12/30/11 - SpyEye is a widespread malicious toolkit for creating and managing botnets.
It is designed primarily for stealing banking credentials and other confidential
information from infected systems. 
   

SpyEye is a major competitor of the infamous Zeus toolkit. Emanating from Russia,
it started to appear for sale on Russian underground forums. Retailing at $500, it
is has taken a chunk of the Zeus crimeware toolkit market. Symantec detects this
threat as Trojan.Spyeye.
 
The Zeus (also known as ZBot) crimeware toolkit has grown to be the most
established crimeware toolkit in the underground economy. It generated a lot of
interest in the mobile security community a couple of months ago when an Android
version was discovered. 
  

It was not long before a version of SpyEye targeting Android was also developed,
and sure enough a malicious SpyEye Android app was discovered a recently.

The functionality of Zeus and SpyEye on Windows is quite similar, and new revisions
(of both), with additional features, are being released on a regular basis.
     

Zeus for Android purports to be a version of Trusteer Rapport security software.
This social engineering trick is used in an attempt to convince the user that
the application they are installing is legitimate.
    

SpyEye for Android, now detected by Sophos products as Andr/Spitmo-A, uses a
slightly different but similar social engineering technique.
   

When the user of a PC infected by the Windows version of SpyEye visits a targeted
banking website, and when the site is using mobile transaction authorization
numbers, the SpyEye Trojan may inject HTML content which will instruct the user to
download and install the Android program to be used for transaction authorization.
   

The SpyEye application package does not show up as an icon in the "All apps" menu,
so the user will only be able to find the package when the "Manage Applications"
is launched from the mobile device's settings.
   

The application uses the display name "System" so that it seems like a standard
Android system application.
 
When installed, Zeus for Android displayed a fake activation screen, and Spitmo
is again very similar.
    

However, Spitmo uses different tactics to convince the user that it is a legitimate
application.
     

It applies for the following Android permissions:
 
android.provider.Telephony.SMS_RECEIVED
android.intent.action.NEW_OUTGOING_CALL
     

This allows the malware to intercept outgoing phone calls.
    

When a number is dialed, the call is intercepted before the connection is made and
the dialed phone number is matched to a special number specified by the attacker
in the alleged helper application installation instructions.
     

If the number matches, Spitmo displays a fake activation number, which is always
251340.
 
Once installed, the functionality of Zeus and SpyEye are pretty much the same.

A broadcast receiver intercepts all received SMS text messages and sends them to
a command and control server using an HTTP POST request. The submitted information
includes the sender's number and the full content of the message.
     

The developers of major malicious toolkits are closely watching their competition
and matching the latest features. Users need to keep antimalware definitions up to
date to minimize the effect of these evolving threats.

      
12/26/11 - Window's computers are more likely to experience an attack than MAC's. The reason,

a cracker develops a malware attack that will compromise the greatest number of machines is for

the purpose of business. Hackers are artists and crackers are in business. A business always

looks for the greatest profit, so attacking Windows machines is going to generate the greatest

profit because (they are easier targets and) there are many more in use (for now) than there are

MAC's. 
     

    

You won't find MAC's unpatched like the older Windows machines and there have been few
(compared to Windows) MAC' infections due primarily to the MAC market share. It is not about
which operating system is better, it is about the business of the cracker.
        

The various types of malware (viruses, trojans, etc) still exist and are threats but users are more
likely to experience some form of social engineering scheme. This is both good and bad,
because social engineering attacks such as phishing depend on tricking users into giving up
personal information, visiting a poisonous Web site, or clicking a bad link. If you don't fall for the
traps, you'll significantly reduce your chances of a malicious attack.
         
Additionally, many attacks come through vulnerabilities in Web browsers and software, which had
nothing significant to do with which operating system they are running on. To protect our
systems from threats, we have to be wise about the URL's we visit, how we act there, and where
the programs we implement come from. Beware of clicking suspicious links or downloading
software (from the seedier side of the Net). Always keep your software patched and up-to-date.
        

MAC OSx has some security measures built in, such as a firewall and timely security updates,
but those are minimal measures at best. There are several third-party options available
including Kaspersky, ESET, Panda Security, Norton and Trend Micro.
        

No matter what security measures you take, the best ones will always include you understanding
that your security software is only as strong as your last update. The user must be smart about
their computer security habits. Knowledge, common sense and good judgement are the best way
to stay safe.   

 

You Set up Messaging

Email, SMS (Short Message Service of text messages), MMS (Multimedia Message

Service), and instant messaging are all common ways people send messages to their

To their contacts using a smartphone. SMS and MMS will not need to be set up, but

You will need to connect your current email address and sign in to your instant messaging
client (if its supported by your smartphone) on your own.

To start sending and receiving emails on your Blackberry smartphone with an existing

Account , select the Setup menu and choose email settings. Select the option to create

Or add an email address and then choose Next. Accept the terms and conditions, pick

Your email provider from the list (or choose Other), and then type in your email address

And password. Choose Next and OK to finish the process. Note that it might take a

While (20 minutes or more) to start receiving emails.

If you use popular instant messaging clients, such as Google Talk, Windows Live, or

AOL, you can chat with your friends from your phone. First, download the mobile

Application from your smartphone’s application store, (such as iTunes, Blackberry

App World, Android Market, etc.) if the client is supported, and then use the same

Login and password you use for your desktop client to start chatting with your contacts.

Set up A Wi-Fi Connection

Your mobile service provider should connect your phone to the data network for you,

So you won’t need to learn how to set it up yourself. If your phone has Wi-Fi support,

however, you’ll want to set it up with your most commonly used wireless internet
connections, such as your home wireless network. To set up a Wi-Fi connection, go to
the Setup menu and select Set Up Wi-Fi. Select Next on the welcome screen, if
necessary . Select Scan for Networks to find available Wi-Fi connections and then
choose the network you want to connect to. Next, enter the WEP (Wireless Equivalency
Privacy ) security key if it’s required and then select the connect button.

Customize your Features

Add a new contact or calendar event. Open the Contacts or Calendar application and
Then select the green  plus sign (+) at the bottom. You can also press the Menu button
And choose New Contact or New (for Calendar).

Send a message to a contact. Open the contact’s information by selecting his name from

Your Contact’s list , Select the Menu button and choose which type of message you want

To send from the list of available options.

Turn GPS (global positioning system) on and off. From the Options Menu, select Advanced
Options and then GPS. Choose Location On to turn on your GPS capabilities

And E911 Only to turn it off.

Setup Wizard. Some Smartphones have a setup wizard that provides quick links to

Options , such as fonts and language preferences. It might also provide tutorials and

Other helpful information.

                     
12/22/11 - Ten years ago, the Operating System workhorses for US Government IT networks
were Windows for unclassified And Solaris for classified traffic. There were sprinklings of Novell
(due to its unique messaging system) and Mac OSx But there was no way a Systems
Administrator was going to be allowed to put Linux on any government operational network.
     

Government Mobile (Background)
       

The governments mobile platform has been RIM’s BlackBerry. This past decade they have
provided a stable environment with security measures to prevent outsiders from easily tapping
into communications; however; RIM couldn’t do much because they don’t have direct access to
the encrypted network their customers use. However, it has since come to Light that while
Blackberry may encrypt their network the first layer of encryption happens to use the same
key every-where meaning that should it be broken once (by a government or authorities) it can be
broken for any Blackberry. This has limited the Blackberry’s clearance level. This is the reason
the android devices (with the new kernel) can be secured at a higher clearance level than
Blackberry devices. They have Many characteristics that allow them to be groomed like
SELinux.
      

Since the White House Communications Office decided to move the executive branch from
Blackberry Devices to Android-based phones, the boys at NSA have now teamed up with
Google, NIST and members of The academic community to certify the android. The Department
of Defense has decided that Once the Android Kernel is sufficiently hardened and certified by
the agencies required, each member (from General to Private) will Soon be issued an android
phone as part of the standard equipment.
      

The androids sandboxed Java environment has similarities with what has already been created
with SELinux. Each individual having the same system will make it simpler to manage and track.
The ability to remotely locate And zero the systems will also eliminate the debacles that have
resulted in the past two decades of lost Laptops By everyone from FBI Agents to VA officials.
       

Google Security Benefit
        

Google will benefit from the security research relationship they now have with NSA, NIST and
the subject Matter experts working on this project from academia because the net is a virtual
battlefield and the Agency Has been fighting this battle for many years. As a work in progress,
the Linux based OS of the Android will also integrate mandatory access controls to enforce
the separation of information based on Confidentiality and integrity requirements.
      

This allows threats of tampering and bypassing of application security mechanisms to be
addressed and enables The confinement of damage (and compromise) that can be caused by
malicious or flawed applications. Using the System’s type enforcement and role-based access
control abstractions, it is possible to configure the android to Meet a wide range of security
needs which will be passed on to commercial users.
        

Locating a flawed application or process is the first step in trying to exploit it. Once you’ve found
a flaw, the Next step is to try to exploit it or connect to it. While bad apps do occasionally show
up in the Market, Google Removes them swiftly and they have the ability to remotely kill bad
apps on the customer phones.  The expertise Of the Intelligence community (NSA. GCHQ, etc)
will shore up Google’s proficiency. The security Relationships they now have will enhance user
protection against data sniffing and exploitation tools.
       

Android Market
       

Critics and experts claim free antivirus apps from the market miss nine out of ten potential
threats. The free apps guide users Through the capabilities of the apps detection abilities but,
many users don’t examine the potential they are getting. The paid apps Are able to scan and
detect about half of all installed threats but they are limited by the sandboxed environment.
On installation blocking, the Zoner app blocked 80% of malware, while free apps typically failed
to detect any infiltration. The Zoner app springs into action (as intended) to stop most infection
processes. The paid apps (AVG, Kaspersky, etc) blocked All malware from being installed,
even those not spotted with manual scans.
            

Zoner is a great app but (with the best outcome for the free apps), with Zoner AV scanning in real
-time as apps are installed, 20% of known threats slipped right through.  These free apps are
used by millions of people who have absolute confidence in The Android Market. Users should
be careful not to become complacent with proper security practices (avoid downloading Apps
from the seedier side of the net).
       

The paid solutions will stop all of the current threats from being installed. This is good for an
Android phone right out of the box. If a user has a unit that has been in use with no antivirus,
many previously-installed malware apps will be missed. Basically the user (Paying for the app)
is not going to be able to sweep their phones clear of malware.
      

Android User Security
       

The typical android user does not have the security research resources of the NSA available for
their personal Protection on the networks (with the communication protocols used by most
smart phones and tablets). Many users Are quick to adopt android antivirus (paid and free) apps
assuming they are receiving the same expertise available In the desktop market. They lack
the kind of low-level system access on mobile that desktop antivirus apps have had for years.
         

A new phone (should be backed up immediately for recovery operations) is better with a free
antivirus app than it is with none at all, but an infected Android (or smart phone) is not going to
benefit from a free security app (because most android malware will not be swept out) and will
probably be in trouble even with a paid security app (20% of malware gets through). Most of
these have trouble cleaning a phone which is already full of malware.
 

                     

Users Getting That New Droid
                  

The best way to stay safe on Android is to back up your android and just stick to established
apps from the official Android Market, Amazon Appstore or go straight to the paid security
vendor sight (such as AVG, Bulldog, Kaspersky. Etc) to avoid the most Serious Android
Malware threats in the wild.
                            

The user’s should stick to the official Android Market repositories, verified security vendor sights,
leave the ‘unknown Sources’ option disabled (in the ‘Android Settings)’ and always scrutinize the
security permissions and app requests.
                    

Remember, when an app is installed, the system will always display the permissions requested.
“SMS Trojans” Usually come in the form of a single app (like a website add-on) that asks for
permission to send and receive SMS messages. When the infected app is given permission to
access background processes, it also allows the Trojan to do the same. The Trojan then works
unrestricted behind the scenes to send messages.
                              

The Trojans typically are software apps the user installs willingly not knowing it is infected (from
third party sites With porno, pirated music, games, etc). When they are installed, initially the
user will be informed the app was not compatible, leading the user to believe the app did not
install… then it goes after the country code to retrieve the phone Number… they then text
premium rate numbers to rack up Charges for the unsuspecting user. They also employ this
Tactic for apps that include phone calling permissions; that could call premium rate numbers
without the users knowledge.
                      

The most dangerous threats have been detected on forums and third party sights pretending to
be well known apps. Users should proceed with caution on third party sights. By leaving the
‘Unknown Sources” option disabled in the ‘Android Settings” apps can not be side loaded
effectively, blocking malicious vendors.

This program, a rogue (or fake) application is itself the infection. It's designed to annoy and
scare you into going to whatever website it wants you to and give up your personal information
by purchasing this program.
         
Most anti-virus (AV) programs don't catch this type of infection due to the fact that it's not the
only infection on your system. There is usually another infection working in the background
trying to keep that infection hiding. I found 7 Backdoor infections (from 2-spyware.com) at work
with malwarebytes.
                            
Catch all of the infections that may be at work in your system with one of the automatic removal
tools below.