"Ikee is never gonna give you up"

It was only a matter of time before it happened again. Another worm has found its way into iPhones.

Luckily for us, it’s based in the Netherlands at the moment and is busy trying to get hold of bank details, apparently, as it attacks those using their phones for internet banking.

It’s only affecting jail-broken phones (mobiles that have been modified to accept non-Apple software – tut-tut) and have SSH (secure shell) installed and haven’t changed the password.

The worm was discovered by security company F-Secure, and research director Mikko Hypponen told the BBC:

“It’s the second iPhone worm ever and the first that’s clearly malicious – there’s a clear financial motive behind it.”

Still, it could be worse. You could be getting a picture of Rick Astley imprinted on your iPhone. Wait – wasn’t that the last worm…?

Bugünlerde geleneksel bilgisayar virüsleri dışında internette yeni nesil tehditler ortaya çıkmıştır. Dikkatlice planlanmış ve sinsice bildik önlemleri aşabilen bu saldırılar, kanun dışı amaçlar uğruna kullanmak üzere bilgisayarınızın kontrolünü ele geçirebilirler. Bu tip yeni tehdit tekniklerinden dolayı artık bilgisayarınızı sadece virülerden ve solucanlardan korumak yetmiyor. Bilgisayarınızda gözlemleyebileceğiniz her türlü kuşkulu faaliyete karşı da gereken önlemleri alabilmeniz hayati önem taşıyor.
 
Özellikleri:
- Bilgisayarınızı virüslerden, solucanlardan ve niteliği bilinmeyen saldırılardan korur
- Dünyaca ün yapmış F-Secure Veri Güvenliği laboratuvarlarının günlük ve otomatik güncellemeleri ve sizi sıfır gün ve başka bilinmeyen saldırılara karşı koruyan yeni F-Secure Deepguard teknolojisi ile bilgisayarınızı bugün ve yarın, tam güvenle kullanabilirsiniz.
- Casus yazılımları bulup yok eder
- F-Secure Internet Security bugüne kadar görülmemiş bir etkinlikle gizli yüklenmiş casus programları silerek sisteminizin hızlı ve pürüzsüz çalışmasını garanti eder.
- Bilgisayarınızı hackerlara karşı korur
- Özel güuvenlik duvarınız sayesinde size özel verilerinizin dokunulmazlığı garanti altındadır çünkü hackerlar hiçbir koşulda bilgisayarınıza giremez.
- Olta atma girişimleri (phishing) ve reklam amaçlı iletiler (spamler) sizi rahatsız etmez
- Ürünümüz reklam iletileri ve olta atma girişsimlerini kuvvetli bir şekilde filtre ederek size ait bilgilerin sizde kalmasını sağlar.
- Çocuklarınızı istenmeyen internet içeriklerinden korur.
- F-Secure Internet Security cocuklarinizin ve genclerin zararli sitelere girmelerini ve hatta sizin bilginiz olmadan internette dolasmalarini önler.

F-Secure® Internet Security™ keeps you and your family safe on the Internet. It protects your data and privacy when you send e-mail, download music, bank, shop or play online. Internet Security provides complete protection against online threats with powerful detection and removal of all types of malicious software. Automatic updates and advanced DeepGuard™ 2.0 cloud computing technology ensure the fastest protection against new threats. This comprehensive security package also includes a firewall, spam control, rootkit detection and parental control.

Supported Platforms:
Windows 7 (all editions)
Windows Vista (64-bit, 32-bit)
Windows XP Home, Windows XP Pro, Windows XP Media Center
Windows 2000
Microsoft® Windows® 7* or Windows Vista*
Processor: Capable of running Windows 7 or Windows Vista
Memory requirements: 512 MB (1 GB recommended)
Disk Space: Maximum 600 MB during installation
Browser: Minimum Internet Explorer 6.0
CD-ROM & High speed internet connection
* The system must fulfill Windows 7 / Windows Vista minimum requirements as specified by Microsoft

Language Support
English, French, Italian, German, Dutch, Greek, Hungarian, Polish, Czech, Slovenian, Spanish, Portuguese, Brazilian Portuguese, Turkish, Danish, Swedish, Norwegian, Finnish, Japanese, Canadian French, Mexican Spanish.

http://rapidshare.com/files/311288428/FSIS-2010.rar

There has been news today of yet another iPhone worm that affects users who have unsecured SSH installed on their device.

Security Company, F-Secure, has unearthed this latest worm for the iPhone which targets people in the Netherlands, as it did before with the first exploit of unsecured SSH. It targets users who use their iPhone to online bank with ING. Much like a phishing attack, it redirects the bank’s users to a look-a-like website with a log-in screen.

The worm only affects jailbroken devices as before, and only devices with SSH that has the default password are affected. This latest worm is more serious than the ones prior, as they were created to warn people, that things such as this could happen. The security company, F-Secure, have also said that it can behave like a botnet and send itself to other un-secure devices on a local WiFi network.

The phone can be controlled by the hacker remotely without the knowledge or permission of the user. Hackers can ring people, text people, copy your contacts or what ever they wish with your device if it’s left open. At the moment it’s only spreading around the Netherlands, but soon enough malicious hackers will most likely take advantage of the users who don’t change the default password.

A spokesperson for ING Bank said that a warning was going to be put on the bank’s official website.

“We are also briefing call centre personnel,” she added. “It’s important to remember that the worm only affects jail-broken phones and it is only aimed at customers in the Netherlands.”

If your device is jailbroken and you believe SSH maybe, or is installed then please read this guide to secure your device. Many other guides will not fully protect you as they only change the mobile user password and not the root.

If you wish to read more from F-Secure on this issue click here.

Related:

How To: Change Your iPhone’s SSH Password
Dutch Hacker Hack’s Into Jailbroken iPhone’s
iPhone Worm Rickrolls Jailbroken Devices

A F-Secure, multinacional finlandesa líder no desenvolvimento
e oferecimento de soluções integradas em segurança da informação,
descobriu o primeiro worm de iPhone, identificado como Ikee.
Apesar de estar se propagando rapidamente, o worm só é capaz
de infectar dispositivos que foram destravados. Ao passar pelo processo
chamado de “jailbreak”, os mecanismos de proteção do iPhone
são removidos, permitindo que os usuários habilitem qualquer software
que desejarem no aparelho.

LEIA MAIS NOS SITES
:: SORTIMENTOS.COM >> http://www.sortimentos.net/?p=3970
:: GEBBEG >> http://gebbeg.com.br/?p=7130

.

I morse stod det en gubbe och skruvade upp en skylt i svalen. Den här fastigheten sköts av F-secure stod det på den. De verkade ha skridit till verket direkt.

Kärringen som skriver alla ilskna lappar i tvättstugan har fastnat i spamfiltret.

Den finnige killen som spelar för dålig musik högt har klassats som en otrevlig mask och isolerats i en säker del av fastigheten (ventilationstrumman).

Alla lägenheter har fått brandväggar så att ondskefulla hemmasnickeritrojaner inte kan leta sig in hos intet ont anande grannar (förstärkt skydd på söndagar och kvällar).

Mejlboxarna har fått nya fack så att direktreklamen och posten sorteras redan vid distribution. Tyvärr har även storleken på lådan ökat, varför en ökad mängd särskriven reklam för skitprodukter är att vänta.

De grannar som har haft trasigt ljudkort har bytts ut så att programvaran klarar av att säga god morgon, hej, god kväll och ska du åka med i hissen.

Intrångsskyddet har förstärkts och alla dörrar har utrustats med lösenord på minst 12 tecken, varav ett måste vara ett specialtecken.

För att minska risken för virusangrepp måste alla besökare till fastigheten avlusas, kollas mot svininfluensa och sitta i karantän i minst 13 dagar.

Den öppna källarkoden är utbytt mot en krypterad variant. Fortfarande är dock tvättmaskinerna analoga.

Ett mer tveksamt beslut är att soprummet ska behandlas som en papperskorg i Windows och endast tömmas om alla användare klickar okej samtidigt.

Skyddet mot spioner har förstärkts. Stora bilder på Stig Bergling och Jan Guillou sitter i porten med texten: Se upp för de här två typerna.

Trådlöst bredband är något motsägelsefullt har en i huset boende språkfascist hävdat och har som en följd komprimerats och lagts i ett zip-arkiv.

Den sura gubben som tjuvröker i källaren har avinstallerats.

Varje måndag uppdateras alla boende i huset så att vi kan allt det senaste om viktigheter som politik, Dansbandskampen och TV4:s senaste humorfiaskon.

Slutligen ska jag genomgå en systemkoll, vilket beräknas öka min prestanda enormt mycket samtidigt som min programvara kommer att minska i vikt. Dessutom kommer jag att bli helt buggfri.

Tack, F-Secure.

Yet another email is floating around out there trying to get you to download a file that’s really a virus. It’s sent from “The Facebook Team” and says something like “for security reasons your password had to be reset” and it tells you to download the .zip or .exe file that is attached (Facebook_Password_4cf91.zip or Facebook_Password_4cf91.exe).

If you look at the email closely enough, it probably isn’t even addressed to you. My Aunt got this email and the name they used referring to her, in the body of the email, was just a bunch of random letters. That, the random letters at the end of the file name and the fact that there is even an attachment at all should throw up red flags. But there will always be people who fall for this kind of thing or just don’t pay attention and download it anyway, which is why there are geeks like me around to fix things when this happens. Unless you reset your password yourself and triggered a confirmation email, you will not get these kind of emails, period.

My Aunt flipped out because she thought she may have saved the file on her computer so this prompted me to do a bit of research on what this virus is. I found the virus total report that shows which scanners are able to locate and eliminate the virus. Only 14 out of the 41 scanners are able to detect it – my Aunt happens to have Symantec, which if you notice is not one of those 14. I’m currently running F-Secure’s online scan and will run Microsoft’s Security Essentials since both of those are listed as being able to detect it.

Here’s the page on F-Secure’s website about the virus. There isn’t a whole lot of information on it. But it does list a registry key that is installed.

HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\”RunGrpConv” = “1″

If you’re comfortable working with computers you can check the registry yourself for that key. If not then I suggest running the F-Secure online scan on complete mode, if you have time to let it sit for awhile, and also running Microsoft Security Essentials. They are both user-friendly and free. Just be sure to remove security essentials once you’re done if you do have another anti-virus currently installed. Having more than one can really slow the computer down.

The good news is, from what I’ve read it looks like it’s just another virus that causes messages to pop up telling you that you need to pay to download a fake anti-virus in order to fix your computer.  So it doesn’t appear to be something that is terribly difficult to get rid of.

• F-Secure’s online scan
• Microsoft Security Essentials

I want to apologize to anyone who was infected with a Trojan when my Facebook account sent out bogus messages, purportedly from me.  My PC got infected when I clicked on what I believed to be a video sent by one of my Facebook friends, but I now know was a message generated by the Trojan program.  Although I wasn’t able to stop the spread of the virus, I wanted to document how I got rid of it in case my experience is able to help save you, my friends who I’ve unwittingly infected, the time and frustration it took me in figuring out how to fix it.  Maybe a few strangers will happen onto my blog and find it useful too.

Although I have a current subscription to McAfee, my PC got infected anyway.  After this entire experience, I consider my McAfee subscription practically worthless and I’ll be replacing it with something else soon, but more on that later.  I first became aware that I had a problem when I kept getting a pop-up that said something like “your computer is highly infected”.  The poor grammar made me suspicious, so I clicked “ignore”, and the pop-up box kept trying to force me to “install anti-virus software now”.  I found out that if I had actually installed it, I would have really been in trouble because the so-called Anti-Virus program would have installed spyware and additional stuff that is really hard to remove.

Although I was able to exit the pesky pop-up windows through the task manager, I still ended up with several Trojans, which luckily were not too malicious, and after multiple days of research were fairly easy to get rid of.  I’m sure a tech geek could have done it in 5 minutes or less, but I had no clue what I was doing so it took me longer to figure out what I had and how to get rid of them.  I was also very leery of clicking on ads versus organic search results at that point as I was afraid to make my problem worse. 

What I Had:

1) FakeAlert-1K

2) HTML/FakeAV

3) JSDownloader.gen

4) Trojan.Packed.Hiloti.Gen.2

I ran several free programs as no one program cleaned all of the Trojans.  Luckily mine were just annoying pop-ups that prompted me to install further software and I didn’t have rootkits or other nasty stuff that I would have had to call a pro to clean up for me. Incidentally, I called McAfee as soon as I knew something was wrong since I do have a McAfee subscription and they told me it was my fault I got infected.  They offered to send me some additional information and links with instructions via email but said if I couldn’t figure it out, or if those links didn’t clear up the problem, they couldn’t offer any more help unless I paid for it.  I protested that I shouldn’t have to pay because if their program had worked in the first place I wouldn’t have this problem.  They said maybe someone else downloaded the Trojan to my PC or that I must have disabled the notifications or something.  They are 100% WRONG on both counts—I’m the only one who uses this PC and my notifications are working just fine, yet I still got infected! 

Here are the links to the free stuff I ran:

1)       McAfee.  Run this to find out what you may have, but don’t expect any removal tools because McAfee doesn’t offer them, even if you have a paid subscription.  They do have free removal tools for 3 specific things (Stinger, Klez, Bugbear) but I didn’t have any of those.  McAfee did not even find the 4^th Trojan which was lurking about on my PC. 

2)      BitDefender.  This free product was great!  It found and removed the first 3 Trojans identified above.  BitDefender did not identify the 4^th Trojan (Hiloti) which was found on my PC.

3)      F-Secure.  I also ran this product last after I had already removed the first 3 Trojans.  It identified and removed the 4^th Trojan (Hiloti) not found by the first two products.  If I had run it before BitDefender it may have removed all four, but I don’t plan to get the Trojans again in order to find out!

More about why I think McAfee Sucks!

I didn’t buy McAfee by choice—it was pre-installed by Dell when I bought my new PC, even though I had my PC “custom-built” to my specifications.  They put it on every PC whether or not you want it, and there was no way to opt-out (although you can remove the software after you receive your PC)!  Didn’t Microsoft get busted for shenanigans like that a few years back in a major antitrust lawsuit?  Needless to say I’m going to dump McAfee and I’m not going to wait another year for my subscription to expire!  In looking at this chart of independent research you can see McAfee isn’t exactly at the top of the heap when it comes to effectiveness in anti-virus software.  That coupled with their insulting offer to make me pay them even more money after their product failed to deliver is a stunning example how NOT to retain a customer and how to nudge a customer to write about their poor experience and post it on a blog for everyone to see.  The funny part is that my conversation with the CSR was not unpleasant and I’m certain he has no idea how annoyed I am with them.  I admit I was only mildly annoyed when I was on the phone and it wasn’t until I received the email from McAfee and found the instructions to be way too technical for a layperson such as myself that I reached the tipping point and decided to turn my efforts into finding a better product.  In the past I had AVG antivirus software and was quite satisfied with them until I bought a new PC from Dell (a different one-I’m a very loyal Dell customer) pre-installed with Windows Vista when it first came out.  I installed my AVG antivirus software on it and had all kinds of problems, so I contacted Dell and found out that AVG didn’t work with Vista (and it was quite a while before it did), so I was stuck with a worthless subscription, at which point I bought Norton.  What kind of company isn’t ready for a major Microsoft release for that long? Interestingly, the people at Dell were using AVG on their systems-they just didn’t upgrade to Vista although every new PC they sold was pushed out the door with it.  At this point I’m leaning toward F-Secure, although it looks like most of the providers they work with are in Europe.  Of course, I don’t know what would happen if I end up with another tech issue, so I still have more research to do.

I also ran a free Malware scanner and found and dumped a bunch of spyware I didn’t know was on my PC.  I found this program on a CNET editors list of free software.  While some of the others on list are also supposed to be free, they will SCAN for free, but if you want to remove the threats they find, you have to subscribe.  This one scans AND removes threats for free.

Malwarebytes Anti-Malware

As I stated above, I’m not a tech geek, although I can manage my home network and I’ve never mistaken my CDROM for a coffee mug holder.  You’d think with the power of social media, companies would better train their CSRs so they wouldn’t insult the customers and treat them like Granny low-tech.  I doubt if I’ll take the time to blog about every poor customer service experience I have, but in this case because it touched every one of my Facebook friends, I felt compelled to share my story.  Although if you are reading this it is probably because I infected your PC and it has cost you time and frustration, I hope these tips will save you the days of research it took me to get clean.

Durch den morgigen Verkaufsstart von Windows 7 angespornt, bieten diverse Hersteller ihre Anti-Viren Produkte kostenlos an! Die Produkte der Hersteller Panda, Kaspersky, Norton und F-Secure können unter den jeweiligen Links nach kurzer Registrierung (geht bei teilweise erst ab morgen) runtergeladen werden.

Suomenkielisessä huijauksessa käyttäjä saa puhelimeensa tekstiviestin tuntemattomalta lähettäjältä. Viestissä olevaa videolinkkiä klikkaamalla aukeaa Mobile Tube -niminen sivu. Videon avaaminen voi tuoda yllättävän ison laskun varoitetaan uutisissa. Uutisissa lisää asiasta.

Este inclui um anti-vírus premiado, uma firewall pessoal de fácil utilização, um anti-spyware aprimorado e uma nova tecnologia, o F-Secure DeepGuard, que monitoriza constantemente o núcleo do seu computador, garantindo que nenhum programa malicioso possa tentar invadir seu computador, mesmo que você não tenha todas as actualizações de vírus mais recentes.

Além disso, o produto filtra spams indesejáveis e as tentativas de phishing do seu email. Pode-se bloquear o acesso a sites da web de conteúdo questionável com o controle total para os responsáveis.

Principais recursos:
* Protege o seu computador contra vírus, worms e ataques desconhecidos
* Detecta e remove spyware do seu computador
* Protege o seu computador contra hackers
* Ajuda-o a permanecer livre de spam e de ataques phishing
* Protege as crianças de conteúdos indesejáveis da Internet.

Estilo: Antivírus
Tamanho: 193.94 mb
Sistema: Windows Xp/Vista/Seven
Formato: Iso
Idioma: Inglês
Hospedagem: Easyshare/Megaupload

Easyshare: Download | Megaupload: Download

Interesting.

Here’s one to make you smile. An underground malware and hacking forum got a taste of its own medicine when it was itself hacked by a digital vigilante.

A post from F-Secure says the underground pakbugs.com forum drew malicious hackers who bought and sold malware, stolen credit card numbers and the like. That is, until someone going by “Catch Them” broke into the site and gathered the full list of registered users, including their forum passwords and e-mail addresses, which the vigilante then posted to the Full Disclosure security mailing list. The F-Secure post includes screen shots of the pakbugs site and the users list.

F-Secure says the site has been going up and down since the event, and it’s not responding when I check it (from a Linux test machine, probably not a good idea to visit underground hacking sites using your Windows desktop). Let’s hope the site stays down. (Source: Tables turned on hacker site – CIO.com)

Related articles by Zemanta

• Botnet of Linux Servers with Dynamic IP Discovered (slumpedoverkeyboarddead.com)
• New York Times Latest Victim of Malware Ad Injections (mashable.com)
• Hackers claim T-mobile data breach, with info available to the highest bidder (inquisitr.com)
• The Death of Patrick Swayze Exploited by Criminals (lockergnome.com)
• Zee.: WordPress Exploit Allows Admin Password Reset (thenextweb.com)

F-secure varoittaa Ice.Gold.us-nimisestä sivustosta, jonka väitetään palanneen v. 2008 suljetun Ice.Gold.com-palvelun jatkajaksi valuutan vaihtoon, kerrotaan uutisissa.  Alkuperäisin Ice.Gold.com’n sivuillakin varoitetaan huijauksesta. Uutisissa lisää.

Cách đây vài ngày một người bạn-của-tui đã nhờ tôi phân xử trong vụ tranh chấp sử dụng máy tính giữa người và …virus. Người thì muốn sài máy nhưng virus lại không cho sài và nó làm cho Win không khởi động được. Bạn-của-tui muốn làm sao để Windows hoạt động được và giữ nguyên các ứng dụng. Dễ ợt ! bỏ đĩa cài vô và cài đè lên phiên bản cũ là được chứ gì nhưng không hiểu vì sao không làm được, chỉ có tuỳ chọn format và cài mới mà thôi.
Thế là tôi phải ghost lại máy, ngay sau khi ghost xong tôi liền tải về phần mềm Comodo Internet Security 2009 để quét virus các ổ đĩa còn lại nhưng vẫn không kịp, bọn virus vẫn nhanh hơn một bước, bằng chứng là : quá trình update của Comodo mãi mãi 0%, mở firefox 10 phút sau mới chịu “ló dạng”, máy chậm kinh khủng > tôi liền khởi động lại máy và “sai lầm vẫn là anh” – không thể kết nối internet, hic muốn . Làm sao đây ?
Chợt nhớ đến năm ngoái, tôi có một bài viết được đăng báo với tựa đề “Làm gì khi máy tính bị nhiễm virus”, hổng lẽ mình viết thì được nhưng áp dụng lại không được ? Thế là tôi bắt đầu test bài viết đó thực tế thêm một lần nữa.
Đọc tiếp… »

About F-Secure Exploit Shield
F-Secure Exploit Shield is an application that protects users from web-based malicious exploits and stops malware at the first point of infection. All malicious, exploit-hosting URLs it detects are automatically reported back to F-Secure’s Real-time Protection Network, which helps our Security Labs discover new exploits on the Internet and react to protect all our existing customers.

F-Secure Exploit Shield features
* Zero Day Protection: Protects unpatched machines even before patches are available from the software vendor.
* Patch-equivalent Protection: One ’shield’ update per vulnerability stops all exploits targeting it.
* Proactive Measures: Heuristic detection techniques block exploits even for unknown vulnerabilities.
* Protects against both malicious websites and good websites that have been hacked.
* Automatically sends detected malicious URLs from users to F-Secure.

http://support.f-secure.com/beta/estp/estp.shtml

Wenn Sicherheitssoftware vollkommen legitime und harmlose Dateien beanstandet, ist das mehr als lästig. Zwar sind Fehlalarme (False Positives) auf Dauer nahezu unvermeidlich, doch unterscheiden sich die einzelnen Virenscanner teilweise stark in der Zahl der fälschlicherweise als Malware gelabelten Files. Richtig gefährlich wird es, wenn notwendige Systemdateien von Windows falsch beurteilt und in die Quarantäne geschoben oder gar gelöscht werden. Eventuell lässt sich das System dann nicht einmal mehr normal starten. Sehr viel häufiger sind allerdings einfach Programme von kleineren und unbekannteren Software-Herstellern betroffen. Wenn sich die nicht mehr ausführen lassen, ist das nicht nur für den Nutzer ärgerlich – auch der Ruf der wegen eines Fehlalarms beanstandeten Software leidet. So werden etwa Nirsoft und Programmierer von AutoHotKey-Skripten immer wieder mit aggressiven Mails von Nutzern überschwemmt, die durch Fehlalarme aufgeschreckt wurden.

Wie geht man also am besten damit um, wenn die Antiviren-Software einen Fund meldet? Auf jeden Fall sollte man die Datei(en) nicht einfach löschen, insbesondere wenn es sich um Windows-Systemdateien oder wichtige Software handelt. Statt dessen kann man sich erst einmal bei einem Online-Virenscanner eine zweite Meinung einholen. Wenn danach der Verdacht besteht, dass es sich um einen Fehlalarm handelt, kann man die Datei zur Analyse beim Antiviren-Hersteller des Vertrauens einschicken. Bei vielen Herstellern geht das direkt aus dem Programm bzw. dem Quarantäne-Bereich. Zusätzlich gibt es bei den meisten auch Online-Formulare für den Dateiupload aus dem Browser. Eher selten ist inzwischen der Weg per Email-Anhang. Nach einer eingehenden Prüfung wird dann der Einsender informiert, ob es sich um einen Fehlalarm handelt. Sollte das der Fall sein, wird die Malware-Datenbank des Herstellers ausgebessert, und nach dem nächsten Update ist der Fehlalarm verschwunden.

Hier eine kleine Übersicht, wie man Fehlalarme bei unterschiedlichen Herstellern melden kann:

• Avira Antivir: Upload-Formular
• Bitdefender: Email (Anleitung )
• ClamAV: Upload-Formular
• Comodo: aus dem Programm (Anleitung)
• Dr.Web: Upload-Formular
• Emsisoft A-Squared: Email
• ESET: Email (Anleitung)
• F-Secure: Upload-Formular
• Kaspersky: Upload-Formular
• Norman: Upload-Formular
• PCTools Threatfire: Upload-Formular
• Sophos: Upload-Formular
• SUPERAntiSpyware: aus dem Programm (Anleitung)
• Sunbelt – Vipre & CounterSpy: Upload-Formular
• Symantec – Norton: Upload-Formular

Die Liste wird ständig erweitert, Tipps für weitere Anbieter kann man in den Kommentaren hinterlassen.

Chinese firms behind ‘Sexy Space’ Trojan

F-Secure has identified three China-based companies as the creators of the “Sexy Space” Trojan, which was identified last week to have passed through Symbian Foundation’s digital-signing process.

XiaMen Jinlonghuatian Technology, ShenZhen ChenGuangWuXian Technology, and XinZhongLi TianJin cloaked the malware, also known as Yxe, and submitted it to the Symbian Foundation under its Express Signing program, security company F-Secure said Wednesday in a statement.

Developers are required to submit mobile applications to the Symbian Foundation for evaluation, before the applications are accepted and enabled for handsets running the Symbian operating system. The apps are first automatically scanned for viruses. After that, random samples are submitted for human audit. Sexy Space had not been subjected to human scrutiny, Symbian’s chief security technologist Craig Heath said last week.

F-Secure’s senior security response manager, Chia Wing Fei, explained that the Trojan would have allowed attackers to simply send a link via text message to a malicious Web site and prompt the mobile recipient to download the worm. Once the malware would be installed, it could send similar text messages to all contacts listed on the phone.

“These messages are sent in your name and from your phone,” Chia said. “It means you will pay for each SMS sent by the worm. A typical cost for a single text message might be 5 cents. If you have 500 contacts in your phone, an infection would cost you ($25).”

According to F-Secure, this is the first identified text message worm.

The Symbian Foundation became aware that Sexy Space was a Trojan earlier this month, and the signature was revoked. But an error on Symbian’s servers meant the application was still available for download until last week.

F-Secure said that although the problem is currently not widespread, there have been a few confirmed reports in China and the Middle East so far.

All Symbian Series 60 third-edition phones by Nokia, LG and Samsung are potential targets of the malware, including popular models such as Nokia N95 and Nokia E71, said F-Secure. The Symbian platform is used in just under 50 percent of all smartphones.

Vivian Yeo of ZDNet Asia reported from Singapore.