Anti Malware

Archive for February, 2012

.mad_center text-align:center .mad_center div, .mad_center table, .mad_center iframe, .mad_center a img margin-left: auto; margin-right: auto

Verizon-affiliated ICSA Labs steps into the controversy overAndroidapps that Symantec identified as malware.

This is one of the Android apps that Symantec labeled as &34;malware&34; but which ICSA Labs says is really just an ad-based app.

Symantec may have mistakenly labeled more than a dozen Android apps as malware, according to security researchers at Verizon-affiliated ICSA Labs.

Its an easy mistake to make, according to Roger Thompson, an ICSA emerging threats researcher who authored a blog post on the subject. Thompson suggested that the apps appear to include a new release of an ad platform that merely resembles malware in certain ways.

Symantec recently raised an alarm over an alleged Trojan it dubbed Android.Counterclank, saying its researchers had discovered 13 apps on the Android Market that had millions of downloads combined were malware because they could allow an attacker to remotely control the device. But Google refused to remove the apps from the Android market because they werent violating terms of service or doing anything customers hadnt given permission for.

Symantec said the alleged Trojan could be found in game and entertainment apps such as Counter Strike Ground Force, Deal and Be Millionaire and Pretty Woman Lingerie Puzzle. The apps are a minor modification of Android.Tonclank, a bot-like threat that can receive commands to carry out certain actions, as well as steal information from the device, Symantecs In Asrar wrote in a blog post.

Android.Counterclank certainly sounded dangerous. Symantec said thealleged Trojan could request permissions to access network, Wi-Fi and Cell-ID information, as well as install shortcuts, read settings, check the phones current state, open network connections, read and write access of the browsing history, copy bookmarks and retrieve the MAC address, SIM serial number and other device data.

The apps included disclaimers noting that that they were money by including a search bar shortcut that could be deleted and adding a search app to browser bookmarks.

Symantec backtrack on its assessment that the apps were malware in ablog postearlier this week, noting that the code in the Tonclank and Counterclank applications comes from the same vendor. The vendor is a company who distributes a SDK (software development kit) to third parties to help them monetize their applications, primarily through search.

Researchers at mobile security firm Lookout initially acknowledged some concerns about the apps functionality, but added:

[A]t this time, and as r as we can tell, it does not meet the standard to be classified as malware or a bot. Consumers should take these apps very seriously as they appear to tread on privacy lines, but they are not necessarily malicious.

Now ICSA Labs is weighing in on the matter. The testing and certification firm has concluded that the apps in question represent a new release of an ad platform developed to allow Android developers to monetize their apps… not a Trojan, designed to steal information or turn the victims device into part of an Android botnet.

Its difficult to determine when a Trojan is a Trojan, ICSA Labs said. If you cant observe maliciouantivirus softwares behavior, such as recording keystrokes, sending premium text messages or downloading other code without permission, you have to reverse engineer the code to see if the capabilities to do those actions are in there, or you have to rely on anti-virus scanners, which can generate lse positives, the firm said.

As ICSAs Thompson wrote:

When you have hundreds of thousands of apps, coming from all over the world, from any one of numerous and unknown developers, its just plain hard to figure out when something has crossed the line from aggressive advertising to outright maliciousness….

What most people dont realize is that Android apps are just zip files, and it is really easy to unzip, add some Trojan code, re-zip it, and stick it out on a warez site, masquerading as a legitimate copy of the original app….

Android is a wonderful, useful and exciting platform, but it turns out that its a really good idea to only download your apps from well-known companies.

Elinor MillsElinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service, and the Associated Press.

Thief urinates on transformer, gets burns, jailA copper thief is jailed for a year after he and an accomplice drain conductors at a sub-station of oil and he then urinates against the transformer, causing an explosion.

Technically Incorrect

China Telecom to begin selling iPhone 4S on March 9Deal with the countrys third largest carrier will end China Unicoms run as exclusive seller of the device in China.

Apple

Uber gives customers motorcade for Presidents DayAs a special Presidents Day treat, certain lucky Uber customers in Washington, D.C. receive a presidential-style motorcade, complete with limo and two Chevy Suburbans.

Technically Incorrect

Samsung shows sequels to Galaxy Ace and MiniNew smartphones continue to appear in advance of Mobile World Congress. Samsung is the player this time with the Galaxy Ace 2 and Galaxy Mini 2.

Mobile

Stitcher first with Facebook Timeline news radio integrationDozens of apps tie in seamlessly, but on the audio front, music has led the way. Now, radio news shows and podcasts are available by the thousands, and discovery is the goal.

Geek Gestalt

Clean-tech startup GreatPoint scales up in ChinaIn a $1.25 billion deal, GreatPoint Energys coal-to-natural gas technology will be built in China, the first large-scale plant for that technology in the world.

Cutting Edge

Android features that may elicit envy from iPhone owners (photos)Google made public a new swipe-to-unlock patent, something HTC actually already offers. CNET takes a look at some other features that vendors have contributed to Android–features that may someday end up in a patent battle.

Gallery

ZTE Mimosa X raises a glass to Ice Cream SandwichThe ZTE Mimosa X will burst forth with Ice Cream Sandwich…sometime in the second quarter.

Mobile

Apple touts N.C. solar array in environmental footprint reportCompany says array powering massive data center will be the largest end-user-owned operation in the country.

Apple

.mad_center text-align:center .mad_center div, .mad_center table, .mad_center iframe, .mad_center a img margin-left: auto; margin-right: auto

Elinor Mills became scinated with hacker culture when she was sent to Las Vegas to cover DefCon in 1995. Since then, script kiddies have given way to cyber criminals targeting bank passwords, and privacy risks are everywhere, from Google to Facebook and the iPhone. InSecurity Complex keeps tabs on the flaws, the foibles, and the fixes.

.mad_center text-align:center .mad_center div, .mad_center table, .mad_center iframe, .mad_center a img margin-left: auto; margin-right: auto

.mad_center text-align:center .mad_center div, .mad_center table, .mad_center iframe, .mad_center a img margin-left: auto; margin-right: auto

Woody, I got a copy of (one of the major antivirus products) when I bought my new PC. It worked fine for six months, but now it wants money. I tried installing a pirate copy, but it wont download updates and as you know an out-of-date antivirus program is about as useful as an out-of-date bottle of milk.

What antivirus product(s) do you use? What do you recommend for people who arent particularly interested in PCs, but know that they need to protect themselves?

All of the major antivirus/antimalware products work very well. Its getting harder and harder to draw a distinction among them.

The one I like best is the one that costs the least: Microsoft Security Essentials. MSE is absolutely free, and it will never, uh, bug you to upgrade or spend more money. If you dont trust Microsoft to protect its own software, theres always AVG Free. I talk about AVG Free briefly in my Windows books. But for most people, most of the time and for me, my PCs at home, and at the Sandwich Shoppes Microsoft Security Essentials does it all.

Whatever you do, dump the bloated anti-everything-ware program that came with your PC. Theres no reason to pay for protection over and over again. Get MSE or AVG Free and break the pay-pay-pay habit.

Although its a relative newcomer to the AV game, MSE consistently rates highly in head-to-head tests. It installs easily, runs like the wind. It never, ever tries to get you to spend more money on a different version. And it doesnt cost a satang. Ive converted all of my PCs to MSE Windows XP, Vista and Win 7 and never looked back.

To get your copy, go to microsoft.com/security_essentials and watch the installation video. Click the Download Now button, and youre on your way to using one of the best pieces of software Microsoft has ever made.

If youre already running an antivirus products even if its out of date, or begging for more money youll have to uninstall it before you can install MSE. Heres how:

Step 1:Download Microsoft Security Essentials.

Step 2:Disconnect from the Internet.

Step 3:Uninstall your current antivirus program. Uninstalling a well behaved antivirus program is as as clicking Start, Control Panel, Add or Remove Programs, finding the program in question and double-clicking on it.

Some antivirus programs, though, are notorious for being hard to uninstall. Norton was one of the worst, up until a couple of years ago. If you have to uninstall Norton, download and use the Norton Removal Tool. Some people report having problems getting rid of McAfee completely. If youre using McAfee and want to switch to MSE, download and run the McAfee Removal tool.

Step 4:No matter how you get rid of your old antivirus product with Windows Add/Remove, or with a specialized removal tool from Norton or McAfee reboot your computer once the uninstall is complete.

Step 5:Run the Microsoft Security Essentials installer. It will ask to connect to the internet to get updates. Dont do it just yet.

Step 6:Reboot your computer once again.

Step 7:Hook your computer up to the internet. Click on the MSE icon down in the system tray next to the clock at the bottom. Click the Update tab (see screen shot on this page), then click the Update button.

Step 8:On the MSE Home tab, choose the button marked Full and click Scan Now.

Step 9:Your computers going to slow down for a while maybe ten minutes, maybe a couple of hours while the scan finishes. Once its done, you may have to click to delete any bad stuff that MSE has found. I suggest you be merciless, and delete anything that looks even vaguely suspicious.

Step 10:Thats it. You dont have to do anything more, and MSE will keep itself updated and running non-stop.

Ive had many people ask if MSE will update itself, even if you turn off Automatic Updates for Windows (which I recommend at my website, AskWoody.com). The answer is yes: although MSE uses the Windows Update mechanism and programs to keep itself updated, your Automatic Updates setting doesnt hold any sway over Microsoft Security Essentials.

Microsoft Security Essentials checks to make sure youre running a genuine copy of Windows before itll install. Ive heard rumors that some of the not so genuine versions of Windows available in Phuket are good enough to trick the MSE installer. Thus, if you arent quite sure about the pedigree of your copy of Windows, itd be a good idea to download MSE and see if it will install. If it doesnt, the installer will tell you that you dont have genuine Windows. Thats it. No Pirate Police will appear at your door.

Locking down Windows 7 computers isnt all that difficult. You need a genuine copy of Windows 7 (which shouldnt cost much more than 2,000 baht ). You need to use a Standard not an Administrator account. You need to apply updates once a month (details and timing, which vary each month, are on my website), and you need Microsoft Security Essentials, which is free. If, in addition to all of that, you dont do anything stupid like installing a program that says itll remove 114 infections on your computer, or intentionally allowing a program to change your browsers home page you should be quite safe.

I run about twenty different PCs that way, with users that span the gamut from grizzled veteran to abject newbie, and Ive never had an infection under Windows 7.

Yes, some people have installed smiley icons and gotten their browsers tied up in knots. Occasionally the deult search engine gets changed, or the home page gets switched. Minor problems. Ive never seen a keylogger, rootkit or data stealing program on any of those PCs. The combination of genuinantivirus softwaree Windows 7 and MSE really does work.

With Woody hunkered down writing a book, the weekly Computer Clinics are taking a new turn. Until Woody emerges with an 860-page copy of Windows 8 All-In-One For Dummies under his arm, around May or June, Seth Bareiss will hold computer sessions every-other Wednesday afternoon, from 1 to 3pm. If you have a Windows problem that needs to be solved, drop by one of Seths free afternoon sessions at the Sandwich Shoppes. Details in the Phuket Gazette Events Calendar.

Sponsored by thePhuket Gazetteand Khun Woodys Sandwich Shoppes.

Live Wire isGazettecolumnist Woody Leonhards weekly snapshot of all things internet in Phuket.

Follow him on Twitter:@PhuketLiveWire; like pages atcebook.com/SandwichShoppe; andcebook.com/phuketgazette.net.

.parent_thumcolor:000000;background-color:ffffff;border-style:solid;border-color:cccccc;border-width:1padding:4width:100font-mily:Arial, Helvetica, sans-serif;font-size:11height:160cursor:pointer;line-height:12text-align:left.parent_thum2width:100.tablecontentwidth:100%;padding-right:5.container width: 100%; margin: 2px ul.tabs margin: 0;padding: 0;float: left;list-style: none;height: 32border-bottom: 1px solid 999;border-left: 1px solid 999;width: 100%ul.tabs li float: left;margin: 0;padding: 0;height: 31line-height: 31border: 1px solid 999;border-left: none;margin-bottom: -1background: e0e0e0;overflow: hidden;position: relativeul.tabs li a text-decoration: none;color: 000;display: block;padding: 0 10border: 1px solid fff;outline: noneul.tabs li a:hover background: ccchtml ul.tabs li.active, html ul.tabs li.active a:hover background: fff;border-bottom: 1px solid fff.tab_container border: 1px solid 999;border-top: none;clear: both;float: left; width: 100%;background: fff;margin-bottom: 15-moz-border-radius-bottomright: 5-khtml-border-radius-bottomright: 5-webkit-border-bottom-right-radius: 5-moz-border-radius-bottomleft: 5-khtml-border-radius-bottomleft: 5-webkit-border-bottom-left-radius: 5.imgthmclear:both;overflow:hidden;padding-bottom:0;padding-left:0;padding-right:0;padding-top:0;margin:0;width:100

PHUKET: An elderly Swedish woman was found dead in the waters off Ao Nang in Krabi yesterday, one of many recent drownings in Phuket and…

79/94 Moo 4, Thepkrasattri Rd, T. Koh Keaw, A. Muang Phuket 83000, Thailand

Tel: 076-273555 Fax: 076-615240

.mad_center text-align:center .mad_center div, .mad_center table, .mad_center iframe, .mad_center a img margin-left: auto; margin-right: auto

A week after urging customers to disable PCAnywhere in light of the theft of the products source code, Symantec is now dubbing the product safe as long as users apply the latest security patch.

PCAnywhere customers computers are apparently safe again as long as they apply the latest security patch to the software.

Following news of thetheft of the products source code, Symantec last week advised customers todisable the softwareto guard against cyberattacks.

But a round of free upgrades released last week were aimed at cleaning up the vulnerabilities.

On January 23, Symantec released a patch to secure PCAnywhere 12.5. And then January 27, the company rolled out another patch directed toward PCAnywhere versions 12.0 and 12.1.

Posting the latest information about thesecurity updates and the source code theft, Symantec is advising users to apply all the relevant patches as they come out and follow best practices (PDF) when it comes to security. Customers who dont have the latest version with the new patches can contact Symantec at pcanywhere@symantec.com for further help.

Responding to hackers who boasted that they had stolen the code for various products, Symantec earlier this month initiallyblamed the incident on a third-party serverand said the theft was limited to two older enterprise products–Symantec Endpoint Protection 11.0 and Symantec Antivirus 10.2.

But the security vendor later admitted that someone actually hacked into its own network in 2006 and grabbed the source code for several different products, including Norton Antivirus Corporate Edition, Norton Internet Security, Norton SystemWorks, and PCAnywhere.

Customers of most of the products in question were safe, said Symantec, because those applications have since been updated. But PCAnywhere was apparently still at risk, forcing the company to scramble to release the new security patches.

Aimed toward business users, PCAnywhere is remote-control software that lets users take control of another computer. The information on the patches was directed toward version 12 and higher with no mention of version 11.5, which was released in 2004, or prior versions. However, a Symantec spokesman told CNET that if requested, the company will honor an update to version 12.5 for customers using previous versions of the product.

Lance WhitneyLance Whitney wears a few different technology hats–journalist, Web developer, and software trainer. Hes a contributing editor for Microsoft TechNet Magazine and writes for other computer publications and Web sites. Lance is a member of the CNET Blog Network, and he is not an employee of CNET.

Thief urinates on transformer, gets burns, jailA copper thief is jailed for a year after he and an accomplice drain conductors at a sub-station of oil and he then urinates against the transformer, causing an explosion.

Technically Incorrect

China Telecom to begin selling iPhone 4S on March 9Deal with the countrys third largest carrier will end China Unicoms run as exclusiantivirus softwareve seller of the device in China.

Apple

Uber gives customers motorcade for Presidents DayAs a special Presidents Day treat, certain lucky Uber customers in Washington, D.C. receive a presidential-style motorcade, complete with limo and two Chevy Suburbans.

Technically Incorrect

Samsung shows sequels to Galaxy Ace and MiniNew smartphones continue to appear in advance of Mobile World Congress. Samsung is the player this time with the Galaxy Ace 2 and Galaxy Mini 2.

Mobile

Stitcher first with Facebook Timeline news radio integrationDozens of apps tie in seamlessly, but on the audio front, music has led the way. Now, radio news shows and podcasts are available by the thousands, and discovery is the goal.

Geek Gestalt

Clean-tech startup GreatPoint scales up in ChinaIn a $1.25 billion deal, GreatPoint Energys coal-to-natural gas technology will be built in China, the first large-scale plant for that technology in the world.

Cutting Edge

Android features that may elicit envy from iPhone owners (photos)Google made public a new swipe-to-unlock patent, something HTC actually already offers. CNET takes a look at some other features that vendors have contributed to Android–features that may someday end up in a patent battle.

Gallery

ZTE Mimosa X raises a glass to Ice Cream SandwichThe ZTE Mimosa X will burst forth with Ice Cream Sandwich…sometime in the second quarter.

Mobile

Apple touts N.C. solar array in environmental footprint reportCompany says array powering massive data center will be the largest end-user-owned operation in the country.

Apple

.mad_center text-align:center .mad_center div, .mad_center table, .mad_center iframe, .mad_center a img margin-left: auto; margin-right: auto

Online security is threatened by more than hacking and phishing attempts. Check here for the latest updates on software vulnerabilities, data leaks, and rapidly spreading viruses–and learn how to protect your systems.

.mad_center text-align:center .mad_center div, .mad_center table, .mad_center iframe, .mad_center a img margin-left: auto; margin-right: auto

.mad_center text-align:center .mad_center div, .mad_center table, .mad_center iframe, .mad_center a img margin-left: auto; margin-right: auto