Fake AV and Black-Hole Exploit Kits

These cybercriminals, distributing fake antivirus applications, tweeted a link labeled "must-see"
from numerous compromised accounts and spam-bots. Followers who clicked on the links were
directed to a site infected with a fake antivirus program. Once installed, the program constantly
alerts users that their systems are infected and directs the users to pay to clean up their
systems. The next day, additional links using the Black-hole exploit kit infects the users'
systems with malware before automatically sending them to a site that is hosting another
scareware program called "Windows Antivirus Patch."

Legacy Social Network Attacks

Scammers (whose primary motivation is financial) also tricked users into installing a fake
application which promised to show them a list of people who had viewed their profile( a popular
lure used previously on Facebook and MySpace). The application did little more than tag the
victim's friends in a spam image in order to spread the fake application among their network and
serve them with surveys that generate affiliate cash for the scammer.

Twitter was also used as a platform to take advantage of users on Pinterest, a social networking
site which is rapidly gaining popularity. A spam campaign using the account "Pinterestdep"
claimed to be offering Visa® gift cards to users willing to provide their opinions about Pinterest.
Instead of being directed to a user feedback form, victims were sent to a site which required
them to complete up to 11 reward offers and to refer three friends to do so as well. Scammers
also took advantage of Tumblr users who mistakenly entered "Tublr" into their web browser
when attempting to access the popular micro-blogging site and redirected them to a message
that claimed the victim had been selected as a "daily winner." Like the scam on Pinterest, the
victim was then asked to fill out surveys or complete other offers in order to claim the prize.

Malicious tweets spreading rogue AV

Twitter users need to beware of Tweets with the '.tk' extension. These malicious Tweets harbor
spammed URL's which (once clicked) lead to a Russian web page pretending to be an official
Anti-Virus page notifying its victims about malware detected on their machines. This URL
executes a drive by download of rogue anti-virus programs into a victims system. The programs
distributed are related to the parasites associated with Winwebsec and FakeVimes.
Interestingly, these dangerous payloads not only target the Android platform but also attack
PC's.

Security Experts report that Twitter users have been tweeted with the URLs with the' .tk'
extension. Users clicking these links they are directed to googleapi17.ru/l(dot)php?
l=os&ampr=5519&ampa=29# which appears to be an Anti-virus Scanner . The malicious page
displays messages similar to this:

- Anit-Virus ScannerCheck your phone for viruses! Maybe Your phone is infected , and someone
has access to your personal information, such as photos, messages, call history, contacts,
history of sites visited, passwords to websites and more. Immediately start scanning for viruses!

A Multiplatform Infection

Depending on which system, PC or smartphone, a victim is on, he is encouraged to download a
repair file. Computer users are prompted to install VirusScanner.jar while smartphone users are
prompted to download VirusScanner.apk. Luckily, ' .jar' files do not function properly due to an
apparent syntax error. However, ' .apk' file can easily be installed on the smartphone and deliver
the rogue anti-virus into the target system ( reported as Trojan.Android.Generic.a).

In Conclusion

Cybercriminals have shown that they will launch Trojans, offer fake prizes and will send users to
malicious URLs in order to execute their plans, so users should avoid clicking on any
suspicious tweets. These attacks will keep evolving and they will keep coming. To avoid
malicious attacks, users should start using mobile anti-virus software (from certified vendors
such as AVG Mobilation, Bullguard, ESET Mobile, F-Secure, Kaspersky Mobile 9, Panda,
Norton, Trend Micro or Webroot).
                                      

                                               
Trying to look more trustworthy, Fake Advanced Security Center offers Firewall, Automatic
Updates, Antivirus Protection, Anti-phishing, Advanced Process Control, Autorun Manager,
Service Manager, All-in-one Suite, Quick Scan, Deep Scan, Custom Scan and other features
that in reality are fake. In addition, this program initiates fake scans that report about fake
viruses as well.

                                               
In order to now which one is virus, pay attention to these differences:

• Be sure that legal Fake Security Center won’t open by itself.
• Legal version of Fake Advanced Security Center never asks its users to purchase,
•  upgrade, subscribe or renew from its own interface while fake one pushes its victims to
•  purchase the license of other, specific rogue security software that is usually installed
•  earlier.
• Pay attention to grammar errors or bugs.
• Real Security Center is not antivirus scanner. Microsoft has single antivirus scanner –
• Microsoft Security Essentials, though it might recommend other, non-Microsoft choices
•  as well.

While trying to remove Fake Advanced Security Center, you may find that your legitimate
software is killed. So, use these tips to avoid any inconvenience:

• Reboot infected PC to Safe Mode with Networking and scan with reputable anti-spyware,
•  like AVG Antivir 2012, Spyware Doctor 2012 or Kaspersky Internet Security 2012. Of
• course, don’t forget to scan your PC one more time when on normal mode as well!
• Download the anti-spyware program to another computer that is perfectly clean. In
•  addition, rename its executable file and transfer the program with the help of a
• memory stick,
•  smartphone or simple CD.

Fast moving mobile phone development has made Open Source software development a popular
approach. One particular reason for the popularity of open-source in organizations is that it has
been proven to cut costs. The value of this development methodology is not just the design of
the software but the marketing opportunity it provides to organizations and individuals. Open
source platforms are provided by Google (Android), and Apple (iPhone).
                                     

The open source model allows much greater creativity as it differs from the more corporate
centralized development models that have been used to date (BlackBerry is an example). The
essence of open source is public collaboration which results with a peer production
development of open source software in particular in the mobile phone software industry.
                                  

Fast Development
                                   

The open source community is developing very fast these days, galvanized by mobile phone
developers. Open source software development however, does have potential security risks both
for corporations and individuals. Too often the open source communities that offer their software
for free don't appear to be as mindful of security practices as their commercial counterparts,
which charge for software and support.
                         

New prospects for social engineering, such as figuring out when you are away from your home
for crime purposes (sites like PleaseRobMe.com) do just this. Of the same ilk, facial
recognition technology and the tagging of users in photos on social media sites blur the work-
home boundaries even more. For example, police officers have already come under attack, after
their identities were breached by social media and facial recognition technology.
                           

Near Field Contact
                                  

NFC (Near Field Contact) technology is an interesting example of innovative technology that
aims to deliver convenience for consumers. However, it will introduce a new dimension of
challenges for security professionals making mobile devices much more interesting as a target
to steal money. There is a push to build NFC technology into mobile devices, enabling users to
make payments or pass on personal information with a simple swipe of a mobile device over a
reader. This will further transform the smartphone into the single device from which most
aspects of your life are driven making it even more attractive to cybercriminals.
                       

Third Party Applications
                                  

Mobile devices are also starting to define their architectures based on modern working practices
- BlackBerry (for example), has introduced a feature which provides two isolated working
environments on the same device (sandboxing), allowing you to separate work and play data.
Even those with a strong security reputation like BlackBerry have been victims (of exploitation
and breaches) too. While malware attacks for mobile devices are undoubtedly different, they are
still entirely possible.
                          

There are those that believe that the open source nature of Linux (for example) provides a
primary vehicle for making security vulnerabilities easier to identify and fix. The main advantage
here is that the community can review the source code and make the code more secure, which
in turn facilitates potential security best practices. Users and time will decide whether this is
actually the case. The advent of social websites such as Facebook, MySpace and Twitter have
led to a surge in third party application development for desktops, laptops, tablets and
smartphones.
                             

Facebook & Third Party
                                  

Facebook, the fastest growing of these social websites allows publishers to develop third party
applications to improve the Facebook experience. Closer inspection of most third party
applications reveal to the users that they all require your 'login and password' details. It appears
that most Facebook users don't believe this is a risk to their identity. Maybe it isn't, but how do
you manage the risk of your 'login and password' details falling into the hands of a
cybercriminal? The major risk is if you are paying for third party software, the software might
steal your financial login data as well as installing malicious software on your smartphone. The
final infiltration will occur (as the last security flaw) when the mobile user connects to their PC
via either Bluetooth or USB, and you receive a cross platform infection from the third party
software to your PC. There are no instances I know of where this has happened yet, but in time
this attack vector will surely appear.
                               

In Conclusion
                                  

It is the development of open source software that may well lead to these security issues and
many others to be discovered. New functionality breeds fresh opportunities for the bad guys.
New features like augmented reality, facial recognition and integrated social media could leave
users open to new kinds of abuse. Augmented reality, for example, connects location
information with a user's social media "friends", enabling them to identify digital contacts
nearby. We will find out in the coming years whether open source software development has
opened up a security hornets nest. Users meanwhile, need to embrace the Security Suites
offered by companies like Bullguard, Kaspersky Mobile 9, ESET, Panda, AVG, Trend Micro,
Webroot, F-Secure, Norton, etc. to lock down their systems.

The Signals Intelligence community has a discipline which is called Radio Direction Finding.
Basically, if you can determine the strongest point of a signal from a fixed position, you have
obtained what is known as a Line Of Bearing (LOB). If you can determine the strongest point of
a signal from two fixed positions resulting in an intersection, you have obtained what is known
as a cut (usually a fixed point within a couple of grids of the actual transmitter). If you can
determine the strongest point of a signal from three or more fixed positions (triangulation), you
have obtained what we call a fix (unusually a location between ten feet to a grid). A fix is
generally actionable intelligence which (guided by collateral information) can result in the
deployment of ground or air assets for the capture, disabling or destruction of the target
transmitter.
                            

This battle field discipline is now being employed by governments, intelligence, law enforcement,
and mobile communications companies against organizations and individuals within the
commercial environment. The FCC, government Intelligence, commercial, and mobile
companies can fix you in a room in a particular building. Most people do not realize their
communications device is also a tracking device. There are many entities who can obtain a fix
on your mobile.

Location Tracking

The future is mobile, in fact so much more so that anyone could have imagined. There are more
mobile handsets (1.05 billion in 2008) in the world than computers (1 billion in 2008) however
smartphones only account for 13% of the global market .
                       

Mobile phone tracking is not a new concept. In fact mobile phones have been tracked by the
mobile phone organizations using cellular triangulation, EMEI (handset identification) and IMSI
(SIM card identification) numbers and GPS since the advent of the second generation mobile
cellular network. In recent times this has also included Wi-Fi, where GSM or GPS is not
available. Lets take a look at some of the deveopments of the three primary location based
tracking methods used in the US.

                  
The Methods

                  
There are three basic tracking methods. The first tracking method involves the network. Tracking
is achieved through either cell identification (using EMEI and/or IMSI identification) or the most
accurate - triangulation. Another deciding factor regarding network accuracy is the dependence
on the concentration of cellular base stations, with urban areas usually achieving the highest
concentration.
                       

The second tracking method is Mobile based. This involves installation of client software on the
mobile phone to determine its location. This current technique involves a number of
computations on the mobile, which include cell identification and signal strength. The mobile will
also check whether it has a GPS module installed. The location data of the mobile is then sent
to a location server. This approach more or less only works on the latest of smartphones, i.e.
Symbian S60, Windows Mobile, iPhone and Google Android operating systems.
                       

The final tracking method is the Hybrid based approach. This uses a combination of the network
and mobile approach for location determination, referred to in mobile circles as Assisted GPS,
which means it uses both GPS and network information to calculate the cellular location.
Basically, you can see how this approach is the most accurate of the three. This approach is
what is leading some marketing agencies and Cybercriminals to believe that this may well lead
to quite different but financial rewarding opportunities.
                           

Google Latitude
                          

Google (for obvious reasons) is one of the pioneers of mobile triangulation, (or shall we say
mobile phone tracking as can be seen with Google Maps). Google Latitude, however, is one of
their more recent innovations and looks most interesting of all (it doesn't require any GPS
technology). Simply put, Latitude works by checking Google Maps on a phone and looks for
your best contact, and assuming their mobile phone is switched on, it locates your contact at
home. It doesn't use mobile triangulation, which would be a major privacy concern for most
users.
                      

So in this event, the actual threat from eavesdroppers , proximity marketers and crackers is
minimal for now. Of course most people suspect Google will want to cooperate with the mobile
phone operators. If they decide to go down this road in the not to distant future, users are
advised to prepare to protect themselves. In which case there is a real possibility, Google will
know all they need to about the individual.
                             

Google Search for mobile is very popular and if you have not noticed this also comes with a My
Location option. By default this is off (this is an opt-in, not double opt-in which is a shame), but
if you want to have this on, it will locate your mobile phone using triangulation. It's not overly
intrusive, however, if the end-user is unaware of how or where there location data might go, it
might just end up being a privacy issue.
                        

A good example of My Location tracking your every step is when a mobile user is wandering
around a city, just be pressing update on your phone. Google will provide with search listing, for
local businesses and other relevant venues. This is an excellent example of how tracking
technology helps you find yourself in the digital world. Google has to keep people in position to
see advertising (and they are not alone in this thinking either - for obvious financial reasons), so
it needs to make sure users use its Web services anytime, anywhere.
                 

Third Party Software
                   

The main threat is that many of the users of the billions of mobiles in use today do not utilize
any third party security to lock their systems down. The reality is that users need to find and
implement third party security expertise to brace their systems for the commercial intrusions
and malware attacks about to be unleashed on the community.

Interestingly, when you walk into a Walmart, Target, Kmart or Mall, most consumers do not
notice that the layout of the retail products is constantly changing. Depending on the season
holiday or buying trends, the management seems to constantly be in a state of change when it
comes to the priorities of what their patrons are looking for and purchasing. Some may believe
this is based exclusively on experience (when it comes to the shoppers habits). The information
brokers will not tell you that this is just another battle ground for your digital lives (your bank
details, work, friends, family, etc.). The handheld device you have in your purse or wallet
features connectivity and constant access to the biggest repository of mankind's knowledge,
and more computing power than the NASA control room for the first moon landing.
                       

Their collection efforts have already allowed crackers and criminals access to consumers credit
card information based on proximity to cards that are not in a protected enclosure. You can
walk by a cracker with the requisite equipment in a common area (retail store, mall, airport) and
they can obtain all of the information they need to replicate your credit card without you
presenting the card. Your mobile knows where you are, where you are supposed to be and who
you should be talking to. We can now instantly connect our real lives to digital information -
purchasing tickets, sharing business data or connecting with friends who happen to be nearby.
                 

Tracking Service
                        

There is a growing trend towards using location based tracking (or what you call a mobile
tracking service) within the retail sector. Customers in shopping centers are being tracked by
clever tracking solutions that listen to signals from their mobile phones. This behavior tracking is
basically illegal for the federal government to employ but it is a burgeoning market for retailers.
While many of us naturally worry about traditional attacks like malware and phishing on these
new devices (and without doubt these issues do exist), new functionality breeds fresh
opportunities for the bad guys.
                    

The technology developed allows shopping center managers and owners, airport and railway
station managers, convention centers, museums and art galleries to understand the way that
customers and passengers flow through their buildings and purchase products. You see
evidence of these company capabilities all over the world. Researchers have proven through
surveys that eighty (80%) percent of mobile users keep their systems on at all times. This
makes mobiles prime targets for retailers and crackers.
                       

The monitoring system basically consists of a number of discreet monitoring units (small boxes
on walls) installed throughout a facility calculating the movement of consumers without the
shopper or patron being required to wear or carry any special equipment. The units measure
signals from consumers mobile phones (smartphones) using a unique technology that can
locate a consumers position to within one to two meters. This is a lot more accurate than the
triangulation technology used by cellular providers (the government and law enforcement). The
units then feed this data (24 hours a day 7 days a week) to a processing center where the data
is audited and analyzed using sophisticated statistical analysis to create continuously updated
information on the flow of shoppers in a center or passengers moving through an airport.
                      

Push Advertising
                   

There is also a company that uses a similar technology that can be employed for zone based,
push advertising (and family/friend finder applications). The push advertising targets your mobile
based on you being present in a particular area, but the family/friend finder application digs a bit
deeper (actually accessing a users contact listings). This information harvesting technology
actually allows mobile advertisers to dynamically define target areas or zones (such as malls or
shopping centers) with a geographic fence and then run ad campaigns by sending messages to
subscribers located within the geo-zone.
                    

There is a push to build NFC technology into mobile devices, enabling users to make payments
or pass on personal information with a simple swipe of a mobile device over a reader. This will
further transform the mobile into the single device from which most aspects of your life are
driven making it even more attractive to cyber criminals.

               
System Accuracy
                   

There is of course the issue of how accurate these systems are given that mobile phones send
infrequent synchronization pulses (normally every two hours mobile phones send out a Periodic
Location Update), rather than continuous signals. Mobile phones primarily do this to save power
and then there is the small matter of signal fading which isn't highlighted much these days when
the subject of mobile phone tracking arises.
                  

Only a few years ago enterprises wanted to block social media sites and non-standard,
unmanaged devices. Now we are all consciously trying to embrace these technologies; look at
the number of organizations with teams of people entirely focused on using social media as a
channel to market. A stark contrast to years previous, these changes in technology and
business expectations mean a new attitude is needed to information security. Embrace or die.
This change of attitude also impacts the future of mobile security and applications - the default
answer to new technology is becoming yes rather than no.
                            

New Technology
                   

(Mobile applications, the browser and fat clients). Mobile devices too have been quite disruptive
to the technology used to produce applications. Over the past few years browser-based
applications have been challenging the traditional fat client. This is primarily due to their cross
platform capabilities and the fact that they can be accessed from anywhere (or any device).
Local mobile applications are now extremely numerous, spurred on by rapid application
development frameworks - it's easy to write an app, which is why you can find an app for
anything. These applications can also contain vulnerabilities and there is significant evidence
that even basic legacy security best practice is often not applied, for example, passwords or
user data are often poorly encrypted (if at all). Fat clients and browser clients often provided
secure APIs and services for these functions, which, after years of pain, many are now using
(although far from ubiquitous) . Mobile OS's increasingly do too developers, as yet, are not
consistently using them. Due to a lack of transparency, it is unclear how comprehensive
application quality checks like Apple's actually are. The so called "walled garden" claims to
keep bad applications out - but in many cases application security seems to let the side down.
                       

In Conclusion
                  

If the companies who offer the Location Based Service have access to mobile phone data
through the mobile phone operators, then yes it is feasible that even with a unique identifier (not
an IMEI (unique cell id) or IMSI (sim card)) they will indeed be able to learn a lot of information
about individuals. Governments and Cybercrime Organizations (who can afford the equipment)
can access your system as long as it has power provided (this is another conversation
altogether). If you want to avoid the casual cracker or you are worried about retailers tracking
your mobile, your best bet is to just switch it completely off when you go shopping. Human
behavior has noted (and surveys have proven) that eighty percent of the individuals in
commercial and shopping centers have their mobile phones on always. This is what has caught
the eye of retailers and managers with proximity marketing and made it a target of potential for
cybercriminals (an exploit of opportunity).

malicious software, and it can come bundled with other types of malware which comes with
compromised downloads. It is almost impossible to search with google when you’re infected with
this virus.

Kaspersky offers TDSSKiller. This utility does find the infection and kill all malicious DLL's.

remove it. Please DO NOT try manual removal if you are not an advanced MAC user extremely

       

 Norton Mac Products.

Modern mobile platforms tend to include capabilities like sandboxing technology which can
isolate applications. The access control and permission systems have undergone drastic
changes from the typical operating systems. Rather than a permissions system which is based
on access to arbitrary items like registry keys, they instead focus on more human access
permissions, such as whether an application needs to access your location data or SMS
messages.
                           

The mobile phone features which have been at most risk are text messaging (using social
engineering), contacts lists, video and buffer overflows. GSM, GPS, Bluetooth, MMS and SMS
have indeed been the attack vectors. The Malware trend has continued to show an upward
trend, but that doesn't mean the Malware is actually a real threat to mobile phones. The
important point to note here is that mobile phones are trying to avoid the same security
problems currently plaguing PCs.
                                 

Attack Vector Options
                            

Bluetooth requires the user to accept the incoming message, so this attack vector is less of a
threat. The GSM and GPS risks are predominantly associated with tracking your mobile
movement, using triangulation. Most users currently appear to be happy or unaware of what and
where data from their mobile phones actually goes. There is also a threat that spyware might
also be installed to collect stealthy mobile phone tracking data.
                           

The major attack vectors is therefore probably via SMS, MMS or mobile email client. All three
attack vectors involve attempting to find ways to steal mobile phone data such as contacts and
sensitive financial data by installing third party behavioral monitoring applications, malware and
tracking solutions by sending the user an email with a hyperlink to a website. The user is then
asked to download the third-party application which unbeknown to them may contain malware
or spyware which monitors every website they visit, installs malicious malware and monitors
which advertisements users click on.
                            

Different Architecture For A Different Time
                               

Mobile devices are not just a smaller version of the traditional PC, even though they increasingly
perform an identical set of tasks. The underlying operating systems, from Symbian, Android,
iOS and Windows Mobile, are built fundamentally differently to PCs and manufacturers have
introduced new concepts based on lessons learned from traditional operating systems over
many years of computing.
                             

To understand the mobile threat, you will first need to identify the prominent mobile platform
which in this case is currently Symbian. Remember that Symbian is not open source software,
so the actual threat of malware attack is relatively small. Open Source software application
development is one of the fastest mobile growth areas at the moment (thanks in part to the
iPhone which galvanized the smartphone industry). This has signified a major expansion for
cyber criminals, from attacking just PCs, to attacking smartphones and tablets, especially
devices that use open-source software like the Android and Linux.
                              

Legacy Symbian Attack
                         

The Symbian OS has a program called Symbian Signed which digitally signs applications that
meet the approval of Symbian. The systems under attack used Symbian along with the services
of Finnish anti-virus vendor F-Secure in order to scan applications for malware. This system was
abused by a cracker when Symbian actually signed programs (Sexy view and Sexy space ...
both worms) after the publisher used the express signing procedure on Symbian where most
applications are (software) analyzed rather than checked by humans to find out if malware was
present.
                                

In this particular instance the following day the signing was revoked both for the content
certificate and the publisher certificate. If Symbian mobile users had downloaded the Sexy
applications and the revocation checking was turned on then the Symbian installer would not
have installed the rogue malware application. (Of note). This clearly shows the signing process
does work, but also highlights that the Symbian signing authority does indeed have a
gatekeeper with the digital signature or certificate signing process in place as well as guarding
against publisher abuse and the threat of malicious tracking and malware installation.
                                        

The signing authority not only signs the applications but it also uses a mobile phone browser to
ensure authenticity of the signature or certificate (this doesn't appear to happen with all
Symbian applications though). As with the Sexy applications incident, the certificate and
signature was revoked, showing that the signing authority did indeed appear to work.
                                 

Another company that operates a certification process is Apple with the iTunes App store (which
has billions of downloads). Apple retains control over all applications it allows onto its platform.
Users can only access the App Store and download or purchase apps using iTunes. Developers
must also submit apps to Apple for review and approval before Apple publishes them. There are
of course ways around everything and Apple developers have setup a rival app store called
Cydia, however iPhone users will have to jailbreak their phone - this process involves hacking
the system and circumventing controls put in place by Apple.
                                  

Malware, Cracking And Phishing
                                     

There have of course been examples of malicious code for a variety of platforms but this is
minimal (two hundred different signatures have appeared in five years, (between 2004 and 2009)
compared to over 200,000 PC malware strains per month) when compared to that targeting the
conventional PC. Android, in particular, has suffered more attacks from malicious code due to
its more open application market, although even those with a strong security reputation like
BlackBerry have been victims too. While malware attacks for mobile devices are undoubtedly
different )from PC attacks) they are still entirely possible.
                                 

Mobile malware seen to date includes fake internet banking applications which steal your
credentials and your money, and in some cases your authentication token code sent by a bank
via SMS.
                                       

Many assume the smartphones and tablets are eminently secure because they have never
experienced malware. The reality is that until recently most of us were not placing data on
these devices that was worth stealing. Now that these devices contain valuable assets (as
increasingly we use the device as a part-time replacement for the PC) the bad guys are paying
attention. We are seeing a significant increase in the volume of malware targeting these
devices. Anti-virus are available (through companies like Bullguard, Kaspersky Mobile 9, ESET,
Panda, AVG, Trend Micro, Webroot, F-Secure, Norton, etc.) and important, though the defense
technologies work differently to the PC - focusing more on reputation and behavior rather than
traditional content security.
                                   

In Conclusion
                                                   

PC malware infects a PC silently and stealthily, whereas most mobile malware requires the
mobile phone user to confirm that the user wants to install it (you can refer to this as a Trojan
for example). This malware model (which is the primary one in circulation to date), assumes
that the mobile phone doesn't have any security controls. The main threat is that many of the
billions of mobiles in use today do not utilize any third party security to lock their systems
down. The reality is that users need to find and implement third party security expertise to
brace their systems for the malware attacks about to be unleashed by the cybercriminal
community.

Modern mobile platforms tend to include capabilities like sandboxing technology which can
isolate applications. The access control and permission systems have undergone drastic
changes from the typical operating systems. Rather than a permissions system which is based
on access to arbitrary items like registry keys, they instead focus on more human access
permissions, such as whether an application needs to access your location data or SMS
messages.
                    

The mobile phone features which have been at most risk are text messaging (using social
engineering), contacts lists, video and buffer overflows. GSM, GPS, Bluetooth, MMS and SMS
have indeed been the attack vectors. The Malware trend has continued to show an upward
trend, but that doesn't mean the Malware is actually a real threat to mobile phones. The
important point to note here is that mobile phones are trying to avoid the same security
problems currently plaguing PCs.
                      

Attack Vector Options

                 
Bluetooth requires the user to accept the incoming message, so this attack vector is less of a
threat. The GSM and GPS risks are predominantly associated with tracking your mobile
movement, using triangulation. Most users currently appear to be happy or unaware of what and
where data from their mobile phones actually goes. There is also a threat that spyware might
also be installed to collect stealthy mobile phone tracking data.
                                

The major attack vectors is therefore probably via SMS, MMS or mobile email client. All three
attack vectors involve attempting to find ways to steal mobile phone data such as contacts and
sensitive financial data by installing third party behavioral monitoring applications, malware and
tracking solutions by sending the user an email with a hyperlink to a website. The user is then
asked to download the third-party application which unbeknown to them may contain malware
or spyware which monitors every website they visit, installs malicious malware and monitors
which advertisements users click on.
                       

Different Architecture For A Different Time
                       

Mobile devices are not just a smaller version of the traditional PC, even though they increasingly
perform an identical set of tasks. The underlying operating systems, from Symbian, Android,
iOS and Windows Mobile, are built fundamentally differently to PCs and manufacturers have
introduced new concepts based on lessons learned from traditional operating systems over
many years of computing.
                           

To understand the mobile threat, you will first need to identify the prominent mobile platform
which in this case is currently Symbian. Remember that Symbian is not open source software,
so the actual threat of malware attack is relatively small. Open Source software application
development is one of the fastest mobile growth areas at the moment (thanks in part to the
iPhone which galvanized the smartphone industry). This has signified a major expansion for
cyber criminals, from attacking just PCs, to attacking smartphones and tablets, especially
devices that use open-source software like the Android and Linux.
                    

Legacy Symbian Attack
                   

The Symbian OS has a program called Symbian Signed which digitally signs applications that
meet the approval of Symbian. The systems under attack used Symbian along with the services
of Finnish anti-virus vendor F-Secure in order to scan applications for malware. This system was
abused by a cracker when Symbian actually signed programs (Sexy view and Sexy space ...
both worms) after the publisher used the express signing procedure on Symbian where most
applications are (software) analyzed rather than checked by humans to find out if malware was
present.
                                   

In this particular instance the following day the signing was revoked both for the content
certificate and the publisher certificate. If Symbian mobile users had downloaded the Sexy
applications and the revocation checking was turned on then the Symbian installer would not
have installed the rogue malware application. (Of note). This clearly shows the signing process
does work, but also highlights that the Symbian signing authority does indeed have a
gatekeeper with the digital signature or certificate signing process in place as well as guarding
against publisher abuse and the threat of malicious tracking and malware installation.
                            

The signing authority not only signs the applications but it also uses a mobile phone browser to
ensure authenticity of the signature or certificate (this doesn't appear to happen with all
Symbian applications though). As with the Sexy applications incident, the certificate and
signature was revoked, showing that the signing authority did indeed appear to work.
                               

Another company that operates a certification process is Apple with the iTunes App store (which
has billions of downloads). Apple retains control over all applications it allows onto its platform.
Users can only access the App Store and download or purchase apps using iTunes. Developers
must also submit apps to Apple for review and approval before Apple publishes them. There are
of course ways around everything and Apple developers have setup a rival app store called
Cydia, however iPhone users will have to jailbreak their phone - this process involves hacking
the system and circumventing controls put in place by Apple.
            

Malware, Cracking And Phishing
                              

There have of course been examples of malicious code for a variety of platforms but this is
minimal (two hundred different signatures have appeared in five years, (between 2004 and 2009)
compared to over 200,000 PC malware strains per month) when compared to that targeting the
conventional PC. Android, in particular, has suffered more attacks from malicious code due to
its more open application market, although even those with a strong security reputation like
BlackBerry have been victims too. While malware attacks for mobile devices are undoubtedly
different )from PC attacks) they are still entirely possible.
                               

Mobile malware seen to date includes fake internet banking applications which steal your
credentials and your money, and in some cases your authentication token code sent by a bank
via SMS.
                       

Many assume the smartphones and tablets are eminently secure because they have never
experienced malware. The reality is that until recently most of us were not placing data on
these devices that was worth stealing. Now that these devices contain valuable assets (as
increasingly we use the device as a part-time replacement for the PC) the bad guys are paying
attention. We are seeing a significant increase in the volume of malware targeting these
devices. Anti-virus are available (through companies like Bullguard, Kaspersky Mobile 9, ESET,
Panda, AVG, Trend Micro, Webroot, F-Secure, Norton, etc.) and important, though the defense
technologies work differently to the PC - focusing more on reputation and behavior rather than
traditional content security.
                            

In Conclusion
                                 

       

                              
Computers have become essential in the daily lives of most children. School, games, and social
networking sites keep most children online constantly. Excessive amounts of time online,
online activity at unusual times of the day and chat rooms are just some examples the need for
parents to learn the best approaches for management of Internet usage. It seems difficult to
control what your child sees online or to set guidelines for how often your child uses the
computer, but parental controls are available to help make your job as a parent easier.

                                          
If you want to learn how to set time limits for computer usage and control what games and
programs your child can use (Facebook, YouTube, MySpace, etc), then follow along, and I'll
show you what each feature does and how to personalize it for individual accounts.

                            
Shutting The Illicit Activity Door
                              

You have probably set up a user account for your self that has administrator status, but if you
haven't, do so now. Click 'Start', open the 'Control Panel', and click 'User Accounts' and 'Family
Safety'. 'User Accounts, Manage Another Account, and Create A New Account. From here, you
can create a new user account and set it to Administrator, Click 'Create Account. Moving
forward, make sure you are logged in to the Administrator account so you have the ability to
customize settings for Standard accounts.

Next. Go back to the User Accounts And Family Safety page and click Parental Controls. Click
Create A New User Account and set up accounts for each child you want to be able to monitor.
Each new account will automatically appear as a Standard user and can be set up to have
passwords attached to them. Give each account a password to ensure that the accounts stay
separate and so that the settings applied to each one will fit the user that has access to it.

Each account will allow the user to personalize the Desktop and adjust settings that aren't
controlled by the administrator. This lets the user load his account without having to change his
settings each time he logs in.

                 
Locking Out Illicit Activity

                   
When all of the necessary accounts have been created, you'll be ready to customize the
parental controls for each one. Click the account that you want to apply settings to and then
select On. Enforce Current Settings under Parental Controls once you've activated the controls
you'll be able to change the settings below Windows Setting by clicking Time Limits, Games, or
Allow And Block Specific Programs.

                        
Start by clicking Time Limits. In the resulting chart, you can set time limits for specific days of
the week by clicking and dragging the mouse cursor over those days and times. This lets you
control the time periods in which the child will be allowed to use the computer. For instance, if
you don't want your child to access the computer between the hours of 5 pm and 8 pm on
Monday through Friday, click the box that corresponds to Monday at 5 pm and drag your
mouse down to Friday and over to 8pm. The time you have blocked will appear in blue. Click OK
to save your changes.

                             
After you've set time limits, you can move on to the next setting: Games. You can decide
whether to allow the account to play games and, if you allow it, select the ratings (based on the
ESRB (Entertainment Software Rating Board) system) that are suitable for the user. You can
also block games that have certain types of content, such as alcohol references, language, or
violence. The final steps for this setting are to click Block or Allow specific games, fun down the
list of installed games, and block or allow them separately. If a game doesn't show up on the
list, it can be added manually.

                                   
You can also adjust settings that control access to the programs on the computer by clicking
Allow And Block Specific Programs, or, as with the Games settings, select individual ones.
This is a good way to make sure the child is only using the programs that you approve of, and
it's also a good safety net to ensure that the child doesn't accidentally access and alter any
sensitive files that may be on the computer, such as Quicken files.

                            
You can adjust these settings any time, but only if you are logged in as the administrator. The
settings you configure will go into effect as soon as the user logs in to his account.

                     
Parental Controls Add-Ons

                     
So, you're done setting up parental controls, and you realize that there were no settings
specifically for Internet usage. Luckily, you can visit Microsoft's Web site (www.microsoft.com)
and install Windows Live Family Safety free. It is offered as a standalone program or included
with an entire suite of applications called Windows Live Essentials. Windows Live Family Safety
sets you set Internet parameters for individual accounts similar to how the parental controls are
set. One of the most helpful features it has to offer is the ability to monitor computer and
Internet usage when you are on a different computer or away form home. To download the
Windows Live Essentials suite, go to tinyurl.com/2djztl2. To download Windows Live Family
Safety for just the parental control add-on, visit tinyurl.com/y8qs7rt.

                                                   
Once downloaded and installed, you can access the program by going back to Parental Controls
section of the Control Panel. Under Additional Controls, select a provider from the drop-down
menu (in this case, Windows Live Family Safety should be selected). Now you will be ready to
set up the Internet monitoring features that the program has to offer.

                        
Start by selecting the account you want to make changes to; you will be asked to sign in using
a Windows Live ID. (if you have a Hotmail, Messenger, or Xbox LIVE account, you can sign in
with that, but if not, you can easily create a Live ID from this screen.) On the next screen,
select the Monitor Account checkboxes next to the accounts you want to monitor using Family
Safety. Click Next, On the next screen, you must match the Windows accounts with the name
of the Family Safety members and then click Save. Now, you can specify the settings for each
account.

                     
Select an account and click Windows Live Family Safety under More Settings you are sent to
a Web site where you can sign in and access the settings you want to customize. Click Web
Filtering and add Web sites that you want to be allowed or blocked; Activity Reports to see
what Web sites the account has visited, what games have been played, and how much time
was spent on the computer; Contact Management to manage the account's contacts; or
Requests to approve or deny Web site and contact requests that the of the account has made.
From this screen, you can repeat this process for each account by selecting the account name
under Family Members; you will be able to save your changes made to each account before
signing out.

                           
Third Party Alternatives

                                      
There are many third party software applications available which are dedicated to keeping the
internet safe for families. Cyber Patrol, Net Nanny, and Safeeyes are a few such programs
available (with licensing for 3 PCs) to keep cyber bullies, online predators and scammers away
from your children.

                            
Putting It All Together

                            
By combining the parental control settings built into Windows 7 with the optional Windows Live
Family Safety settings, you can oversee almost all of the computer activities of your children.
From games to Internet usage, you can have peace of mind knowing that your family can safely
use the computer with just the right amount of freedom.
                            
   

                         
Happily redirect virus does affect Macs too. First thing you need to do is to update Java as this
virus uses Java to infect Mac and PC computers. It will be a hard tast to remove this infection
as it is used with zeroaccess malware, which is one of the worst malware ever made to the
computer system. you will need special tool to remove Happily redirect.
                
Here are removal options for PC users:
                         
Symantec offers ZeroAccess Fix Tool. This tool can detect and remove the infection, but it might
not work with Happili redirect virus and other patest variants
                    
Kaspersky offers TDSSKiller. This utility does find the infection and kill all malicious DLL.
                
Webroot has developed its own tool to remove special viruses like this. 
       
After using any of tools mentioned above, you need to scan your system with reputable anti
-spyware software, like the automatic removal tools listed below to remove this infection. 
                    
Removal instructions for MAC users:
                  
First, you MUST update JAVA. The Java security update removes the most common variants of
the Flashback malware. Apple support provides this information.
                                                     
F-secure developed flashback removal tool which can identify the Happily redirect virus and
remove it. Please DO NOT try manual removal if you are not an advanced MAC user extremely 
familiar with the system. 
                             
When a computer is infected with Hapili redirect virus, the user is taken to a website which is not
the link that was shown when clickin on google search results. These redirected pages might
infect your PC even more. The only way to stop this browser hijacker is to stop it from executing
and removing it from your system. Detailed information is available with an article titled "What To
Do When Google/Yahoo/Bing results are redirecting". To remove it you have to run a full system
scan with a reputable anti-spyware software (Mac versions of Kaspersky, Norton, Trrend Micro,
ESET and Panda are available for download). That will fix Hapily redirect
                                                          
     

• %System%\winmm.dll
• %System%\secur32.dll
• %System%\compres.dll
• %System%\apphelp.dll

Backdoor.Winnti connects to these domains through http or https and opens backdoors for
hackers:

• lp.apanku.com
• ad.jcrsoft.com
• rh.jcrsoft.com
• bot.timewalk.me
• b0t.meibu.com

Here are the action lists of what this malicious Trojan can perform on a compromised computer:

• Create files
• Inject processes with malicious payloads
• Set up drivers and services
• list, add, delete, and change user accounts 
• Stop the Windows firewall 
• Provide shell access on the compromised computer 
• Create and manage a proxy server with ZXSocs Proxy v1.2 
• Uninstall itself 
• Send system information to the remote attacker, including: 
  • OS
  • List CD ROM, remote, fixed, and removable drives
  • Current display mode
  • Number of processors
  • System directory
  • Uptime
  • Current user
  • Host name
  • Organization
  • Owner
  • Product ID 
  • Amount of RAM 
  • CPU

Please use one of the automatic removal tools listed below to eradicate this parasite.
                 
     

Trojan.Cleaman hides in files called “dplayx.dll” and “dplaysvr.exe”, which include nonmalicious
and legitimate files, so that it won’t be seen on an infected machine. Also, it attaches itself to
following Windows API’s:

• ntdll.NtResumeThread
• ntdll.NtEnumerateValueKey
• ntdll.NtQuerySystemInformation
• ntdll.LdrLoadDll
• kernel32.FindFirstFileA
• kernel32.FindNextFileA
• kernel32.FindFirstFileW
• kernel32.FindNextFileW
• ws2_32.connect

Trojan.Cleaman checks every requested domain, and if it finds out that the domain is a search
engine from the list below, it redirects browser traffic to a different IP.

• www.google.com
• www.bing.com
• search.yahoo.com

This threat also contacts these IP’s:

• 66.85.153.132
• 94.63.147.17

Please use one of the automatic removal tools listed below to locate and eradicate this parasite
as soon as possible.
                                                 
     

Backdoor.Barkiofork characteristically, is known to download and execute remote files, and it
uploads system information (OS version, username, disk space and CPU version). Please use
one of the automatic removal tools listed below to eradicate this parasite from your system as
soon as possible.
                          
     

Fast moving mobile phone development has made Open Source software development a popular
approach. One particular reason for the popularity of open-source in organizations is that it has
been proven to cut costs. The value of this development methodology is not just the design of the
software but the marketing opportunity it provides to organizations and individuals. Open source
platforms are provided by Google (Android), Palm (GNU/Linux), Nokia (Maemo) and Apple
(iPhone).

                                 
The open source model allows much greater creativity as it differs from the more corporate
centralized development models that have been used to date (BlackBerry is an example). The
essence of open source is public collaboration which results with a peer production development
of open source software in particular in the mobile phone software industry.
                 

Fast Development

                    
The open source community is developing very fast these days, galvanized by mobile phone
developers. Open source software development however, does have potential security risks both
for corporations and individuals. Too often the open source communities that offer their software
for free don't appear to be as mindful of security practices as their commercial counterparts,
which charge for software and support.
                     

New prospects for social engineering, such as figuring out when you are away from your home for
crime purposes (sites like PleaseRobMe.com) do just this. Of the same ilk, facial recognition
technology and the tagging of users in photos on social media sites blur the work-home
boundaries even more. For example, police officers have already come under attack, after their
identities were breached by social media and facial recognition technology.
                 

Near Field Contact
                   

NFC (Near Field Contact) technology is an interesting example of innovative technology that aims
to deliver convenience for consumers. However, it will introduce a new dimension of challenges
for security professionals making mobile devices much more interesting as a target to steal
money. There is a push to build NFC technology into mobile devices, enabling users to make
payments or pass on personal information with a simple swipe of a mobile device over a reader.
This will further transform the smartphone into the single device from which most aspects of your
life are driven making it even more attractive to cybercriminals.
                

Third Party Applications
                    

Mobile devices are also starting to define their architectures based on modern working practices -
BlackBerry (for example), has introduced a feature which provides two isolated working
environments on the same device (sandboxing), allowing you to separate work and play data.
Even those with a strong security reputation like BlackBerry have been victims (of exploitation
and breaches) too. While malware attacks for mobile devices are undoubtedly different, they are
still entirely possible.
                  

There are those that believe that the open source nature of Linux (for example) provides a primary
vehicle for making security vulnerabilities easier to identify and fix. The main advantage here is
that the community can review the source code and make the code more secure, which in turn
facilitates potential security best practices. Users and time will decide whether this is actually
the case. The advent of social websites such as Facebook, MySpace and Twitter have led to a
surge in third party application development for desktops, laptops, tablets and smartphones.
                 

Facebook & Third Party
                       

Facebook, the fastest growing of these social websites allows publishers to develop third party
applications to improve the Facebook experience. Closer inspection of most third party
applications reveal to the users that they all require your 'login and password' details. It appears
that most Facebook users don't believe this is a risk to their identity. Maybe it isn't, but how do
you manage the risk of your 'login and password' details falling into the hands of a cybercriminal?
The major risk is if you are paying for third party software, the software might steal your financial
login data as well as installing malicious software on your smartphone. The final infiltration will
occur (as the last security flaw) when the mobile user connects to their PC via either Bluetooth
or USB, and you receive a cross platform infection from the third party software to your PC.
There are no instances I know of where this has happened yet, but in time this attack vector will
surely appear.

                         
In Conclusion
                         

It is the development of open source software that may well lead to these security issues and
many others to be discovered. New functionality breeds fresh opportunities for the bad guys.
New features like augmented reality, facial recognition and integrated social media could leave
users open to new kinds of abuse. Augmented reality, for example, connects location
information with a user's social media "friends", enabling them to identify digital contacts nearby.
We will find out in the coming years whether open source software development has opened up a
security hornets nest. Users meanwhile, need to embrace the Security Suites offered by
companies like Bullguard, Kaspersky Mobile 9, ESET, Panda, AVG, Trend Micro, Webroot, F-
Secure, Norton, etc. to lock down their systems.