Blog

Android is a widely used mobile operating system.  It is awesome, open, and therefore vulnerable.  Several apps in the Google Play store have been found to contain malware.  Additionally, there are many websites where users can download apps for free.  Some websites even allow users to share paid apps with other users for free, generally including malware at no extra charge.

Recently, we discussed the malware tracking algorithm.  Although this algorithm still has not been implemented to track real malware authors, it presents intriguing possibilities.  We had an opportunity to discuss this algorithm on NBC 12.  Here is the video.

It's the end of the month and it is time for the monthly computer security update.  This month, we had vulnerable Internet browsers, Samsung Galaxy phones, and even Department of Veteran Affairs computers.  We also saw medical equipment, including pacemakers being hacked as well as more development in the cyber warfare front.  See our October 2012 Infosec update for more information. 

What if IDS sensors or similar resources could be used not only to detect network intrusions but also to identify the source of the attack?  Pedro Pinto, a researcher at the Swiss Federal Institute of Technology in Lausanne (EPFL), claims that his team has developed this algorithm.  The algorithm appears to be an adaptation of the method use to triangulate a caller's location using cell phone towers. Triangulation works by figuring out the distance between a phone and three or more towers.

Hackers are now spreading malware through Twitter.

As discussed in our Pizza With a Side of Malware post, there are a large number of Internet schemes and scams trying to get legitimate users to click on certain links. Many believe that the creators of these scams are after private information stored in your computer. While rue, the scenario is a bit more complicated. They are also after your computer resources. When the "payload" contained in a file of Internet website is downloaded to your computer and the malicious software executes, they control (or own) your computer.

Even software that appears legitimate may pose security threats. Case in point, a company that fraudulently causes users to upgrade to paid versions of their software. Bjorn Daniel Sundin, along with his co-conspirator, Shaileshkumar P. Jain, is wanted for his alleged involvement in an international cybercrime scheme that caused internet users in more than 60 countries to purchase more than one million bogus software products, resulting in consumer loss of more than $100 million.

We have been made aware of a new wave of the pizza phishing scam.  The email informs you that you were apparentl very hungry and ordered some pizza.  Only, if you try to cancel this "mistaken" order, you get, free of charge, a side of malware for your computer.   The link goes through kontrollmedia.hu (only one of many domain names used, and begins a sequence of downloading malware to your computer. 

These emails can be traced to various IP addresses, mostly associated with spam and various attacks. Some of these IP addresses include:

In a Virginia computer forensics case, the court had the opportunity to examine the standard to determine whether to grant a preliminary injunction in the case.  In order to prove that a website was hacked, computer forensics techniques are frequently applied.  This post explains the standard that the court used for granting a preliminary injunction under the Computer Fraud and Abuse Act.  This was Physicians Interactive v. Lathiam,

Computer forensics involves the recovery and analysis of digital evidence. As such, a computer forensics expert frequently encounters cases involving the concealment or destruction of evidence. We previously discussed issues related to the destruction of evidence and spoliation and used as example the Virginia computer forensics case of Trigon v. U.S.