Today on the Google Mobile Blog, Hiroshi Lockheimer, Google’s VP of Engineering for Android, announced a new software system for Android phones called “Bouncer.” It provides automated scanning of the Android market for “potentially malicious software without disrupting the user experience of Android market or requiring developers to go through an application approval process.”

Lockheimer goes into more depth as to how the new software works:

The service performs a set of analyses on new applications, applications already in Android Market, and developer accounts. Here’s how it works: once an application is uploaded, the service immediately starts analyzing it for known malware, spyware and trojans. It also looks for behaviors that indicate an application might be misbehaving, and compares it against previously analyzed apps to detect possible red flags. We actually run every application on Google’s cloud infrastructure and simulate how it will run on an Android device to look for hidden, malicious behavior. We also analyze new developer accounts to help prevent malicious and repeat-offending developers from coming back.

The good news is that the service has already been running for a while now searching for malicious software. Between the first and second halves of 2011, they saw a 40 percent decrease in the number of potentially malicious downloads from the Android market. He points out that the drop occurred at the same time that “companies who market and sell anti-malware and security software have been reporting that malicious applications are on the rise.” He wants to clarify that while that may be true, the number of malicious applications on the actual Android Market are way down.

Lockheimer takes the opportunity to remind users why Android is better than traditional PCs when it comes to dealing with malware. He points to the “sandboxing” technique used by Android devices that puts virtual walls between applications and other software on the device. Android devices also have a broad range of permissions that go down to an application requesting access to SMS to send texts. Finally, Android was designed so that malware can’t hide from the user so it can be easily removed.

Lockheimer ends the post by saying that Android will continue to improve its security. He invites the community to help them keep Android safe.

With this news, we can expect the Apple fanboys to stop lording their safer app store above us Android users, right?

About a dozen free mobile versions of apps, such as Angry Birds and Assassin’s Creed, were published to the market yesterday morning by developer Logastrod. The author published the apps after including code to the games that would allow SMS messages to be sent to premium line numbers. Vanja Svajcer, of the blog Sophos, detailed the damage unaware downloaders can suffer after installing such apps:

Misusing premium SMS services is the most common model for malicious mobile malware. When a malicious app is installed, it starts sending or receiving messages, which makes the installation very expensive for the user. The damage is often seen only when it is too late, once a monthly bill is received.

Svajcer goes on to criticize Google for having regulations that are too relaxed and permit developers to easily sneak their malicious apps into the Android Market. The benefits of successfully publishing an app to the Market and therefore making money from it outweigh the consequences of being banned by Google from contributing any more apps to the Market. “The attacks on Android Market,” he adds, “will continue as long as the developer requirements stay too relaxed.

Google has implemented security screens that require the user’s acknowledgement that the apps were able to edit, read, and receive text and multimedia messages before the download of the app can be completed, but such a policy appears to not protect the users enough. Obviously, users are likely to breeze past such warnings and it’s not entirely surprising, either, given the wide popularity and reputation of games like Angry Birds. When everybody and their brother has probably downloaded Angry Birds at some point, who would seriously worry that the app they think they’re downloading is not an offering from a reputable developer. Other criticism directed at Google’s failure to protect its users suggest that Google should improve the way in which they educate users to protect themselves more effectively. As it stands, Google leaves its Android users in the lurch because their “caveat emptor approach means it’s up to users to make sure they don’t get swindled while shopping in the company’s official apps bazaar.

That they don’t have a stricter policy for app publishing is a disrespectful gesture towards their customers who clearly are not tech-savvy enough to be suspicious of every download. Worse than simply taking a knee on the issue, Google seems to have excused themselves with the equivalent of an Alfred P. Neuman security policy that simply shrugs, “What, me worry?”

What do you think? Should Google be doing more to keep their Android Market free of malware, or does the responsibility fall to the Android Users. Let us know below in the comments.

“As we work to protect our users and their information, we sometimes discover unusual patterns of activity,” explains security engineer Damian Menscher. “Recently, we found some unusual search traffic while performing routine maintenance on one of our data centers. After collaborating with security engineers at several companies that were sending this modified traffic, we determined that the computers exhibiting this behavior were infected with a particular strain of malicious software, or ‘malware.’”

“This particular malware causes infected computers to send traffic to Google through a small number of intermediary servers called ‘proxies,’” says Menscher. We hope that by taking steps to notify users whose traffic is coming through these proxies, we can help them update their antivirus software and remove the infections.”

Matt Cutts said on Google+, “We’re trying this as an experiment to alert and protect consumers that we believe have infected machines. Please share this widely…This is malware that’s specific to Windows. Remember to do an actual search (any search will do) and check the top of the search results page; don’t just go to the home page.”

Menscher brings up the possibility that the message might not actually reach everyone, but offers users an alternative way to see if their computer is infected. He points to a three step process here.

Google offers additional security advice here.

Kevin Mahaffey, the CTO and Co-founder of Lookout Mobile Security, told us that mobile devices have evolved from telephones to computers that we can put into our pockets.

“Mobile devices are gaining a whole new level of importance in the world,” he said. “They know who you are, who you talk to, [and] they might even have financial and location information about you.”

Because the functions of mobile devices have created ease and convenience for consumers both in their professional and personal lives, most users don’t think about being in danger of security attacks. However, according to security software vendor Trusteer, mobile users are three times more vulnerable to phishing attacks than desktop computer users are. This is a pretty unsettling stat, isn’t it?

How secure do you feel in the transactions that you do on your mobile device? Let us know.

Mahaffey told us that users are susceptible to three primary types of attacks: phishing, drive-by downloads, and exploits. At this point, the phishing attacks are the most common with scammers offering links that would compromise confidential information.

Drive-by downloads, which occur when a site tricks users to download something without seeking consent, are also beginning to gain some traction on mobile devices. Exploits are also a concern for mobile since a bad site could use a flaw in the browser or software to gain control over the device.

What’s more, Mahaffey said that we could expect these attacks to increase as more devices come to the market. Consumers are also feeling more comfortable with their mobiles, which means that they are becoming more risky in their behavior.

“Now that everyone’s reading email, browsing the Web, [and] downloading apps, there are a large number of ways that the bad guys can get in,” he said.

For these reasons, Lookout Mobile Security recently introduced Safe Browsing to help protect users from scammers. The technology scans every url a user visits to check for any malicious activity. The interesting thing is that, unless it detects something, a user would never know it was there.  It also doesn’t impact the browsing speed for users.
If the technology does detect something, it gives a warning message to the user. From there, the user can decide whether or not it wants to continue.

As part of this launch, Lookout also announced a partnership with Sprint that will bring the Safe Browsing protection to Sprint users. Mahaffey said Lookout’s goal was to “make people happy and more confident in their phones,” which they believe is furthered by this partnership.

In terms of basic security advice, he told us that users should be careful about what they click on and where they download apps. He recommends determining if the developer is reputable, if the app is safe, and if the area of the Internet is shady. In addition, he points out that users should check their phone bill since scammers might try to slip in extra charges.

Does this information make you hesitant about using your mobile device for everything?

Apple will be putting out a Mac OS X update that will automatically find and remove the malware and its known variants in the coming days. This will include a warning that appears when it is downloaded.

The company also put out some step-by-step instructions for the prevention of installing the malware and for its removal. To avoid installing it, the company says:

If any notifications about viruses or security software appear, quit Safari or any other browser that you are using. If a normal attempt at quitting the browser doesn’t work, then Force Quit the browser.

1. Go into the Downloads folder or your preferred download location.
2. Drag the installer to the Trash. 
3. Empty the Trash.

To actually remove it once it’s been installed:

▪ Move or close the Scan Window
▪ Go to the Utilities folder in the Applications folder and launch Activity Monitor  
▪ Choose All Processes from the pop up menu in the upper right corner of the window
▪ Under the Process Name column, look for the name of the app and click to select it; common app names include: MacDefender, MacSecurity or MacProtector
▪ Click the Quit Process button in the upper left corner of the window and select Quit
▪ Quit Activity Monitor application
▪ Open the Applications folder
▪ Locate the app ex. MacDefender, MacSecurity, MacProtector or other name
▪ Drag to Trash, and empty Trash

Apple says the malware also installs a login item in your account in System Preferences, which you can remove by opening System Preferences, going to Accounts, and Login items, selecting the name of the app you removed, and clicking the minus button. Removal of this isn’t necessary, the company says.

The OS update aspect of this is a pretty helpful move on Apple’s part. It will be interesting to see if the company addresses similar issues this way more often going forward.

We also have to wonder if the Mac OS, which has presented far fewer security issues than Windows over the years, will begin seeing a greater amount of threats.

For years, the main focus on protection has been the computer. But according to the study, hackers and malware distributors are turning their sights on mobile devices – and it’s particularly alarming because the majority of users don’t have proper security measures in place.

The headlining news from the report is that Android malware attacks increased 400% from the summer of 2010.

But its not just Android users who need to worry. The study found that basically any device with downloadable apps is at heightened risk. Apparently the top way for malware to make it onto your device are through apps.

The report also mentions the Wi-Fi attacks are on the rise, giving attackers easy access to email and social networking information. 17% of attacks came through SMS, where trojans sent messages to premium rate numbers, costing the unwitting consumer.

“These findings reflect a perfect storm of users who are either uneducated on or disinterested in security, downloading readily available applications from unknown and unvetted sources in the complete absence of mobile device security solutions,” said Dan Hoffman, chief mobile security evangelist at Juniper Networks.

“App store processes of reactively removing applications identified as malicious after they have been installed by thousands of users is insufficient as a means to control malware proliferation. There are specifics steps users must take to mitigate mobile attacks. Both enterprises and consumers alike need to be aware of the growing risks associated with the convenience of having the Internet in the palm of your hand.”

Although this information may seem rather alarming, the sky isn’t exactly falling. There are things you can do. Juniper suggests these steps for consumers:

• Install an on-device anti-malware solution to protect against malicious applications, spyware, infected SD cards, and malware-based attacks on the device
• Use an on-device personal firewall to protect device interfaces
• Require robust password protection for device access
• Implement anti-spam software to protect against unwanted voice and SMS/MMS communications
• For parents, use device usage monitoring software to oversee and control pre-adult mobile device usage and protect against cyberbullying, cyberstalking, exploitative or inappropriate usage, and other threats

I’m as guilty as the next person of failing to realize the new mobile threat. I guess we all have to start thinking of smartphones as what they actually are – little pocket computers.

Google says the apps in question were removed “within minutes” after discovery, but they would have allowed the attackers to access other data. Not good.

Google lists the following four steps:

1. We removed the malicious applications from Android Market, suspended the associated developer accounts, and contacted law enforcement about the attack.
2. We are remotely removing the malicious applications from affected devices. Thisremote application removal feature is one of many security controls the Android team can use to help protect users from malicious applications.
3. We are pushing an Android Market security update to all affected devices that undoes the exploits to prevent the attacker(s) from accessing any more information from affected devices. If your device has been affected, you will receive an email from android-market-support@google.com over the next 72 hours. You will also receive a notification on your device that “Android Market Security Tool March 2011” has been installed. You may also receive notification(s) on your device that an application has been removed. You are not required to take any action from there; the update will automatically undo the exploit. Within 24 hours of the exploit being undone, you will receive a second email.
4. We are adding a number of measures to help prevent additional malicious applications using similar exploits from being distributed through Android Market and are working with our partners to provide the fix for the underlying security issues.

Security firm Symantec told CIOL that attacks aimed at Android users look to steal info, download malicious code, or send text messages to premium numbers. “Some of the information that malware on Android devices have been observed to compromise include the phone’s coordinates based on GPS, the phone’s unique IMEI number, administrative rights and screen shots of the phone,” Abhijit Limaye, Director, Development at Symantec is quoted as saying. “Some malicious code can also silently pull additional malware into the phone as a background service, or hook the device on to a mobile botnet. Malware that steals data from the Android device is also a possibility – with many of us using phones for banking or social networking, these details are valuable for attackers.”

Apple’s app approval process has drawn plenty of criticism over the years, but this is certainly one area where it may appear more attractive to users.

During the next three years, the organizations will work together on issues ranging from educating small businesses about badware to developing approaches to help smartphone phone users protect their handsets.

StopBadware has previously worked to develop transparency, educational resources and an appeals process for websites blacklisted for having badware content. The organization also will soon release a set of best practices to help Web-hosting providers address reports of badware on their networks.

“We at StopBadware are eager to combine our own expertise with Verizon’s  to better defend Internet users,” StopBadware said in a blog post.

“We’re particularly excited about drawing on Verizon’s resources and knowledge to bolster conversation surrounding the mobile malware threat and innovative ways to combat it, like identifying new approaches to securing mobile handsets.”

Other companies that support StopBadWare include Google, Mozilla, PayPal, and Nominum.

Click Forensics Malware Lab identified a new malware scheme targeting display banner ads. The program performs a pop-up or pop-under and rotates brand advertisers’ banner ads every 10-15 min in an effort to boost impression figures.

In Q4 2010, the countries outside North America producing the greatest volume of click fraud were Japan, the Netherlands, the Philippines, Sweden and France, respectively.

“While the overall click fraud rate dropped last quarter for CPC advertising, we saw the emergence of new schemes focused on display advertisements,” said Paul Pellman, CEO of Click Forensics.

“We are investigating the malware-driven attacks in more detail, but early evidence points to an impression inflation scheme. It’s something we will examine more closely and report on later this year.”

PandaLabs did find the speed at which the number of new threats grew has actually decreased compared to 2009. Every year since 2003, new threats grew by at least 100 percent, but in 2010, the increase was 50 percent.

Banker Trojans topped the ranking of new malware that appeared in 2010 (56% of all samples, followed by viruses and worms. Rogueware (fake antivirus software) already comprised 11.6  of all the malware gathered, and has become a category, that despite appearing only four years ago, has created  chaos among users.

The countries leading the list of most infections are Thailand, China and Taiwan, with 60 to 70 percent of infected computers.

 2010 witnessed hackers exploit social media, the positioning of fake websites and zero-day vulnerabilities as its primary methods of infection. Spam also kept its position as one of the main threats in 2010, despite the fact that the dismantling of certain botnets (like the famous Operation Mariposa or Bredolab) prevented many computers from being used as zombies to send spam. This created a positive effect in spam traffic worldwide. Last year, approximately 95 percent of all email traffic globally was spam, but this dropped to an average of 85 percent in 2010.  

The report also found the most important security incidents affecting the most popular social networking sites. Facebook and Twitter were the most affected, but there were also attacks on other sites including LinkedIn and Fotolog. There were several techniques used for tricking users on these sites, such as hijacking Facebook’s "Like" button, stealing identities to send out messages from trusted sources, exploiting vulnerabilities in Twitter to run Javascript code and distributing fake apps that redirect users to infected sites.