By Brenden Vaughan
A new zero-day vulnerability exploit has been identified in Microsoft’s Internet Explorer web browser versions 9 and below running on Windows XP, Vista and 7. Internet Explorer 10, which comes bundled with Windows 8, is not affected. The exploit could allow remote execution of malicious code from compromised websites. Continue reading
By Joe McManus
There are too many events happening at one time during the Olympics, which might tempt you to install an app for that. But be careful of what you install. Not all apps are what they appear to be. As an example let’s look at the app called “London Olympics Widget”.
More details:
By Grayson Milbourne and Joe Jaroch
If there is one thing that can be observed about the AV industry, it is that no solution is ever 100% effective at blocking malware. With this in mind, Webroot SecureAnywhere (WSA) was designed to protect users even in cases where undetected malicious software has made it onto the system.
AV-Comparatives recently published results for June’s “Real World” Protection Test. This test aims to replicate a real world experience for how malware would infect a PC. The scores indicate how many threats were detected vs. missed.
By Nathan Collier
Every super hero has an arch nemesis. For a lot of Threat Researchers, including myself, Rogue Security Products, or better known as FakeAV, is theirs. Back in the day when I was primarily a PC malware fighter, FakeAV was a prevalent threat that was always coming up with new ways to infect users nearly every other day. I knew it was only a matter of time that the same malware authors would turn mobile. I am afraid those days are upon us. How could I ever forget such an identifiable logo:
“Android Security Suite Premium”… yeah, right! This spy which is being called Android.FakeSecSuit retrieves incoming sms messages, extracts the phone number and message, and then sends the stolen info off:
As you can see in the GET command from the PCAP, highlighted in blue is the phone number and message I sent to my test phone now being sent off to a site.
Now that the developers of the popular FakeAV malware have entered into the mobile world expect to to see a lot more variations of this… and if they follow the same pattern as they did in the PC world, I mean A LOT! We are seeing it in Torrents and/or alternative markets. Remember, when downloading Android apps choose them wisely and download from a trusted source. Check reviews, research the developer and verify permissions requested before downloading. And of course, scan with Webroot SecureAnywhere Mobile.
by Nathan Collier
Android.SMS.FakeInst is a Trojan that aims to do one thing — trick users into sending premium SMS messages by pretending to be an install for an app. Here’s how the scam works: The user sends three premium SMS messages in exchange for an app, but there is no guarantee that it will actually install anything after they already have your money. These malicious apps are getting harder and harder to discern as malicious as the look and feel of these apps get better through newer iterations. One variant of these Trojan apps, which comes from a known malicious site, looks better with each update. Let’s start with one of the first iterations of this variant.
The icon looks fairly convincing:
 |
Notice someone new on the Webroot Threat Blog? We’re thrilled to introduce Dancho Danchev – independent security consultant, cyber threat analyst and bad-guy chaser extraordinaire – as our new security blogger. Many of you may know Dancho from the security analysis he’s been providing for industry media and on his own blog and since 2007.
We’ve started off the new year on an exciting foot, bringing Dancho on board to chronicle what Webroot is seeing in the cybercrime ecosystem and his insights on the Internet security industry at large. So, stay tuned — and welcome, Dancho.
By Armando Orozco
Are Android phones susceptible to Trojans and other viruses just like computer? How can you make sure your phone doesn’t become infected and if it does, what can you do? Webroot mobile threat research analyst, Armando Orozco answers this question that was asked to our Webroot Threat Research team via Twitter.
By the Webroot Threat Team
Have you ever had the queasy experience of sending a message to someone that you’d rather not have anyone else see, and then hoping that it won’t get passed along? A new system developed by Internet law and security researchers aims to solve the problem, with a light-handed touch.
The Stanford Center for Internet and Society has launched Privicons, an email privacy tool that it describes as a ‘user-to-user’ solution. There are no policy servers, crypto algorithms, or software enforcement agents to worry about. Instead, it relies on good old-fashioned icons.
Webmail users who install the Privicons plugin can choose from a selection of icons that are then pasted into their mail. Each of the icons represents a specific request concerning how the information in the mail is treated. The icons are as follows:
 |
’Keep private’: Don’t pass on the information, or identify the sender. |
 |
’Keep anonymous’: Use the information freely, but don’t tell anyone who sent it to you. |
 |
’Don’t print’: This can be for environmental or security reasons. |
 |
’Delete after reading/X days’: Delete the information to avoid it falling into the wrong hands. |
 |
’Keep internal’: Keep it among a close circle of people. |
 |
’Please share’: Distribute freely. |
By Armando Orozco
Be wary the next time you enter your passcode into your iPhone on the bus – someone could be shoulder surfing. In fact, a team of researchers from the University of North Carolina has developed a system to watch you pecking out characters on your phone, analyse the video, and produce a pretty accurate guess of what you were typing.
When people talk about key loggers, they’re usually thinking about malware that sits on a computer and surreptitiously monitors what keys people are pressing. But these university researchers are applying an entirely different approach to key logging. Instead of putting software on computers, they are investigating ways to monitor the text that people input into their mobile phones. They do it by taking video of your phone, either directly (over your shoulder or from the side), or simply by reading the reflections of your phone’s screen in your glasses.
The researchers developed a mechanism for looking at mobile phone screens using cheap, mobile videocameras. The cameras record video of people typing on ‘soft’ keyboards, such as those used by Apple’s iPhone. These keyboards commonly use ‘pop out’ animations, in which the key being pressed gets bigger when pressed, to confirm to the user that they have selected the right letter. The pop-out animation makes it easier to see which keys are being pressed in the video.
Mobile cameras have increased dramatically in quality lately, making them far more capable of capturing reflected keyboard images. These cameras are embedded in smartphones, of course, or if you wanted to get even techier, you could buy one of these.
By Mel Morris
From Stuxnet to Sony, a number of cyberattacks emerged in 2011 that experts have predicted for quite some time. I predict 2012 will be even more pivotal, thrusting cybersecurity into the spotlight. These are my top seven forecasts for the year ahead:
1) Targeted, zero-day attacks will be the norm.
Looking back over the past year, an increasing number of breaches were the result of custom malware and exploits targeting specific enterprises. I predict 2012 will be the year of targeted attacks, which have slowly evolved from large-scale threats to unique attacks designed to infect a handful of very specific people. Traditional blacklist and signature approaches have already become ineffective; once a virus is spotted, malware writers simply create a new one. As targeted, zero-day attacks intensify, more security vendors will realize the pressing need to analyze threats and behavior more holistically.
2) 2012 will be the start of a revolution.
For the last several years, the security industry and cybercriminals have had a symbiotic relationship that has kept the market in balance. The “good guys” have done just enough to thwart attacks – and the bad guys haven’t needed to dramatically evolve as they’re still making money doing exactly what they’re doing. I predict the scales will tip in the coming year. More innovative and effective security technology will drive a revolution and we’ll see a heated battle emerge between security companies and cybercriminals. It’s survival of the fittest. As soon as cloud-based technology and behavioral protection strengthen their foothold in the antimalware sector, hackers and cyber mafias will up the ante and scope out new vulnerabilities.
3) Cyber threats will gain political traction.
The Stuxnet worm is an example of something we detected long ago, and its impact has now taken on a whole new meaning. The virus’s sophisticated ability to infiltrate government systems, silently gather information, and disable nuclear power plants has prompted a wakeup call, driving leaders to reassess federal technology standards and regulations. Stuxnet gives us a very real and very scary glimpse of what’s to come.
4) Masses will migrate to cloud platforms.
Now that Cloud has an “i” front of it, the cloud will truly hit the mainstream. The appeal of file sharing and remote access will be a major draw for an increasingly tech savvy population that connects to the Internet from tablets, smartphones, and multiple PCs. This will not only drive widespread adoption of cloud-based tools and applications amongst consumers, but it will dramatically accelerate migration in the business world. Many companies are already on board with cloud platforms and applications, but the power of the masses will act as a tipping point, pushing the vast majority of IT professionals to shun old-school, on-premise approaches and look to the cloud for infrastructure and data solutions.
5) Your smartphone will be a target. Security companies have done a fairly good job of stopping attacks at the endpoint, and this will lead cybercriminals to focus their efforts more heavily on mobile devices, which are still quite vulnerable in today’s environment. We will see an increase in Android and iPhone attacks: rogue apps, malicious links, and spyware targeted at smartphones and tablets. It’s all about data, and business users and consumers alike store an abundance of highly sensitive and poorly guarded information on their mobile devices.
6) Legitimate applications will be used for illegitimate activities.
Rogue Android apps are just the tip of the iceberg. We load our mobile devices with applications that are designed to simplify our lives, yet we don’t stop to consider what else they are capable of – or what someone is capable of manipulating them to do. Even legitimate apps can grab information and use it without our permission. A simple glance at an application like Plane Finder illustrates the vast amount of data that is at anyone’s fingertips. And that’s not to mention the many other opportunities roaming devices present; a criminal could leverage a mobile device to pick up data from a nearby network, or hack into a plane’s WiFi connection and send signals to devices left in improper flight mode.
7) Our weakest link will be strengthened.
When it comes to security, the weakest link has always been people. In 2012, indifference toward security will diminish. Businesses will invest in security and strengthen duty of care measures. Employees and consumers will see the ramifications of breaches and begin incorporating smart Internet practices into their everyday behaviors.
