Hasta La Gadget!

Mozilla has sent out a cease-and-desist letter to Gamma International, who has been disguising commercial malware as Mozilla’s Firefox web browser. Gamma’s software uses Mozilla’s trademarks and brand to mislead consumers into thinking its product is affiliated with the company. In the properties of the fake Firefox browser, all of the information, including version number, copyright, trademark claims, and more are exactly the same as the genuine Firefox browser.

Mozilla was alerted to Gamma’s illegal activities by a group known as the Citizen Lab. The group discovered that the spyware posing as Mozilla Firefox is called either FinSpy or FinFisher, and it was sold to various governments for usage in criminal investigations. FinSpy has command-and-control servers in 36 countries, including the United States, Canada, Japan, and the UK.

Gamma’s fake Firefox was used in a variety of harmful and deceitful ways. The Citizen Lab provided 3 examples of how it was used, including a spyware attack in Bahrain against pro-democracy activists, tricking the people of Malaysia by posing as a document that discusses Malaysia’s upcoming General Elections, and being demonstrated in promotional videos and brochures by Gamma itself.

Luckily for Firefox users, Mozilla assures everyone that the spyware does not infect the real Firefox. Unluckily for Mozilla, this isn’t the first time its product has been misued for the purpose of evil. Back in 2010, there were nearly 200 sites deceitfully using Mozilla’s brands for illegal activities, including distributing malware or requiring users to pay for the sites’ service. Mozilla developer Asa Dotzler’s statement back then still echoes on today, “If you’re being asked to pay for Firefox, it’s a scam.” Also, always make sure that you download Firefox straight from Mozilla, and not some sketchy site.

[via Mozilla]

Fake Firefox spreads spyware as makers Mozilla retort is written by Brian Sin & originally posted on SlashGear.
© 2005 – 2012, SlashGear. All right reserved.

Everyone knows there’s malware on Android, but for the most part it just hides out in the seedier back alleys of the OS. You’re only likely to run into it if you start side-loading pirated apps, or frequenting sketchy unofficial app stores. But a newly uncovered family of malware—fittingly called “BadNews”—was just chillin’ in Google Play, and has been downloaded somewhere between two and nine million times. In other words, a whole lot. More »

According to a security report from NQ Mobile Security, mobile malware is on the high rise. In 2012, malware infections grew by 163% year-over-year. There were 65,227 newly discovered mobile malware floating around, compared to the 24,794 that were discovered back in 2011. The malware is beginning to spread to various markets, including China, India, Russia, the United States, and Saudi Arabia.

NQ says that 94.8% of the newly discovered malware were design to infect Android devices. Over 32.8 million Android devices were infected in 2012, over 3x the 10.8 million Android handsets infected back in 2011. The most infected countries are China, with 25.5% of its Android devices being infected, followed by India with 19.4% infected mobile devices, and Russia with 17.9% infected mobile devices. United States and Saudi Arabia are also highly affected, both with 10% of their mobile devices being infected by malware.

There are 4 new pieces of Malware that NQ says is infecting mobile devices. There’s the VDloader, which runs as a client inside Android devices. It then connects to a remote server. It disguises itself as a regular app, and only activates when requested. FireLeaker is disguised as a widget, but remains invisible on your device. It collects specific device info from the victim, including their mobile number, IMEI number, system number, contact data, and more, and it uploads it all to a remote server.

DDSpy is an invisible malware that disguises itself as Gmail, but is invisible in the apps list. It communicates through SMS, and it features a GPS hook, which activates malware based on specific GPS or cell site location. Lastly, we have DyPusher, which uploads specific device information like FireLeaker, but also downloads apps and files to the device without the user’s permission.

NQ says that there are many factors to why these infections are massively spreading. One has to do with the fragmentation in Android, with 39% of users still running Android 2.3 Gingerbread. Second, there is app sideloading, where users install apps via other methods instead of Google Play. Then, to piggyback off of app sideloading, there are 58% young Android users who download around 41+ apps for their devices, many of which who use App Sideloading to do so.

Lastly, many Android users lack security features on their devices, such as passcodes or antivirus software. Yesterday, Lookout demonstrated just how easy it is to hack into someone’s phone. So the lesson for today is, download anti-virus software for your Android device, and don’t install suspicious apps from 3rd parties.

[via NQ]

NQ: Malware on mobile devices grew 163% last year is written by Brian Sin & originally posted on SlashGear.
© 2005 – 2012, SlashGear. All right reserved.

Microsoft, one of the major names worldwide where software is concerned, has stumbled upon a rather interesting discovery. First of all, a little context to help us get started off on the right footing. Microsoft does have their own anti-virus solution on the computer, where some have deemed to be added on as an afterthought since it is perceived to be nowhere near the capability of other third-party programs, but this does not mean the bunch of Microsoft researchers are no good. On the contrary, a recent post on the Microsoft Malware Protection Center blog has showed that Microsoft has discovered a totally new Trojan malware threat which has been called “TrojanDownloader:Win32/Nemim.gen!A”.

This particular new threat is said to be able to delete its own files right after it has been installed on a computer, in an effort to prevent the files from being isolated and analyzed, and hence, would also mean being a whole lot harder to identify and remove. It is highly recommended that those who were infected by TrojanDownloader:Win32/Nemim.gen!A change all account passwords after the system has been cleaned up.

By Ubergizmo. Related articles: Titan Supercomputer Has World’s Fastest Storage System, Google Autocomplete Results Censored By Tokyo Court,

AV Test, an antivirus testing company from Germany, reports that Bing is five times more likely to show malware infected websites in search results than Google. The company evaluated searches over a number of search engines, Google and Bing included, for more than a year and a half. Google vs Bing evaluated almost 40 million websites, of which the latter showed five times as many websites containing malware. Google search brought up 272 malware infected websites out of the 10.9 million searches, whereas Bing displayed 1,285 infected websites after the same amount of searches.

These infected websites have malware that exploit existing security vulnerabilities, if a user has updated browsers and add-ons, the risk is significantly decreased. The malware exploits vulnerabilities in old add-ons, outdated PDF readers and old web browsers. This goes to show how important it is to keep everything up to date, be it browsers or add-ons. Even the smallest of updates can bring patches for any such vulnerability that can be easily exploited. It is a never ending battle against online malware, so its always better to strengthen up your defenses.

By Ubergizmo. Related articles: Greenland Kicks The Pirate Bay Out After Just Two Days, Fix For Recent WordPress Brute Force Attack Is Easier Than You Think,