Experts have said it again and again and history has shown us that money is the root of all evil and so it goes the same for the development and eventual spread of more sophisticated malware intended for the ever growing mobile computing environment. Current malware is simple yet experts are warning users and other experts alike that it would only be time before some hacker develops a more robust and discreet form of malware that would circumvent standard virus scanners. As we have seen and read in news articles, these viruses, Trojans and other forms of malware are evolving so fast that removal and detection experts are finding it very hard to get one step ahead of them. In the time it takes to read this post, about 35 or so new types of malware would have been released into the wild to infect any of the millions of unprotected systems over the internet. The problem has gone into the pandemic stage that no system is safe for long. The soonest a new and more robust intrusion prevention and security system is in place, several new vulnerabilities in the computer systems we use are found and immediately exploited by hackers and their minion.
Economics or the promise of earning a buck from such malware creation and spreading is the major motivation for hackers. Say you get into the cell phone of your favorite Celebrity and get hold of private pictures, or get hold of a confidential report which lists the amount of funds along with the corresponding account information and much more information that one can sell quite profitably over the internet.
MTV Networks Employee Information Exposed to WEB
Viacom, the company that owns MTV has confirmed the fact that there was indeed a leakage of information from their system that has resulted in personal information such as Social Security numbers, Birth dates and other employment related data. They confirmed the fact that the said information was taken from an employee workstation which may have been infected by malware that sent the said information to the outside without the management knowing about it. These types of problems are now becoming more common as people go on the web and as this case shows, the workstation in question was said to have entered a social networking site through which may have been the path the malware took. The said information was contained in password protected files and the company has said that it has launched an internal investigation as to why the employee in question may have been able to access the said site from the office workstation.
Information leakage such as this case is now so common that they happen even without anybody knowing about it. Even with installed security and intrusion prevention systems, programs that piggy-back onto legal programs have found and exploited ways to circumvent them exposing themselves to protection systems as legitimate programs. Social networks have been targeted as with the problems with Goggle’s Orkut, Myspace and the many other social networking sites which have fallen to hackers who use them as launch/propagation platforms to unload their payloads of Trojans, key-loggers and many other forms malicious code.
The Web transforming into the social network may be the best thing that has happened to many but it remains to be a thorn in IT Security People from all over. Many have fallen victim to such instances that have resulted in credit card fraud and full-blown identity theft cases which are a real-world issue everybody has take notice of. The threat is real and we must all make it a point to do our best. Install the proper intrusion prevention systems and establish systems usage security protocol which will minimize exposure to such threats which are sure to invade more of our daily lives as we go on living a second life in the internet of today, the Social net.
GMail Password Malware Found By User
As if we haven’t gotten enough warning about free stuff of the web, here’s a classic case of such malware found by an unsuspecting programmer who just happened to casually do a de-compilation of a popular utility used on Google Mail that allows archiving of all your email. As the story goes, A programmer was on the hunt for a way to back-up his email from GMail which he submitted a request to CodingHorror.com for such a utility from fellow programmers. He was referred to a commercial program called G-Archiver which was distributed by an American firm Mate Media. As all freeware usually do (which is not as much as their advertising says) it disappoints him quite to the extent that he decides to reverse engineer(in the fashion of true hacking) the said utility only to find the email address and passowrd of the program’s creator within the code that raised red flags as to the reason behind the said suspicious details. As it turns out, the said program was sending private data with respect to the users who have downloaded and used the said utility to archive their Gmail accounts.
The program contained the said information (email address and password) of the programmer so the said utility can send information to him without the users knowing about it from any platform and location it may have been used.
Most of the sites which offered the program for download have removed them from their software offerings and the authors at ZDnet Asia where this was first reported have not been able to get a reply from the firm which distributes the said utility as to an explanation to the said event. This is a classic case of complacency wherein people rely on big names for their needs sometimes even sacrificing common sense in the process as sad as it may seem. The reluctance of the developers to reply to the said allegations. The programmer took the email address and the pasword using it to log-on to Gmail where he finds 1,777 email from all the people who have used the software including their passowrds and other vital information. So, be wary of free and sometimes harmless stuff, they are the ones who can do most harm.
Trojan Hits Windows Mobile
McAfee, one of the industry’s leading software developers of anti-virus software have through its Avert Labs has discovered a new Trojan that infects WindowsCE which was developed for the Microsoft PocketPCs. The Trojan, disables data and network security rendering it useless and can be installed via memory card. The Trojan has the nasty ability to defy removal through software methods with the exception of a total re-format and re-installation of the applications and OS from a secure and safe source. Infected users are also asked not to use flash drives or memory sticks with saved data for they can also contain the code which spreads the trojan.The Trojan was discovered in China and makes itself the home page of the heavily reliant PocketPCs on the web. Information regarding the device, serial number and other personal information are then sent to the author of the Trojan leaving it open to future attacks and installation of malware due to security that has been turned off by the said Trojan.
The Trojan has been found contained snugly within legitimate installers and Asia being one of the fastest growing areas for mobile devices it would only take a little time before the said Trojan aptly named InfoJack spreads and wreaks havoc on Asia’s growing mobile PC community. The US-CERT or Computer Emergency Readiness Team has already taken notice of the said Trojan and is closely monitoring for further developments. Them along with anti-virus developers are currently developing methods of defeating the perpetrator and hopefully also capture the crook who designed the said malware.
OS Updates, Patches and Service Packs – What they’re not telling you (Part 2)
Some of these updates and patches are well publicized and known to media and IT circles while others are not. The real truth, not all users want to know the details of the several updates and patches that are being installed as long as they get to use the internet and other software without issues. This is a dangerous tightrope to walk for like the Facebook incidents and MySpace problems, and yes even Google (with their customer purchase tracking system which they took out of service as people took notice and were pissed they were being monitored as to shopping habits etc).
Even the most popular web search engines have come under fire when people took notice of their tracking systems and how that information is used to target them for advertising campaigns. The web is a true and proven signal of unparalleled freedom for it allows you to get information all with the press of a few buttons. But the battle begins at your desktop or laptop where the OS resides and is installed on making it the root of all possible problems. Yes, Attacks do come from the net but they are targeted at your home or office desktops using them as propagation tools to spread them all over the globe. Privacy and the right to know is quite battered on these fronts with many problems being discovered at every turn. People love intrigue and they will continue to scrutinize and criticize the work of others may they be friends or foes. On goes the OS wars and we are on the sidelines waiting to suffer all the fallout of their drive to be the first to release the most innovative and feature loaded software (with bugs and system crashes all bundled and included in the box, well till they release the respective fixes and patches to remedy them).
OS Updates, Patches and Service Packs – What they’re not telling you (Part 1)
Everybody on this earth who uses the internet has to begin with a device (PC, Laptop or Mobile Phone) that has a form of operating system that gives the machine (computer/device) the ability to function as it does. May it be from Microsoft (Windows XP or Vista), Apple (OS X Leopard and prior versions) or Linux-Based operating systems, all these programs get their fair share of patches and bug fixes that are essentially damage control measures that hopefully correct programming errors before they cause too much harm to the user and the computer they are installed on.
These patches and updates are available for free for most licensed users but for those who still use bootlegged software, well, they are a bit too difficult to get hold of for the move of OS manufacturers to install (sometimes without you even knowing it), validation tools that check via the internet if the copy of your OS is licensed and legit. These underground updates are not always so discreet for some do get out and are found by users, programmers and other people who rely heavily on their computers for their everyday existence. Some get blown out of proportion sending them into the headlines as unwanted and unauthorized processes that you get to see on CNN and the BBC.
Software development firms are businesses and they do try their best to keep ahead of the pack (competitors) when it comes to the complexity and capabilities of their products. The competitiveness goes as far as the early release of a product before all testing and real-world simulations have been completed opting for patches and updates to correct them well after the product has been released into the wild (for public use). Some problems associated with them are so critical that the developers are so ashamed to admit they overlooked them that they opt to update these files without the user’s knowledge (have you ever seen your OS getting updates from the web as you get to go on your coffee break, sometimes so discreetly you even fail to notice, returning to a computer that tells you your system has been updated and a restart is needed for them to take effect?)