Image from MJ/TR Flickr under Creative Commons

“I’m the developer of the original Guitar Solo Lite. I noticed the rogue app a bit more than a week ago (I was receiving crash reports sent from the pirated version of the app). I notified Google about this through all the channels I could think of: DCMA notice, malicious app reporting, Android Market Help…they have yet to respond. Thankfully this was posted on Reddit, since after the post the rogue dev and all his apps have been removed from the market. There really should be a faster/easier way to get Google to act on it!”

 
Trend Micro detect this threat (popularly known as DroidDream) as ANDROIDOS_LOTOOR.A, further details in the link.
 
During the five days these apps were available an estimated 50,000 downloads have taken place. Google have now pulled the apps and blocked the rogue developer from Android marketplace, they have also remotely removed the apps from affected handsets. Of course this remote kill switch will not remove any other code that may have been dropped onto the device as a result of the initial infection. So if you are one of the estimated 50,000 people who have downloaded these malicious apps it could be worth your while investigating the possibility of getting a replacement handset or reinstalling the operating system on the one you have if possible.
 
The Android app ecosystem is by definition open, there is a wide array of app stores available and apps can be published to the user community in minutes. This greater openness of the developer environment has been argued to foster an atmosphere of creativity, but as Facebook have already discovered it is also a very attractive criminal playground.
 
It is worth remembering that full security suites are now available for Google Android, such as this one. The number of threats to mobile platforms is growing and growing at a steady rate. Of course the sheer volume of mobile malware  is a long way from the epidemic proportions of Windows based malware, but criminal interest is clearly there and growing. We see multi-platform attacks distributed by the same criminal groups that traditionally have focused on Wintel systems, and the growth in complexity of threats, for example ZeuS malware now incorporating mobile elements aimed at intercepting SMS banking authentication codes is striking. Criminals are driven by consumer behaviour and as the money-making opportunities move to mobile platforms criminals will, in fact already are, following.
 
A full list of the trojanised apps, published by Myournet, is:

• Falling Down
• Super Guitar Solo
• Super History Eraser
• Photo Editor
• Super Ringtone Maker
• Super Sex Positions
• Hot Sexy Videos
• Chess
• 下坠滚球_Falldown
• Hilton Sex Sound
• Screaming Sexy Japanese Girls
• Falling Ball Dodge
• Scientific Calculator
• Dice Roller
• 躲避弹球
• Advanced Currency Converter
• App Uninstaller
• 几何战机_PewPew
• Funny Paint
• Spider Man
• 蜘蛛侠

 
The Guardian have published an expanded list of apps believed to be trojanised in this way here.
 

Image courtesy of alexkerhead's Flickr photostream

The helpful caller identified himself as working for a company called My PC Care and explained that he was a Microsoft Certified Professional. According to this bogus technician there are some pretty nasty files “more dangerous than viruses” doing the rounds, these files were so dangerous, he explained, that some 40% of Microsoft Windows users had “lost their computers”. As a result they were calling “all users of Microsoft Windows” (an ambitious task) to repair the damage before all was lost.
  
I played along with them and expressed concern that my computer might also fall victim, so the helpful technician began taking me through some entirely bogus “troubleshooting”. In brief I was asked to open the windows Event Viewer.  The scammer encouraged me first to look in the Application Log where he was sure I would find several Errors and Warnings. Lo and behold, he was correct. To be honest in all the years I have been involved in IT I have yet to see a Windows PC without errors and warnings in the Event Viewer, but of course these scammers are relying on the unfamiliarity of their victims and hope to scare them and at the same time gain credibility.
  
The engineer was very insistent that I should not click on or open any of these Error messages because “they are the malicious infections” warning in doom-laden tones that after about two weeks this would “crash my hard drive”. I was then asked to repeat this charade looking through various other Event Viewer logs, each time the dire predictions of impending disaster got worse.
  
My ever helpful technician-scammer guy suggested that now would be a good time to transfer me to his supervisor so that they could clean up these dangerous files once and for all and I agreed, anxious of course that my computer might be on the edge of silicon Armageddon. Unfortunately my fun was coming to an end, the supervisor wanted me to use the (entirely legitimate and very helpful) service LogMeIn.com  to permit their technicians remote access to my computer, at which point they would have been free to do whatever they liked. Of course I had to decline and hang up at that point.
  
So what is the point of this kind of scam you might ask? Well once you have granted remote access to your computer to a complete stranger, really they are free to do whatever they want install malicious software to steal information, look through modify or copy your personal files or in this case simply pretend to fix some non-existent problem charge you for the pleasure and then sell you a subscription to their services.
  
The scam seems to have started out in countries where English is a first language, but emboldened by their successes and perhaps hungry for more money it seems the scammers are constantly on the lookout for new targets, expect to see this showing up on a telephone near you soon.
  
Should you ever receive a call from anyone claiming to know that your PC is infected, or that you are having performance problems, just hang up; it’s a lot less painful than playing along. Remember also, just as a rule of thumb, never confirm anything, even your name, to anyone over the telephone until they have satisfied you of their integrity first.
 

A flaw that allows an unauthorised backup to be made? Shurely shome mishtake...

Bernd Marienfeldt has discovered that by booting a PIN protected iPhone, while it is connected to the USB port of an Ubuntu system, he could access

“music, photos, videos, podcasts, voice recordings, Google safe browsing database, game contents… by in my opinion the quickest compromising read/write access discovered so far, without leaving any track record by the attacker.”

 
This access was through the Ubuntu interface and did not require any PIN at all, furthermore the access was not simply read-only, but read/write.
 

Even on a standard Windows Vista, it's PIN not required

SMiShing reports date back to around 2006 when this threat started to become noticeable. Spoofed or otherwise faked SMS messages are used as bait to lure victims to responding via SMS to premium rate services, visiting a malicious website or calling a telephone number. The SMS messages are not malicious in themselves but often require the recipients attention for something which must be completed immediately or urgently,”confirming” or “activating” account or credit card details, cancelling non-existent subscriptions or confirming imaginary purchases.

The threat from SMiShing sometimes works in conjunction with Vishing (voice phishing) when the recipient is required to call a telephone number, or with more traditional Phishing when the recipient is directed to visit a particular website, SMiShing messages have also been known to direct recipients to malicious websites designed to infect them.

“Someone posted your full personal and banking information at insert-bad-url-here website you must remove it now”

 

“Notice – this is an automated message from insert-bank-name-here, your ATM card has been suspended. To reactivate call urgent at +##-####-####”

 

In the case of Vishing, if the victim calls the number, an automated system (IVR), or occasionally a real person, will prompt them for things like credit card number, CVV code (the number on the back of your credit card), expiry date or bank account details and even card PIN numbers. Criminals will also often seek to elicit personal information such as date of birth, personal identification numbers (SSN, National ID etc.). Click here for an audio capture of such a system.

If the phishing threat is web-based the stolen information can be more extensive and include items which are more difficult to enter on a telephone keypad, such as mother’s maiden name and email address. These items are then used to create faked credit cards or sold on as ID packs for others to do the carding.

Concurrently we are also seeing a rise in speculative outbound vishing calls. These kinds of calls exploit the trust that people have in the traditional and the familiar telephone system. Advances in technology, specifically  the use of the internet to make and take telephone calls (VoIP) has really simplified the process of spoofing or faking your caller ID and making the scammer much more difficult to trace and to block. This threat has grown established to the extent where telephone based cybercrime-as-a-service outfits are already in business.

Vishing calls arrive with a spoofed caller telephone number and often come from outside the country of residence of the victim. An example is detailed in an earlier blog here.

If you receive a communication that you were not expecting, whether it be by telephone, email, SMS or carrier pigeon, and that communication is asking you to give up sensitive information, *do not respond*. Do not reply to the email or SMS, do not talk to the person on the end of the telephone or click on any links provided to you. Instead, note the name of the company the communication is supposedly from and contact them directly to find out if they indeed have something they wish to tell you. Contrary to some advice I have seen, I would not advise immediate deletion of the SMS or mail as the contents of it may be helpful to the organisation that is being impersonated.

If you need SMS anti-spam technology, then look no further (it’s in the Pro version of the consumer product too)…

We are familiar with seeing cybercriminals offering the resources at their disposal to carry out Distributed Denial of Service attacks (DDoS) against IP addresses. Imagine though, how much more effective an attack against your fiercest competitor could be if you could take out their telephone connection to the outside world at the same time as their web site…

Well those services are available in the underground community, the vendor below, for the price of just 340WMZ (1WMZ WebMoney is equal to about 0.65 Euros), offers to flood a phone number of your choice with calls for 10 days straight!

Of course if you need your calls to be made with a purpose in mind, perhaps some outbound social engineering or maybe to take inbound calls to support your latest Spear Phishing or Whaling campaign? Then you need “Perfect Call Service”

Translated, they are offering

“We call all contracts, drops, Banking, Shopping, eBay, Documents, UPS, anything you can think of. These calls can be received at our or your numbers

We do everything rapidly, with high quality and most importantly you will be amazed by our prices. The following discount system applies.

Cost of call in English only $10.

If you order more than two calls in the course of day,.beginning from the third call cost falls to $7.

The cost of calls in the remaining languages and time of the call are discussed separately in the ace with each!

Thus, languages are accessible in the service

ENGLISH (3 male voices, 3 female + possibility to arrange the timing of the call)

GERMAN (2 male voices, 2 female + possibility to arrange the timing of the call)

SPANISH (1 male voice, 2 female + possibility to arrange the timing of the call)

ITALIAN (1 male voice, 1 female + possibility to arrange the timing of the call)

FRENCH (1 male voice, 2 female + possibility to arrange the timing of the call)

DUTCH (1 female + possibility to arrange the timing of the call)

THE FOLLOWING LANGUAGES ARE UNDER TEST:

CZECH (1 female voice)

POLISH (1 female voice)

Are ready to carry out the transfers of different languages. In the arsenal always there are translators of European, eastern and many other languages. Also there are carriers for checking your texts. All translators are the degreed specialists and have large work experience. We can show linguistic support to your drop projects, help with the correspondence on dating, localize site on the necessary language and so on. We also allow the services of copywriting, SEO of written copy, naming, writing of content in different languages, the compositions of spam, letters, advertising articles and so on.

 

On the whole, we can ensure the complete linguistic support of your projects. Prices completely acceptable and will pleasantly you astonish Be turned, we will be glad!”

 

Never call the telephone numbers provided to you in email messages, even to verify whether or not the mail you are reading is real or a scam. Always use the telephone number printed on your bank statements or credit cards. Otherwise, you could be greeted by an interective menu system designed to have you enter your credit card number over the phone, or even more worryingly you could be connected to a representative from “Perfect Call Service”.

The number that was calling me was 030811111110 , when I answered the call it immediately connected to an outbound ringback service, so I heard the ringing tone as if I had initiated the call.

That strange connection method had raised my suspicions, so when the call was picked up at the far end, I answered just with “Hello?”. A gentleman with a foreign sounding accent responded with “Hello? Hello?” and hung up.

I am not alone in being concerned by this activity and it seems extremely probable that this is a telephone based social engineering scam. People calling from this number have posed variously as offering better utility deals, better broadband deals, to be able to reduce business tax rates or to enquire whether you have received your copy of a free local newspaper.

 Having since spoken with BT, the telephone number that is displayed as being the caller is a spoofed one, so there is no way to trace the origin of these calls. As BT are currrently not legally allowed to block incoming calls from foreign shores, in the meantime I strongly advise you to ignore all calls from this telephone number and in general to be very careful about information you give out to people that you do not know whether that be on the telephone, social networking sites, email or any other medium.

Although in this case, the Telephone Preference Service was not a deterrent to these calls as they originate from overseas companies who do not abide by UK law, I would still highly recommend registering with them as an efective means of cutting down on unwanted Direct Marketing call that originate within the UK.

One good thing though, calls like this do tend to bring out the best from many people when it comes to humourous responses