The Android OS has already attracted the attention of malware and virus writers looking for new ways to extort money from unsuspecting victims. The BBC reported back in August of 2010 on a Russian media player that sent premium rate text messages, thus earning the virus writer hefty referral fees. More recently, the Geinimi trojan had been collecting personal info and passing it on to some Chinese remote servers.
G Data Software today announced their MobileSecurity solution for Android 2.0 and above to guard against malware and other fraudulent programs. By monitoring activity on the phone or tablet, it can detect unwanted sending of SMS text messages or web browsing in the background.
Using the security app on the smartphone, the user can authorise the activity of known apps but block those apps which start acting in an unexpected fashion. The security app will also maintain a blacklist of Android malware which is regularly updated with downloads from G Data.
Available from April 2011 for £9.99 from the Google Market Place or free to existing G Data customers from G Data’s website.
Sophos has published its quarterly report into spam and the USA remains top of the league for spam-relaying, being responsible for nearly 19% of all spam messages. India follows with a little under 7% and then Brazil, Russia and the UK finishing the top 5 on 4.5%.
The vast majority of spam does not come directly from spammers’ servers, but rather from PCs that have been compromised by trojans or other malware and are now under the control of the criminals. This allows spam to be passed on by PCs without the owners’ knowledge – this is spam-relaying. Consequently, these figures indicate that huge numbers of PCs in the US are infected and under the control of the spammers.
Sophos also notes that the nature of spam is changing. Previously, pharmaceutical products would have been the mainstay of the spammers’ output but increasingly the spam is spreading malware and phishing for account information. As an aside, an estimated 36 million Americans purchased drugs from unlicensed online sellers.
The top spam relay countries for the last quarter were:
|8. S Korea
“Spam is certainly here to stay, however the motivations and the methods are continuing to change in order to reap the greatest rewards for the spammers,” said Graham Cluley, senior technology consultant at Sophos. “What’s becoming even more prevalent is the mailing of links to poisoned webpages – victims are tricked into clicking a link in an email, and then led to a site that attacks their computer with exploits or attempts to implant fake anti-virus software.”
Sophos also warns that social networks are increasingly attracting the attention of criminals through malicious apps, stolen profiles and junk messages.
“Security center has detected malware on your computer.” Have you ever seen that message pop up on your computer? Have you ever seen it happen over Skype? Well, I’ve received that message three times in the last month as a Skype message. It tells me that my Windows software is infected and I need to install a patch. It even gave me a website (link) to go to to help me install the patch.
I may have fallen for the trick but I don’t know how a Windows patch would fix my iMac running OSX. I don’t run Bootcamp, or Windows in a virtual machine, nor does my iMac know what an .EXE or ActiveX file is. I’m sure if I clicked on this link and installed the patch on my Windows machine, my machine WOULD have been infected with malware! (For now Mac machines may be safer from malware infections but it’s wise to still be careful.)
I’ve written before about being safe on the Internet and not going to sites you don’t know or clicking on links in emails, but this is the first I heard of a message over Skype. If you look at the message box (on my iMac), it doesn’t even say it’s from Skype and the window title says. “Software Updates.”
What concerns me is that many people may fall for this trick. I know most readers of GNC and listener’s to Todd’s podcast are tech savvy enough that they wouldn’t fall for something like this, but what about mom (or dad) or your grand parents who get a web cam for Christmas and install Skype so they can talk to the grand kids? Would they click on this link and install the “patch” if this message box appeared?
Google is trying to find sites that install spyware and root-kit software on your computer, but you can’t depend on this for every “bad” website. Recently there was a SQL-injection virus that infected a large number of websites. The virus takes advantage of PCs running Windows that have not been patched with the latest updates. You don’t have to click on any links to get infected — just visit a site taken over by this malware software. It does this by linking to the site 318x dot com (please don’t go to this site). If you search for 318x dot com using google, the first search listing says “This site may harm your computer.” That because this site has been around for a while and has given enough time for Google’s security bots to find the site and determine that it’s up to no good. Here is the link for the Google Safe Browsing page for the 318X site: http://google.com/safebrowsing/diagnostic?site=318x.com/
Now back to my Skype message. I mentioned that this is the third time I’ve received this message in the past month. Each time I did a Whois search of the linked website and found that the website was created within one day of when I received the message. The website mentioned in the most recent warning message was created the same day I received the message. This tells me that the author of this warning message is changing the website URL to keep it from being flagged by Google and the security monitoring sites. If you do a Google search for this site it comes up clean. Oh, did I mention that the owner of this site (and the previous two sites) is from Prague, Czech Republic (outside US laws)?
As you visit relatives and friends over the holidays make sure everyone knows about safe surfing on the Internet. Don’t click on links in emails (or Skype message boxes) and make sure to keep your computer’s OS patched and up to date.