Security: Heartbleed, Apple, MacOSX, iOS, Linux, and Android

Abstract:
Nearly every computing device today is connected together via a network of some kind. These connections open up opportunities or vulnerabilities for exploitation by mafia, criminals, or government espionage via malware. While computers such as MacOSX are immune, along with their mobile devices based upon iOS iPhone and iPads... huge numbers of Linux and Android devices are at risk!

Heartbleed:

 This particular vulnerability can be leveraged by many sources in order to capture usernames and passwords, where those account credentials can be later used for nefarious purposes. Nefarious includes: command and control to attack commercial, financial, government, or even launch attacks against entire national electrical grids; stealing money; stealing compute resources. The defect is well documented.

Apple and Android/Linux Vulnerabilities:

There are many operating systems which are vulnerable to this defect, but for this article, we are only really concerned about the mobile market.

• 2014-04-14 - Not just websites hit by OpenSSL's Heartbleed – PCs, phones and more under threat

While most of the buzz surrounding OpenSSL's Heartbleed vulnerability has focussed on websites and other servers, the SANS Institute reminds us that software running on PCs, tablets and more is just as potentially vulnerable.
Williams said a dodgy server could easily send a message to vulnerable software on phones, laptops, PCs, home routers and other devices, and retrieve up to 64KB of highly sensitive data from the targeted system at a time. It's an attack that would probably yield handy amounts of data if deployed against users of public Wi-Fi hotspots, for example.

• 2014-04-12 - Millions of Android Devices Vulnerable to Heartbleed Bug

While Google said in a blog post on April 9 that all versions of Android are immune to the flaw, it added that the “limited exception” was one version dubbed 4.1.1, which was released in 2012.
Security researchers said that version of Android is still used in millions of smartphones and tablets, including popular models made by Samsung Electronics Co., HTC Corp. and other manufacturers. Google statistics show that 34 percent of Android devices use variations of the 4.1 software.

The company said less than 10 percent of active devices are vulnerable. More than 900 million Android devices have been activated worldwide.

• 2014-04-11 - Apple is IMMUNE from Heartbleed. OS X and iOS unaffected.

After taking a few days to check its security, the fruity firm joined other companies in publicly announcing how worried or secure its customers should feel.
“Apple takes security very seriously. IOS and OS X never incorporated the vulnerable software and key Web-based services were not affected,” an Apple spokesperson said.

Conclusions:
To give an adequate understanding regarding the number of mobile Android devices at risk, one could take the population of the United States, at roughly 317 Million people as a baseline. 90 million Android Linux based devices vulnerable, that is equivalent to nearly 28% of the population of the United States is at risk! This is no small number of mobile devices - there is a lot of patching that either needs to be done or mobile devices which should be destroyed. Ensure you check your android device!

Security: Software Piracy, Android Phones, and SMS Spam

[Courtesy: Android Authority]

 Security: Software Piracy, Android Phones, and SMS Spam
Abstract:
Ever since the creation of computers, people have been distributing software to avoid paying money or paying to distribute something that people don't want. Pirated Applications and Spam are two primary means to distribute viruses, malware, and worms. Baby steps against these on-line monsters are occasionally made.

In Review: 2013

From January to November last year, nearly 2 viruses, trojans, or generic malware was discovered each month in the Android mobile application market. December had a couple more discovered. For the malware discovered, there are countless numbers of mobile applications which have not yet been discovered... to steal credit card information, identities, or even "command and control" applications to turn your mobile device into a robot against unsuspecting targets (while you pay for the data traffic that is produced!)

Starting: 2014

While consolidating a list of mobile malware in the Android market was not completed, it is clear that there is some progress in this space... no matter how small.

2014-03-25 U.S. Government First Convictions Over Pirated Mobile Android Applications

The US has enforced its first convictions for illegally distributing counterfeit mobile apps, after two Florida men pleaded guilty for their part in a scheme that sold pirated apps with a total retail value of more than $700,000. Thomas Allen Dye, 21, and 26-year-old Nicholas Anthony Narbone both pleaded guilty to the same charge - conspiracy to commit criminal copyright infringement - earlier this month and are due to be sentenced in June and July respectively. Both men were in the Appbucket group, of which Narbone was the leader, which made and sold more than a million copyrighted Android mobile apps through the group's alternative online market.

2014-03-26 Chinese Arrest 1,500 in Fake Cellular Tower Text Message Spam Raid

China’s police have arrested over 1,500 people on suspicion of using fake base stations to send out mobile SMS spam. The current crackdown, began in February, according to Reuters. Citing a Ministry of Public Security missive, the newswire says a group operating in north-east Liaoning province, bordering North Korea, is suspected of pinging out more than 200 million spam texts.

In Conclusion:
Be diligent! Remember to purchase your applications from reputable places, don't be seduced into stealing applications on-line or purchasing them under list price. Being a thief could make you a victim!

Security: Android, Viruses, Malware, and Worms

[Courtesy AndroidAuthority]

Android: Malware Infestations for 2013

2013 Ending
Rounding out the 2013 Year with More Android Virus and Malware issues.

• 2013-12-17 - Android and SMS Text Messages to China
  http://www.theregister.co.uk/2013/12/17/android_botnet/

• 2013-12-17 - Android Anti-Virus Unable to Kill Malware
  http://www.theregister.co.uk/2013/12/17/android_anti_malware/

Somehow, this is no surprise.

2013 Investigation
A previous Network Management article discussing Android Malware from 2013 - not a pleasant place to be. Nearly a new Android exploit was uncovered every 2 weeks.

2013 Conclusions
A recent article in The Register mentions the dangers of Java and Android (which is based upon a Java port) on network clients:

Meanwhile, fully 99 per cent of all mobile malware discovered during the year targeted Android, as did 71 per cent of all web-based attacks on mobile devices.

Android mobile devices are less expensive than the alternative - but there is clearly a price to be paid.

Security: A Linux Server Exploit

Why do people want to hack your server? Maybe it is to mine BITCOINS!
http://arstechnica.com/security/2013/12/anatomy-of-a-hack-what-a-successful-exploit-of-a-linux-server-looks-like/

Like most mainstream operating systems these days, fully patched installations of Linux provide a level of security that requires a fair amount of malicious hacking to overcome. Those assurances can be completely undone by a single unpatched application, as Andre' DiMino has demonstrated when he documented an Ubuntu machine in his lab being converted into a Bitcoin-mining, denial-of-service-spewing, vulnerability-exploiting hostage under the control of attackers.

Android: Viruses, Worms, Trojans, and Malware

[Courtesy: Android Authority]

Abstract:
Sometimes the term "virus" generically, but there are really many kinds of "malware", of which Virus is a specific type. I categorized a few Android malware incidents from 2013 for friends. Please be aware of the "Apps" you buy, what you download, install, and even the web sites you go to.

A Brief 2013 History:
The Android ecosystem is not as "tight" as other ecosystems, such as Apple or Blackberry - as such, it is vulnerable to many more exploits... which may cause you money in bandwidth, future purchases, text messages, etc.

2013-01-09 --- Android users hit by scareware scam
http://www.zdnet.com/blog/security/android-users-hit-by-scareware-scam/9960

2013-01-13 --- “Bill Shocker” Android malware hits China, infecting 620K smartphone users
http://e27.co/bill-shocker-android-malware-hits-china-infecting-620k-smartphone-users/

2013-01-20 --- New variants of premium rate SMS trojan 'RuFraud' detected in the wild
http://www.zdnet.com/blog/security/new-variants-of-premium-rate-sms-trojan-rufraud-detected-in-the-wild/10165

2013-02-08 --- Researchers spot a fake version of Temple Run on Android's Market
http://www.zdnet.com/blog/security/researchers-spot-a-fake-version-of-temple-run-on-androids-market/10257

2013-02-27 --- Android drive-by download attack via phishing SMS
http://www.zdnet.com/blog/security/android-drive-by-download-attack-via-phishing-sms/10422

2013-03-26 --- First-Known Targeted Malware Attack On Android Phones Steals Contacts And Text Messages
http://www.forbes.com/sites/parmyolson/2013/03/26/first-known-targeted-malware-attack-on-android-phones-steals-contacts-and-text-messages/

2013-04-01 --- Evidence Mounts That Chinese Government Hackers Spread Android Malware
http://www.forbes.com/sites/andygreenberg/2013/04/01/evidence-mounts-that-chinese-government-hackers-spread-android-malware/

2013-04-03 --- Android malware: A new avenue for Chinese hackers
http://www.citeworld.com/security/21669/android-malware-chinese-hackers

2013-04-12 --- Malicious version of Angry Birds Space spotted in the wild
http://www.zdnet.com/blog/security/malicious-version-of-angry-birds-space-spotted-in-the-wild/11520

2013-04-18 --- Warning: Fake Instagram app on Android is malware
http://www.zdnet.com/blog/security/warning-fake-instagram-app-on-android-is-malware/11597

2013-04-26 --- Warning: Fake Biophilla app on Android is malware
http://www.zdnet.com/blog/security/warning-fake-biophilla-app-on-android-is-malware/11715

2013-05-02 --- A first: Hacked sites with Android drive-by download malware
http://www.zdnet.com/blog/security/a-first-hacked-sites-with-android-drive-by-download-malware/11810

2013-05-15 --- Android malware families nearly quadruple from 2011 to 2012
http://www.zdnet.com/blog/security/android-malware-families-nearly-quadruple-from-2011-to-2012/12171

2013-05-21 --- Malware charges users for free Android apps on Google Play
http://www.zdnet.com/blog/security/malware-charges-users-for-free-android-apps-on-google-play/12245

2013-07-09 --- New Android malware infects 100,000 Chinese smartphones
http://www.zdnet.com/new-android-malware-infects-100000-chinese-smartphones-7000000497/

2013-08-13 --- Google messaging service hacked, sends malware to Android users
http://rt.com/news/google-messaging-hacked-malware-451/

2013-08-26 --- Android Malware: 44 Percent Of Android Users Vulnerable To Attacks According To U.S. Government
http://www.ibtimes.com/android-malware-44-percent-android-users-vulnerable-attacks-according-us-government-1399347

2013-08-27 --- Nearly 7,000 Malicious Android Apps Infest China's Appstores
http://securitywatch.pcmag.com/mobile-security/315218-nearly-7-000-malicious-android-apps-infest-china-s-appstores

2013-09-12 --- Email Spam Campaign Spreading Android Malware
http://threatpost.com/email-spam-campaign-spreading-android-malware

2013-10-25 --- New Android Banking Trojan Targeting Korean Users
http://thehackernews.com/2013/10/new-android-banking-trojan-targeting.html

2013-11-07 --- Another zombie 'bogus app' bug shambles out of Android
http://www.theregister.co.uk/2013/11/07/another_zombie_bogus_app_bug_shambles_out_of_android/

2013-11-17 --- New Voicemail Notification - WhatsApp - Malware
http://techhelplist.com/index.php/spam-list/314-new-voicemail-notification-whatsapp-malware

2013-12-02 --- Nexus phones carry SMS crash bug vulnerability
http://www.theregister.co.uk/2013/12/02/nexus_phones_carry_sms_crash_bug_vuln/

Security: 2012 December Update

Microsoft Windows Security Update Breaks Fonts... Update 2753842 Root Cause...
Breaking Windows Passwords in under 6 hours...

New "Dexter" Malware Infects Microsoft Point of Sale Systems to Steal Credit Cards...

Distributed Denial of Service Attacker Anonymous on the Run...

The Pakistan Cyber Army Attacks Chinese and Bangladeshi Web Sites...

ITU: Deep Packet Snooping Standard Leak...

Democrats and Republicans Unite Against ITU Internet Control...

Industrial HVAC systems targeted by hackers...

Microsoft Internet Explorer watching you, even when not open on your screen!

Android Malware Trojan Taints US Mobiles, Spews 500,000 Texts A Day!

 Baby got .BAT: Old-school malware terrifies Iran with del *.*; dubbed BatchWiper; found 7 months after Flame discovery

Apple Shifts iTunes to HTTPS, Sidesteps China’s Firewall

Christopher Chaney, Scarlett Johansson's e-mail hacker, sentenced to 10 years

Windows: Security Issues Again

Zero-Day Flaw in Windows Apps Since Early 2000's

Zero-Day Exploit:

A Zero-Day Exploit means that you turn-on or install software - you are vulnerable. Most PC's shipped applications bundled like MS Office on PC's, right out of the factory. Microsoft posted a security bulletin in April regarding some vulnerabilities.

Exploit Description:

The Register writes:

One of the four critical patches in the batch – MS12-027 – addresses an Active X issue that impacts numerous application and creates a mechanism to drop malware onto vulnerable Windows systems.

Microsoft warned of attacks in the wild against the zero-day flaw, which affects an unusually wide range of Microsoft products and Microsoft users. Applications affected include Office 2003 through 2010 on Windows; SQL Server 2000 through 2008 R2; BizTalk Server 2002; Commerce Server 2002 through 2009 R2; Visual FoxPro 8; and Visual Basic 6 Runtime.

And quotes:

"Attackers have been embedding the exploit for the underlying vulnerability CVE-2012-0158 into an RTF document and enticing the target into opening the file, most commonly by attaching it to an email," Wolfgang Kandek CTO at security services firm Qualys explains. "Another possible vector is through web browsing..."

Scope:

Basically, if you have a MS Windows platform with any Microsoft Application (i.e. Works, Office, Internet Explorer, etc.) - you are vulnerable... and Microsoft is warning users that attacks will begin to surge in the next 30 days, while people have not yet patched their system.

This thing has been around a decade, a facility provided by the OS, and embedded into applications on nearly every Windows based server and/or desktop on the internet. A patch is available now, but another issue recently uncovered will not be fixed until next month.

By the way, If you are a Windows, Apple, or Linux user - Adobe Acrobat Reader needs some patching, too.

If you are a Solaris client user, your system should be fine.


Nightmare Scenario:

We just discussed several days back about an Apple vulnerability due to a third-party Java exploit. This one is due to a competing Microsoft Technology called "Active-X".

Welcome to the proverbial nightmare scenario for network managers - every system, everywhere, must be patched immediately, because of OS based issues with nearly every business and consumer application. Don't delay!

Inevitable: Apple MacOSX Infected Via Java on Web

Inevitable: Apple MacOSX Infected via Java on Web

Abstract:
Desktop and Server based systems based upon Microsoft Windows platform have long been the most vulnerable platforms on the internet, providing the most efficient platform for malware writers to steal computing and network cycles from owners around the world. Various other open platforms (i.e. UNIX based systems), which serves much of the internet traffic, have long tried to keep from being infected, by applying more rigorous security rules at the OS level. Apple, being one such vendor who migrated to a UNIX platform, had been successful in keeping their clients secure - but finally a single Java based vulnerability has been discovered (and leveraged) to exploit some systems.

Virus Buster:
A virus vendor located in Russia recently published a short research article on a particular threat, which has been closed by Apple.

Doctor Web—the Russian anti-virus vendor—conducted a research to determine the scale of spreading of Trojan BackDoor.Flashback that infects computers running Mac OS X. Now BackDoor.Flashback botnet encompasses more than 550 000 infected machines, most of which are located in the United States and Canada. This once again refutes claims by some experts that there are no cyber-threats to Mac OS X.

While very uncommon, MacOSX based Apple Macintosh computers occasionally have third-party based software (i.e. Flash, Java, etc.) which can offer some level of vulnerability to all platforms, including MacOS, Windows, UNIX, etc.

The Origin:

The virus research company explains how computers get infected.

According to some sources, links to more than four million compromised web-pages could be found on a Google SERP at the end of March. In addition, some posts on Apple user forums described cases of infection by BackDoor.Flashback.39 when visiting dlink.com.

The Morphing:
Companies started working on a solution, but before Apple released a patch, there was an attempt to diversify the virus, so they might be able to survive once it was closed.

Attackers began to exploit CVE-2011-3544 and CVE-2008-5353 vulnerabilities to spread malware in February 2012, and after March 16 they switched to another exploit (CVE-2012-0507).

Security, At Last:
While this vulnerability has been "in the wild" on the internet for awhile, this particular virus was exterminated.

The vulnerability has been closed by Apple only on April 3, 2012.

Protecting Yourself:
This particular threat is not unique to Apple, but also other systems like Windows. Apple released a security patch, to close this vulnerability - it would be well advised that you regularly download updates from Apple to apply these patches whenever possible.

A general rule of thumb: STAY AWAY FROM IMMORAL (i.e. pornography) AND ILLEGAL (i.e. copyrighted material like music, videos, software, etc.) DOWNLOADS - NEVER VIEW OR DOWNLOAD SOFTWARE OFF OF THE INTERNET, UNLESS IT IS A WELL KNOWN SITE - NO MATTER WHAT COMPUTER YOU ARE ON... these sites notoriously try to download viruses to your computer!

Security: Taret: Linux Network Devices

Security: Target: Linux Network Devices Abstract:
Widespread use of Microsoft operating systems on the desktop and server have been increasingly exploited by malware for dubious uses. The ever growing increased use of Linux on low-end network devices have made an interesting target for malware creators. Most recently, attacks using compromised Microsoft platforms have been targeting low-end Linux network devices.

History:
Malware, which cooperates with one another over the internet have been called Botnets. They have taken over Microsoft PC's and Servers, because of their ubiquitousness, across the globe. They can be very difficult to find and destroyed, as demonstrated by the Kneber botnet. First known activity for Kneber dates back to March 2009.

As the popularity of Linux grew, the movement of malware from Microsoft platforms to Linux platforms began

In January 2008, a DNS attack on DSL modems was discovered in Mexico. The 2Wire DSL modems were targeted, re-directing people from a Mexico bank to a site falsely demonstrating itself to be a bank.

In January 2009, the Psyb0t was discovered, targeting MIPS based Linux devices.

In February 2010, the Chuck Norris Botnet targeted D-Link Linux based devices.

Sometimes, the network devices are merely used to perform distributed denial of service attacks against corporations or entire nations, as what is happening in South Korea during March 2011.

These botnets are dangerous and could be used to infiltrate other devices on a network, which are then used to gather information, for the purpose of theft or other illegal nefarious behavior.

Enter: Elf_Tsunami.R
In March 2010, a new exploit has been discovered. Elf_Tsunami.R was uncovered by TrandLab. The D-Link DWL-900AP+ is vulnerable, as well as other devices. Formerly exploited Microsoft systems infected with malware can attack and infiltrate the Linux network devices on the local area network.

Elf_Tsunami.R leverages Internet Relay Check (IRC) servers as an independent transport, after the Linux network device is infiltrated, meaning PC anti-virus software can not completely clean out your network, after cleaning your PC.

Network Management Connection:
It has long been expected that Linux would remain more secure to attacks, over Microsoft based appliances, desktops, and servers. Linux consumer based devices, however, are widely available and do not necessarily meet the stringent security requirements for Enterprise and Managed Services networking infrastructure.

Caution should be taken when employing Microsoft and Linux platforms in an Enterprise and Managed Services networking infrastructure, because of the increased use of hybrid exploits. The possibility of infecting customer networks through their implementation is not out of the question, as demonstrated by millions of globally exploited systems and devices.