Information Security News
by Dan Goodin
Recently discovered malware targeting Android smartphones exploits previously unknown vulnerabilities in the Google operating system and borrows highly advanced functionality more typical of malicious Windows applications, making it the world's most sophisticated Android Trojan, a security researcher said.
The infection, named Backdoor.AndroidOS.Obad.a, isn't very widespread at the moment. The malware gives an idea of the types of smartphone malware that are possible, however, according to Kaspersky Lab expert Roman Unuchek in a blog post published Thursday. Sharply contrasting with mostly rudimentary Android malware circulating today, the highly stealthy Obad.a exploits previously unknown Android bugs, uses Bluetooth and Wi-Fi connections to spread to near-by handsets, and allows attackers to issue malicious commands using standard SMS text messages.
"To conclude this review, we would like to add that Backdoor.AndroidOS.Obad.a looks closer to Windows malware than to other Android trojans, in terms of its complexity and the number of unpublished vulnerabilities it exploits," Unuchek wrote. "This means that the complexity of Android malware programs is growing rapidly alongside their numbers."
Happy Hour Hot Links: Week of 6/3
Always refreshing to see infosec written about in long form. Vanity Fair has a new piece on cyber war, and it contains lots of great color. This is a marketing campaign (from Tripwire) that is very well done. Even with all of the talk around the ...
On Thursday, a European Parliament committee approved a new draft directive (PDF) that would, among other things, require European Union member states to step up criminal penalties for hacking, botnets, and other digital malfeasance.
Under EU law, directives are a set of instructions for all 27 (soon to be 28, when Croatia joins on July 1, 2013) member states to “translate” the new rules into their own local law. The new draft directive is set to be voted on by all of Parliament in July 2013 and enter into force shortly thereafter if approved.
According to a press release from the civil liberties committee, the new language requires that maximum prison terms for “illegally accessing or interfering with information systems, illegally interfering with data, illegally intercepting communications or intentionally producing and selling tools used to commit these offences,” be set at least for two years.
One of our readers wrote in to let us know that he had received an attempted Exim/Dovecot exploit attempt against his email server. The exploit partially looked like this:
(Obviously edited for your safety, and I didn't post the whole thing.)
This is an exploit against Dovecot that is using the feature "use_shell" against itself. This feature, unfortunately, is found in the example wiki on Dovecot's website, and also in their example configuration. We'd caution anyone that is using Dovecot to take a look at their configuration and make use they aren't using the "use_shell" parameter. Or if you are, make darn sure you know what you are doing, and how to defend yourself.
Kaspersky Researchers Discover Most Advanced Android Malware Yet
Please stop doubting the work of InfoSec engineers by insisting a report exposing some complex malware is to promote the vested interests of an individual security firm. It isn't. This is how the security works (the opposite of "security by obscurity ...
It's February, about an hour after midnight, and three men in oversized clothing and hats walk silently down a deserted residential street in Long Beach, California. Each one goes up to a car in the area, takes out a small electronic device, and pulls on the passenger side car handle. The first man tries a car in the street. It doesn't open, and he walks on. The other two men try an Acura SUV and an Acura sedan in one home's driveway. Both of the cars unlock, their overhead lamps going on. The two men rummage through the cars, taking what they find. They shut the car doors and walk off.
Video of this scene was recorded by a surveillance camera placed in the driveway where the two Acuras were parked. The Long Beach Police (LBPD) department says that eight vehicles in total were “accessed and burglarized” in the same neighborhood that night. But despite having footage of the crime, the LBPD was not able to determine how the electronic devices worked or who the suspects were.
In April, the Long Beach Police posted the surveillance video on YouTube, desperate to figure out just how the electronic device used by the three suspects works. Ars spoke to a Long Beach Police spokeswoman who confirmed that after another two months, the department still hasn't come to a conclusive answer.