[IS&T Security-FYI] SFYI Newsletter, July 11, 2011

Michael Halsall mhalsall at MIT.EDU
Mon Jul 11 23:40:36 EDT 2011 

In this issue:

1. July 2011 Microsoft Security Updates
2. Nefarious Apps Found in Android Markets
3. The Newest, Scariest Botnet: TDS-4


---------------------------------------
1. July 2011 Microsoft Security Updates
---------------------------------------

On Tuesday, July 12, Microsoft plans to issue four security bulletins for
Patch Tuesday, addressing a total of 22 flaws.

Three bulletins will address serious flaws in Windows, and the other will
address issues with Visio 2003.

Read the full July security bulletin:
<http://www.microsoft.com/technet/security/bulletin/ms11-jul.mspx>


------------------------------------
2. Nefarious Apps for Android Phones
------------------------------------

Think you're going to download that popular app for free?  Guess again!
Google has been forced to remove scores of malware infested apps from
their Market over the past several months.  In many cases, the software
masqueraded as a free version of a well-liked game or other app, but in
reality included a trojan horse, dialer, or other malware.

Dialer malware can automatically dial or text toll numbers, incurring huge
costs for the user and funneling money to the malware's author.  The most
recent dialer for Android phones, discovered in an alternative app market,
is known as HippoSMS.  It sends text messages to toll services, then
monitors for, and deletes, sms alerts from the phone company regarding the
excessive charges.

In addition to monetary loss, some Android malware has been responsible
for loss of sensitive data as well, leeching information from text
messages and email.

The best way to protect yourself from this threat is to be very careful
about which apps you download and avoid using an alternative app market if
possible.  As a safety net, you can go to Settings -> Applications and
make sure "Unknown sources" is unchecked.  You should carefully research
any app from an unknown source before installing it.

Read more about HippoSMS at computerworld.com:
<http://www.computerworld.com/s/article/9218314/Researchers_uncover_more_An
droid_malware_on_Google_s_Market?taxonomyId=85>


--------------------------------------
3. The Newest Botnet: TDS-4
--------------------------------------

The talk of the town this week (depending on the town you're in, I
suppose) has been of the "indestructible" botnet known as TDL 4. This
botnet has already compromised an estimated 4.5 million Windows-based
computers (around half of which are in the U.S.) and is technically quite
advanced.

Botnets are among the biggest threat to people, institutions and
governments that exist on the internet today. The term botnet refers to
both a collection of compromised computers that are controlled by a person
or group, and the malicious software that infects those individual
computers. While not a new technique, the TDL 4 botnet safeguards itself
from removal in a few ways: 1) it infects a computer's master boot record,
allowing it to run before Windows starts up, enabling it to stay under the
radar of its host's antivirus software, 2) it has its own antivirus built
in, so it can remove other malware that might be picked up by real
antivirus and alert the user that there's a problem, and 3) its
communication with its peers is encrypted and well timed, such that it
communicates when the user of the computer is surfing the 'net.

TDL 4 was termed indestructible by a few security researchers, and it
stuck. We've seen indestructible botnets before, however... remember when
Conficker was going to destroy the internet? Or Bagle back in 2004? The
reason why TDL is a little more resilient is because it uses the open Kad
peer-to-peer network to communicate, so it doesn't rely on centralized
command-and-control servers for its instructions, and so doesn't have a
single point of failure.

So what's the point of it? Money. Like most malware created today, its
authors are organized and after dollars. All that spam in your mailbox?
That's from a botnet selling pirated software and pharmaceuticals. Your
personal data is worth money. The front and back of a credit card as a
scanned document will sell for $20. Your PayPal account credentials will
net someone 30% of the balance of the account.

The real trick is finding TDL here and now if your computer is infected.
The malware behind TDL 4 can be detected and removed by Kaspersky Lab's
free TDSSKiller, available here:
<http://support.kaspersky.com/viruses/solutions?qid=208283363>


===========================================================================
============
Read more Security FYI Newsletter articles online at
http://securityfyi.wordpress.com/
===========================================================================
============


-- 
Ben Martin & Mike Halsall
IT Security Systems & Services, IS&T
MIT

More information about the ist-security-fyi mailing list