Mobile Virus Security Guide

Scammers are distributing apps for Windows Mobile-based smartphones that have malware hidden inside that makes calls to premium-rate numbers across the globe, racking up expensive bills unbeknownst to the phone's owner, a mobile security firm said on Friday.

The apps--3D Anti-Terrorist game, PDA Poker Art, and Codec pack for Windows Mobile 1.0--are being distributed on as many as nine popular download Web sites, including DoDownload, GearDownload, and Software112, according to John Hering, chief executive and founder of mobile security provider Lookout.

Someone has copied the programs and repackaged them with the malware inside, he said. Once the app is installed the virus wakes up and starts dialing premium-rate numbers like in Somalia and the South Pole, Hering said. He added that victims may not know about the problem until they get their phone bill and see that it's $50 or $100 higher than it should be.

Auto-dialer scams are common in Russia and other countries but are still relatively rare in the United States. But that will change. Six months ago, Lookout saw four pieces of malware per 100 phones. Now, that figure has more than doubled to nine pieces of malware for every 100 phones, Hering said.

Hering said Microsoft had been contacted about the issue, but that the problem is not due to any vulnerability in the Windows Mobile software and therefore can't simply be patched.

"Users need to be aware of what they are downloading and make sure it is a reputable source and from a reputable developer," he said. Lookout is one of a growing number of companies that offer software and services to help protect mobile devices from malware and other threats.

Microsoft is aware of the issue and is currently investigating it, said Jerry Bryant, group manager for Response Communications at Microsoft.

"As always, Microsoft continues to encourage customers to follow all of the steps of the 'Protect Your Computer' guidance of enabling a firewall, applying all software updates and installing antivirus and antispyware software," he said. "While Microsoft does not have a mobile AV product we do detect and protect in certain scenarios. The general protect guidance also applies to mobile phone users: http://www.microsoft.com/protect/."

The hidden auto-dialing malware incidents are noteworthy because they signal a shift from attackers seeking mere notoriety to profit-motivated fraud, Hering said.

"What took 15 years for malware to evolve on the desktop is accelerated on the mobile platform," he said. "We're seeing it move from early proof-of-concept (malware) to things that are driving profit."

Mobile Virus Security Guide

Scammers are distributing apps for Windows Mobile-based smartphones that have malware hidden inside that makes calls to premium-rate numbers across the globe, racking up expensive bills unbeknownst to the phone's owner, a mobile security firm said on Friday.

The apps--3D Anti-Terrorist game, PDA Poker Art, and Codec pack for Windows Mobile 1.0--are being distributed on as many as nine popular download Web sites, including DoDownload, GearDownload, and Software112, according to John Hering, chief executive and founder of mobile security provider Lookout.

Someone has copied the programs and repackaged them with the malware inside, he said. Once the app is installed the virus wakes up and starts dialing premium-rate numbers like in Somalia and the South Pole, Hering said. He added that victims may not know about the problem until they get their phone bill and see that it's $50 or $100 higher than it should be.

Auto-dialer scams are common in Russia and other countries but are still relatively rare in the United States. But that will change. Six months ago, Lookout saw four pieces of malware per 100 phones. Now, that figure has more than doubled to nine pieces of malware for every 100 phones, Hering said.

Hering said Microsoft had been contacted about the issue, but that the problem is not due to any vulnerability in the Windows Mobile software and therefore can't simply be patched.

"Users need to be aware of what they are downloading and make sure it is a reputable source and from a reputable developer," he said. Lookout is one of a growing number of companies that offer software and services to help protect mobile devices from malware and other threats.

Microsoft is aware of the issue and is currently investigating it, said Jerry Bryant, group manager for Response Communications at Microsoft.

"As always, Microsoft continues to encourage customers to follow all of the steps of the 'Protect Your Computer' guidance of enabling a firewall, applying all software updates and installing antivirus and antispyware software," he said. "While Microsoft does not have a mobile AV product we do detect and protect in certain scenarios. The general protect guidance also applies to mobile phone users: http://www.microsoft.com/protect/."

The hidden auto-dialing malware incidents are noteworthy because they signal a shift from attackers seeking mere notoriety to profit-motivated fraud, Hering said.

"What took 15 years for malware to evolve on the desktop is accelerated on the mobile platform," he said. "We're seeing it move from early proof-of-concept (malware) to things that are driving profit."

Get Mobile Password Manager Tips

Kaspersky Password Manager is an indispensable tool for the active Internet user. It fully automates the process of entering passwords and other data into websites and saves the user from going to the trouble of creating and remembering multiple passwords.

When you use Kaspersky Password Manager to log in, you can rest assured that your data is safe: all confidential data is encrypted and kept in a dedicated database on your computer. The software creates exceptionally strong passwords and prevents your login information from being stolen.

Kaspersky Password Manager makes your web experience safe and easy.

Kaspersky Password Manager remembers your online usernames and their associated passwords so that you can have a number of different secure, strong passwords without having to remember every single one:

• Organize and store all passwords in one secure location
• Sign in to websites and applications with a single mouse click
  
  
  
• Access and secure all passwords with a single master password
• Store passwords in an encrypted database on your computer
• Automatically create strong, unique passwords
• Carry a mobile version of the product on a flash drive
• Fill in online forms automatically
• Fully Compatible with Microsoft's new operating system, Windows 7

Get Mobile Password Manager Tips

Kaspersky Password Manager is an indispensable tool for the active Internet user. It fully automates the process of entering passwords and other data into websites and saves the user from going to the trouble of creating and remembering multiple passwords.

When you use Kaspersky Password Manager to log in, you can rest assured that your data is safe: all confidential data is encrypted and kept in a dedicated database on your computer. The software creates exceptionally strong passwords and prevents your login information from being stolen.

Kaspersky Password Manager makes your web experience safe and easy.

Kaspersky Password Manager remembers your online usernames and their associated passwords so that you can have a number of different secure, strong passwords without having to remember every single one:

• Organize and store all passwords in one secure location
• Sign in to websites and applications with a single mouse click
  
  
  
• Access and secure all passwords with a single master password
• Store passwords in an encrypted database on your computer
• Automatically create strong, unique passwords
• Carry a mobile version of the product on a flash drive
• Fill in online forms automatically
• Fully Compatible with Microsoft's new operating system, Windows 7

Get Mobile Security Guide

You make calls, send SMSs, browse the web and communicate via social networks every day. Your smartphone is your life. Kaspersky Mobile Security keeps your private life truly private.

• Privacy Protection - for your eyes only
  You have exclusive control over which of your contacts and phone numbers you want to keep ‘private’. Hide and unhide phonebook entries, SMSs and call logs at the touch of a button.
• Locate a lost or stolen smartphone
  You can locate a lost or stolen smartphone using the inbuilt GPS Find function.
  
  
  
• Secure contacts, photos and files from unauthorized access
  You can store all your digital assets in encrypted folders and remotely block or wipe your smartphone if it’s lost or stolen.
• Block unwanted calls or SMSs
  You can filter out annoying calls and SMSs by assigning contacts to black lists and white lists.
• Parental control
  You can restrict your children’s calls and SMSs (e.g. block premium rate numbers) and keep track of their whereabouts using GPS Find.
• Protect your smartphone from malware and network attacks
  Kaspersky Mobile Security 9 provides all you need to protect your smartphone from harm, including real-time antimalware scans, automatic updates, blocking of dangerous network connections and much more.

Get Mobile Security Guide

You make calls, send SMSs, browse the web and communicate via social networks every day. Your smartphone is your life. Kaspersky Mobile Security keeps your private life truly private.

• Privacy Protection - for your eyes only
  You have exclusive control over which of your contacts and phone numbers you want to keep ‘private’. Hide and unhide phonebook entries, SMSs and call logs at the touch of a button.
• Locate a lost or stolen smartphone
  You can locate a lost or stolen smartphone using the inbuilt GPS Find function.
  
  
  
• Secure contacts, photos and files from unauthorized access
  You can store all your digital assets in encrypted folders and remotely block or wipe your smartphone if it’s lost or stolen.
• Block unwanted calls or SMSs
  You can filter out annoying calls and SMSs by assigning contacts to black lists and white lists.
• Parental control
  You can restrict your children’s calls and SMSs (e.g. block premium rate numbers) and keep track of their whereabouts using GPS Find.
• Protect your smartphone from malware and network attacks
  Kaspersky Mobile Security 9 provides all you need to protect your smartphone from harm, including real-time antimalware scans, automatic updates, blocking of dangerous network connections and much more.

Discretix gets Sony Ericsson mobile protection Guide

Feb 15 (Reuters) - Israeli mobile security company Discretix said on Monday it won a deal from Sony Ericsson (ERICb.ST) to protect distribution of a growing amount of multimedia content on some of its phones.

Terms of the deal were not disclosed but a company spokesman said it had a "significant dollar value."

Discretix said its content protection solutions will be shipped on all Windows Mobile and Android devices coming out of Sony Ericsson.

Discretix develops embedded security technology for mobile phones, portable devices and mobile television.

The company said content protection technologies are driving a range of new services and business models as an increasing amount of content is delivered to mobile devices.

(Reporting by Steven Scheer and Tova Cohen; Editing by Richard Chang)

((steven.scheer@thomsonreuters.com; +972 2 632 2210; Reuters Messaging: steven.scheer.reuters.com@reuters.net)) Keywords: DISCRETIX/SONYERICSSON

(C) Reuters 2010. All rights reserved. Republication or redistribution ofReuters content, including by caching, framing or similar means, is expresslyprohibited without the prior written consent of Reuters. Reuters and the Reuterssphere logo are registered trademarks and trademarks of the Reuters group ofcompanies around the world.nLDE61D05R

Discretix gets Sony Ericsson mobile protection Guide

Feb 15 (Reuters) - Israeli mobile security company Discretix said on Monday it won a deal from Sony Ericsson (ERICb.ST) to protect distribution of a growing amount of multimedia content on some of its phones.

Terms of the deal were not disclosed but a company spokesman said it had a "significant dollar value."

Discretix said its content protection solutions will be shipped on all Windows Mobile and Android devices coming out of Sony Ericsson.

Discretix develops embedded security technology for mobile phones, portable devices and mobile television.

The company said content protection technologies are driving a range of new services and business models as an increasing amount of content is delivered to mobile devices.

(Reporting by Steven Scheer and Tova Cohen; Editing by Richard Chang)

((steven.scheer@thomsonreuters.com; +972 2 632 2210; Reuters Messaging: steven.scheer.reuters.com@reuters.net)) Keywords: DISCRETIX/SONYERICSSON

(C) Reuters 2010. All rights reserved. Republication or redistribution ofReuters content, including by caching, framing or similar means, is expresslyprohibited without the prior written consent of Reuters. Reuters and the Reuterssphere logo are registered trademarks and trademarks of the Reuters group ofcompanies around the world.nLDE61D05R

Get Mobile Device Protection Guide

User Responsibilities and Procedures

Password-protect your mobile device: Physical security is a major concern for mobile devices, which tend to be small and easily lost or misplaced. If your mobile device is lost or stolen, a device password may be all that stands in the way of someone reading your email and other sensitive data.

• Choose a strong password. The security of your system is only as strong as the password you select to protect it. Review ISO guidelines for selecting a secure password.
• It may be difficult to type especially complex passwords on the small keypad of some devices, but it is important that you try to choose a strong, effective password that is not easily guessed. See theManaging Your Andrew Password [PDF] document for tips on selecting the best possible password.

Use antivirus software: Mobile devices can be just as susceptible to viruses as desktop computers. This is new terrain for hackers but, industry analysts expect viruses, Trojans, spam, and all manner of scams to grow as the mobile device market grows. A couple of examples encountered to date include the 911 virus which caused 13 million i-mode users to automatically place a call to Japan’s emergency phone number and the PalmOS/LibertyCrack, a known Trojan horse that can delete all applications on a Palm PDA.

A number of vendors offer antivirus and anti-spam solutions. Airscanner, F-Secure, and Trend Mobile are a few examples.

Promptly report a lost or stolen device:

In some cases, as in the case of Carnegie Mellon’s BlackBerry service, a device can be remotely deactivated thus preventing email or other sensitive data from being exposed. Understand what options are available to you and exercise them promptly when necessary. Additionally, consider documenting the serial number of and/or engraving your device.

Verify encryption mechanisms:

 Your accounts and passwords should never travel unencrypted over a wireless network. Wireless network traffic can be easily sniffed. Therefore, any sensitive data, especially login information, should always be encrypted. Carnegie Mellon’s VPN service provides encryption for some device types.

Sensitive documents, if stored on the device, should be encrypted if possible (keeping in mind that some devices encrypt stored documents by default).

Disable options and applications that you don't use:

 Reduce security risk by limiting your device to only necessary applications and services. You won't need to manage security updates for applications you don't use and you may even conserve device resources like battery life. Bluetooth and IR are two examples of services that can open your device to unwelcome access if improperly configured.

Regularly back up data:

 Be sure to have a back up copy of any necessary data in case your mobile device is lost or damaged. Consider using multiple backup mechanisms and if you travel, have a portable backup device that you can take with you.

Follow-up safe disposal practices:

 When you are ready to dispose of your device, be sure to remove all sensitive information first. Some services, like Computing Services' BlackBerry service, can help by remotely clearing the device.

Other Precautions: Keep power to your device. If it loses power, all stored information may be erased.

Get Mobile Device Protection Guide

User Responsibilities and Procedures

Password-protect your mobile device: Physical security is a major concern for mobile devices, which tend to be small and easily lost or misplaced. If your mobile device is lost or stolen, a device password may be all that stands in the way of someone reading your email and other sensitive data.

• Choose a strong password. The security of your system is only as strong as the password you select to protect it. Review ISO guidelines for selecting a secure password.
• It may be difficult to type especially complex passwords on the small keypad of some devices, but it is important that you try to choose a strong, effective password that is not easily guessed. See theManaging Your Andrew Password [PDF] document for tips on selecting the best possible password.

Use antivirus software: Mobile devices can be just as susceptible to viruses as desktop computers. This is new terrain for hackers but, industry analysts expect viruses, Trojans, spam, and all manner of scams to grow as the mobile device market grows. A couple of examples encountered to date include the 911 virus which caused 13 million i-mode users to automatically place a call to Japan’s emergency phone number and the PalmOS/LibertyCrack, a known Trojan horse that can delete all applications on a Palm PDA.

A number of vendors offer antivirus and anti-spam solutions. Airscanner, F-Secure, and Trend Mobile are a few examples.

Promptly report a lost or stolen device:

In some cases, as in the case of Carnegie Mellon’s BlackBerry service, a device can be remotely deactivated thus preventing email or other sensitive data from being exposed. Understand what options are available to you and exercise them promptly when necessary. Additionally, consider documenting the serial number of and/or engraving your device.

Verify encryption mechanisms:

 Your accounts and passwords should never travel unencrypted over a wireless network. Wireless network traffic can be easily sniffed. Therefore, any sensitive data, especially login information, should always be encrypted. Carnegie Mellon’s VPN service provides encryption for some device types.

Sensitive documents, if stored on the device, should be encrypted if possible (keeping in mind that some devices encrypt stored documents by default).

Disable options and applications that you don't use:

 Reduce security risk by limiting your device to only necessary applications and services. You won't need to manage security updates for applications you don't use and you may even conserve device resources like battery life. Bluetooth and IR are two examples of services that can open your device to unwelcome access if improperly configured.

Regularly back up data:

 Be sure to have a back up copy of any necessary data in case your mobile device is lost or damaged. Consider using multiple backup mechanisms and if you travel, have a portable backup device that you can take with you.

Follow-up safe disposal practices:

 When you are ready to dispose of your device, be sure to remove all sensitive information first. Some services, like Computing Services' BlackBerry service, can help by remotely clearing the device.

Other Precautions: Keep power to your device. If it loses power, all stored information may be erased.