Hidden Administrator !

Android devices have been under attack more so than in previous years. Jay-Z’s Magna Carta Holy Grail Fake App, for example, hides within a pirated copy of the Jay-Z app. If you had this fake application installed on your Samsung device, you suddenly had your background wallpaper image changed to an image of President Barack Obama on July 4th. We also heard of another threat called Master Key that affects all Android users. Master Key allows an attacker to turn any legitimate application into a malicious Trojan horse. The hacker accomplishes this by modifying the APK code without modifying the application’s cryptographic signature.

Recently, another malware threat known as Hidden Administrator Apps has targeted Android users. Hidden Administrator Apps is not an actual name for the malware, but should be viewed more of a category of malware with characteristics that include stealth implementation and elevated user privileges.

A Hidden Device Admin app is an infected application that installs itself with administrator privileges. The app hides itself and you have no means of knowing if this was installed on your device. You can’t remove the app because you simply can’t see it on your screen and you don’t know that it’s there. With administrator privileges, the malware takes complete control of your device and can enable the attacker to utilize it.

How Are Hidden Administrator Apps Installed?

When the malware attempts to install on your device, it will ask you to grant it the elevated privileges. If you’re attentive and deny this request, the malware displays frequent pop-up messages once the device restarts. If you install the infected app, you can attempt to uninstall the app by deactivating its administrator privileges by going to Settings ->Security->Device Administrators. However, this technique may not work all the time because variants of the malware will hide this deactivation option.

How Can You Prevent or Remove Hidden Administrator Apps?

You should always be cautious about the apps you download and install on your device. The malware payload can cause damage to your mobile device, as well as intrude on your privacy and personal information. You can take the following preventive measures for installing Hidden Administrator Apps:

Only download from a reputable app store, such as Google Play or Amazon Appstore.

Glance at app reviews -- People will often rate an infected app poorly and will usually warn others through the app reviews.

Avoid downloading unofficial apps -- It's always safer to install official apps from an official app store.

Keep your mobile device up-to-date -- Ensure you have the latest updates installed on your device.

Don't download pirated software.

If your device is infected with a Hidden Administrator App, you can search Google Play for utilities that can detect the Hidden Administrator App and will remove its elevated privileges. You then can uninstall the app because it will no longer have the administrator rights. A solid solution is McAfee Mobile Security. One of the many features that McAfee Mobile Security provides is Hidden Administrator App detection

Facebook account has just been backed !, What to DO ?

You've just got a text from one of your friends saying that he is wiring some money to your hotel in Paris and that he hopes you are OK. The only problem is that you're not in Paris, you're in Michigan eating Cheetos and watching Judge Judy. Before your orange cheese covered fingers can text him back, you start getting more texts from other concerned friends who also say they are wiring you money ASAP. What the heck is going on?

It looks like your Facebook account has just been backed and the hackers who did it are impersonating you and hitting your friends up for cash. Before things get further out of hand, follow the steps below to bring things back to normal.

If you believe your Facebook account has been hacked:

1. Go to the Facebook Account Compromise Reporting Page

2. Click the "My Account Is Compromised" button

3. On the "Identify Your Account" page, enter either your e-mail address, phone number, Facebook user name, or your name and and the name of one of your friends.

4. Follow the instructions provided to report your account as compromised.

5. Once your account has been reinstated and is back under your control, reset your Facebook password from the Accountt Settings" page by clicking the "Change" link under the "My Account" Password section.

6. From the Facebook Privacy Settings page, click on "Apps and Websites". Under the "Apps You Use" section, click "Edit Settings" and then click on the "X" to delete any suspicious / malicious apps that may have been used to compromise your account.

7. Alert your friends that your account was hacked and warn them not to click on any links that the hackers who compromised your account may have posted on their walls, in chat sessions, or in facebook e-mails that the hackers sent to them.

McAfee Mobile Security

McAfee's newest mobile security application, McAfee Mobile Security, protects your Android smartphone or tablet from the latest malware threats. Recent Android attacks have affected many Android users. With McAfee Mobile Security, you can protect yourself from attacks that include:

Hidden Device Admin

Android Master Key Exploit

Jay-Z's Magna Carta Holy Grail Fake App

McAfee Mobile Security provides the following features for Android users:

Locate and track device -- If you misplace your device, you can locate it on a map and send a text to prompt its return.

Device alarm/scream

Remote lock and wipe -- If you're device is lost or stolen, you can protect your privacy by remotely deleting your data on your device and SD card.

Backup and restore -- You can backup your data on demand or set your backup process on a specific schedule. Use your backup to restore your data on a new device.

Manage your security in the cloud -- You can manage your mobile security through a web portal or by SMS text using any smartphone or tablet.

Click here to learn more about McAfee Mobile Security, including a review, full list of features, and premium and basic packages.

4 Secrets Wireless Hackers Don't Want You to Know

You're using a wireless access point that has encryption so you're safe, right? Wrong! Hackers want you to believe that you are protected so you will remain vulnerable to their attacks. Here are 4 things that wireless hackers hope you won't find out, otherwise they might not be able to break into your network and/or computer:

1. WEP encryption is useless for protecting your wireless network. WEP is easily cracked within minutes and only provides users with a false sense of security.

Even a mediocre hacker can defeat Wired Equivalent Privacy (WEP)-based security in a matter of minutes, making it essentially useless as a protection mechanism. Many people set their wireless routers up years ago and have never bothered to change their wireless encryption from WEP to the newer and stronger WPA2 security. Updating your router to WPA2 is a fairly simple process. Visit your wireless router manufacturer's website for instructions.

2. Using your wireless router's MAC filter to prevent unauthorized devices from joining your network is ineffective and easily defeated.

Every piece of IP-based hardware, whether it's a computer, game system, printer, etc, has a unique hard-coded MAC address in its network interface. Many routers will allow you to permit or deny network access based on a device's MAC address. The wireless router inspects the MAC address of the network device requesting access and compares it your list of permitted or denied MACs. This sounds like a great security mechanism but the problem is that hackers can "spoof" or forge a fake MAC address that matches an approved one. All they need to do is use a wireless packet capture program to sniff (eavesdrop) on the wireless traffic and see which MAC addresses are traversing the network. They can then set their MAC address to match one of that is allowed and join the network.

3. Disabling your wireless router's remote administration feature can be a very effective measure to prevent a hacker from taking over your wireless network.

Many wireless routers have a setting that allows you to administer the router via a wireless connection. This means that you can access all of the routers security settings and other features without having to be on a computer that is plugged into the router using an Ethernet cable. While this is convenient for being able to administer the router remotely, it also provides another point of entry for the hacker to get to your security settings and change them to something a little more hacker friendly. Many people never change the factory default admin passwords to their wireless router which makes things even easier for the hacker. I recommend turning the "allow admin via wireless" feature off so only someone with a physical connection to the network can attempt to administer the wireless router settings.

4. If you use public hotspots you are an easy target for man-in-the-middle and session hijacking attacks.

Hackers can use tools like Firesheep and AirJack to perform "man-in-the-middle" attacks where they insert themselves into the wireless conversation between sender and receiver. Once they have successfully inserted themselves into the line of communications, they can harvest your account passwords, read your e-mail, view your IMs, etc. They can even use tools such as SSL Strip to obtain passwords for secure websites that you visit. I recommend using a commercial VPN service provider to protect all of your traffic when you are using wi-fi networks. Costs range from $7 and up per month. A secure VPN provides an additional layer of security that is extremely difficult to defeat. Unless the hacker is extremely determined they will most likely move on and try an easier target.

What is Malware?

Protecting your computer from malicious software is perhaps the most important aspect of computer ownership.
A wide range of products are available that offer computer security. However, did you know that certain products only offer protection against a few malicious attacks? Are you concerned that your computer may not be fully secured? Before you take the necessary measures of securing your computer, you should understand the different types of attacks that could harm your machine.
What is Malware?
Malicious software (malware) is the wide range of software applications developed with a malicious intent. The methods used for malware installation is unlike any other software installation you are accustomed to because malware is installed through devious means. People often use the terms virus and malware interchangeably. However, a virus is a type of malware. Other major malware types include:
Virus

A virus contains malicious code that attaches itself to an application. When the infected application is executed, the virus is launched and will attempt to spread to other computers. A virus typically will not cause immediate damage as it needs time to replicate in order to infect other computers. Eventually, the virus will deliver its payload. The payload can cause significant damage such as deletion of critical system files, random reboots of your computer, and can corrupt hard drives and make them unbootable. Viruses are delivered to systems in a variety of ways. Email is the most common method for spreading viruses. For example, spammers will email viruses as attachments and will entice users to download and open the attachment, which in turn will execute the virus. Users can also transmit viruses by using infected USB flash drives. Most operating systems have Autorun enabled, which enable infected USB flash drives to execute the virus as soon as the device is plugged into the machine.


Trojan Horse

Trojan horses trick users by posing as legitimate applications. For example, a Trojan horse may appear to be a game or a screensaver. A deceived user will download the application and the Trojan horse is released once the user executes the program.
Worms

Unlike viruses and Trojan horses, worms do not need to be executed. Worms reside within memory and can travel throughout a network without depending on an infected computer application or interaction. Worms replicate themselves exponentially and can literally crash networks by consuming its bandwidth.

Spyware

Spyware is installed on a machine without the user’s awareness or consent. Spyware attempts to gather specific user information and send it to a third party. You can determine if your computer is infected with spyware if your Internet home page has suddenly changed, if your web browser redirects web searches, or if additional software has been installed on your machine. Another form of spyware is adware. Adware launches pop-up windows to display unwanted advertisements.

Logic Bombs

A logic bomb is malicious code embedded within an application that executes based on certain events. The logic bomb lies dormant until that event occurs. The event may be when a specific date is reached or if an employee’s record is removed from an organization’s payroll information system.
Rootkits

A rootkit is the combination of programs designed to infect your computer without being detected. Your antivirus application communicates with your operating system to identify threats. However, rootkits breaks down this communication process. Consequently, your antivirus software will think that everything is fine and will not report that your computer is infected.

You can find security tools that will protect your computer from the above threats. In most cases, one tool is not enough. You may need to use a combination of utilities to fully project your system. Understanding the major types of malware can help you make informed decisions about acquiring tools to project your computer.

How to remove Virus from USB Drives ?

One of the ways by which a virus can infect your PC is through USB/Pen drives. Common viruses
such as ’Ravmon’ , ‘New Folder.exe’, ‘Orkut is banned’ etc are spreading through USB drives. Most
anti virus programs are unable to detect them and even if they do, in most cases they are unable to
delete the file, only quarantine it. Here are the things which you can do if you want to remove such
viruses from your USB drives.
1. Whenever you plug a USB drive in your system, a window will appear similar to the one
shown below
2. Don’t click on Ok , just choose ‘Cancel’.
3. Open the Command Prompt by typing ‘cmd‘ in the run box.
4. In the command prompt type the drive letter: and press enter.
5. Now type dir /w/a and press enter.
6. This will display a list of the files in the pen drive. Check whether the following files are there
or not:
• Autorun.inf
• Ravmon.exe
• New Folder.exe
• svchost.exe
• Heap41a
• or any other exe file which may be suspicious.
7. If any of the above files are there, then probably the USB drive is infected.
8. In command prompt type attrib -r -a -s -h *.* and press enter.
9. This will remove the Read Only, Archive, System and hidden file attribute from all the files.
10. Now just delete the files using the command del filename. --
Example del Ravmon.exe. -
Delete all the files that are suspicious.
Example:
• Microsoft Windows XP [Version 5.1.2600]
• (C) Copyright 1985-2001 Microsoft Corp.
•
• L:\Documents and Settings\kayzg>o:
• O:\>
•
• O:\>dir /w/ac
• Volume in drive O is KAYZGPEKEE2
• Volume Serial Number is D834-F037
• Directory of O:\
• [untitled folder] [System]
• [Documents] winzip90.exe
• sdat5277.exe LaunchU3.exe
• ethereal-setup-0.99.0.exe ethereal 1.doc
• PROJECT NETWORK MANAGEMENT.doc About the Raila Virus 1.doc
• About the Raila Virus.doc KAYUMBO G.doc
• 9 File(s) 63,575,709 bytes
• 3 Dir(s) 547,983,360 bytes free
• O:\>
• O:\>del Autorun.inf
• Could Not Find O:\Autorun.inf
• O:\>
11. To be on a safer side, just scan the USB drive with an anti virus program to check whether it is
free of virus or not.
12. Now remove the drive and plug it again. In most of the cases, the real culprit turns out to be the
“Autorun.inf” file which mostly gets executed when someone clicks Ok in the dialog window
which appears above. Thus the infections can spread
Security Tips
1. Disable the Autoplay feature of USB drives. If you disable the Autoplay feature of USB drives,
then there are lesser chances of the virus spreading.
2. A tool which can perform such a function is Tweak UI. Download it from here and install it.
3. Now you can disable the Autoplay feature of the removable drives as shown above.
4. Run the program, expand My Computer, AutoPlay, and then click Types. On the right panel under
AutoDrives Types un-tick Enable Autoplay for removable drives.
5. By following the above steps, you can keep your USB drives clean.
Other simple ways
1. Don’t loan your flash drive to anyone. If you do you're taking a risk there. Lending your flash
card is not a good idea. You don't know what’s on your friend’s computer or what worm will
work its way to your flash drive then to your computer.
2. When you insert it to your USB port run your anti virus scanner on it first. BEFORE YOU
OPEN THE DRIVE!!!! If it is infected it will tell you.
3. Make sure you update your anti virus program first. Anytime you hook anything to your
computer scan for virus before you open it.
How to quickly scan your flash drive
1. When you connect the flash drive, before open your flash drive:
• Right click [on removable disk, ]
• scan with antivirus then you can use,
• If you are going to copy any file from your pc, first scan the particular then only copy to your
flash drive.