Are pornographic images invading your Facebook news feed? We have yet to see it here at BGR, but ZDNET recently reported that “gory, violent pictures” and “hardcore pornography” are spreading across the social network. Facebook says it is getting to the bottom of the problem, but hasn’t yet revealed a solution or how the fiasco started. “Protecting the people who use Facebook from spam and malicious content is a top priority for us and we are always working to improve our systems to isolate and remove material that violates our terms,” Facebook spokesperson Andrew Noyes said. “We have recently experienced an increase in reports and we are investigating and addressing the issue.” It is unclear who is behind the attack. As The Washington Post points out, the flood could be a trick played by the now infamous hacker group Anonymous, in celebration of Guy Fawkes Day, which occurred on November 5th, but the group typically stakes its claim on major attacks. The images, which are apparently spreading like a wild fire, could also be the result of unsuspecting users having been tricked into clicking malicious links. Updated with statement from Facebook. 

Facebook’s official statement on the matter is as follows:

“Recently, we experienced a coordinated spam attack that exploited a browser vulnerability. Our efforts have drastically limited the damage caused by this attack, and we are now in the process of investigating to identify those responsible. During this spam attack users were tricked into pasting and executing malicious JavaScript in their browser URL bar causing them to unknowingly share this offensive content. Our engineers have been working diligently on this self-XSS vulnerability in the browser. We’ve built enforcement mechanisms to quickly shut down the malicious Pages and accounts that attempt to exploit it. We have also been putting those affected through educational checkpoints so they know how to protect themselves. We’ve put in place backend measures to reduce the rate of these attacks and will continue to iterate on our defenses to find new ways to protect people.”

Read [ZDNET] Read [The Washington Post]

A new report recently issued by the security firm McAfee suggests that the number of malware applications targeting Android devices jumped 76% during the second quarter of this year, making Android the “most attacked” mobile operating system. “This year we’ve seen record-breaking numbers of malware, especially on mobile devices, where the uptick is in direct correlation to popularity,” senior vice president of McAfee labs Vincent Weafer said. Android users typically install the malware accidentally and assume the app is from a safe and legitimate developer. The most prevalent malware-infected modified applications were:

• Android/Jmsonez.A -  a calendar app that sends SMS texts to a premium rate number.
• Android/Smsmecap.A – a fake comedy app that sends SMS texts to everyone in the user’s address book.
• Android/DroidKungFu – malware that is capable of installing its own software and updates.
• Android/DrdDreamLite – capable of sending data back to the attacker.

McAfee also noted a number of popular Android Trojans that have been making their way through devices. In addition, the company released compelling figures for how much a hacker can sell stolen email addresses for. In the United States, for example, 10,000,000 addresses can be sold to spammers for roughly $300. Read on for McAffee’s full press release, which includes several data points for PCs, too.

McAfee Q2 2011 Threats Report Shows Significant Growth for Malware on Mobile Platforms

Report Shows Record Growth for Malware and Rootkits; Major Hacktivist Activity

SANTA CLARA, Calif.–(BUSINESS WIRE)–McAfee today released the McAfee Threats Report: Second Quarter 2011, showing that the amount of malware targeted at Android devices jumped 76 percent since last quarter, to become the most attacked mobile operating system. 2011 has also resulted in the busiest ever first half-year in malware history, including a first-ever appearance of Mac fake AV and a significant uptick in rootkits, suggesting that McAfee’s comprehensive malware “zoo” collection will reach a record 75 million samples by the year’s end.

“This year we’ve seen record-breaking numbers of malware, especially on mobile devices, where the uptick is in direct correlation to popularity”

“This year we’ve seen record-breaking numbers of malware, especially on mobile devices, where the uptick is in direct correlation to popularity,” said Vincent Weafer, senior vice president of McAfee Labs. “Overall attacks are becoming more stealth and more sophisticated, suggesting that we could see attacks that remain unnoticed for longer periods of time. High-profile hacktivist groups have also changed the landscape by drawing a line between attacks for personal gain and attacks meant to send a message.”

The report also details specific activity shaping the way cybercriminals operate, such as cybercrime “pricebooks” that determine the going rate for large email address lists, and acts of hacktivism and cyberwar.

2011 On Track to Reach Record “Malware Zoo”

With an approximate 12 million unique samples for the first half of 2011, a 22 percent increase over 2010, this has been the busiest first half-year in malware history. With the addition of Q2’s numbers, the grand total of total malware samples in McAfee’s database has reached approximately 65 million, and McAfee researchers estimate that this “Malware Zoo” will reach at least 75 million samples by the year’s end.

Android Nabs Top Spot for Most Mobile Malware

With the vast amount of personal and business data now found on user’s mobile phones, mobile malware is steadily increasing, often mimicking the same code as PC-based threats. In the second quarter of 2011, Android OS-based malware surpassed Symbian OS for the most popular target for mobile malware developers. While Symbian OS and Java ME remain the most targeted to date, the rapid rise in Android malware in Q2 indicates that the platform could become an increasing target for cybercriminals – affecting everything from calendar apps, to comedy apps to SMS messages to a fake Angry Birds updates.

Fake Anti-Virus for Apple, Rootkits and Stealth Malware Reach New Terrain

There are more Mac users than ever before, and as organizations increasingly adopt Macs for business use, Apple now has become more a target for malware authors. Though historically the Apple platform has been unaffected by fake anti-virus (fake AV) software, activity in Q2 indicates that it is now being affected. Although this type of fake AV is the first of its kind, McAfee Labs does expect fake AV in general will drop off over time.

Another malware category that is demonstrating recent steady growth is stealth malware. The tactic of hiding malware in a rootkit is used by cybercriminals to make malware stealthier and more persistent, and has seen this type of attack gain in prominence over the past year, with high-profile attacks such as Stuxnet. Stealth malware has increased more rapidly in the last six months than in any previous period, up almost 38 percent over 2010.

Acts of Hacktivism and Cyberwar Make Their Mark

Acts of hacktivism, primarily from the groups Anonymous and LulzSec, were among some of the most prominent cyber news generators for Q2. The report details hacktivist activity from Q2, with at least 20 global attacks reported in Q2 alone, and with the majority allegedly at the hands of LulzSec. The report also outlines acts of cyberwar that occurred in Q2, including attacks on United States’ Oak Ridge National Laboratory, and an attack on South Korea’s National Agricultural Cooperative Federation.

Email “Black Market” for Spammers

Though spam is still at historic low levels, due in part to the Rustock takedown, McAfee Labs still expects to see a sharp rise in activity over the coming months. A common method for cybercriminals to increase their volume of spam activity is to purchase a bulk list of emails in order to flood as much spam as possible to a widespread group of people. Whether it’s a botnet or a rental service, prices vary for such enterprises, often by location. For instance, in the United States, the going rate for 1 million emails is $25, whereas in England 1.5 million emails are worth $100.

For more information on trends related to hacktivism, cyberwar, web threats and malware, please download a full copy of the McAfee Threats Report: Second Quarter 2011 at http://www.mcafee.com/us/resources/reports/rp-quarterly-threat-q2-2011.pdf

AT&T announced on Thursday that it has teamed up with Juniper Networks to offer improved mobile security options for its customers. AT&T said that it expects the first “phase” of its security roll-out to be available to businesses, organizations and customers later this year when it launches the AT&T Mobile Security application. It can help businesses enforce security policies, manage enterprise and personal devices, and enable anti-virus protection with monitoring and control tools. In addition, the application can protect consumers from viruses and malware. “Mobile security is the ‘next frontier’ for our continued effort to mitigate cyber-threats and to help protect our customers’ information,” said Ed Amoroso, chief security officer, AT&T. Read on for the full press release.

AT&T Invests in Mobile Device Security Platform

Agreement with Juniper Networks Helps Build Innovative Service Portfolio to Protect Devices from Security Threats

Recognizing the need to protect consumer and enterprise mobile devices from the increasing number of cyber attacks, AT&T* is investing in a new mobile security platform. It will allow customers to better protect their devices against security threats.

AT&T has executed an agreement with Juniper Networks to deliver this security capability and additional services based on the platform in the future. This new agreement is part of AT&T’s mobile security strategy to manage and protect smartphones and customer information.

AT&T’s strategy – which is distinguished from other approaches to mobile security – is to provide a comprehensive security solution that will integrate wireline and wireless security policies for consumer, enterprise and government customers.

The first phase of the platform – the AT&T Mobile Security application – is expected to be available later this year and is based on the Juniper Networks® Junos® Pulse solution.

The AT&T Mobile Security application will help:

• Businesses and Organizations
  • Maintain compliance with government regulations
  • Enforce security policies
  • Manage personal or enterprise-owned devices
  • Enable anti-virus, anti-malware, and application monitoring and control

• Consumers
  • Protect mobile devices with anti-virus, anti-malware, and application monitoring and control

“Enterprises drive employee productivity by anytime access to network resources, but the implications of data loss and malware proliferation creates real concerns for enterprise IT security. AT&T’s vision and approach to mobile security is the right one at the right time”, said Christine Liebert, senior analyst for Security Services at IDC. “AT&T is offering enterprises the ability to remotely remove or encrypt data on mobile devices and to have this function centrally administered. This should help businesses control what type of data can be downloaded to a smartphone or tablet, one of the biggest enterprise security risks.”

“Mobile security is the ‘next frontier’ for our continued effort to mitigate cyber-threats and to help protect our customers’ information,” said Ed Amoroso, chief security officer, AT&T. “With the help of Juniper Networks and the power of AT&T Labs and the AT&T Mobility Security Research Center behind us, we’ll be able to deliver new security capabilities to provide peace of mind to companies and consumers alike.”

“We are proud to work with AT&T to help them protect their most important asset, their customers,” said Mark Bauhaus, executive vice president and general manager of the Device and Network Services business group at Juniper Networks. “Teaming with AT&T to bring this unique and comprehensive mobile security solution to market will enable a vast number of consumers and enterprises to have state-of-art security features in their mobile life and be better protected from malicious threats.”

Adobe has issued a security bulletin about a critical security flaw found in Adobe Flash Player affecting the Windows, Macintosh, Linux, Solaris, and Android operating systems. The vulnerability, labeled CVE-2011-0609, “could cause a crash and potentially allow an attacker to take control of the affected system.” The company reports that exploits are already in the wild — most prevalently attached to Flash (.swf) and Excel (.xls) files. Adobe notes that it is “aware” of exploits for Adobe Reader and Acrobat, but explains that “Adobe Reader X Protected Mode mitigations would prevent an exploit of this kind from executing.” The company has stated that it will issue a patch for its Flash Player sometime during the week of March 21st. Curiously, the company writes, “Because Adobe Reader X Protected Mode would prevent an exploit of this kind from executing, we are currently planning to address this issue in Adobe Reader X for Windows with the next quarterly security update for Adobe Reader, currently scheduled for June 14, 2011.” June? Wow. Now might be a good time to enable Protected Mode on Adobe’s PDF reader.

Read

See also: This article’s headline.

[Via Giz]

Read

The Duo seems to have been a failed experiment for battery maker Energizer in more ways than one. Sales of the USB nickle-metal battery charging station never really took off, and now, via a press release, the company has announced the monitoring software distributed with the Duo packs a fairly nasty Windows trojan. The rogue code, according to Computerworld: “listens for commands on TCP port 7777… can download and execute files, transmit files stolen from the PC, or tweak the Windows registry. The Trojan automatically executes each time the PC is turned on, and remains active, even if the Energizer charger is not connected to the machine.” Energizer released a statement saying: “Energizer is currently working with both CERT and U.S. government officials to understand how the code was inserted in the software.” 

Read

As deep as we are into S60 3rd Edition’s lifespan, malware was sure to rear its ugly head at some point. In fact, we are still pretty impressed that it’s taken as long as it has. While this newly-discovered worm is not the first instance of S60 malware, it certainly appears to be the most tenacious and dangerous. Dubbed “Sexy View” or SymbOS/Yxes.A!worm, the malware indeed contains a valid Symbian Signed certificate and runs the process “EConServer.exe”. It performs three known attacks: First, it seeks out certain running processes on your handset and terminates them. Then it gathers phone numbers from the handset’s contact list and transmits SMS messages to as many numbers as it can collect. The sent messages contain a URL and if an S60-toting recipient visits the address, his or her handset may become infected as well. Lastly, the worm gathers certain sensitive information about the handset such as IMEI and phone number, and posts the data to a remote server. In other words, this worm is bad news. For the time being, “Sexy View” is thought to only affect OS 9.1 devices though it may also affect OS 9.2. So, S60 users, if you find your contacts pinging you to ask why you’re sending them messages with odd URLs, it may be time to head to the clinic. Both Fortinet and F-Secure claim their mobile antivirus solutions will combat the worm but if you confirm your handset is infected, wiping it should solve your problem for free.

Thanks, Dub!

Read

Mac users who think they’ve stumbled upon greatness in the form of an alleged copy of iWork ’09 on torrent sites take note – it contains a nasty trojan known as OSX.Trojan.iServices.A. First identified by Integro Security, the trojan works like so:

When installing iWork 09, the iWorkServices package is installed. The installer for the Trojan horse is launched as soon as a user begins the installation of iWork, following the installer’s request of an administrator password. This software is installed as a startup item (in /System/Library/StartupItems/iWorkServices, a location reserved normally for Apple startup items), where it has read-write-execute permissions for root. The malicious software connects to a remote server over the Internet; this means that a malicious user will be alerted that this Trojan horse is installed on different Macs, and will have the ability to connect to them and perform various actions remotely. The Trojan horse may also download additional components to an infected Mac.

It’s important to note that while this is by no means the first trojan virus outbreak that Mac users have had to deal with, it is of special interest. Unlike trojans of years past, this is the first time hackers have taken the time to concoct a malicious script to be embedded in software that a lot of people are keen to get and actively contact remote severs to cause even more damage to infected systems. If you think your system is infected, there is a simple process to cleaning your system but it does require a complete wipe unfortunately. Open Terminal and enter the following:

1. sudo su (enter password)
2. rm -r /System/Library/StartupItems/iWorkServices
3. rm /private/tmp/.iWorkServices
4. rm /usr/bin/iWorkServices
5. rm -r /Library/Receipts/iWorkServices.pkg
6. killall -9 iWorkServices
7. Wipe, reformat and reinstall OS X from your master disc

Moral of the story: Buy your software or risk paying the price in other ways.

[Via MacRumors]

Read

After a wave of attention surrounding a post on Apple’s support pages over the past few days, Cupertino has decided to pull the page from its site. The post in question encouraged “the widespread use of multiple antivirus utilities so that virus programmers have more than one application to circumvent, thus making the whole virus writing process more difficult.” As Apple’s OS X has yet to have any significant threats posed against it, the blogosphere questioned both the necessity and integrity of the recommendation, noting that two of the three recommended antivirus applications were available for sale from the Apple Store. Here we are a day or so later and Apple has removed the page from its site, stating:

We have removed the KnowledgeBase article because it was old and inaccurate. The Mac is designed with built-in technologies that provide protection against malicious software and security threats right out of the box. However, since no system can be 100 percent immune from every threat, running antivirus software may offer additional protection.

If that’s the case, then why pull the article? Is Apple now comfortable leaving its computer users vulnerable and open to an attack? Some speculate that Apple removed the note due to poor and confusing wording but if that were the case, surely the company would have merely clarified its position and recommendation rather than removing it completely. Right? Hopefully Apple will further clarify its position over the coming days as for the time being, some might say it looks like the company was looking to make a quick buck from less savvy users. After all, Apple doesn’t even require the use of antivirus software on its own in-store display units or the internal computers used by store employees.

Read

It looks like the care free days when Mac owners could sit back and relax without having to worry about malware are indeed coming to an end – maybe. Last month we told you about two new pieces of OS X malware that had been discovered and while neither poses a significant threat in most people’s eyes, it is clearly a sign of things to come. As loyal and vocal as Mac computer users are, until recently they hardly represented a significant portion of the market. As such, those responsible for creating end user-targeted malware focused on Windows since it was the clear and overwhelming market leader. Now that Apple’s computer market share is growing however, Mac user complacency with regards to viruses might lead to some big and easy scores for malware. Apple recently posted the following technical note as a result:

Apple encourages the widespread use of multiple antivirus utilities so that virus programmers have more than one application to circumvent, thus making the whole virus writing process more difficult.

The page goes on to recommend three antivirus solutions for OS X, two of which are offered for sale in the Apple Online Store. For the time being, we still haven’t heard any reported cases of a virus actually finding its way to a Mac computer in a real life situation so the following question is posed: Has Apple just firmed up its deals with antivirus providers or are we really in store for a hail storm of Mac malware sooner than we think? In either case, at least we won’t be seeing the commercial above air again any time soon.

[Via Newlaunches]

Read