Security News

Europeans who have recently purchased a specific sort of smartphone from Vodafone might want to keep it far away from their computers (or run some virus scans if it’s too late for that). Today, a researcher announced that he’s found the Mariposa botnet client preloaded on a second HTC Magic device.

More Evidence Discovered Of Vodafone-Mariposa Problem

The first incident occurred on March 8th when Pedro Bustamante, a senior research advisor at Panda Research, discovered evidence of malware on a colleague’s new cell phone. Vodafone acknowledged the problem, but characterized it as an isolated incident.

Now, that doesn’t appear to be the case. Bustamante stated today that someone working at another security company, S21Sec, also found Mariposa on his phone, and then passed along a microSD card as proof.

Bustamante wrote, “The Mariposa botnet client itself is exactly the same as reported last week, with the same nickname and same Command & Control servers.” What’s more, “there was also more malware in the SD card in addition to Mariposa. I also found a Win32/AutoRun worm . . .”

This isn’t going to do wonders for Vodafone’s reputation. At the same time, it’s hard not to imagine that plenty of people will never hear of the problem and remain at risk.

With the growing cost of cybercrime in America and around the globe, U.S. Senators Kirsten Gillibrand (D-NY) and Orrin Hatch (R-UT) introduced today the “International Cybercrime Reporting and Cooperation Act,” new bipartisan legislation that would improve America’s leadership and cooperation with other countries to fight cybercrime worldwide.

Senators Introduce Cybercrime Bill

“Cybercrime must be a top priority for our national security,” Senator Gillibrand said. “If we’re going to protect our networks, our infrastructure, our economy and our families, we have to go after cyber criminals wherever they may be – and it must be an international effort.

“Our new legislation will require the president to provide a global assessment, identify threats from abroad, work with other countries to crack down on their own cyber criminals, and urge the President to cut off U.S. assistance and resources for countries that refuse to take responsibility for cybersecurity. Our legislation will make America safer by getting tough on cybercrime globally, and coordinating with our partners in the international community.”

For more than ten years, reports have detailed the increasing vulnerability of the U.S. to cyberattacks. A growing number of international criminal organizations are targeting U. S. citizens, commerce, and information infrastructure, including the Internet, telecommunications networks, financial systems, embedded processors and controllers in industries to steal, exploit, disrupt or destroy information.

A conservative estimate from the Government Accountability Office (GAO) found that in 2005, U.S. businesses lost $67.2 billion as a result of cyberattacks. Since then, attacks have dramatically increased. Earlier this year, hackers in China launched a large, sophisticated attack on Google and other American businesses. The global economy overall lost over $1 trillion in 2008 as a result of cyber attacks, according to studies by McAfee, Inc.

A number of American companies are supporting the Senators’ legislation including Cisco, HP, Microsoft, Symantec, PayPal, eBay, McAfee, American Express, Mastercard and Visa, as well as Facebook.

“Microsoft strongly supports the International Cybercrime Reporting and Cooperation Act and applauds Senators Gillibrand and Hatch for their leadership in this area,” said Fred Humphries, Managing Director of US Government Affairs, Microsoft Corp.

“This legislation is a great step forward toward accessing the technology capabilities and judicial remedies of foreign countries to combat cybercrime and provide a safer, more trusted and secure Internet.”

Cybercrime affects one in five online shoppers and cost Americans $560 million in 2009 due to online fraud, according to a new report from Symantec.

Seattle Tops List Of Riskiest Online Cities

Symantec teamed up with independent research firm Sperling’s BestPlaces to find and expose the top 10 cities in the U.S. most vulnerable to cybercrime.

At the top of the rankings, Seattle was found to be the riskiest cybercrime city, placing near the top in categories such as cyberattacks and potential infections; online behavior that can expose more people to cybercrime, such as online shopping and banking online.

Boston and Washington, D.C. follow second and third place. Symantec says both cities experience high levels of cybercrime, possibly due to their large number of Wi-Fi hotspots.

San Francisco and Raleigh are ranked fourth and fifth. San Francisco tops the list for riskiest online behavior and highest number of Wi-Fi hotspots per capita.

Rounding out the top 10 are Atlanta, Minneapolis, Denver, Austin and Portland. According to the Norton research, Atlanta residents experience the most cyberattacks and potential infections. Minneapolis and Portland are near the top for risky online behavior, while Denver and Austin score high across the board.

“With more people than ever relying on the Internet to stay in touch, shop and pay their bills, feeling confident and secure in our information-driven world is vital,” said Marian Merritt, Norton Internet Safety Advocate.

“This study highlights the cities most at risk of cybercrime and reminds individuals, families and businesses across the country of the hazards they face each time they go online. We’re here to educate consumers about how to protect themselves and ideally never fall victim to cybercrime.”

Among the 50 U.S. cities examined, Detroit came in as the least risky online city. El Paso, Texas, and Memphis, Tenn came in second and third repecvively.

“Despite people’s familiarity with technology and the Internet, this study shows that everyone is exposed to a certain level of risk when they are online,” said Bert Sperling, founder and researcher of Sperling’s Best Places.

“No matter where you live – be it Seattle or Detroit – it’s important to be vigilant in everyday online behavior in order to protect yourself against cybercrime of all types.”

Marketers have determined in study after study that social networks are powerful things; a recommendation from a friend can be worth incalculably more than a bunch of random emails or even proper commercials. Facebook users should watch out, then, as a security firm’s determined that fake antivirus software is on the loose.

Fake Antivirus Software Spreads On Facebook

Earlier today, F-Secure came across something labeled “Facebook AV.” An official blog post explained, “Once installed on one Friend’s account, this application tags 20 Friend[s] into a picture . . .” The application also appears to cause the first person to post a link and a phrase like “try this” beneath the picture.

Then when the person’s friends investigate why they’ve been tagged and click on the link, they’re asked to install the app, and the cycle begins again.

Fortunately, not much else seems to happen as a result; there have been no reports of credit card info getting stolen or computer screens going black. It’s just the “social” nature of this problem that’s annoying, and the possibility that victims will lose an online friend or two if they’re perceived to be spammers or simply clueless.

Facebook’s addressing the issue, at least. The F-Secure blog post stated, “Facebook is already in the process removing and preventing such rogue apps.”

Symantec has released its March 2010 MessageLabs Intelligence Report detailing the origins of targeted malicious attacks.

China Leads In Targeted Malware Attacks

Analysis of the origins of the targeted attacks revealed the majority of malware sent this month, originated in the United States (36.6%) based on mail server location, but when analyzed by sender location, more targeted attacks actually originated in China (28.2%), Romania (21.1%) and United States (13.8%).

“When considering the true location of the sender rather than the location of the email server, fewer attacks are actually sent from North America than it would at first seem,” said Paul Wood, MessageLabs Intelligence Senior Analyst.

“A large proportion of targeted attacks are sent from legitimate webmail accounts which are located in the US and therefore, the IP address of the sending mail server is not a useful indicator of the true origin of the attack. Analysis of the sender’s IP address, rather than the IP address of the email server reveals the true source of these targeted attacks.”

Analysis of web security activity found 14.9 percent of all online malware intercepted was new in March, an increase of 1.6 percentage points since February. MessageLabs Intelligence also identified an average of 1,919 new websites per day hosting malware and other potentially unwanted programs such as spyware and adware, a decrease of 61.6 percent since February.

Other report highlights:

Spam: In March 2010, the global ratio of spam in email traffic from new and previously unknown bad sources was 90.7 percent (1 in 1.10 emails), an increase of 1.5 percentage points since February.

Viruses: The global ratio of email-borne viruses in email traffic from new and previously unknown bad sources was one in 358.3 emails (0.28 percent) in March, an decrease of 0.05 percentage points since February. In March, 16.8 percent of email-borne malware contained links to malicious websites, a decrease of 13.7 percentage points since February.

Phishing: In March, phishing activity was 1 in 513.7 emails (0.19 percent), a decrease of 0.02 percentage points since February. When judged as a proportion of all email-borne threats such as viruses and Trojans, the proportion of phishing emails had increased by 8.4 percentage points to 64.6 percent of all email-borne threats.

Unfortunately for the rest of the world, PandaLabs has determined that malware makers are still hard at work. And unfortunately for everybody’s finances, malware makers aren’t content to churn out little “gotcha” tricks, instead focusing more than anything on banker Trojans.

Majority Of New Malware: Banker Trojans

Here are all of the unpleasant details in one bite: PandaLabs declared in a statement, “[T]he amount of new malware in circulation has continued to increase at a record pace. In this first quarter, the most prevalent category was once again banker Trojans, accounting for 61 percent of all new malware.”

Sean-Paul Correll, a threat researcher at PandaLabs, then followed up these observations by saying, “The growing prevalence of banker Trojans signals to us that online accounts for both consumers and businesses continue to be increasingly attractive financial targets for cybercriminals.”

Correll also remarked, “In addition, the widespread availability of DIY kits online has spurred new, less technical individuals into the cybercrime business as evidenced by the Mariposa case.”

So it looks like we’re in for a rough year if some way isn’t found to put a halt to the proliferation of this stuff.

Of course, it’s possible to hope that the dismantling of Mariposa might be the start of a trend, but even the arrest of Mariposa’s authors could prove to be a problem, considering that they may avoid serving jail time. Other cybercriminals will then have less of an incentive to switch career paths.

PandaLabs recommended that people try to stay safe by being especially cautious when searching for popular topics like the iPad and Facebook applications. Be careful on social networks, too, since malware authors are increasingly using those to distribute their creations.

It’s not hard to imagine that, sooner or later, computer experts outside China might choose to reinforce the Great Firewall (in an attempt to keep Chinese hackers contained) rather than fight it and support free speech. And it’s not hard to imagine that they’d do so in the near future, considering that Chinese hackers have been accused of going after key individuals yet again.

Chinese Hackers Thought To Be Back In Yahoo Email Attack

Andrew Jacobs, who’s based in Beijing, wrote, “In what appears to be a coordinated assault, the e-mail accounts of more than a dozen rights activists, academics and journalists who cover China have been compromised by unknown intruders.”

The accounts – which were provided by Yahoo, not Google, this time around – were in some cases just made inaccessible. But Jacobs added, “In the case of this reporter, hackers altered e-mail settings so that all correspondence was surreptitiously forwarded to another e-mail address.”

That’s potentially a very aggressive move, considering that many of these reporters and activists could have been in touch with (and protecting the identities of) Chinese dissidents. Prison sentences or even executions might occur if the Chinese government learned the dissidents’ names.

Yahoo did tell the affected email accounts’ owners of the problem, though, and the situation seems to have been remedied.

Joe Stewart, director of research at SecureWorks Inc. says investigators are getting better at tracking down botnets, but legal issues persist.

Is MI5 playing a joke on us? Female homicide bombers are being fitted with exploding breast implants which are almost impossible to detect, British spies have reportedly discovered. [...] MI5 has also discovered that extremists are inserting the explosives into the buttocks of some male bombers. “Women suicide bombers recruited by Al Qaeda are known to have had the explosives…

Cybersecurity responsibility must extend beyond the walls of IT and into the finance department – or companies risk continued losses, according to a new report.