Hasta La Gadget!

How much warning is too much warning? At what point does an excess of caution evolve into fear, uncertainty and doubt? That the DNSChanger malware failed to down internet connections across the globe on Monday, despite increasingly shrill warnings that the FBI was preparing to pull the plug on the temporary servers keeping them afloat, is undoubtedly A Good Thing. However, it highlights one of the persistent issues facing computing: the challenges in balancing caution and panic.

DNSChanger was undoubtedly a high-risk issue, certainly before the FBI weighed in. The trojan changed user DNS settings so as to rely on compromised servers, serving up pages with malware, sites that secretly collected user-data, and adverts for fake products. The FBI seized the network and a temporary – and safe – DNS replacement system was set up for those unknowingly relying on the dangerous one.

All good things must come to an end, though, and on July 9 the FBI’s mandate to run the replacement servers ran out. With hundreds of thousands of computers still relying on the makeshift DNS provisions to bridge browsers and sites, that meant warning those users that they’d need to take an active role in their system security if they wanted to stay online.

“We lack a single point of communication – instead we have a hosepipe of hysteria”

Problem is, the sort of users who were inadvertently infected and didn’t realize might not be the sort who would also go hunting for the latest news in malware. What we lack is a single point of communication to highlight security problems; instead, we have a pretty much all-or-nothing hosepipe of rising hysteria.

Microsoft has attempted something like that single point, with its Security Center in Windows. Apple, late to the game when it comes to malware and virus threats, hasn’t a centralized security hub in OS X, though the company has been doing more to prevent insidious apps working their way into the platform.

Windows Security Center is too easily overlooked. Third-party security firms individually push alerts to their blogs – and to their (generally paid) software packages – but there’s no all-inclusive feed that distills all of that to the user’s desktop in an easily understood way.

It’s a problem with no easy solution. In the aftermath of the DNSChanger anticlimax, there’s likely to be no shortage of accusations that the malware was “over-hyped” and its potential impact “overstated” so as to drive pageviews. Still, while we’ve gotten off easy now – a somewhat breathless and clogged news-cycle notwithstanding – there’s the distinct possibility that the next big security crisis could be made exponentially worse when contingency gives way to uncontrollable FUD and users’ eyes glaze over.

DNSChanger Danger: Damned if you do, Damned if you don’t is written by Chris Davies & originally posted on SlashGear.
© 2005 – 2012, SlashGear. All right reserved.

Thousands of internet users are waking up to no web connection this morning, with the temporary servers handling those infected by DNSChanger being shut down. ISPs and the FBI had warned surfers that, had their DNS settings been changed by the malware, they would lose access to the workaround fix that had been in operation for the past few months. Estimates of how many people will be impacted today are unclear, with the numbers of those relying on the most active servers last month exceeding 100,000.

In fact, according to the DNSChanger Working Group, the team established to handle the fall-out of the malware, back on June 13 there were 135,331 unique IPs accessing the top 25 replacement servers. Since then there has been a sizable outreach campaign as ISPs and others attempt to warn those users affected. In late May, around 330,000 systems were believed to be infected.

DNSChanger was a trojan that changed DNS settings – the links to servers which point browsers in the right direction for the sites you request – to alternative, compromised ones. Control of those sites allowed the malware operators to collect user data, show adverts for fake products and otherwise manipulate the internet experience.

Thankfully, the method of cleaning up a DNSChanger infection has improved since the early days, when a complete reinstallation of the OS – whether Windows or OS X – was required. Now, there’s a simple set of tools which do it without all of that headache, though it’s still advisable to run a full backup of personal files beforehand, just in case.

If you’re reading this (and you’ve not been forced to turn to a smartphone or tablet with your regular computer refusing to load sites) then you’re okay, but stand-by for parents and friends who may have complaints.

Internet goes offline for thousands as DNSChanger cleanup peaks is written by Chris Davies & originally posted on SlashGear.
© 2005 – 2012, SlashGear. All right reserved.

Tonight at 12:01 AM EDT Monday July 9th, the Internet is going to become inaccessible for nearly half a million people around the world because of malware called DNS Changer. If your computer is infected with DNS Changer, it won’t be able to get on the Internet anymore. Here’s how to get rid of it and make sure the Internet still works for you. More »

Android may have been wrongly maligned for its role in a malware botnet, security researchers have admitted, with findings that devices running Google’s software could be responsible for spam potentially fooled by a fake email signature. Despite claims from Sophos and Microsoft earlier this week that email header information pinned down Android devices as the guilty carriers, each has since backtracked having conceded that Android’s involvement is in no way certain.

“It’s entirely possible that bot on a compromised PC connected to Yahoo Mail, inserted the the message-ID thus overriding Yahoo’s own Message-IDs and added the “Yahoo Mail for Android” tagline at the bottom of the message all in an elaborate deception to make it look like the spam was coming from Android devices” Microsoft  engineer Terry Zink wrote in a follow-up to his earlier comments on the botnet. However, the security researcher still isn’t willing to let Android off the hook.

“On the other hand, the other possibility is that Android malware has become much more prevalent and because of its ubiquity, there is sufficient motivation for spammers to abuse the platform. The reason these messages appear to come from Android devices is because they did come from Android devices” Zink theorized. “Before writing my previous post, I considered both options but selected the latter.”

As for Sophos, senior security adviser Chester Wisniewski has confirmed he is rechecking the company’s own findings to see if a fake signature could be responsible for mistaken identity. “We don’t know for sure that it’s coming from Android devices” Wisniewski said on Thursday, though went on to maintain that in his belief it is a botnet running on Android phones rather than something else.

“We either have a new PC botnet that is exploiting Yahoo!’s Android APIs or we have mobile phones with some sort of malware that uses the Yahoo! APIs for sending spam messages” the researcher wrote. “One of the interesting data points supporting the argument that this is new Android malware is the unusually large number of the originating IPs on cellular networks.”

Google, meanwhile, continues to protest Android’s innocence. “The evidence we’ve examined does not support the Android botnet claim” a company spokesperson said. “Our analysis so far suggests that spammers are using infected computers and a fake mobile signature to try to bypass anti-spam mechanisms in the email platform they’re using. We’re continuing to investigate the details.”

[via WSJ]

Malware Botnet may have framed Android is written by Chris Davies & originally posted on SlashGear.
© 2005 – 2012, SlashGear. All right reserved.

After being reported for pushing out corrupted updates, it looks like the Apple App Store is in the news again. According to reports online, “Find and Call”, the first ever spam-sending app managed to make its way onto the Apple App store. The app reportedly uploads all of a user’s contacts to a remote server and then sends a text message and email to every contact in his/her phonebook. Ouch.

The app also made it into the Google Play Store – no surprise there, since Google doesn’t screen what goes on it but this is the first time that a malicious app has managed to slip through Apple’s strict screening policies. As of now, the app is nowhere to be found on the Apple App Store and Google Play Store. While it may be the first app to successfully use user data in a malicious manner on the App Store, it’s probably not going to be the last app to do so. Hopefully Apple beefs up its app moderation to prevent such mishaps from happening in the future.

By Ubergizmo. Related articles: Apple changes return App Store return policy in Taiwan, Android botnet discovered,