Spyware, viruses, & security forum: NEWS - March 23, 2012

While Jeff Schmidt, the CEO of JAS Global Advisors, was surfing the Web on his new Android smartphone (his first Android phone) earlier this year, what appeared to be an ad popped up on his screen. The "ad" looked like the prompt that appears when his phone rings. He clicked the button on the ad to pick up the putative call, and the ad began downloading a binary file--malware--onto his Android phone. Schmidt had been hit by a drive-by download, a program that automatically installs malicious software on end-users' computers--and increasingly, smartphones--without them knowing.

"I'm a pretty paranoid and sophisticated user," says Schmidt, whose firm provides information security and risk management services. "I didn't think I'd be vulnerable to this sort of thing, but because I wasn't familiar with the user interface, I clicked on the ad. It really surprised me."

Fortunately, Schmidt halted the download when he realized what was going on and caught it before anything bad happened to his phone. He's not sure what the malware would have installed on his phone, but he suspects it could have been some kind of spyware, such as a keystroke logger, or some other application that would turn his computer into a spam-mailing bot or otherwise compromise his security and privacy.

Continued: http://www.pcworld.com/businesscenter/article/252403/mobile_malware_beware_driveby_downloads_on_your_smartphone.html

"Police in one Australian state have undertaken a campaign to get people to password-protect their Wi-Fi routers"

If you live in the Australian state of Queensland and have an insecure Wi-Fi router, you may get a visit from the police.

In a bid to raise awareness about cybercrime, police in the northeastern state plan to "wardrive," or cruise the streets, scanning for Wi-Fi routers that are not password protected or use an aging, weak security protocol.

Australian consumers and businesses don't need to worry about a fine: Police just plan distributing information on how they can better secure their routers in their mailboxes.

Wardriving is a term that has been applied to hackers who drive around neighborhoods looking for open Wi-Fi connections. The dangers are well known: a router that is not password protected means traffic exchanged with the router is sent in the clear, which could easily be spied on.

Miscreants could also hop on the insecure network to send spam or conduct other illegal activity online, with the Wi-Fi router's owner on the hook for the activity.

Continued : http://www.itworld.com/security/261356/australia-secure-your-wi-fi-or-face-visit-police

Also: War Driving Project: Australian Police to Secure Wi-Fi Connections

From the F-Secure Antivirus Research Weblog:

On Monday, I provided steps on how to avoid your Mac being compromised by the Flashback trojan. Today I will provide information on how to locate a Flashback infection.

To better understand the steps below, it is better to also know a bit about Flashback. It's an OS X malware family that modifies the content displayed by web browsers. To achieve this, it interposes functions used by the Mac's browsers. The hijacked functions vary between variants but generally include CFReadStreamRead and CFWriteStreamWrite: [Screenshot]

The webpages that are targeted and changes made are determined based on configurations retrieved from a remote server. The following is an example of configuration data: [Screenshot]

When decoded, you can see the targeted webpage (in red) and the injected contents (in yellow): [Screenshot]

This ability more or less makes it some sort of a backdoor. Because of this, and the fact that the malware initially relied on tricking users by pretending to be a Flash Player installer, it was dubbed Flashback. It has however evolved since then and has started incorporating exploits to spread in recent variants. In all the cases that I've seen, they at least target Google which causes me to believe that it is actually the next evolution of Mac QHost.

Continued : http://www.f-secure.com/weblog/archives/00002336.html

In response to the controversy surrounding the practice of employers requesting Facebook log-in information from both current and prospective employees, the social network has made itself perfectly clear: Facebook will protect your privacy -- even if it means going to court.

In a March 23 note on the social network's Facebook and Privacy page, Chief Privacy Officer for Policy Erin Egan addressed the issue directly, explaining that the practice "undermines the privacy expecatations and the security of both the user and the user's friends. It also potentially exposes the employer who seeks this access to unanticipated legal liability."

The "legal liability" of which Egan speaks could arise from claims of discrimination against an employer who may have seen that a prospective employee is part of a specific "protected group (e.g. over a certain age, etc.)" and consequently does not hire them, or if an employer is exposed to certain information (e.g. suggesting that a crime has been committed) and is unaware of how to proceed.

Continued : http://www.huffingtonpost.com/2012/03/23/facebook-employer-employee-passwords_n_1375020.html

Related: Job seekers getting asked for Facebook passwords

Also: Facebook Warns Employers Not to Ask Job Applicants for Log-in Credentials

.. on iOS 5.1

A security researcher has discovered that it's possible to show the URL of one site while loading another in Mobile Safari, which could trick users into visiting a malicious website. The vulnerability has been reported to Apple, but until the company issues a patch for iOS, users should be extra cautious when clicking unknown links.

According to David Vieira-Kurz from infosec firm MajorSecurity, Mobile Safari under iOS 5.0, 5.0.1, and the current 5.1 has a vulnerability in the way it handles JavaScript's window.open() function.

"This can be exploited to potentially trick users into supplying sensitive information to a malicious web site," Vieira-Kurz explained, "because information displayed in the address bar can be constructed in a certain way, which may lead users to believe that they're visiting another web site than the displayed web site."

Vieira-Kurz developed a proof of concept that causes a new window or tab to open when clicking a specially crafted link. That new window looks as though it is loading Apple's website at apple.com, but it actually loads in an iframe within a page on MajorSecurity's website. The proof of concept doesn't do anything malicious, but the same technique could be used to scrape your AppleID, for instance, or possibly even grab credit card info if you buy something from the Apple Store.

Continued : http://arstechnica.com/apple/news/2012/03/address-spoofing-vulnerability-discovered-in-mobile-safari-on-ios-51.ars

Also: iOS JavaScript Bug Can Lead to Spoofed Sites