On March 6, the widely recognized institute AV-TEST published a long awaited review of Malware Protection for Android–with really disappointing results for us And the report was widely quoted in the media.

An analysis on our side quickly showed that an outdated version of McAfee Mobile Security had been tested. Yesterday AV-TEST announced that they had run a retest and they released an update of the results. This time, the current version of McAfee Mobile Security (2.0.1.366) and the new results reflect where we (and you) expect us to be: At the top.

In the test the top 10 products are rated with a >90 percent detection rate. A more detailed report of malware family detection shows we were one of just three products with flawless detection through all malware families. You can read all about the test and download the full report at AV-TEST.org.

We are happy that the confusion could be cleared up. If you ever needed a compelling reason to update to the latest version, then this test is one.

Visit link:
Android Malware Retest Puts McAfee Mobile Security at Top of Class

It’s easy for mobile device users to be blinded by the huge number of options to protect their Android platform security – but new tests show that Kaspersky Lab’s solution is leading the way

The rest is here:
Kaspersky Mobile Security Named ‘One of the Best’ in Highly Competitive Independent Testing

[March 1: See update at end]

Google Code is a well-known platform that provides a collaborative environment for developers working on open source projects. It’s also a target for malware developers. Contrary to what you may think, this is not the first time that Google Code has been used to spread or store malware. (You can find examples in the discovery of uploaded images that led to fake codecs in 2009 and in Windows Trojans/backdoors/password-stealing keyloggers found in 2010.) Further, we have recently found an Android malware that uses Google Code as a distribution platform for both potentially unwanted programs (pay-per-install campaigns or adware) and malicious applications (downloaders).

The first variant of the current malware in Google Code was found in a third-party Android market repacked in a Chinese version of a legitimate memory-optimization application. Every time the application executes or the boot process finishes (device rebooted or turned on), the payload starts as a service running in the background. The service checks a remote server (with the URL encoded in a file inside the “assets” folder) for applications to download that store information in a database created inside the device. (Click the image to enlarge it.)

The data obtained from the web server includes the name of the package, the name of the apk file, and the path used to download the application–which points to a Google Code project:

The database records whether a specific application was downloaded, installed, or opened. Once the data is stored, an execution thread downloads, without user’s consent, the first application in the database. This app is stored under the folder download in the SD card:

As soon as the download finishes, the malicious application tries to install the application by displaying a notification that tricks the user into believing it is a system update. (Translation from Chinese: 系统更新 = “System update” and 您好, 已经获取… = “Hello, the latest patch has been downloaded, please click here to install”):

When the user taps that notification, the downloaded application starts to install using the normal Android procedure. Suspicious applications stored in several Google Code projects have been analyzed; some of them have been classified as PUPs because they have unwanted behavior such as sending private data (IMEI, phone number) to remote servers. Researchers have found a new variant of the malware that, instead of being packed in a legitimate application, is pure malicious code which does not show any icon in the main menu. However, it can be seen installed in the Downloaded section of Manage Applications using a deceptive honeycomb icon and the title Android 3.0 Patch:

Although none of the analyzed samples contains root exploits, this variant has code to check if the device is already rooted. If so, it will proceed with a silent install of the downloaded application with the command “pm install –r.” Another difference with the variant in the Google Code project is that the malicious behavior starts only if the screen of the device is turned off, probably to make the system update appear normal.

Despite the fact that most of the applications available in Google Code projects are neither malicious nor PUPs, the links stored in the remote server, along with the text of the notification, can change at any time. Thus virtually any application can be installed on the device without the user’s consent. McAfee Mobile Security detects all these variants as Android/FakeUpdates.

Update: The affected projects have been removed by Google.

Read the original:
Google Code Projects Host Android Malware

I recently signed up for Pinterest.com, a hip, trendy pin board style website that allows beefed up sharing of your interests with friends via a large visual bulletin board style forum where fans of a particular subject can post what they find compelling, and want to share. Then other friends can weigh in on the subject “pinned”, thereby creating a crowd-ranked list of what folks in that sector are talking about, with the more popular, relevant, and timely pins rising toward the top. The service is heavily integrated with other social media venues, specifically Facebook and Twitter. In fact, you’ll need your account information from one of them to sign up. This means much of the personalized information you may already have on Facebook, for example, might be used to form a composite of what you might also be interested in on Pinterest.

Is it popular? The numbers have been going crazy lately. Who knew? Other than some half-starved startup team somewhere who hit it big, the idea is sickly engaging and addictive, likely because the site is all about you and what others following your same interests find, well, interesting. I also thought Twitter was a hard sell, but now, well, the numbers speak for themselves on that crazy 140 character status update app that's also addictive and successful.

Here in this article we dive into Pinterest.com, show you what's involved in signing up, securing your profile and feeling your way around the world of Pinterest, with an eye toward your own privacy, security, and best practices.

One thing to note: If you're in a hurry and just click through the default options without an eye for security, privacy, and the possible spread of personal information (either semi-automatically or inadvertently aided by unwitting friends), you may end up with more than you bargained for. Allowing your information to be shared with nearly everyone by default might cause heartache down the road, so locking things down a bit seems like a good stance to take.

Let’s Get Started

If you haven't signed up already, it's tougher than it looks. First, you have to sign up for a waiting list to be invited, or better yet, get someone on the service already to invite you. This hearkens back to the early days of gmail, which was pretty successful as well, despite the curious process.

Once you’ve received your invite, continue the process like:

creating an account – facebook login prompt

I opted in this test to sign up using Facebook, so when you click the Facebook link, you are directed to the Facebook login on behalf of Pinterest.com, like:

facebook login for pinterest

Once you login, you are faced with the option to go back to Pinterest, or fine tune your Facebook interface settings. Notice the default selection is to share with friends.

default settings for friend sharing

Note the notification that says by default this app will share “other activity” on Facebook. That seems like a very broad term for information sharing. If you are more privacy/security conscious, it may be a good idea to restrict the visibility like:

update friend preferences

I changed it to look like this:

share to “only me”

When you are finished customizing your Facebook sharing settings, select the “Go to App” button and it will take you back to the Pinterest.com signup page to continue the process of creating an account there.

create pinterest account

Since there really isn’t a way to sign up without a Facebook or Twitter account as well, it would be difficult to totally isolate the information flow from those sources. Your best bet is to review your account settings in Facebook, and make sure you’re only sharing what you intend to share, as default permissions tend to be set more lenient than security/privacy fans might prefer.

Now you’ll have a chance to tell Pinterest.com what interests you might have:

define likes

This will continue to build a profile of what/who you might be interested in following.

You now have a chance to create your own Boards:

create your own boards

On the same screen it will highlight those who you may be already following. Next there is a screen where you can customize your tastes, again building the profile the service will target for specific interests:

create your first pinboard

Once you enter your interests, the next time you visit, you’ll see more subjects presented that relate to these preferences.

You now have an option to integrate Pinterest preferences with your browser, for another level of integration:

add to browser

Now let’s look at some of the settings you might choose to adjust. You have access the settings under the menu shown below:

user settings

On the settings page you will see options to control how Pinterest.com integrates with Facebook/Twitter:

link to facebook / twitter

Notice that they are set to integrate by default. For those who want more privacy/security, it may be wise to disable the buttons above, thereby segregating the services a bit more. Notice how tightly the sharing may be integrated, including a feature to tap into your Facebook Friends yet another way.

Summary:

While Pinterest grabs market share and your friends become familiar with the service, expect more fine-tuned controls to be available. Being aware of these settings may help you have a more secure profile and sharing stance while using the service. It also may prevent sharing more information than you planned on, both now and in the future.

What else to watch for:

As with many websites that soar to popularity, we are already seeing scams like fake apps bundled with borderline or outright malicious functionality that users could download for smartphones like Android. The folks at gottabemobile.com point out an app, purportedly for using Pinterest on Android, was not an app at all, but a platform for scams. Many users would simply click through the installation prompts, only to find out later they’ve gotten more than they bargained for.

As Pinterest.com continues to catch on, expect more scams that try to do things like tricking users into revealing credentials through fake notifications, spam texts to your mobile devices, efforts at phishing and other emerging scams. As Pinterest.com grows, we will revisit this in a security series about the platform, helping to keep users safe online.

Read this article:
Pinterest.com security – step by step howto

Today we released our Fourth Quarter 2011 Threat Report, revealing that malware surpassed the our estimate of 75 million unique malware samples last year. Although the release of new malware slowed a bit in Q4, mobile malware continued to increase and recorded its busiest year to date.

Malware

The overall growth of PC-based malware actually declined throughout Q4 2011, and is significantly lower than Q4 2010. The cumulative number of unique malware samples in the collection still exceeds the 75 million mark. In total, both 2011 and the fourth quarter were by far the busiest periods for mobile malware that McAfee has seen yet, with Android firmly fixed as the largest target for writers of mobile malware.

Contributing to the rise in malware were rootkits, or stealth malware. Though rootkits are some of the most sophisticated classifications of malware, designed to evade detection and “live” on a system for a prolonged period, they showed a slight decline in Q4. Fake AV dropped considerably from Q3, while AutoRun and password-stealing Trojan malware show modest declines. In a sharp contrast to Q2 2011, Mac OS malware has remained at very low levels the last two quarters.

Web Threats

In the third quarter McAfee Labs recorded an average of 6,500 new bad sites per day; this figure shot up to 9,300 sites in Q4. Approximately one in every 400 URLs were malicious on average, and at their highest levels, approximately one in every 200 URLs were malicious. This brings the total of active malicious URLs to more than 700,000.
The vast majority of new malicious sites are located in the United States, followed by the Netherlands, Canada, South Korea and Germany. Overall, North America housed the largest amount of servers hosting malicious content, at more than 73 percent, followed by Europe-Middle East at more than 17 percent and Asia Pacific at 7 percent.
Spam

At the end of 2011, global spam reached its lowest point in years, especially in areas such as the United Kingdom, Brazil, Argentina and South Korea. Despite the drop in global levels, McAfee Labs found that the present spearphishing and spam are highly sophisticated.

Overall botnet growth rebounded in November and December after falling since August, with Brazil, Columbia, India, Spain and the United States all seeing significant increases. Germany, Indonesia and Russia declined. Of the botnets, Cutwail continues to reign supreme, while Lethic has been on a steady decline since last quarter. Grum made a significant comeback after a long decline, surpassing Bobax and Lethic by the end of Q4.

Data Breaches

The number of reports of data breaches via hacking, malware, fraud and insiders more than doubled since 2009, according to privacyrights.org, with more than 40 breaches publicly reported this quarter alone. The leading network threat this quarter came via vulnerabilities in Microsoft Windows remote procedure calls. This was followed closely by SQL injection and cross-site scripting attacks. These remote attacks can be launched at selected targets around the globe.

Download McAfee’s Threats Report: Fourth Quarter 2011.

Read the original here:
McAfee Q4 Threats Report Shows Malware Surpassed 75 Million Samples in 2011

Hacktivism has become very popular in recent years; one of its leading agents is the online community Anonymous. Hacktivist groups use digital tools to perform denial of service (DoS) attacks for pursue political ends or to protest against controversial laws in countries around the world. One of the most common tools they use Low Orbit Ion Cannon (LOIC), an open-source computer program written in C# that can run different types of DoS attacks. LOIC can send a large amount of TCP/UDP packets to a specific URL/IP address in a short amount of time. The same tool has been ported to JavaScript to perform a DoS directly from a browser. The existence of Web LOIC, along with anonymous web hosting services such as pastehtml, has made it possible for any user on the Internet to participate in those attacks with just one click.

Recently the same attack has been easily ported to one of the most popular mobile platforms: Android. Anonymous social network accounts promote the new attack in Latin America as “LOIC para Android by Alfred”:

By “easily” ported I mean that it is not necessary to have any programming skills to create the Android application because it was generated with a free online service that creates Android apps with just a URL, HTML code, or a document (DOC or PDF). In this case, the attack was created with only the URL of a specific pastehtml website that has a JavasScript version of LOIC to perform a DoS attack against the Argentinian government. The attack is part of the operation #opargentina, run by an Anonymous cell in South America. Once the tool is downloaded and installed, the following icon appears in the applications menu:

When it is executed, a WebView component shows the contents of the URL, which is basically an HTML web page with a JavaScript that sends 1,000 HTTP requests with the message “We are LEGION!” as one of the parameters. (The web page does not fit in the Android screen, probably because the tool that creates the application does not adjust the size of the web page inside WebView.)

Creating Android applications that perform DoS attacks is now easy: It requires only the URL of an active web LOIC–and zero programming skills–thanks to automated online tools. Because the application’s purpose is simply to display any website on an Android system, we classify this hack tool a potentially unwanted program (PUP). If you have enabled PUP detection (our default setting), then McAfee Mobile Security for Android will detect this tool as Android/DIYDoS.

See more here:
Android DIY DoS App Boosts Hacktivism in South America

Potentially Unwanted Programs (PUPs) are often legitimate software that pose a risk to users’ privacy or systems. A reasonably secure–or privacy-minded–user may want to be informed of the presence of certain PUPs and in some cases remove them. One very common type of PUP is adware, which exists to make revenue through advertising. Some adware is merely annoying but others could ignore or violate a user’s privacy by collecting and transmitting sensitive information to others without the user’s consent. Adware is well-known in the PC world and is becoming more prevalent now on mobile platforms (due to the fact that more developers are able to distribute their own applications from a central source like the Android Market).

The recent PUP Toplank (a.k.a. Counterclank) is an example of how aggressive mobile advertising in the Android world can be. The basic installation behaviors may be bad enough for some users. For example, Toplank adds bookmarks and home-screen shortcuts and makes home-page modifications without adequately informing the user or gaining consent to do so. More disturbing is what it does after it is installed. Recently, during the analysis of suspicious live wallpaper available in the Android Market, I found an advertisement module similar to Toplank’s in the sense that, once the PUP executes, it adds a shortcut in the home screen without the user’s consent:

However, at the same time in the background the following sensitive information is sent to the remote server ad.leadboltapps.net:

In addition to the “normal” sensitive data (OS version, IMEI, geographical location, and phone number) collected by several mobile-advertisement SDKs, this PUP also collects and sends the IP address of the device (which could be internal if the device is connected via network address translation or external if it is using the mobile network). This information, along with the exact identification of the device with the IMEI, could represent a privacy violation to some users. In addition, the developer does not clearly state in the Android Market that the wallpaper is ad supported:

The developer offers an option in Settings to disable notification ads. However, even if the option is disabled, the data has already been leaked and the user can do nothing to stop it.

Adware for mobile devices is constantly evolving and becoming very aggressive, invasive, and even dangerous to our privacy. If you have enabled PUP detection (which is enabled by default), then McAfee Mobile Security for Android detects this adware as Android/LdBolt.A.

View original post here:
Adware on Mobile Devices an Evolving Privacy Threat

Since you asked for avast! Free Mobile Security (for Android) and we gave it to you, we wanted to celebrate its launch with our Community. Thus, from December 22, 2011 to January 22, 2012 we offered a contest where you could win 10 Samsung Galaxy Nexus phones and 300 free avast! Internet Security licenses.

Our contest question was…

We asked you to predict how many users of avast! Free Mobile Security there will be by February 10, 2012, 12:00 CET.

Responses showed us…

Roughly 50,000 contest participants showed us that we should actually do it more often. So even if you weren’t lucky this time, make sure you won’t miss our next one!

Results are finally in…

As February 10 is here, we can finally tell you that, as of today, we have 2 168 960 users of avast! Free Mobile Security.

Winners to be announced…

In the next 10 days, we will announce the 10 winners of Samsusng Galaxy Nexus phones. Our winner will find his or her name in this format on our Facebook banner: Martin F.. And we will contact the winner via email, to arrange prize delivery.

The next-closest 300 responses will receive (via email) free licenses of avast! Internet Security.

Keep watching…

If you participated in our contest and your prediction was close to our final number above, be sure to follow our Facebook page and check your email regularly!

Visit link:
Avast! Free Mobile Security Contest results.

We suggested earlier that instead of going after the Secure Element chip and the information it keeps safe, attackers would go after the weaker point of the Google Wallet app. Security researcher Joshua Rubin has now created a proof-of-concept app, Google Wallet Cracker, that can recover the Google Wallet PIN on a rooted phone.

Once attackers get your PIN, they have full access to any credit card information stored in the app and they can use your phone to make purchases. As a user of Google Wallet, the main security you see is the PIN. What makes Wallet easy for you to use now makes it easy for attackers to use; they can now spend your money and credit just as if your phone were an ATM card.

How It Works
The vulnerability involves storing an encrypted hash of the Google Wallet PIN in a database that belongs to the app. Because it’s not stored in the Secure Element chip, the only protection is Android’s user ID-based “sandboxing.” Normally malicious apps can’t access files belonging to another app, but once the phone is rooted that protection and any others are gone.

Google Wallet Cracker app checks whether the phone is rooted.

In this case an attacker with root access can reverse-engineer the Google Wallet app’s database format and extract the hashed PIN.

The Cracker app extracts the encrypted hash of the Google Wallet PIN.

Because the PIN is a four-digit code, an attacker can generate all possible PINs (0000-9999), hash them, and compare against the extracted PIN. On a real phone this takes about four seconds.

The Cracker app displays the recovered Google Wallet PIN four seconds after the app was started.

How Do We Stay Safe?
Currently only Nexus S or Galaxy Nexus users can run Google Wallet. Rubin has responsibly disclosed the vulnerability to Google and the company is now working on patching Android to prevent such attacks. The Google Wallet Cracker is not publicly available.

Google Wallet users can take a number of steps to protect themselves:

• Use a lock code/password, swipe pattern, or face unlock
• Keep your phone close and in your possession. If attackers don’t have physical access to your phone, they can’t install malicious apps or spyware.
• Install antivirus software on the phone to protect against unwanted root exploits and spyware

Starting Tuesday, March 1st 2011, ESET, the leader in proactive protection will exhibit at world’s largest computer technology trade show and expo in Hannover, Germany (March 1st – March 5th). ESET will present a new product for the Android platform – ESET Mobile Security, and offer a preview of the 5th generation of ESET Smart Security for Windows.

See the article here:
ESET to Exhibit at CeBIT 2011: Presentation of ESET Mobile Security for Android, Beta version; …