

The small group of hackers known as Lulz Security, or simply “LulzSec,” would never disband without one final round of fun. BGR reported on Monday that the group’s reign of terror was coming to an end after 50 lul-filled days. During that period of time, LulzSec released data stolen in a series of online breaches with targets ranging from Sony to the U.S. Government. In its coup de grâce, LulzSec released a stash of stolen data from a variety of targets, including AT&T, Disney and the U.S. Navy. But data obtained through online breaches wasn’t the only thing LulzSec stuffed into the file; a directory named “BootableUSB” also contained a variety of malware including trojans and worms. While “LulzSec” is no more and its notorious Twitter account now sits dormant, members of the well-known hacktivism group “Anonymous Operations” have confirmed that LulzSec is gone in name only — the six LulzSec members have been absorbed by Anonymous, according to the group’s official Twitter feed.

Read

Mac users have recently been targeted by a phishing scam that falsely claimed their computers were infected with a virus. Upon being redirected to an illegitimate website, users were instructed to install “Mac Defender,” which was malware masquerading as an antivirus application. Until recently, Apple had reportedly instructed its AppleCare support reps to deny any existence of the problem and said reps should “not remove or uninstall any malware” found on a computer. On Tuesday, however, Apple finally acknowledged the issue and posted instructions on its support forums that cover how to avoid and remove the Mac Defender malware. Hit the jump for Apple’s instructions.

Removal steps

• Move or close the Scan Window
• Go to the Utilities folder in the Applications folder and launch Activity Monitor
• Choose All Processes from the pop up menu in the upper right corner of the window
• Under the Process Name column, look for the name of the app and click to select it; common app names include: MacDefender, MacSecurity or MacProtector
• Click the Quit Process button in the upper left corner of the window and select Quit
• Quit Activity Monitor application
• Open the Applications folder
• Locate the app ex. MacDefender, MacSecurity, MacProtector or other name
• Drag to Trash, and empty Trash

[Via The Register]

Read

AppleCare representatives can do a lot of things for Mac owners suffering software issues… except when it comes to malware. In an internal support article leaked to ZDNet, Apple instructs its call center representatives on how to handle calls from users reporting that they have a machine infected with the “Mac Defender” malware trojan. And, as you can see, Apple is definitely taking the hands-off approach. “AppleCare does not provide support for the removal of the malware,” reads the memo. “You should not confirm or deny whether the customer’s Mac is infected or not.” Apple certainly isn’t the first company to instruct its support representatives to shy away from virus/malware assistance, but it is notable as it is the first major Mac OS X virus that — thanks to some moderate social engineering — is propagating. Apple has yet to issue a public statement about the software’s existence or infection levels. The full memo is after the break.

Read

While investigating several Android Market applications that appeared to be duplicates, Reddit user lompolo discovered several apps that provide an extra, and definitely unwanted, service. The applications in question contain an exploit that, when downloaded, automatically root the Android handset. Not only that, the apps — 21 in total — also contain an embedded .apk file that can accept remote code and upload device information (like your IMEI) to a server in California. The malicious bundles were published by user Myournet and some of the individual applications have been downloaded over 50,000 times each. Once alerted of the potential malware, Google investigated and removed the code from the Market and users handsets. Unfortunately, that doesn’t have any effect on data already compromised by downloaders of the rogue applications. Google has yet to publicly comment on the incident.

UPDATE: More information about the exploit and affected applications can be found here.

Read

The Duo seems to have been a failed experiment for battery maker Energizer in more ways than one. Sales of the USB nickle-metal battery charging station never really took off, and now, via a press release, the company has announced the monitoring software distributed with the Duo packs a fairly nasty Windows trojan. The rogue code, according to Computerworld: “listens for commands on TCP port 7777… can download and execute files, transmit files stolen from the PC, or tweak the Windows registry. The Trojan automatically executes each time the PC is turned on, and remains active, even if the Energizer charger is not connected to the machine.” Energizer released a statement saying: “Energizer is currently working with both CERT and U.S. government officials to understand how the code was inserted in the software.” 

Read

As deep as we are into S60 3rd Edition’s lifespan, malware was sure to rear its ugly head at some point. In fact, we are still pretty impressed that it’s taken as long as it has. While this newly-discovered worm is not the first instance of S60 malware, it certainly appears to be the most tenacious and dangerous. Dubbed “Sexy View” or SymbOS/Yxes.A!worm, the malware indeed contains a valid Symbian Signed certificate and runs the process “EConServer.exe”. It performs three known attacks: First, it seeks out certain running processes on your handset and terminates them. Then it gathers phone numbers from the handset’s contact list and transmits SMS messages to as many numbers as it can collect. The sent messages contain a URL and if an S60-toting recipient visits the address, his or her handset may become infected as well. Lastly, the worm gathers certain sensitive information about the handset such as IMEI and phone number, and posts the data to a remote server. In other words, this worm is bad news. For the time being, “Sexy View” is thought to only affect OS 9.1 devices though it may also affect OS 9.2. So, S60 users, if you find your contacts pinging you to ask why you’re sending them messages with odd URLs, it may be time to head to the clinic. Both Fortinet and F-Secure claim their mobile antivirus solutions will combat the worm but if you confirm your handset is infected, wiping it should solve your problem for free.

Thanks, Dub!

Read