Subscribe

Mobile phones are under attack

Social engineering goes mobile and worms jump from PCs to wireless devices. The bottom line in our weekly roundup? If you`re the gullible kind, it will cost you dearly!
By Mariette du Plessis, Events Programme Director
Johannesburg, 03 Mar 2006

Once upon a time there was a mouse called Higgins... a fairy tale intended to give Microsoft some grey hair no doubt, if IBM and Novell have their way.

The two vendors announced this week that they are teaming up on an open source initiative, Project Higgins, intended as an alternative to Microsoft`s proprietary Infocard online authentication system.

Regrettably the security landscape is more about dark magic and evil spirits than friendly wizards and fairies, and this week`s security roundup has more bad than good news.

On the upside, computer infection rates seem to be going down, the number of phishing Web sites, however, grew by about 65%, and cellphones have become the target of new malware.

Mobile threats

The new mobile virus, which does not just target smartphones but any mobile capable of running Java (J2ME) applications, claims to be an application called RedBrowser that will enable access to WAP services by using a free SMS service.

Virus infections this week caused 50% of businesses` worst security incidents in the past two years.

Mariette Du Plessis, events programme director, ITWeb

Meanwhile it sends a number of SMSes to premium rate numbers in Russia, incurring a charge for the user (typically 3 euros to 5 euros per message). The user will not be aware of this until they receive their phone bill at the end of the month.

So far only one copy of the malware has been found in the wild, targeting subscribers of Russian mobile service providers Beeline, MTS and Megafon.

While this latest threat is very specific to Russia, anti-virus firm Kaspersky warns that it is likely to spread and be used to target other mobile telephony providers.

What makes this threat unique is it is the first proof of concept malware for "feature phones" (ie mass market devices), according to McAfee. It is also a proof of concept that combines social engineering (ie tricking people into downloading) with Java, a technology used in millions of mobile devices.

The threat impacts phones using Java, which means it is independent of Symbian or Microsoft Mobile operating systems. Hundreds of millions of phones globally use Java.

Crossover worms

To make matters worse, the Mobile Anti-virus Researchers Association claims to have detected the first worm that can jump from a PC to a Windows mobile-powered wireless device.

The "Crossover" worm nests in a directory on a Windows PC where it will automatically activate once the user connects a Windows mobile device using Microsoft ActiveSync.

The digital pest was sent to the association anonymously and is a proof-of-concept designed to show off its features, but not cause any actual harm. "This is proof-of-concept code for educational purposes only. This virus closes the gap between handhelds and desktops. Now it`s one big world open to all," the worm creators said in a note attached to the virus.

Anti-virus vendors have been warning about the threat of viruses targeting mobile devices for years, while McAfee said last week that it has detected over 200 mobile viruses, warning that mobile pests are outgrowing those targeting PCs.

More phishing

Some good news this week is computer virus infection rates have dropped by 33% over the past two years, but don`t get complacent. The bad news, according to a recent PriceWaterhouseCoopers survey, is that virus infections have been the cause of 50% of businesses` worst security incidents in the past two years.

Despite companies improving how they patch IT systems against vulnerabilities they are still at risk, because Internet criminals are now blending malware - such as viruses, spam, Trojans and spyware - and are tailoring it to become undetected.

According to the survey, spyware, used by criminals to try and steal sensitive corporate data, represents one of the greatest threats to business. Not surprisingly then that the Anti-Phishing Working Group`s latest report revealed the number of phishing Web sites grew by about 65% in December! In fact, the actual number of fraudulent Web sites increased from 4 630 to 7 197, which is a new record.

Security companies say the increasing number of phishing Web sites can be attributed to the easy availability of phishing kits, which are tools that can be used by relatively non-technical people to create and manage multiple phishing sites.

The open source mouse

At least vendors are trying to stay in step with cyber criminals. New anti-crime tools that debut this week include a software suite from IBM, which is designed to help companies prevent attacks on their IT systems from the inside.

<B>ITWeb Security Summit 2006</B>

At the ITWeb Security Summit 2006, from 8 to 9 March, top international security experts from MasterCard International, Gartner, Microsoft, Symantec, McAfee, Cisco, Check Point, Computer Associates and OpenHand will join forces to help you understand the insider threat to your business, as well as the strategies, technology and processes most effective in dealing with this changing threat environment.

In two separate keynote sessions at the conference, well-known author and ex-hacker, Kevin Mitnick will also offer an exclusive insider`s view of the low-tech threats to high-tech security, with advice for preventing "social engineering" hacks and how to mitigate the risk that wireless networks pose to sensitive corporate data.

More information about the conference and delegate bookings are available online at www.itweb.co.za/securitysummit or by contacting Denise Breytenbach at (011) 807-3294 or denise@itweb.co.za.

Big Blue`s Identity Risk and Identification software monitors user actions and searches for abnormal behaviour to detect inside attacks. The application analyses the past actions of every employee and compares their behaviour with normal activity patterns for their co-workers.

IBM is also trying to give Microsoft a run for its money and has teamed up with Novell on an open source project to create an alternative to Microsoft`s proprietary Infocard online authentication system.

The initiative, called Project Higgins, will put users in control of their information rather than it residing within the data centres of corporations. This, the vendors say, will allow individuals quickly to update information such as a change of address, and limit access to confidential information including medical files.

Initiatives such as Higgins are referred to as identity meta systems. These allow developers to create applications that use digital identities, without requiring the developer to understand the underlying technology. The key to a federated identity system is that it allows applications to rely on claims by a trusted agent rather than credentials (the actual password).

Just in case you wondered about the name Higgins, we`re told it is derived from the Tasmanian long-tailed Higgins mouse.

The race to be first

Of course, vendor initiatives to fight cyber crime are not without some controversy. The arrival of a new Trojan has sparked fierce controversy in the IT security community as established anti-virus firms react to claims that they did not react quickly enough to block the malware.

The row started last week after an unnamed virus writer started spamming a Trojan, named PWSteal.Tarno.S or Clagger-H, which purported to be an alert about irregularities with a PayPal transaction.

Managed security services provider BlackSpider Technologies issued a statement on Monday detailing the threat, and accused Symantec, the world`s largest security software house, of being caught cold by the malware. BlackSpider claims it first spotted the code at 4:55am on Saturday morning, but that Symantec only issued a signature file at 9.55am on Monday morning, leaving systems unprotected for 53 hours.

The company says UK businesses received 3.2 million copies of the Trojan over the weekend, making it the most successful "zero day" attack this year.

However, Symantec has hit back stating that its customers were protected all along. "We recommend that all Internet users have multiple layers of protection to defend against malicious code attacks such as the recent PWSteal.Tarno.S threat," the company says in a statement.

Security firm Sophos, of course, claimed it picked up on the threat the day before BlackSpider.

Sources used: vnunet.com, ZDNet, The Register.

Share