You don’t have to scrutinize Ms. Maribel’s information too hard to gather that there is something fishy about this account. I’d wager that those nearly 100 followers of hers are probably also bots and they probably non-Tweet about botty things. These things are everywhere on Twitter. In all seriousness, I don’t think I’ve been followed by a real person on Twitter in months. And although Facebook certainly has its share of phony accounts, Twitter seems to be the more polluted of the two.

HOWEVER. It turns out that these might not be meaningless bots after all thanks to a new operation from the United States Department of Homeland Security. According to a new report in The Daily Mail, the DHS uses fake Twitter and Facebook accounts to monitor and track people who happen to use “sensitive” words. What kind of sensitive words? Words that despite sounding villainous are actually fairly generic. “The DHS outlined plans to scans blogs, Twitter and Facebook for words such as ‘illegal immigrant’, ‘outbreak’, ‘drill’, ‘strain’, ‘virus’, ‘recovery’, ‘deaths’, ‘collapse’, ‘human to animal’ and ‘trojan’, according to an ‘impact asssessment’ document filed by the agency.” If the DHS catches someone using any of these words and suspects you might be up to no good, it could mean that ” spies from the government read your posts, investigate your account, and attempt to identify you from it, acccording to an online privacy group.” Spies! Human to animal virus death recovery! Okay, DHS, you guys are obviously new to The Internet because just about every one of those keywords of yours could also be easily used in the context of sex and if you were familiar at all with this thing called The Internet you’d realize that 98% of it is porn-related. (P.S. – in case you didn’t know, porn includes sex.)

Not a group to let this trespass of our blessed privacy, everyone on Twitter responded appropriately:

So as if the keyword surveillance probably wasn’t muddled with sexy search results already then the noble crusaders of Twitter have undoubtedly thrown a couple more monkey wrenches into the Big Brothery gears of the DHS. At least I hope it has because if not then the combination of my searches on Twitter for their keywords in addition to my use of all of the words in this article will probably be enough for the feds to punch my ticket to Gitmo later today.

Apparently, opponents of the “Dog Wars” app have modified an older version of the app to include a specific trojan code. The malware, which Symantec is identifying as “Android.Dogowar,” is only planted in Beta version 0.981. That older version hasn’t been found on the official Android Market but has been found on various warez sites.

Dog Wars has received a lot of criticism since developer Kage Games put it on the market earlier this year. The app, which allows you to “raise your dog to beat the best,” was not pulled by Google despite numerous petitions asking the company to do so.

According to Symantec, here’s how the modified app looks-

Agreement by the user to grant the permissions requested by the app (which will include SMS permission) will allow for the the app to be installed. Upon installation, the display icon of the legitimate app looks almost identical to that of the app that has been bundled with the Trojan (on devices with a screen size of 3 – 3.5 inches). In fact, they looked so similar, we almost failed to spot this one difference several times; but closer inspection into the icon of the app containing the Trojan revealed that it actually says ‘PETA’ rather than ‘BETA’ in the app icon.

Internally the Trojan code has been injected as a package called ‘Dogbite’. Once a compromised device starts up, a service called ‘Rabies’ is initiated in the background, which carries out the core functionality of the app.

What is the core functionality of the modified app? First, it sends a text message to everyone on the user’s contact list that reads “I take pleasure in hurting small animals, just thought you should know that.” Then, it send a text message to “73822,” which signs the user up for a PETA text-alert service.

A PETA rep told CNET that “We don’t know who created this version of the app, but we think it is ingenious. When someone creates a game that glorifies animal abuse, you can bet that people will come up with clever, smart ways to take action against it.”

PETA is known for creative campaigns to promote their message. We told you yesterday about their plans to run a pornography site to bring attention to animal cruelty on the new .xxx domain.

The makers, Kage Games, have said in the past that they are “in fact animal lovers ourselves,”

This is our groundbreaking way to raise money/awareness to aid REAL dogs in need, execute freedom of expression, and serve as a demonstration to the competing platform that will not allow us as developers to release software without prejudgment

I guess there is always the Grand Theft Auto argument as well – I fight dogs in a video game so I don’t do it in real life, like I take out my aggression by killing hookers in GTA so I don’t do it in real life.

All kidding aside, what do you think about the app itself? Should it have been removed? What do you think about this malware attack by the activists – clever or childish? Let us know in the comments.

There’s a lot of buzz right now about Google Latitude, the new location-based service where you opt in to the service, select which friends you’re connected to, and then have it automatically update your location. I admit that there’s a creepy factor here, and that most people will not want to let most other people know exactly where they are at any given moment.

Yet in today’s MediaPost, the concerns get SO overblown that it’s making me think Latitude’s not such a bad idea after all:

So basically, the concern is that these phones will be turned into Trojan horses. And the concern’s not with the software, it’s with the hardware.

It’s quite possible that Al Qaeda could come into your office, take your phone while you’re in the bathroom, turn it into a bomb, and make it explode when you walk into a shopping mall. But if the real concern about Google Latitude is some doomsday scenario a la Arlington Road, then maybe we can focus on more serious threats.

I do think Mr. Davies of Privacy International has had some REALLY bad cellphone repairmen.

Comments

A Trojan injected into sites favoring Tibetan independence from China targeted visitors with a specially crafted download. Security vendor McAfee said the affected websites hosting this Trojan were probably hijacked to place infected web pages in view of browsers.

Once in place, the Trojan, which they dubbed Friebet, grabs software from remote servers that makes the co-opted machine capable of accepting SQL statements and executing them against other machines.

The Friebet malware can try several options to gain access to the databases backing other servers, according to McAfee:

• Bind and connect to local or remote databases from the victim machine

• Query and steal data from local or remote databases
• Insert arbitrary data into local or remote databases, including web data such as hosting a web exploit

Though web application developers may have safeguards in place against common SQL injection attacks, Friebet is a more direct attack against a backend database. Administrators should review protections for databases to ensure such malicious connection attempts cannot succeed.

The malware called Harada is thought to be connected to the Pirlames Trojan horse which anti-spam firm Sophos reported blocking in Japan last year. The three men have admitted they took part in the crime. One man wrote the malware, while the other two are thought to have distributed the malicious code through Winny.

"It isn’t illegal to write viruses in Japan, so the author of the Trojan horse has been arrested for breaching copyright because he used cartoon graphics without permission in his malware. Because this is the first arrest in Japan of a virus writer it’s likely to generate a lot of attention and there may be calls for cybercrime laws to be made tighter," said Graham Cluley, senior technology consultant for Sophos.

"Malware is truly a global menace, impacting on every user of the Internet, and it is good to see police around the world doing their bit to tackle the problem."

Some computers infected with Harada displayed a message saying, "You’re already dead. Come here. And apologize to me. If you don’t, this PC will self-destruct."

“The good news is that all of the attackers’ control sites mentioned in the previous blog have now been taken offline!” Liam OMurchu noted in their update. “However, I am sure that the attackers will regroup and set up new servers.”

The malware, dubbed Trojan.Bayrob, runs a sophisticated man in the middle attack that intercepts traffic to eBay Motors. It arrives by email and shows the victim a photo slideshow of a vehicle purportedly up for auction.

Along with the slideshow program, the email brings along the Trojan and drops it onto the PC. When the victim clicks on the link to a legitimate auction, the Trojan fires up and intercepts web traffic. It delivers phony feedback pages to the victim, for example.

The idea is to entice the victim to complete the auction and submit a payment. Once submitted, the criminals grab the money and likely move on as quickly as possible.

People who avoid launching executables arriving by email should be able to easily avoid this Trojan. Though its control servers are offline, Symantec expects those behind the scheme will regroup and launch it again with new servers backing the Bayrob Trojan.

—

Whatever it is can’t be good for people whose systems pick up this new bit of nastiness. Symantec said in its Security Response Blog that the attempted use of a man in the middle attack in this manner is “very unusual.”

When the Trojan infects a system, it implements a local proxy server that listens on port 80, the default port for http traffic. It alters the local etc/hosts file to force traffic through the proxy if the user tries to visit one of these URLs:

My.ebay.com
Cgi.ebay.com
Offer.ebay.com
Feedback.ebay.com
Motors.search.ebay.com
Search.ebay.com

The Trojan then connects to one of several other servers to grab files. These will be used to deliver the fake eBay pages in the browser window. Symantec said the Trojan downloads ten fake pages, but that number could change.

One of those fake pages shows a high feedback rating. Since eBay visitors tend to rely on feedback to determine if they should bid or not on an auction, a deceptive feedback rating could dupe them into bidding and finishing a transaction.

“The exact motive behind the Trojan is still a mystery since at the time of writing the servers are not sending down the %item_number% and %seller_name% variables that may show which auction the user should be redirected to, and without which, the Trojan will not start to show fake pages,” said Symantec.

—

Kaspersky reported on their blog they had received a sample of the RedBrowser Trojan for mobile phones on Monday. They quickly point out cyber assaults aren’t limited to smartphones anymore. Most mobile handsets are now susceptible.

They note on their Viruslist blog:

It presents itself as a program which will allow the user to visit WAP sites without a WAP connection. However, the Trojan actually sends SMSs, not to other users, but to premium rate numbers. The user gets charged $5 – $6 for each sms sent.

They explained this Trojan can be easily uninstalled and shouldn’t be a real problem. They also mention that this is the first sample they’ve seen and it’s likely others exist in the wild. It’s one more reason to be careful with one’s electronic toys.

Add to | DiggThis| Yahoo My Web

John Stith is a staff writer for WebProNews covering technology and business.

The Linux stuff doesn’t get reported because Linux is too geeky, and the Mac threats have been generally absent because there haven’t been many.

Well, two Mac issues popped up last week and caused a bit of excitement. The second of the two was really bogus, and probably never would have had any legs at all if the other one hadn’t happened. From http://www.f-secure.com/weblog/:

Inqtana.A has not been met in the wild and it uses Bluetooth library that is locked into specific Bluetooth address and the library expires on 24. February 2006. So it is quite unlikely that Inqtana.A would be any kind of threat.

Yeah, that and the fact that it’s already patched.

The other thing (and it is just a “thing” – it’s really not a virus and it’s barely a trojan worm) was quite exciting to some:

Virus Attacks Mac OS X Users:

Some owners of Mac computers have held the belief that Mac OS X is incapable of harboring computer viruses, but this will leave them shell-shocked, as it shows the malware threat on Mac OS X is real, said Graham Cluley, senior technology consultant for Sophos, in a statement. Mac users shouldnt think its okay to lie back and not worry about viruses.

Ayup. Mac users should really worry about this one. It’s a picture. It doesn’t “attack”; somebody has to send it to you or you have to deliberately go download it. You have to uncompress it, and then click on it. Even then, if you aren’t running as an Admin user, it doesn’t get to do anything harmful. There’s a full writeup of it at New MacOS X trojan/virus alert, mostly a non-event.

It is true, however, that Mac (and Linux) folk tend toward being too lax about security. There are things you should be doing to protect yourself no matter what OS you are running. I’ll just run over some of them quickly here. There’s a good article at Mac Geekery – Basic Mac OS X Security but I am a bit more draconian:

Don’t carry a loaded gun around the house

What I mean here is don’t be root. On Mac OS X, the root account isn’t even enabled by default and ordinarily you’d want to leave it that way (use “dsenableroot” to enable or disenable it).

Don’t even run as an Administrator account except when you need to. That’s a lot easier to do on Mac than it is on Windows (and there is no such thing on Linux in general), and Fast User Switching makes it painless to login as an Administrator when you do need it. The point is to keep the firearms put away and locked up so they aren’t available for use.

If you have been using an Administrator account, don’t switch your account to a non-admin account as suggested at the Mac Geekery article. Just make a new account and start using that. Copy your files as you find you need them and you’ll also accomplish a nice house-cleaning.

Lock the doors

While you are logged in as an Administrator, visit the Security Pane in System Preferences and tell it to lock everything – check off “Require password to unlock each secure system preference”. That’s important and should be automatic. You might also consider disabling automatic login and requiring passwords to wake up from sleep, but those things are more for protecting against unauthorized use than virus and worm attacks.

While you are in there, check Sharing and make sure you aren’t running services you don’t need to run and that the firewall is enabled. You DO have a hardware firewall also, right?

“t00r” is not a password

Your passwords need to be really tough and you should not be using the same password all over the internet. Yeah, I know that means a lot of passwords, but it doesn’t have to be that hard. For example, for the dozens of sites that I need passwords for but that aren’t particularly critical if hacked (meaning that you could pretend to be me for a comment or whatever but can’t steal money), I use two basic passwords and add in part of the site name. For example, I might use “fru%78hfg” as one password. When I visit xyz.com, my password is “fru%xyz78hfg” but if I visit abcsoftware.com, it’s “fruabc%hfg”. The positioning of the “%” is determined by the alphabet position of the “a” in “abc”; under “m” means position before the %, “n” on up means insert three characters after the %. This gives me unique passwords for each site, but I know what they are.

No automatic passwords, thanks anyway

In Applications, Utilities is the “Keychain Access.app”. If you opened that up on my machine, you’ll find that it doesn’t know a single password. That’s partially a security measure, but it’s more of a convenience: I remember my own passwords because I want to be able to use them anywhere, anytime. I was working with someone the other day who wanted to check their Gmail and had to go back to their office to do it – they had no idea what their password might be! I know my passwwords and can access whatever I want from wherever I am.

Macs are basically secure, and Mac users don’t have the constant problems that plague Windows. But Macs are not immune to security threats, and you shouldn’t be lazy and complacent about protecting yourself.

*Originally published at APLawrence.com

A.P. Lawrence provides SCO Unix and Linux consulting services http://www.pcunix.com

A report on the TechShout website said a Trojan affecting AdSense has been discovered. Google has not confirmed this yet on the AdSense blog, but a web publisher named Raoul Bangera is said to have contacted Google about the problem.

Google reportedly confirmed the information provided by Bangera, including screenshots, logfiles, and system files, demonstrated the ads displayed on his site were not legitimate.

“We can confirm from the screenshots that these are fake Google ads, formatted to look like legitimate ads. We agree that this phenomenon is likely the result of malicious software installed on your computer,” Google reportedly said in response.

“Most of the ads were about gambling or adult content, which are banned categories in Google AdSense, clearly indicating a suspicious origin,” Bangera said in the report. Only small publishers appear to be affected, not premium publishers or Google sites.

Site publishers should review their ads, and report any unusual ones like ads that violate Google’s terms of service to Google for follow-up.

—
Email the author here.

Add to | DiggThis | Yahoo My Web

David Utter is a staff writer for WebProNews covering technology and business.