Fake anti-virus disguises used by Android malware

Over 170,000 people are part of the Sophos community on Facebook. Why not join us on Facebook to find out about the latest security threats.

Hi fellow Twitter user! Follow our team of security experts on Twitter for the latest news about internet security threats.

The Android malware threat is growing.

As financially-motivated cybercriminals realise there's a real opportunity to make money, so we are seeing more attacks created and distributed which target Android devices.

And it's no surprise to see similar social engineering tricks that have worked on other operating systems in the past also being used on the Android platform.

Like fake anti-virus, for instance.

As our friends at GFI described earlier this week, criminals spammed out links via Twitter pointing to webpages that contained a rogue app posing as a legitimate virus scanner.

SophosLabs researcher Vanja Svajcer investigated the case, and discovered the .ru domains pointed to the same IP address hosted in Ukraine.

When visited, the webpages determine whether it would be more appropriate to serve up a Java ME .jar file (for phones which are "not-so-smart") or an Android .apk.

Depending on the URL you click on and URL parameters, you might be prompted (in Russian) to install fake updates for a variety of products including the Opera browser and Skype.

Or you might be presented with a page which prompts you to run a security scan on your phone. Of course, the anti-virus "scan" it initiates is completely fake, and is designed to frighten you into installing an app onto your phone.

The look of the fake anti-virus scans can vary. Here's another version, which has adopted a more traditional "Android green" theme:

All of this subterfuge is being undertaken, of course, for just one purpose: to trick you into downloading and installing an app onto your Android phone.

In this case, the program pretending to be an anti-virus app has even stolen an icon to trick the unwary into believing it may have been coded by Kaspersky.

If you went ahead and installed the app onto your mobile, it would attempt to send expensive SMS messages to premium rate services, and has the ability to download and install further code from the internet onto your Android smartphone.

Sophos products detect these latest threats as members of the Andr/Boxer family of malware.

Follow @gcluley

Thanks to SophosLabs researcher Vanja Svajcer for his assistance with this article.

View the original article here

Call of Duty Trojan horse creator ends up in jail, after drunken college raid

Over 170,000 people are part of the Sophos community on Facebook. Why not join us on Facebook to find out about the latest security threats.

Hi fellow Twitter user! Follow our team of security experts on Twitter for the latest news about internet security threats.

A British man who spread a spyware Trojan horse posing as a patch for the popular video game "Call of Duty", has ended up with an 18 month jail sentence.

According to local media reports, 20-year-old Lewys Martin of Deal, Kent, distributed a Trojan horse amongst game players, which logged keystrokes and stole bank details, credit card numbers and internet passwords - including PayPal credentials - from innocent computer users.

After selling the stolen details to other cybercriminals for between $1 to $5 a time, Martyn moved his ill-gained profits to an offshore account in Costa Rica.

Bizarrely, Martin's activities were only uncovered after he was caught drunkenly attempting to break into local colleges to steal computer equipment, Kent Online reports.

Police who raided Martin's home, found printouts of stolen credit card numbers and details of a fraudulent bank loan.

Last November, Martin had his sentence deferred by Canterbury Crown Court to allow him to attend a university computer course, and he was put on bail.

But it seems that Martin couldn't put his burglary habit behind him, and in March this year he broke his bail conditions by breaking into the Walmer Science College in Deal, causing hundreds of pounds of financial damage, and attempting to steal a computer, hard drive, walkie-talkies and other equipment.

Now he has been jailed for 18 months for three burglary and fraud charges and asking for another five to be taken into consideration.

Prosecutor Edmund Burge said it was unclear how much money Martin had made from his criminal activities, because the funds were held offshore:

"We don’t know how much money he got through selling the card details because the money is in a bank which won’t co-operate with the authorities. But Martin admitted to police that it was in the thousands of pounds."

Although Martin's defence lawyer pleaded for leniency, and the opportunity for Martin to complete his university course, the court appeared to have run out of patience with the young computer enthusiast and jailed him for 18 months.

The authorities are understood to be attempting to recover the money that Martin made through his cybercriminal activities.

Game players would be wise to pay attention to the technique used by Lewys Martin to infect computers. It's not uncommon for malware to be distributed in the form of cracks and hacks for popular computer games - if you run unknown code on your computer to meddle with a video game, you might well be allowing malware to insidiously install itself too.

Follow @gcluley

View the original article here

Backups are good - but don't forget to check your backups work [VIDEO]

Over 170,000 people are part of the Sophos community on Facebook. Why not join us on Facebook to find out about the latest security threats.

Hi fellow Twitter user! Follow our team of security experts on Twitter for the latest news about internet security threats.

You hear people talking about the importance of making backups all the time. Chances are that data is the life blood of your company - if your data goes down the pan, it could be curtains for your business.

And that's why you want to have backups of your data.

But if the worse happens, and you lose your data, a backup isn't going to be any help at all if you find you can't restore from it, or if the backup is corrupted.

This truth is underlined quite delightfully in this video about how Pixar's fantastic movie "Toy Story 2" was nearly flushed down the toilet due to not checking that the backups were working properly.

For those who are interested, it appears that the backup software being used by Pixar at the time was failing to deal elegantly with a "full disk" situation, and thus hiding messages that the backup was falling over.

The full story is told with more detail by Oren Jacob, the associate technical director of "Toy Story 2", in this post on Quora.

http://twitter.com/gcluley

View the original article here

SSCC 90 - A walk around Interop 2012 with John Shier

function utmx_section(){}function utmx(){}(function(){var k='1796953241',d=document,l=d.location,c=d.cookie;function f(n){if(c){var i=c.indexOf(n+'=');if(i>-1){var j=c.indexOf(';',i);return escape(c.substring(i+n.length+1,j')})();SSCC 90 – A walk around Interop 2012 with John Shier | Naked Security MalwareData lossSocial networksMobileApplePrivacyVulnerabilityMore...Search for: Technical paper - Fake anti-virus: The journey from Trojan to a persistent threatBritish hacker jailed for one year for breaking into Facebook account SSCC 90 - A walk around Interop 2012 with John Shier

Over 170,000 people are part of the Sophos community on Facebook. Why not join us on Facebook to find out about the latest security threats.

Hi fellow Twitter user! Follow our team of security experts on Twitter for the latest news about internet security threats.

Don't forget you can subscribe to the SophosLabs YouTube channel to find all our latest videos.

Hi there! If you're new here, you might want to subscribe to our RSS feed for updates.

Already using Google+? Follow Naked Security's Graham Cluley for the latest security news.

On LinkedIn? Join the Naked Security discussion group and connect with your peers in the security industry.

Sorry, something happened and we couldn't sign you up. Please come back later and try again.

Congratulations, you've successfully signed up for our daily news! Check your inbox soon, we've sent you an email.

Sorry, that email doesn't look right to us so we haven't added it to our list.

We're adding your address to our list...

Join thousands of others, and sign up for Naked Security's newsletter

by Chester Wisniewski on May 17, 2012|166602Leave a commenthttp%3A%2F%2Fnakedsecurity.sophos.com%2F2012%2F05%2F17%2Fsscc-90-a-walk-around-interop-2012-with-john-shier%2FSSCC+90+-+A+walk+around+Interop+2012+with+John+Shier2012-05-17+09%3A01%3A53Chester+Wisniewskihttp%3A%2F%2Fnakedsecurity.sophos.com%2F%3Fp%3D166602

Filed Under: Podcast

For the second episode in a row the Chet Chat comes to live from a trade show. This week John Shier joined me for a walk around at Interop 2012 in Las Vegas.

Interop is a great networking show and as always the Sophos staff worked *very* hard, but we had our fair share of play as well.

Near the end of the conference John and I thought it would be fun to wonder around a bit, pick up some swag and see if there was any sort of over-arching theme to the conference.

The theme? Cloud.

While RSA, InfoSec Europe and other conferences focused on security are still discussing the cloud, Interop was utterly dominated by cloud vendors. Above you can see Avaya actually brought a cloud table with network gear embedded "in the cloud".

Certificate provider Comodo had a stand in the security area near Sophos this year.

Strangely Comodo's booth appeared largely abandoned on Thursday which doesn't leave you with a good feeling about their dedication to protecting our online identities.

Many old-school vendors like Hewlett Packard and Cisco took their best shot at remaking their brands into the coolest cloud company (C3) at Interop as well, but at Sophos we resisted the temptation and stuck with our core value: Complete Security.

(May 10 2012, duration 6:07 minutes, size 3.5 MBytes)

You can also download this podcast directly in MP3 format: Sophos Security Chet Chat 90, subscribe on iTunes or our RSS feed. You can see all of the Sophos Podcasts by visiting our archive.

Follow @chetwisniewski

Tags: chet chat, cloud, Interop, Podcast

Technical paper - Fake anti-virus: The journey from Trojan to a persistent threatBritish hacker jailed for one year for breaking into Facebook account var OB_langJS = 'http://widgets.outbrain.com/lang_en.js';var OBITm = '1327683338569';var OB_raterMode = 'none';var OB_recMode = 'strip';var OutbrainPermaLink = 'http://nakedsecurity.sophos.com/2012/05/17/sscc-90-a-walk-around-interop-2012-with-john-shier/';if ( typeof(OB_Script) != 'undefined' ) OutbrainStart(); else { var OB_Script = true; var str = unescape("%3Cscript src=\'http://widgets.outbrain.com/OutbrainRater.js\' type=\'text/javascript\'%3E%3C/script%3E"); document.write(str); }Leave a Reply Cancel replyYour email address will not be published. Required fields are marked *

Name *

Email *

Website

Comment

You may use these HTML tags and attributes:

       
About the authorChester Wisniewski is a Senior Security Advisor at Sophos Canada. He provides advice and insight into the latest threats for security and IT professionals with the goal of providing clear guidance on complex topics.You can follow Chester on Twitter as @chetwisniewski or send him an email at chesterw@sophos.com.View all posts by Chester Wisniewski
PopularRecentRelatedWant to see who has viewed your Facebook profile? Take care..Facebook Profile Viewer rogue application spreads on social networkOops! Selena and Bieber's hidden camera bedroom video Facebook scamState of Utah outlines mistakes made allowing theft of 780K recordsRihanna sex video trap used by Facebook scammers.. againOMG - I just hate Rihanna video Facebook scam spreadingCan you see who viewed your Facebook profile? Scammers would like you to think soShould jailbreaking gaming consoles, mobile phones and tablets be legalized?Backups are good - but don't forget to check your backups work [VIDEO]Has Facebook got your mobile number? Now your friends do tooState of Utah outlines mistakes made allowing theft of 780K recordsShould jailbreaking gaming consoles, mobile phones and tablets be legalized?Cyber romance scams cost US victims $50 million in 2011 Backups are good - but don't forget to check your backups work [VIDEO]Call of Duty Trojan horse creator ends up in jail, after drunken college raidBritish hacker jailed for one year for breaking into Facebook accountSSCC 90 - A walk around Interop 2012 with John ShierTechnical paper - Fake anti-virus: The journey from Trojan to a persistent threatFree Sophos Anti-Virus app for your Android Fake anti-virus disguises used by Android malwareSSCC 86 - online elections, "total internet disconnection", Facebook/privacy and PII for just 3cRIP John McCarthy, the LISP creator who sorted out memory mismanagement11% of second hand hard drives contain personal information, study revealsSSCC 85 - FAA, Carberp arrests, RDP vulnerability and first HITECH fineNew monthly roundup – "90 Second News"Sophos Security Chet Chats 27 & 28 and Sept 90 Second NewsMay roundup – "90 Second News"SSCC 84.33 - RSA first impressionsSSCC 81 - NCSA and Data Privacy DayVideo posts
More videos this way
36 websites selling credit card details shut down [VIDEO]VIDEO: How to solve the RSA 2012 #sophospuzzleAndroid malware spreads via Facebook [VIDEO]Viruses and hacking, as seen on TV and in the moviesVIDEO: How to solve the #dragontattoo #sophospuzzleTwitter Feedgcluley: State of Utah outlines mistakes made allowing theft of 780K records http://t.co/5cXDo5FQabout 18 hours agoChetWisniewski: State of Utah admits to using default passwords, no audits and no encryption in loss of 780,000 records http://t.co/XUjzlNPBabout 20 hours agoChetWisniewski: RT @mvarmazis: My new Triforce earrings. http://t.co/Le2g0mvs <- Cool!about 20 hours ago
About Naked SecurityAbout SophosOur AuthorsAwardsGot a story for us?TagsAdobeAndroidanonymousAppleBankingClu-blogCybercrimedata lossDDoSdenial of serviceEncryptionExploitFacebookFake anti-virusFirefoxGeneralGooglehackHackerhackingHoaxiPhoneITLulzSecMac OS XMalwareMicrosoftpasswordphishingPodcastPrivacyrogue applicationSafety onlineScamscarewareSecurityShameless plugSpamSurvey ScamTwitterVideovulnerabilitywebweb 2.0WWWCategoriesApple (376)Data loss (809)Featured (701)Law & order (767)Malware (2069)Mobile (299)Podcast (144)Privacy (721)Social networks (956)SophosLabs (1372)Spam (1415)Uncategorized (51)Video (254)Vulnerability (752)Archives by monthMay 2012 (62)April 2012 (79)March 2012 (98)February 2012 (103)January 2012 (89)December 2011 (72)November 2011 (96)October 2011 (103)September 2011 (105)August 2011 (117)July 2011 (104)June 2011 (116)May 2011 (87)April 2011 (78)
More...
  Download some free toolsFree anti-virus for your MacFree antivirus that works simply and beautifully Free file encryptionQuick and easy encryption for all your dataMore free tools...Take a look at our productsEndpointEncryption  MobileNetworkEmailWeb
Try out our free trials and demos
Investigate the threatsVirus and spyware analysesThreat CenterInside SophosLabs © 1997-2012 Sophos Ltd. All rights reservedLegalPrivacy var OBCTm='1328889400668';utmx_section("Test trigger")jQuery(document).ready(function($){ Gravatar.profile_cb = function( h, d ) { WPGroHo.syncProfileData( h, d );}; Gravatar.my_hash = WPGroHo.my_hash; Gravatar.init( 'body', '#wp-admin-bar-my-account' ); });.reblog-from img { margin: 0 10px 0 0; vertical-align: middle; padding: 0; border: 0; }.reblogger-note img.avatar { float: left; padding: 0; border: 0; }.reblogger-note-content { margin: 0 0 20px 35px; }.reblog-post { border-left: 3px solid #eee; padding-left: 15px; }.reblog-post ul.thumb-list { display: block; list-style: none; margin: 2px 0; padding: 0; clear: both; }.reblog-post ul.thumb-list li { display: inline; margin: 0; padding: 0 1px; border: 0; }.reblog-post ul.thumb-list li a { margin: 0; padding: 0; border: 0; }.reblog-post ul.thumb-list li img { margin: 0; padding: 0; border: 0; }.reblog-post { border-left: 3px solid #eee; padding-left: 15px; }.reblog-post .wpcom-enhanced-excerpt { clear: both; }.reblog-post .wpcom-enhanced-excerpt address,.reblog-post .wpcom-enhanced-excerpt li,.reblog-post .wpcom-enhanced-excerpt h1,.reblog-post .wpcom-enhanced-excerpt h2,.reblog-post .wpcom-enhanced-excerpt h3,.reblog-post .wpcom-enhanced-excerpt h4,.reblog-post .wpcom-enhanced-excerpt h5,.reblog-post .wpcom-enhanced-excerpt h6,.reblog-post .wpcom-enhanced-excerpt p { font-size: 100% !important; }.reblog-post .wpcom-enhanced-excerpt blockquote,.reblog-post .wpcom-enhanced-excerpt pre,.reblog-post .wpcom-enhanced-excerpt code,.reblog-post .wpcom-enhanced-excerpt q { font-size: 98% !important; }
View the original article here