SMS Controlled Android Malware Stealing Information – TigerBot

The current information about this malware show that it can execute a range of commands including uploading the phone’s current location, sending SMS messages, and even recording phone calls. It works by intercepting SMS messages sent to the phone and checking to see if they are commands for it to act. If they are, it executes the command and then prevents the message from being seen by the user.

TigerBot tries to hide itself from the user by not showing any icon on the home screen and by using legitimate sounding app names (like System) or by copying names from trusted vendors like Google or Adobe.

Based on our current analysis, it supports the following commands:
Record the sounds in the phone, including the phone calls, the surrounding sounds and etc.
Change the network setting.
Upload the current GPS location.
Capture and upload the image.
Send SMS to a particular number.
Reboot the phone.
Kill other running processes.
To avoid becoming a victim, Only download applications from trusted sources, reputable application stores, and markets, and be sure to check reviews, ratings and developer information before downloading.

Pirated Apps Smuggle Trojans Onto Android Phones

A new Trojan that can create botnets has emerged in China, according to Lookout Mobile Security. This Trojan, dubbed "Geinimi," is the most sophisticated Android malware so far, the company said. Once it’s installed on a user’s phone, Geinimi can receive commands from a remote server that lets that server’s owner control the smartphone.


A new Trojan that can create botnets has emerged in China, according to Lookout Mobile Security. This Trojan, dubbed “Geinimi,” is the most sophisticated Android malware so far, the company said. Once it’s installed on a user’s phone, Geinimi can receive commands from a remote server that lets that server’s owner control the smartphone. Geinimi is apparently being spread through pirated versions of legitimate Android apps, mainly games, and is being distributed in third-party Android app stores in China.

Facebookers’ Feeds Crawling With Malware, Security Firm Finds

Links to malware-infested sites and other threats lurk in many Facebook users’ news feeds, according to research from security vendor BitDefender. Among approximately 14,000 Facebook users who installed BitDefender’s Safego security and privacy app, about one in five has malware in his or her news feed.


Links to malware-infested sites and other threats lurk in many Facebook users’ news feeds, according to research from security vendor BitDefender. Among approximately 14,000 Facebook users who installed BitDefender’s Safego security and privacy app, about one in five has malware in his or her news feed. More than 60 percent of the attacks detected by Safego are malicious apps that promise various benefits but install malware when they’re downloaded, BitDefender spokesperson Dan Wire told TechNewsWorld.

Alert : Fake Microsoft Security Essentials software

Before we get to the detailed view of how this trojan works, we want the message to be very clear: This software is a fake. Do not be fooled by this scam. This malware can potentially cause consumers and small business owners harm. Microsoft Security Essentials can be downloaded and used at no cost by users running genuine Windows (Download here: http://www.microsoft.com/security_essentials/). So anything mimicking Microsoft Security Essentials but asking for any sort of payment is clearly up to no good.

If you have not already updated your security software please do so. Making sure your security software is up-to-date and has the latest definitions is the best way to prevent infections.

And now onto a detailed look at FakePAV. While different FakePAV distributions have different payloads, here is how the current one imitating Microsoft Security Essentials works:

1. It modifies the system so that it runs when Windows starts

2. When you go to execute something it’s watching for, it opens the alert window claiming the program is infected and blocks it from running.

3. You can expand it out for “additional details”

4. If you click “Clean computer” or “Apply actions”, it simulates an attempt to clean the claimed infection

5. You’ll then get an ‘unable to clean’ alert and be instructed to click ‘Scan Online’

6. Clicking this, a list of antimalware programs appears, including several fake removal tools, and you’d need to click Start Scan

7. Once the simulated scan completes, it will claim a solution was found and list products that can ‘clean’ the system (the listed products are fake removal tools).

8. Clicking ‘Free install’ on one of those downloads will download its installer and start installing

If you believe your machine has become infected, we encourage you to use Microsoft Security Essentials to check your PC for malware and to help remove them from your system. You can also find out how to get virus-related assistance at no charge from Microsoft here: http://www.microsoft.com/protect/support/default.mspx.

For more information on this FakePAV please visit our encyclopedia entry at http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Rogue%3aWin32%2fFakePAV. It contains a lot of information that may help answer questions about this rogue.

And remember: Microsoft does not charge for Microsoft Security Essentials. You can find the legitimate version of Microsoft Security Essentials at http://www.microsoft.com/security_essentials.

http://windowsteamblog.com/windows/b/windowssecurity/archive/2010/10/25/fake-microsoft-security-essentials-software-on-the-loose-don-t-be-fooled-by-it.aspx

How to Remove Fake Antivirus 2009 Also Virus, Malware and Trojan Removal by Britec

How to Remove Fake Antivirus 2009 Also Virus, Malware and Trojan Removal by britec.co.uk Some basic steps on how to remove Fake Antivirus 2009 with Malwarebytes, Superantispyware and Dr Web Cure it, plus running scans with Hitman Pro 3 and Gmer. Download Links: www.malwarebytes.org http www.drweb.com www.surfright.nl www.gmer.net —————————— More info on our forum www.briteccomputers.co.uk —————————— www.britec.org.uk http