Report says be aware of what your Android app does

Updated 4:30 p.m. PDT to change headline to reflect that SMobile says it isn't criticizing the Android model and Updated 10:30 a.m. PDT to change misleading headline and add information throughout stating that users are granting permission to apps when they download them.

About 20 percent of the 48,000 apps in the Android marketplace allow a third-party application access to sensitive or private information, according to a report released on Tuesday.

And some of the apps were found to have the ability to do things like make calls and send text messages without requiring … Read more

Free apps install spyware on Macs

Mac users downloading free screensavers and a video converter app from several popular download sites also got spyware that installs a back door, collects data, and sends encrypted information to remote servers, security company Intego said on Tuesday.

The high-risk spyware, dubbed OSX/OpinionSpy, was being installed along with nearly 30 screensavers developed by a company called 7art and an app called MishInc FLV to MP3, according to a list compiled by Intego.

They were found on Softpedia, MacUpdate, and CNET-owned VersionTracker, according to a post on Intego's Mac Security Blog.

VersionTracker had removed all of the items on … Read more

On iPhone, beware of that AT&T Wi-Fi hot spot

A security researcher has discovered that any wireless network can pretend to be an AT&T Wi-Fi hot spot and thus lure unsuspecting iPhone users to an untrusted network connection.

Samy Kamkar, who created a worm that garnered him a million friends on MySpace overnight in 2005, said in an interview this week that he can hijack any iPhone within Wi-Fi range in what is often dubbed a "man-in-the-middle" attack because of the way the devices are configured to recognize AT&T Wi-Fi connections merely by the name "attwifi."

Typically, an iPhone will look … Read more

Report: India targeted by spy network

Researchers have uncovered a spy network that stole classified and other sensitive documents from the Indian government, the Dalai Lama's office, the United Nations, and compromised computers elsewhere, according to a report released on Tuesday.

The operation, dubbed "Shadow Network," is detailed in a report that also cites evidence it says links the Shadow network to two people living in Chengdu, China, and the underground hacking community in that country.

The report is based on research from volunteers at the U.S.-based Shadow Server Foundation and Information Warfare Monitor, which includes researchers from the Citizen LabRead more

Exclusive offer: Get Ad-Aware Plus for $9.95

Hi, I'm Catherine Hwang, a Partner Manager at CNET Downloads. I manage software publisher relationships for Upload.com, and I'm here to tell visitors of Download.com about a software deal that's too good to pass up.

CNET Downloads teamed up with Lavasoft to bring you an exclusive special offer: Today only, you can upgrade your free version of Ad-Aware to Ad-Aware Plus for $9.95 (usually $26.95). That's 63 percent off the regular price, so take advantage of this special offer now, only at CNET Downloads. Click here to grab your copy.

Lavasoft Ad-aware … Read more

BlackBerry has spyware risk too, researcher says

We've heard a lot about security issues with the iPhone, but the BlackBerry isn't immune to threats from malicious apps.

Tyler Shields, a senior researcher at the Veracode Research Lab, has written a piece of spyware that allowed me to shoot an SMS command to his phone and have his contact list forwarded to my e-mail address in a demonstration. With another short text command, I was able to get his BlackBerry to e-mail me any SMS messages he sends.

And if I had wanted--and he had allowed me--I could have seen a log of all his calls, … Read more

StopBadware goes nonprofit with funding from Google, others

StopBadware, the anti-malware effort run out of Harvard's Berkman Center for Internet & Society, is spinning off to become a separate nonprofit with funding from Google, PayPal, and Mozilla, the organization was set to announce on Monday.

StopBadware was launched four years ago to help companies keep spyware, viruses, adware, and other malware off their sites. The project collects and analyzes data from Web sites and advocates for safer practices.

The group's "badware alerts," expose applications that violate its badware guidelines and have AOL, Real Networks, Sears, and others to change their practices regarding customer choice. … Read more

Google's spy case: Not the first, nor the last

The recent cyberattacks on Google and other U.S. companies became public because they prompted Google's dramatic showdown with China, but attempts to steal corporate secrets using the Internet happen under the radar on a daily basis.

"Espionage has been going on for decades. The Internet has made it a lot easier to conduct espionage," said John Bumgarner, chief technology officer at the government-funded think tank U.S. Cyber Consequences Unit. "The targets are mostly defense contractors and high-tech companies that have some type of competitive advantage that someone wants to steal."

When regular business … Read more

Corporate bank accounts targeted in online fraud

Criminals have tried to steal an estimated $100 million from corporate bank accounts using targeted malware and money mules, the FBI said on Tuesday.

"Within the last several months, the FBI has seen a significant increase in fraud involving the exploitation of valid online banking credentials belonging to small and medium businesses, municipal governments, and school districts," the agency said in a statement.

The FBI is seeing, on average, several new victim complaints and cases every week, according to a report prepared by the Internet Crime Complaint Center and linked to in the FBI release.

Brian Krebs reportedRead more

Bank Trojan botnet targets Facebook users

On the heels of one fake Facebook e-mail scam, a researcher warned on Wednesday of another such campaign in which users of the popular social network are being tricked into revealing their passwords and downloading a Trojan that steals financial data.

In the latest scam being blasted to e-mail in-boxes, a legitimate-looking Facebook notice asks people to provide information to help the social network update its log-in system, said Fred Touchette, a senior security analyst at AppRiver. When the user clicks the "update" button in the e-mail, they are directed to a fake Facebook log-in screen where their … Read more