In the wake of last weekend's ikee iPhone worm - which switched the background pictures of jailbroken iPhones to a picture of Rick Astley - iPhone-Privacy-A has struck, and its payload is much more harmful than a mere internet prank.
UK-based tech site The Register reports that the worm was first discovered by computer security firm Intego, which specializes in Mac-based threats. "When connecting to a jailbroken iPhone, this tool allows a hacker to silently copy a treasure trove of user data from a compromised iPhone: email, contacts, SMSs, calendars, photos, music files, videos, as well as any data recorded by any iPhone app," Intego told The Register.
Both ikee and iPhone-Privacy-A operate via the same exploit in jailbroken iPhones, a default password that many users keep in the secure shell remote access framework that allows the device to use networks and software that it was not originally designed to.
As the mobile broadband market becomes more and more important to the tech industry, malware attacks against smart phones are expected to rise, according to analysts.
Tag Archives: worm
New iPhone worm is never gonna give you up
Apple partisans routinely tout their ostensible immunity to the majority of computer threats, but a new worm that targets user-modified iPhones may make their faces as red as Rick Astley's hair.
The worm, known as ikee, is not thought to be particularly malicious - its only purpose seems to be to change the iPhone's background to a picture of cult singer Rick Astley and display the message "ikee is never gonna give you up." The worm is thought to be related to a popular internet prank, where users expecting certain content are redirected instead to a YouTube video of the singer's hit song "Never Gonna Give You Up."
The malware appears to work only on iPhones that users have "jailbroken," or made usable on networks other than Apple's partner AT&T. Having installed the usual Unix secure shell (SSH) but not changed the password makes the device vulnerable to ikee.
An unemployed Australian programmer, Ashley Towns, is said to be responsible for creating ikee. In an interview with an employee of his ISP, Towns said that the intent of ikee was to demonstrate vulnerabilities in jailbroken iPhones.
The worm, known as ikee, is not thought to be particularly malicious - its only purpose seems to be to change the iPhone's background to a picture of cult singer Rick Astley and display the message "ikee is never gonna give you up." The worm is thought to be related to a popular internet prank, where users expecting certain content are redirected instead to a YouTube video of the singer's hit song "Never Gonna Give You Up."
The malware appears to work only on iPhones that users have "jailbroken," or made usable on networks other than Apple's partner AT&T. Having installed the usual Unix secure shell (SSH) but not changed the password makes the device vulnerable to ikee.
An unemployed Australian programmer, Ashley Towns, is said to be responsible for creating ikee. In an interview with an employee of his ISP, Towns said that the intent of ikee was to demonstrate vulnerabilities in jailbroken iPhones.
Koobface worm spreading phony ‘PC AntiSpyWare 2010′ antivirus
Web security researchers at the University of Alabama following the exploits of the Koobface worm have discovered how the worm, which spreads via spam messages on Facebook and other social networking sites, makes money for its malware masters.
Security researcher Gary Warner detailed on his blog yesterday how a PC infected with Koobface will prompt the user to download and purchase a fake antivirus product, also known as scareware or rogueware. In Warner's case, the version was called PC AntiSpyWare 2010.
According to McAfee, one of the major antivirus companies, the 2010 batch of AV products hasn't made it to market yet, so users who come across a 2010 AV product are most likely being sold a fake product.
PC AntiSpyware 2010 even advertises itself by warning users about spyware that is not detected by antivirus products "because they are disguised as legitimate software installed with the user's consent."
As McAfee researcher Dirk Kollberg wrote on the McAfee Avert labs blog, PC AntiSpyWare 2010 is a "perfect example" of cybercriminals disguising a malicious product as legitimate software.
Security researcher Gary Warner detailed on his blog yesterday how a PC infected with Koobface will prompt the user to download and purchase a fake antivirus product, also known as scareware or rogueware. In Warner's case, the version was called PC AntiSpyWare 2010.
According to McAfee, one of the major antivirus companies, the 2010 batch of AV products hasn't made it to market yet, so users who come across a 2010 AV product are most likely being sold a fake product.
PC AntiSpyware 2010 even advertises itself by warning users about spyware that is not detected by antivirus products "because they are disguised as legitimate software installed with the user's consent."
As McAfee researcher Dirk Kollberg wrote on the McAfee Avert labs blog, PC AntiSpyWare 2010 is a "perfect example" of cybercriminals disguising a malicious product as legitimate software.
Koobface worm grows more sophisticated in web 2.0 attacks
Web security researchers are warning that the notorious Koobface worm that spreads on social networks like Facebook and Twitter has grown more sophisticated in order to evade detection and trick more savvy users into downloading malware.
The malware writers have relied on the proliferation of link sharing on social networks to spread the Koobface virus. Koobface sends out spam messages from hijacked user accounts containing malicious links to websites where users are prompted to download Trojan malware and phony antivirus software.
Kaspersky labs reported that the spam messages are now becoming more realistic, with different Koobface spam messages featuring random additions like "HA-HA-HA!" or "LOL," while the malicious URLs are better disguised through a different bit.ly shortened URL each time.
Although it was originally designed to propagate through Facebook and MySpace, Koobface now spreads througho eight other social networking sites, including Twitter, thanks to a program that steals a user's cookies from the social websites he or she has visited, Trend Micro reported.
Koobface can also install other types of malware on an infected PC, which makes it valuable to other cybercriminals who appear to be renting out the Koobface botnet of infected machines to install malware for data theft, search hijacking and selling rogue antivirus software.
Koobface also has a way of tricking users into breaking CAPTCHA images for it in order to spam a user's contact list.
The malware writers have relied on the proliferation of link sharing on social networks to spread the Koobface virus. Koobface sends out spam messages from hijacked user accounts containing malicious links to websites where users are prompted to download Trojan malware and phony antivirus software.
Kaspersky labs reported that the spam messages are now becoming more realistic, with different Koobface spam messages featuring random additions like "HA-HA-HA!" or "LOL," while the malicious URLs are better disguised through a different bit.ly shortened URL each time.
Although it was originally designed to propagate through Facebook and MySpace, Koobface now spreads througho eight other social networking sites, including Twitter, thanks to a program that steals a user's cookies from the social websites he or she has visited, Trend Micro reported.
Koobface can also install other types of malware on an infected PC, which makes it valuable to other cybercriminals who appear to be renting out the Koobface botnet of infected machines to install malware for data theft, search hijacking and selling rogue antivirus software.
Koobface also has a way of tricking users into breaking CAPTCHA images for it in order to spam a user's contact list.
Twitter suspends accounts of users infected by Koobface worm
Filed under Security News
Tagged as accounts, Facebook, infection, Kaspersky, Koobface, suspend, Trend Micro, Twitter, worm
Tagged as accounts, Facebook, infection, Kaspersky, Koobface, suspend, Trend Micro, Twitter, worm
Twitter on Friday said it was suspending user accounts that had been infected by a variant of the Koobface worm, which spreads itself by generating bogus tweets when the infected user logs in. The messages contain links to sites hosting the malware to infect other users.
Twitter said on its status blog Friday that the site was "suspending all accounts that we detect sending such bogus tweets."
Web security firm Trend Micro noticed a spike in Koobface activity on Twitter, saying on its security blog Friday that "a couple hundred" Twitter accounts were sending out the spam tweets over the span of a few hours.
Kapersky Labs, which detected the original Koobface worm last year spreading on Facebook and MySpace, said the number of variants had exploded from 324 to more than 1,000 at the end of June. The worm has been spreading on other social networking sites like Hi5, Bebo, Tagged, Netlog and, most recently, Twitter.
Comments and messages sent by the worm contain a link to a fake YouTube style website which invites users to download a phony Flash Player file that actually contains the worm.
"[T]he activity we've seen this month exceeds by far any other month in the past," said Stefan Tanase, a malware researcher at Kapersky.
Twitter said on its status blog Friday that the site was "suspending all accounts that we detect sending such bogus tweets."
Web security firm Trend Micro noticed a spike in Koobface activity on Twitter, saying on its security blog Friday that "a couple hundred" Twitter accounts were sending out the spam tweets over the span of a few hours.
Kapersky Labs, which detected the original Koobface worm last year spreading on Facebook and MySpace, said the number of variants had exploded from 324 to more than 1,000 at the end of June. The worm has been spreading on other social networking sites like Hi5, Bebo, Tagged, Netlog and, most recently, Twitter.
Comments and messages sent by the worm contain a link to a fake YouTube style website which invites users to download a phony Flash Player file that actually contains the worm.
"[T]he activity we've seen this month exceeds by far any other month in the past," said Stefan Tanase, a malware researcher at Kapersky.
Korean hackers, MyDoom worm suspected in DDoS attacks
Government websites in the U.S. and South Korea were hit by a major cyberattack beginning on July 4, which intelligence officials believe were launched by hackers sympathetic to the authoritarian regime in North Korea.
U.S. officials told the Associated Press that websites for the Treasury department, the Secret Service, the Federal Trade Commission and the Department of Transportation were hit by a sustained distributed denial-of-service attack (DDoS) over the holiday weekend.
South Korean intelligence officials said a botnet of 18,000 infected computers located on the Korean peninsula was used to launch the attacks, according to the Korea Herald.
A series of attacks on South Korean government sites began on Tuesday, including the sites of the office of the president, Cheong Wa Dae and the National Assembly, Ministry of Defense and Shinhan Bank and Korea Exchange Bank, the newspaper reported.
Amy Kudwa, a spokeswoman for the Department of Homeland Security, said the U.S. Computer Emergency Readiness Team issued a notice to federal departments and "advised them of steps to take to help mitigate against such attacks," according to the AP.
Web security researchers from AhnLab said the attack could have been spawned by PCs infected with a version of the MyDoom worm, according to IDG News Service.
U.S. officials told the Associated Press that websites for the Treasury department, the Secret Service, the Federal Trade Commission and the Department of Transportation were hit by a sustained distributed denial-of-service attack (DDoS) over the holiday weekend.
South Korean intelligence officials said a botnet of 18,000 infected computers located on the Korean peninsula was used to launch the attacks, according to the Korea Herald.
A series of attacks on South Korean government sites began on Tuesday, including the sites of the office of the president, Cheong Wa Dae and the National Assembly, Ministry of Defense and Shinhan Bank and Korea Exchange Bank, the newspaper reported.
Amy Kudwa, a spokeswoman for the Department of Homeland Security, said the U.S. Computer Emergency Readiness Team issued a notice to federal departments and "advised them of steps to take to help mitigate against such attacks," according to the AP.
Web security researchers from AhnLab said the attack could have been spawned by PCs infected with a version of the MyDoom worm, according to IDG News Service.
DOD Prohibits Removable Storage Devices To Stop Worm
Filed under Security News
Tagged as Agent.btz, Department of Defense, DOD, Pentagon, removable media, SillyFDC, virus, worm
Tagged as Agent.btz, Department of Defense, DOD, Pentagon, removable media, SillyFDC, virus, worm
“Lockdown” must be the Department of Defense’s middle name. As a worm seems to be making its way through the military’s computers, the DOD has responded by banning flash drives, CDs, and just about everything else that can store data and be moved from one machine to another.
Noah Schactman reports, “The problem, according to a second Army e-mail, was prompted by a ‘virus called Agent.btz.’ That’s a variation of the ‘SillyFDC’ worm, which spreads by copying itself to thumb drives and the like. When that drive or disk is plugged into a second computer, the worm replicates itself again – this time on the PC.”
The DOD’s response should effectively stop the worm’s spread, then, and give experts a chance to track down and clean up affected machines. It might even help with other military security issues, since it’ll be harder for important information to get lost or stolen when it’s not being shuttled around as much.
But since the length of the new ban hasn’t been determined (or at least announced), everyone from suits in the Pentagon to soldiers in the field may be faced with data-movement nuisances for quite some time.
This situation hasn’t, at least, led to any real problems so far.