Symbian Phones

Nokia N95There’s a new worm (malicious code) going around infecting mobile phones that use the Symbian system (see below for a list of phones). There are two variants called the Beselo.A and Beselo.B worms.

It gets transmitted by Bluetooth or by MMS so you can’t really avoid receiving it. It consists of two parts:

  • An attachment with an interesting name, such as beauty.jpg, sex.mp3, or love.rm
  • A text message asking you to “install” the attachment to view it

With MMS messages it’s not necessary to “install” anything to view a picture or to play an audio attachment. What’s really happening is there’s no picture or audio file attached, it’s a malicious program. The wording of the message is just a trick to install the worm (a technique known as social engineering). If it were really a picture you’d be able to see it without installing anything, and likewise for audio attachments.

If you receive a message asking you to install something and it promises to show you a picture or play an audio file, say no. Delete the message.

F-Secure make an antivirus package specifically for phones that use Symbian, and that would detect the file. But common sense and the explanation above should be sufficient to avoid it.

Below are some of today’s popular phones that use Symbian S60. If your phone is on this list then it’s vulnerable to this attack.

  • LG – JoY
  • Nokia – 3250, 5500 Sport, 5700, 6110 Navigator, 6260, 6290, 6600, 6630, 6680, 6682, E50, E51, E60, E61, E61i, E65, E70, E90, N70, N72, N73, N75, N76, N80, N81, N90, N91, N92, N93i, N93, N95, N95 8GB, N82, N81 8GB, 6120, N77
  • Nokia (discontinued) – 6681, 6670, 3230, 7610, 3650, 3600, 3660, 3620, 7650, N-Gage, 6620
  • Panasonic – X800, X700
  • Samsung – SGH-D720, SGH-D730, SGH-i450, SGH-i520, SGH-i550, SGH-i560
  • Sendo – X
  • Siemens – SX1

Taking A Work Notebook Home

A common scenario is when someone takes home a notebook from work. The intention is to do work from home for whatever reason.

Notebook - typingThis could be a serious security risk. Most companies have gone to a lot of trouble to secure their office networks (for example by installing and managing firewalls; though a firewall is not enough to secure a network). In fact some companies have an entire department dedicated to maintaining network security. However most homes don’t have managed firewalls or any of the other network security systems or resources that companies often use. This effectively makes a home network less secure.

The risk is having an outsider gain access to the contents of the notebook. This could be achieved in a number of ways including having a trojan on another PC in the house. The possible damage to businesses can be huge, depending on the importance of the data on the notebook, or the importance of the work being done from home.

Some misconceptions need to be explained:

  • All firewalls are the same – this is not true. There are different types of firewalls making some more secure than others. They also need to be patched when the vendor discovers a vulnerability. Some home routers even claim to have firewalls when they don’t (they claim that a NAT feature is effectively a firewall – it isn’t). SPI firewalls are good (Stateful Packet Inspection)
  • No one would be interested in hacking into your home network. The internet doesn’t discriminate, every device connected to the internet is at as much risk as every other device

It’s not all bad news though. There are things you can do to protect yourself and your employer.

  • The laptop should have an antivirus program installed. It needs to be up to date.
  • The laptop would ideally have a “personal firewall” installed. Windows Firewall is not good enough. You need something that not only stops other programs getting into the notebook, it needs to stop unknown programs already on the notebook from getting out to the internet.
  • The home router should have its own firewall, or you could use a dedicated firewall device. Ideally the firewall would filter out traffic coming from or going to known sources of malware but this isn’t going to happen at home, it requires a fair bit of maintenance (i.e. it’s expensive)
  • Encrypt the hard drive in the notebook. This can protect you if you lose the notebook or it gets stolen (and statistics show this happens often). Whole disk encryption costs money and slows down the notebook a bit but it’s very important.
  • Don’t carry all your files on the notebook. Don’t keep all your emails, or your entire client list, etc. Only copy the data you need to get the job done and limit the risk.
  • A VPN to your office network can help.
  • Don’t connect your notebook to the internet. These days almost everyone needs the internet to do work so this idea might not be very practical
  • Don’t use someone else’s wireless network. Not only is this illegal in many countries, you would be sending all your data through a stranger’s network. It’s technically possible for someone to intercept that data, even to manipulate it.
  • If you use wireless at all make sure it uses a strong security protocol (WPA or WPA2)

A note about VPNs:

VPN stands for Virtual Private Network. It’s a piece of technology that can be used to join an office network to a home network. Servers and PCs on the networks would behave as if they were sitting in the same location, ignoring the fact there’s some distance inbetween, and ignoring the fact it’s really travelling across the Internet.

A VPN isn’t the be all and end all of security, it’s only a technical solution to a technical problem. You still need firewalls, virus scanners, and a little bit of tech support.

They can be setup to route all traffic to your office network and then you would trust your office network to filter the traffic for you. This is generally good. There are some caveats:

  •  Activities like internet browsing are slowed down
  • Your office network may keep a log of what websites you view from home, when you’re connected to the VPN
  • You’re trusting your office’s IT staff not to hack into your home network (it’s technically easier when you establish a VPN)
  • It costs your employer money to setup and manage a VPN
  • If you have an unreliable internet connection at home it’ll disrupt your work.

Above all find out what your company’s IT policies are and follow them as best you can. If they don’t have one then now’s a good time to suggest one. Working from home doesn’t have to be risky.

Suspicious Websites

It's a trapWith apologies to all those who conduct legitimate activties on the following sites I’d like to warn you on the current trend of malicious sites.

At the moment a lot of sites hosted on Geocities contain various bits of malware. So if you see a link anywhere (in an email, in a chat window, on another web page) that begins with geocities.com be very suspicious.

And secondly there’s been so much malware coming from Chinese web sites. So be cautious of any link that has .cn in the address.

A QuickTime Flaw

Here’s a new vulnerability in Apple’s QuickTime program, discovered just recently (and published today). A computer can become vulnerable if the following events happen:

  • You have Quicktime version 7.x installed (any version beginning with 7.)
  • Your computer uses Windows XP or Windows Vista
  • You use FireFox for web browsing (IE 6, 7, and Safari are safe from this vulnerability for the now)
  • QuickTime is your default media player
  • You visit a site hosting a malicious video file that takes advantage of this exploit.

Chances are you don’t meet all of the above criteria, but since there are so many computers on the internet now there would still be a large number of people who do.

The damage from this could be anything for now. Since the exploit has been published malicious hackers all over the world are probably busy writing viruses and trojans to take advantage of it.

So when Apple releases an update be sure to install it. And if you use a good antivirus package it won’t be long until they release a new update (this is why it’s important to keep your antivirus program updated).

Details have been published here.

Malicious Emails Targeting Financial Customers

There has been a rise in malicious emails (emails carrying malicious attachments) that are aimed at individuals. These emails are customised for the recipients with details such as their name and official title.

Two recent occurrences appear to be from the US Department of Justice, and from the Better Business Bureau. They have been sent to customers of financial institutions, indicating that email addresses were stolen and the information used to make the emails appear more convincing.

What makes these appear obviously malicious is that the first (from the US Department of Justice) carries an attachment with a file extension of .scr. These type of files are Windows screen savers, something that should immediately appear out of the ordinary. If you open the attachment it will install a trojan allowing malicious hackers to later take control of your computer.

The second one (from the Better Business Bureau) contains an infected PDF file. This is unfortunate because traditionally PDF files were considered safe from viruses, but lately it’s been proven that even PDF files can carry viruses and trojans. ( A PDF file is an attached document). Keep in mind that these emails have been tampered with to make them appear to be from the relevant senders. In fact they aren’t.

The best defence against these types of targeted attacks is to use a good antivirus program on your computer with the following features:

  • It must scan emails
  • It must be updated daily

It can be very difficult to pick out these malicious emails unless you have something scanning them for you.

These type of targeted email attacks have been increasing in frequency. Up to 10 new (unique) attacks have been discovered every day. This is a rather large number. Be very careful with suspicious looking emails.

Maxtor External Drives With A Free Virus

Some Maxtor external drives have been found to contain a virus. These are brand new units straight from the factory. The unit with this problem is a Maxtor Basics Personal Storage 3200, shipping between August 2007 and November. If you’ve recently purchased one of these you need to call Seagate’s technical support and quote the serial number on the drive.

2 New Skype Related Warnings

There are two new warnings related to Skype today. In each case it’s not Skype that’s the problem, it’s just related to their service.

1. Some people have received a warning saying “Security Center has detected malware on your computer“. If you click on the links provided you’ll get a message telling you malware was found on your computer. It then asks you to pay money for an alleged program to clean it. If you see this, ignore it. It didn’t really scan your computer for viruses, and the money they ask for won’t really go towards anything good.

2. Some Skype users have received a message about finding a lost girl. Again this is a hoax and if you click on the links provided a web site will attempt to install a virus on your computer. Ignore it.

More details can be found at Skype’s security site.