Hasta La Gadget!

This week the Moscow-based antivirus company Kaspersky Lab has revealed details of a five year long campaign that apparently targeted diplomatic, governmental and scientific-research organizations across the former Soviet Union. This attack used software known as Operation Red October, aka Rocra, a piece of malware designed to locate and make copies of both encrypted and non-encrypted documents in a target’s computer. This attack appears to have been spread across hundreds of victims since 2007 with an intent on gathering classified information as well as geopolitical intelligence.

Kaspersy chief malware expert Vitaly Kamluk spoke on the situation this week, noting that “there are about 300 computers infected that we know about.” These computers include those owned by embassies, government research centers, and aerospace facilities throughout former Soviet states as well as Belgium and India. Most of the attacks appear to have been directed at former Soviet states while Belgium and India each suffered a total of 15 infections, while the United States and Iran were confirmed to have suffered six and seven attacks, respectively.

The team at Kaspersy noted that though they’d found a set of 60 “command and control” servers throughout Germany and Russia that were responsible for these attacks, they each appeared to have been controlled by a sort of “mother ship” server which they’ve not yet located. Each of the attacks thus far appear to have been attached to Microsoft Word or Excel documents and delivered via email. When the document was downloaded and opened, a connection was made between the computer and one of the many command and control servers which then delivered the files necessary to collect secure data.

This Rocra malware was also spread with USB drives as well as through smartphones, not just through desktop machines. Mentions of Russian words throughout the discovered malware systems have been suggested to either point towards the software as being Russian in origin or placed deliberately to make the software appear to have come from Russia when in fact it was made by a different group entirely.

We’ll see more information on this relatively widespread attack in coming weeks, without a doubt. Stay tuned to SlashGear’s hacking tag to see all the action as it comes down.

[via Wall Street Journal]

Operation Red October cyberattack detailed by Kaspersky Lab is written by Chris Burns & originally posted on SlashGear.
© 2005 – 2012, SlashGear. All right reserved.

Malware in the Google Play store is nothing new, and Google does their best to sift out most of the crap that makes its way in, but sometimes some of it sneaks through. A Google Play developer account by the name of “apkdeveloper” has released a ton of fake apps and games that are essentially rip-offs of other popular apps.

Some of the more popular titles that the developer rips off are Imangi’s Temple Run game and Glu Mobile’s Contract Killer Zombies. It appears the faux developer has put “Super” at the end of each app name, which should throw a red flag up right away as far as if it’s a legitimate app or not. Plus, all of the icons for all the apps are the same, rather than unique icons for each individual app or game.

Since many people won’t even dare to install these fake and malware-infested applications, we’re not quite sure what the malicious code might be capable of exactly, but several reports suggest that it delivers unwanted ads to several parts of your device. While doesn’t seem like a huge deal, it’s still annoying, and you never know what could be going on behind the scenes.

As always, be careful when downloading apps and make sure you’re not downloading a fake app that’s filled with malware. Usually, though, it’s all about common sense — check the name of the developer, check the reviews, check the descriptions and make sure you’re always downloading from legitimate sources. And if you come across a fake app, report it to Google.

Developer releases dozens of fake apps in Google Play store, user beware is written by Craig Lloyd & originally posted on SlashGear.
© 2005 – 2012, SlashGear. All right reserved.

Android 4.2 Jelly Bean features a new security tool that quickly scans downloaded apps for malicious code. It’s essentially Google‘s way of addressing the long-time threat of malware on the company’s mobile platform. However, a computer scientist at North Carolina State University found that only about 15% of malicious apps were caught by the built-in scanner.

During his testing, Xuxian Jiang loaded 1,260 instances of Android malware onto the recently-released Nexus 10, and examined which of the 1,260 instances triggered a warning to users. Surprisingly, only 193 of them correctly triggered such a warning, resulting in a measly 15.32% detection rate.

Jiang also discovered that the performance of Google’s own offering lagged behind the performance of numerous third-party antivirus apps such as Avast, Symantec, and Kaspersky. Overall, the detection rates of the third-party antivirus apps were between 51% to 100%, compared with 15% for Google’s offering, which comes built-in with the Google Play app.

However, Jiang points out that VirusTotal, which was recently acquired by Google, had superior detection capabilities, so hopefully Google will integrate VirusTotal’s technology into the core Android OS to act as the malware scanner for downloaded apps that come through. The built-in scanner could quickly improve if Google makes this happens.

[via Ars Technica]

Android malware scanner only detects 15% of malicious code is written by Craig Lloyd & originally posted on SlashGear.
© 2005 – 2012, SlashGear. All right reserved.

Sideloading apps on Android implies a whole set of security holes, but the new malware scanner included in Android 4.2 could provide a much-needed plug. Talking to Computerworld, Android VP of Engineering Hiroshi Lockheimer revealed that Google’s been analyzing APKs that crop up online, regardless of whether they’re official market apps or not, in order to maintain a growing database of good and bad code. The scanner — shown above — then works in a similar way to the Bouncer on the front gate, comparing all the apps on your phone to that database. The new sentry helps Google build upon other Android 4.2 security features such as an improved app permission screen and a block against apps sending premium SMS messages in the background. On the other hand, some might say that collecting samples of existing malware will never be as powerful as truly understanding its DNA.

Filed under: Cellphones, Tablets, Software, Mobile, Google

Google explains how its Android 4.2 malware scanner guards the side door originally appeared on Engadget on Fri, 02 Nov 2012 11:36:00 EDT. Please see our terms for use of feeds.

Permalink Android Police  |  Computerworld Blogs  | Email this | Comments

The nation of Georgia discovered a botnet trying to steal sensitive government documents, and what did they do? They gave the cyber-spy a taste of his own medicine, infecting his computer with the very same software he was targeting governments with. His infected computer eventually captured a photo of the alleged cyberterrorist, as well as his IP address. Georgia’s Computer Emergency Response Team says the hacker is behind the “Georbot Botnet” which targeted major governments around the world, including Georgia, the US, and France. The botnet was pretty sophisticated, using 0-day vulnerabilities, embedding itself in links on major Georgian news sites, and turning on microphones and webcams to glean important government data from infected computers. According to CERT, they’ve hack is linked to “Russian Security,” but all we know about him is the photo they gave us.

If you’re interested, read the entire report from CERT here.

By Ubergizmo. Related articles: Google disputes claims of Android botnet , German Police monitor Gmail, Skype, and Facebook via snooping malware,