Malware Catches Up with Macs

Malware effecting Apple computersFull Disclosure: I used to be one of those Mac users who wasn’t too concerned with malicious links and suspicious emails because, hey, I use a Mac and Macs aren’t that susceptible to malware. … Oh how I miss those days.

Mac malware is on the rise, with an estimated 600,000 computers affected but the Flashback Trojan at the moment and another exploit taking advantage of a security flaw in outdated Microsoft Office for Mac files. Here’s some information on the Flashback Trojan’s effects, from PCMag:

The Java flaw exploited by the so-called Flashback Trojan dates back to February, but Apple did not release a patch until April 3. As a result, approximately 550,000 Macs were infected, according to data released this week from anti-virus vendor Doctor Web.

Doctor Web today provided a few more details about the proliferation of the Flashback Trojan. Almost 350,000 of the affected devices were in the U.S., with about 125,000 in Canada, and 75,000 in Great Britain.

In the U.S., Manhattan-based Macs saw the largest number of traceable infections at about 5,000, followed by Brooklyn, Los Angeles, and Chicago. But the whereabouts of almost 18,000 affected Macs was unknown, Doctor Web said.

In Canada, Toronto was hardest hit (14,000), while Londoners were most-impacted in the U.K. (almost 20,000). For more details, see the map below.

As PCMag’s Security Watch noted yesterday, Mac users did not have to download or even interact with the malware to become infected. Websites exploited a Java flaw that let Flashback.K download itself onto Macs without warning. It then asked users to supply an administrative password, but even without that password, the malware was already installed.

And this is how the Microsoft Office exploit works (from PCWorld):

Continue Reading

Essential Guide to Mobile App Testing

Click Fraud Climbing – Up 18.6 Percent

According to tech analyst firm IDC, U.S. companies paid a record $14.2 billion for paid keyword-driven contextual ads in 2009, with Google dominating 55% of that revenue, Yahoo 9% and Microsoft 6%.

More dollars = More fraudsters. Period.

The company Click Forensics just released a report on the overall click fraud rates for the paid search industry. According to SearchEngineLand, the report said click fraud was up from 17.4% last quarter to 18.6% in Q2 of 2010. Traffic across 300+ ad networks is reflected in the data.

In addition, it was found that the countries outside North America with the greatest volume of click fraud were Singapore, Pakistan, Japan, Ukraine and China respectively.

Recent research by marketing intelligence company Visual IQ came out with similar numbers earlier this month. The company estimates marketers lose an average of 16.7 percent of their pay-per-click budgets to fraud.

So why is click fraud slowly trending higher and higher? The CEO of Click Forensics, Paul Pellman, stipulates that “the main reasons appear to be the continued sophistication of botnets and malware prevalent in the fast-growing search marketing space.”

According to Inc. Magazine, click scams use the following techniques:

  • Manual clicking. Workers might be paid to click to run up totals.
  • Software clicks. Automated clicks.
  • Bot networks. Using malware to harness unsuspecting users’ computers, criminals can create large networks of computers employing programs that imitate clicks.

Despite detection innovations, click fraud rates show no signs of slowing. Attacks are becoming more sophisticated. Criminals are making more money. So what can we do? Any advice out there on how to mitigate it?



Essential Guide to Mobile App Testing

Just “Checking-In” — Are We Taking LBS Privacy & Security Risks Seriously?

The impact of check-in services, like Foursquare, on personal privacy and security is yet again making top headlines. If you remember our most recent bug battle (The Check-In Challenge), more than 80% of respondents responded “Yes” when asked if they were concerned about how location-based services (LBS) could impact their personal privacy and safety. And 49% chose “privacy/security concerns” as the top reason they don’t use check-in services more often.

Yesterday, the security company WebRoot came out with a study discovering similar results. After surveying 1,500+ social network users with geolocation-ready mobile devices, WebRoot found that more than half (55%) of respondents fear the loss of security and privacy, and 45% are very concerned about letting potential burglars know when they’re away from home (ah yes, the now shut down PleaseRobMe experiment comes to mind).

What’s most interesting to us is that 39% of those surveyed by Webroot said they use geolocation services, but take a look at the number of people that have fallen prey to social network cyber-criminals:

  • Nearly a quarter of respondents (22.4 percent) were victims of a phishing attempt to steal their social network password.
  • About one in six (16 percent) reported a malware infection in the past year that originated from a social networking site.
  • One in nine reported at least one of their social network accounts had been compromised or hijacked.

Even in the face of these risks, many consumers admitted to engaging in risky behaviors:

Continue Reading

Essential Guide to Mobile App Testing

Do You Know Where That Tweet Has Been?

While scanning Wired.com this weekend, I came across an article that’s scary enough to fit right in with Halloween.  Most security

Twitter malware

(Click to enlarge chart)

studies address issues in operating systems, browsers or other core systems.  This one, however, addressed the uber-popular Twitter and the URL shorteners that are widely used because of its 140 character constraints (eg: bit.ly, tinyurl, tr.im).

And while Twitter and URL shortening services aren’t dangerous in and of themselves, they present a wonderful tool for blackhats.  In this case, Wired published the findings of a study from computer security firm, Kaspersky.

You can read the full article here, but the top-level findings are, in a word, scary.

As many as one in every 500 web addresses posted on Twitter lead to sites hosting malware, according to researchers at Kaspersky Labs who have deployed a tool that examines URLs circulating in tweets.

The spread of malware is aided by the popular use of shortened URLs on Twitter, which generally hide the real website address from users before they click on a link, preventing them from self-filtering links that appear to be dodgy.

1 in 500 doesn’t sound so scary to you? Check out what that .2% really means after the jump.

Continue Reading

Essential Guide to Mobile App Testing