Google has started to scan newly uploaded applications and extensions in its Chrome Web Store, similar to what they already do in the Android Play Market.
We have written about quite a few cases where malicious extensions were pushed on social network …
The federal Office for Information Security in Germany (BSI) together with the “Fraunhofer SIT” and “]init[ AG” released a study on the risk with common content management systems (CMS) for websites. A CMS is typically used to a…
Contributor: Avdhoot Patil
Digital currency, a form of electronic money, is a relatively new concept to the world. Many of these currencies have arisen during the past decade and digital currency in general has always been a subject of controversy. In …
In late January of this year, Twitter released Vine, a social video-sharing service that it acquired in late 2012. Initially launched on iOS, Vine has similar characteristics to Twitter as videos are intentionally short (users are only allowed six seco…
Last week a purple unicorn (a stuffed one, not a real one) generated some confusion at a border station in Turkey. According to this article, a family including their nine year old daughter, travelling across the Turkish border accidentally used the stuffed unicorn’s toy passport instead of the daughter’s real passport. The officer checked the passport, officially stamped it, and then let them through. At this point, the story deviates based on the source. Immigration said that the officer just wanted to be kind to the girl and forgot to stamp the real passport too. The family reports that there was no hesitation and that their daughter may have just have slipped through.
This story serves as a good reminder that security measures are only as good as their implementation. From crypto-graphical functions implemented with static initialization vectors, to passwords that are derived from public MAC addresses, to Web applications with poor session management that can be bypassed by calling the API directly. There are many examples throughout history of secure technology that actually had large, gaping security holes once they had been implemented. These examples do not even consider products that are implemented properly, but are not configured correctly or suitably integrated into the process so that the log files are never read.
If you are implementing security functions, ensure that you do it properly. Follow coding standards and play the attack scenario through. If you install security products, make sure that you configure them to your needs. Take note, if you do not pay attention to the details, you might be overrun by purple unicorns.
FakeAV software is a type of scam using malware that intentionally misrepresents the security status of a computer and attempts to convince the user to purchase a full version of the software in order to remediate non-existing infections. Messages continue to pop up on the desktop until the payment is made or until the malware is removed. This type of fraud, which typically targets computers, began several years ago and has now become a household name. The scam has evolved over time and we are now seeing FakeAV threats making their way onto Android devices. One interesting variant we have come across, detected by Symantec as Android.Fakedefender, locks up the device just like Ransomware. Ransomware is another well-known type of malware that takes a computer hostage, by denying the user access to their files for example, until a payment/ransom is handed over.
Figure 1. Screenshot of FakeAV Android app
Once the malicious app has been installed, user experience varies as the app has compatibility issues with various devices. However, many users will not have the capability to uninstall the malicious app as the malware will attempt to prevent other apps from being launched. The threat will also change the settings of the operating system. In some cases users may not even be able to perform a factory data reset on the device and will be forced to do a hard reset which involves performing specific key combinations and/or connecting the device to a computer in order to perform a reset using software provided by the manufacturer. If they are lucky, some users may be able to perform a simple uninstall due to the fact that the app may crash when executed because of compatibility issues.
Please take a look at the following video to see how FakeAV can lock up a device.
<!–
By use of this code snippet, I agree to the Brightcove Publisher T and C
found at https://accounts.brightcove.com/en/terms-and-conditions/.
–><!–
By use of this code snippet, I agree to the Brightcove Publisher T and C
found at https://accounts.brightcove.com/en/terms-and-conditions/.
–>
We may soon see FakeAV on the Android platform increase to become a serious issue just like it did on computers. These threats may be difficult to get rid of once installed, so the key to staying protected against them is preventing them from getting on to your device in the first place. We recommend installing a security app, such as Norton Mobile Security or Symantec Mobile Security, on your device. Malicious apps can also be avoided by downloading and installing apps from trusted sources. For general safety tips for smartphones and tablets, please visit our Mobile Security website.
Symantec detects this malware as Android.Fakedefender.
On June 20, Anonymous will launch the #OpPetrol campaign. It was announced on May 11, shortly after the campaign called #OpUSA began.
These types of attacks are often similar, as we have seen in previous operations, and may include:
There are various ways attackers may target these organizations, including using tools like the LOIC (Low Orbit Ion Cannon) or phishing emails to trick recipients into revealing account login details.
Symantec advises organizations to be prepared for attacks in the coming days.
Organizations should monitor for unusual activities in their networks, particularly any attempts to breach the perimeters. Staff members should be specifically trained on social engineering mitigation tactics along with regular security awareness training. As always, we continue to stress the importance implementing a multi-layered approach to defense.
These recommendations apply to all organizations as best practices that should be carried out regularly as most attackers do not provide warnings in advance to targets.
JustSystems, developer of the Japanese word processor software called Ichitaro, recently announced a vulnerability (CVE-2013-3644) that has been exploited in the wild. Symantec has seen the exploitation being used in targeted attacks since May, but it…
For sports fans, the most exciting time of the year is the post season. It is when the underdogs have a chance to topple the better teams in the league, or last year’s champions are trying to win it again. Depending on the sport, these events can draw a lot of viewers, whether it is a single event or a seven game series. So, its no surprise there are sites that claim to offer fans the ability to watch these events online.
Right now, we are in the midst of the NBA finals pitting some of the finest players in the league against each other in their quest to win it all. The series was just tied 2-2 before Game 5 on Sunday. On that day, some Facebook users may have seen pages offering a free live stream of the game.
Figure 1. Free live NBA Finals stream posted on Facebook
Facebook users may also see posts about NBA Finals live streams linking to a page hosted on Tumblr.
Figure 2. Free live NBA Finals stream page on Tumblr
When a user selects “YES I AGREE” on the Tumblr page they are redirected back to Facebook and asked to install an NBAFinals Facebook application.
Figure 3. Scam NBAFinals Facebook app, permissions request
This Facebook application requests access to your profile, friends list, and email address. If a user grants permission, the application will request more permissions.
Figure 4. Scam NBAFinals Facebook app requests additional permissions
In addition to posting to your friends on your behalf, the scam Facebook application requests more permissions that do not make any sense for an application to have in order to enjoy free live streaming, such as access to manage your Facebook pages.
Even worse, after the application installs, users are redirected to another Tumblr site and asked to spread the scam on Facebook before proceeding.
Figure 5. Scam NBA Finals site asks users to share on Facebook
Figure 6. NBA Finals scam spreads on Facebook
For the user, after all this, there is no live stream presented. Instead, users will see a video player that doesn’t work. Clicks on the video player redirects users to a plugin install page that earns the scammers money through affiliate links.
Figure 7. NBA Finals scam page contains no live stream
There are some references in the final page to other sites that claim to offer live streams of the game. These pages are not official however, and these types of streaming sites are prohibited.
For the scammers, getting the user to install their Facebook application keeps the scam going because the application posts messages to your timeline on your behalf.
Figure 8. Scam NBAFinals app timeline post on Facebook
In cooperation with Symantec, Tumblr has removed the sites associated with this scam and we have reported the application to Facebook.
Users should be aware which applications they install on Facebook, especially when looking for special features or access to websites that offer live sport streams. If it seems suspicious, most likely it is.
Hospitality is the friendly bonding between the guest and host, especially efforts to make the guest feel comfortable. Spammers exploit hospitality events, and the bond between guest and host, with fake promotional offers. We are currently observing an increase in spam messages which exploit hospitality offered by major events, festivals, and concerts. The spam messages invite users to watch the events at entertaining venues happening in different places. Hospitality spam tries to entice users with bogus offers such as the following:
Figure 1. British Grand Prix hospitality spam
Figure 2. Ashes Series hospitality spam
A variety of subject lines have been observed in the hospitality spam attacks, such as the following:
The “From” address associated with these hospitality spam emails include the following:
The main motive of these spam campaigns is to lure recipients by providing fake promotional offers and asking users to reply with questions about the event to the spam domain which is only registered for a year and hosted in the United Kingdom.
Symantec advises our readers to use caution when receiving unsolicited or unexpected emails. We are closely monitoring these spam attacks to ensure that users are kept up to date with information on the latest threats.