Another iPhone worm has been spotted in the wild.
Unlike the previous exploitation, which merely changed a jailbroken iPhone's wallpaper to a picture of Rick Astley of "Rickrolling" fame, this new threat allows hackers to steal sensitive information.
According to security firm Sophos, which wrote about the exploitation after a Dutch ISP spotted it late last week, the worm attacks jailbroken iPhone and iPod Touch devices only.
The worm "uses command-and-control, like a traditional PC botnet," Sophos wrote in a blog post on Saturday to warn users about the exploit. "It configures two startup scripts, one to execute the worm on boot-up, and the other to create a connection to a Lithuanian server to upload stolen data and cede control to the bot master."
Jailbreaking, which has been around for about two years, is a hack that enables iPhone and iPod Touch users to download applications unavailable through Apple's App Store.
Sophos wrote that the worm attacks users on several ISPs, including UPC in the Netherlands, Optus in Australia, and T-Mobile in several countries worldwide. Worse, the worm spreads faster on a Wi-Fi connection than a 3G connection. Users with affected devices might notice extremely short battery life while on Wi-Fi. According to Sophos, that's mainly due to the worm engaging in "so much network activity."
When a device is infected, it's assigned a unique number so that the attackers can easily pinpoint a single device. It also looks for authentication systems that use SMS, better known as mTANs. mTANs are frequently used by banks that send an SMS message with a password to mobile phones, allowing people to log in to their online accounts, Sophos wrote.
In essence, this threat is serious.
Sophos recommends that people with infected iPhones and iPod Touch devices restore them back to Apple's most recent firmware update. For now, there is no other way to fix the problem.
Don Reisinger is a technology columnist who has written about everything from HDTVs to computers to Flowbee Haircut Systems. Don is a member of the CNET Blog Network, and posts at The Digital Home. He is not an employee of CNET. Disclosure.
Facebook security chief Max Kelly has assured members in a blog post that the social network is "fighting the good fight" when it comes to several malware attacks discovered on the site in recent days.
"We spent most of last night working on a fix for a worm, which was targeting people on Facebook and placing messages on walls urging users to view a video that pretends to be hosted on a Google or YouTube Web site," Kelly wrote. "Less than .002 percent of people on Facebook have been affected, all of whom we notified and suggested steps to remove the malware."
The worm was first flagged by security firm Sophos, just days after another one had been identified by Kaspersky Labs.
Kelly said Facebook appreciates the efforts of watchdogs. "If we get a report of a bug or a hole from a user, a security researcher, a reporter, blogger, or anyone, we check it out and fix it as quickly as possible," he wrote. "In fact, we appreciate it when help comes our way from the many security experts and organizations out there."
Sophos and other security firms have warned that social networks such as Facebook and MySpace are particularly rife breeding grounds for security attacks: they have massive user bases, plenty of outside developers working on the site, and lots of ways (messages, wall posts) to spread malware to unwitting members.
Facebook recommends that members follow a few basic security measures: report spam postings, install the proper Mac or Windows software in the event of a malware infection, and never share your Facebook password.
That last piece of advice will be tougher for Facebook to recommend as Facebook Connect, which lets external sites use Facebook login credentials, grows more commonplace.
Sophos, a security software and research firm, has warned that social network Facebook is the battleground for a new malware attack targeting members' comment "walls."
Public wall posts purporting to be from someone on a user's friends list invite the user to click on some kind of video or image, and the URL appears to lead to something hosted on Google.com. That's a spoof--it really directs to a grinning photo of a court jester sticking out its tongue--and a downloaded Trojan. Sophos has not said what the worm then does.
Facebook representatives were not immediately available for comment.
Sophos says that this is probably not the same as a social-network worm that Kaspersky Labs flagged last week; Kaspersky confirmed on Friday that the two are different.
Additionally, Sophos says it has not yet completed its investigation of the issue and has said that the worm may not be restricted to Facebook. "Whether this really is a Facebook worm, and not simply malware being distributed via Facebook spam remains to be seen," a blog post by Sophos researcher Fraser Howard read.
In the past, Sophos has warned of social networks' potential as Petri dishes for malicious attacks, and has put out a general warning to companies that security issues might be a graver issue than productivity when it comes to choosing whether to block access to these sites at the office. "Companies need to make their own mind up as to whether they want to allow their users to access websites like Facebook and MySpace during office hours," Sophos analyst Graham Cluley said in a release.
"If workers are allowed to be given access to these sites then it's vital that they do not put their personal and corporate data at risk, and are protected from web-based infections."
This post was updated at 12:14 p.m. PT with comment from Kaspersky Labs.
Just because a "friend" sends you something on Facebook or MySpace doesn't mean you should trust it.
A new worm is spreading via Facebook and MySpace, turning victims' computers into zombies on a botnet, Kaspersky Lab said on Friday.
Basically, infected machines are propagating the worm by sending messages via the social networks to friends in the network.
The messages look like they contain links to video clips. When clicked on they prompt the recipient to download an executable file that purports to be the latest version of Flash Player. Instead, it is the worm itself, infecting yet another victim.
When infected machines log onto the social networks the next time their computers automatically send the malicious messages out to new victims grabbed from the friend list, said Ryan Naraine, security evangelist at Kaspersky.
"We've seen these types of worms before, typically around MySpace," he said. "People are more trusting of things they receive from a friend," and many people don't recognize that what they are downloading isn't a legitimate Flash Player file, but a malicious program.
Naraine repeated the refrain that security professionals have been spreading for years: be careful about downloading anything to your computer, even if it appears to come from a friend; and be diligent about applying security patches to your computer.
Security vendor Websense is reporting the return of a bogus Better Business Bureau e-mail. The attached Word document in this release contains a Trojan that, when opened, attempts to download and install a keylogger which then uploads stolen data from the compromised PC to an IP address located in Malaysia.
In March, the Better Business Bureau issued a warning. The new bogus message claims that a complaint has been filed against the recipient's company. Attached to the message is a Microsoft Word document (Document_for_Case.doc), supposedly containing additional details regarding the complaint.
Heard the one about the Skype worm? Actually, users of the popular VoIP service Skype have been contending with misleading and dangerous URLs for some time. Like worms spread by MSN Messenger and Yahoo Messenger, various Skype worms have been known to include a message such as "Give me your opinion" followed by a URL. Clicking the link then installs several malicious files including versions of the Warezov/Stration Trojan horse. Stration has been known to open remote access on infected machines.
Now, Chris Boyd, Director of Malware Research at Facetime Security Labs, has found a recent Skype worm variant that is able to infect not just Skype, but ICQ and MSN Messenger, with the potential to infect AIM, Trillian, and Yahoo Messenger as well. While looking at a collection of Skype worm code posted on the Internet, Boyd found a file that looks for other instant messenger services. While attacks via Yahoo and MSN are not new, we haven't seen a lot of IM worms that are able to jump the fence and attack other services. Thus, if you have Skype, and click the link, you may infect contacts you have on other IM services as well.
Our recommendation? Don't be so quick to click.
- prev
- 1
- next
