Tag Archives: malware

Pay Attention!

Preying on quick decisions…pay attention!

I was travelling recently to our nation’s capital for a security conference (there’ll be another article on this topic) and most of my means of communications was through my mobile device.  I was quickly scanning my emails when the following LinkedIn invitation came through:

Most enterprise organizations have fairly sophisticated email filters today but the odd phishing, malware-link infested message does find its way through. When I receive a suspicious email, I typically look at the telltale signs of a fraudulent email – do I know the sender, who is it being sent to, do I recognize the organization.   As you can see from the screenshot above, all of the basic checks passed.  Our security awareness training teaches people to hover over the links to see where you’re actually connecting to.  However, on a mobile device, it’s not quite as easy – with all our fancy touch screens it’s sometimes difficult to select a hyperlink and browse the final destination.  I was able to determine the final destination of the hyperlink via my handheld but it made me wonder, would other people be so diligent? 

Remember the good old days when some prince in Africa wanted to transfer funds and the email body was written in horrible English and the sender would be some bizarre fellow with a name you’d never heard of.  Today’s email phishing attacks and malware link laden emails are getting quite sophisticated – pay attention…you never know when an email such as this finds itself in your inbox.

Eugene Ng 

 

Mobile Troubles

The growth of mobile phone usage seems to be rapidly outpacing the growth of mobile security adoption. For instance how many people are running anti-virus (AV) software on their laptops and desktops? And now how many are running AV on their mobile phone? There are several free anti-virus applications available for most platforms, including laptops, desktops, tablets or even smartphones. An informal poll conducted by SANS in July 2010 found that approximately 85% of smart phones did not have any AV installed. Of the 14% who did have AV installed, 18% had reported finding malware.

The thing I found strange about this poll is that security has seen improvements on the laptop/desktop side yet, our mobile devices have a fair bit more exposure and are left vulnerable. In 2010, Android had seen several firsts: SMS Trojan, Botnet, Monitored GPS, and even a Bank Phishing application. These firsts signal a dramatic increase of malware on the Android platform. One report, by McAfee, stated that the rise since last quarter was 76%. 

Android is not the only mobile platform that is susceptible. Research has shown that there is a positivie correlation between the popularity of the device/operating system and the infection rate. This correlation is similar to that seen in the PC world and the same is true for the techniques that are being used to infect the victims. One of the largest threat vectors I can think of is the large volume of applications within the app stores. With such an influx of new apps, it is hard to ensure that each one is safe.

You may wish to thank me for a sleepless night, but you already know how to protect yourself because mobile phones are just small computers. So you should start by doing the same things you do on your laptops and desktops. First get some basic AV installed from a reputable source. Second, perform some research before installing any apps on your phone. If you are uncertain of the source then maybe it is not worth the risk. Afterall, an ounce of prevention is worth a pound of cure.

Joe O.

What do you do to protect your mobile phone from malware? Share you thoughts, and techniques in our comments section.