If you are having trouble viewing this email, click here to view this online



   ISSUE 12

19 July 2012

Article of the Month   Around the World

Mobile phone Security and prevention from malware attacks

Are you a smart phone user? Are you using an android or apple? do u like downloading apps in your phone? If so, this is some thing that you really need to read before you lose a large amount of money from your bank account or your mobile phone�s service provider charge you an unusual amount of bill saying a number of text messages has been sent from your phone but without your knowledge or being a victim of some one who is recording your conversations and many more threats.  

According to a recent presentation from HP it was mentioned that, most of the attacks nowadays are in the application end and not at network level. Smart phone�s like android and apple�s growth depends on the applications in its market place. For example android has over 400,000 apps for users in 129 counties worldwide where most of these apps are made free. Even though it�s an interesting fact, on the other hand, these apps are not verified when they are released as Google does not do filtering before the apps are released, instead it is verified later. Therefore, there is a high risk for some one uploading an application which could be harmful. If this current trend holds it is assumed that there will be more than 120,000 malicious apps by December 2012 in the android market.


Source: http://blog.trendmicro.com/how-big-will-the-android-malware-threat-be-in-2012/

Some examples of the infected applications found on Google play

1. DDspy � Fake G-mail   

This is a phishing malware application which steals the personal information of the user without the knowledge of the user. When infected it will hide the icon for it and run silently in background. It will wait for commands via SMS from a remote server. When the command is received it is able to steal the call log, users SMS and vocal records from the device.

 2. Fake versions of applications � Angry bird space, cut the rope, Fruit ninja, farm frenzy, Instagram and Skype

A Latvian firm has been fined �50,000 for tricking Smart phone users. They created fake versions of games that look like angry bird, cut the rope and Assassin's Creed. These apps appeared as free to be downloaded from the app store but after downloading it did not open instead it started sending text messages via SMS costing �5 each. The messages sent were hidden so that the users did not realize that they have been charged until they checked their bills.

3. Recording phone conversations

IT search provider CA technologies discovered a virus that can record the mobile phone conversations and upload it on a website so that any one can gain access and listen to it. This virus was found to be installed in android based smart phones. This process is done without the knowledge of the user.

4. Find and call

According to research by Kaspersky Lab, posted on the Securelist web site, �Find and call� is a malware application which appeared on both apple and Google play stores.  When installed it can access the user�s phone book, steal the data and send it to a server. It also send�s spam messages via SMS to all the recipes in the contact list which appears to be sent from the users� phone number. The message contains a link to a website encouraging installing the application.

How to be secure from viruses- 7 must read tips

  1. Do not accept any agreement in the software installation process with out reading it. The application is not supposed to do anything more than what is  written on the license agreement, therefore when it does you will be aware that some thing is wrong and will be able to quickly take action before being attacked.
  2. Research the app before downloading it. Look for ratings, comments, and descriptions of the application.
  3. Android warns the user what permission an application has and will advice you that the application will be able to use the mentioned services. It is important to go through it carefully and making sure that the application is not using anything more than what it�s supposed to be using before accepting and installing the application.
  4. Only download applications from the official market and not from unknown sources.
  5. It is recommended to use the Smartphone�s built in security features, such as configuring a lock screen key and keeping the Bluetooth and Wi-Fi turned off when not used.
  6. Make sure there is an anti virus software installed in your Smartphone and update it when updates are available. Examples of some anti virus software available in the market � AVG, antivirus free, Avast, lookout, NQ mobile security and etc...
  7. Do not perform any personal online banking using public Wi-Fi connections or un-trusted networks. It�s a good idea not to do any personal banking in mobile phones as they are less secure than pc�s and once the phone is attacked it is possible for the attacker to steal all the personal information.

Mithursan Joseph, Sri Lanka CERT|CC


6 Biggest Breaches Of 2012 So Far

  By Ericka Chickowski, Contributing Writer
Dark Reading | Jun 20, 2012 | 11:50 AM |

"Now that we're just about at the halfway point of the year, it is just as good of a time as any to take stock of the data breach environment and start gathering lessons from others' missteps....."

Facebook Monitors Your Chats for Criminal Activity

By Alex Fitzpatri | July 12, 2012


"Facebook and other social platforms are watching users� chats for criminal activity and notifying police if any suspicious behavior is detected, according to a report...."

Hackers strike again, hit Nvidia's developer zone
By Roger Cheng | July 13, 2012 4:53 AM PDT

"Nvidia is the latest company to get hit by hackers: The chipmaker was forced to take down its developer support Web site yesterday because user passwords may have been compromised...."

Over 1 million user credentials compromised in Android Forums hack
  13 July 2012, 13:12

"Phandroid, a popular Android news site, has confirmed that its Android Forums web site was compromised and that private user data has been accessed..."


Month in Brief

Facebook Incidents Reported to Sri Lanka CERT|CC in Jun 2012


  Fake + Harassment



Statistics - Sri Lanka CERT|CC



New 'Warp' Trojan Poses As A Network Router

By Kelly Jackson Higgins | Jul 12, 2012 | 03:51 PM
"Researchers have found a new Trojan out of China that mimics a router in order to intercept traffic and spread throughout the network.
The so-called Warp Trojan isn't related to more common malware like Zeus or SpyEye, and it operates as a stage-two infection rather than a bot-run one. It appears to be spreading adware mainly in China, and the attackers behind it also appear to be out of China..."

Skype bug sends messages to random contacts, fix coming soon

By Emil Protalinski | July 16, 2012 | 16:29 GMT (09:29 PDT)

"A bug has been discovered in Skype that sends users' private instant messages to other contacts whom the messages were never intended for. Skype has confirmed the issue and is working on a fix...."

  Notice Board
  Training and Awareness Programmes - July 2012  
Date Event Venue
- 5 Zonal ICT Coordinators  Meeting- Southern Province Provincial Department of Education-Galle
6 Zonal ICT Coordinators  Meeting- Uva Province Provincial ICT Center, Buttala
9 Zonal ICT Coordinators  Meeting- North Central  Province Thopawewa Zonal  ICT center, Pollonnaruwa
10 Zonal ICT Coordinators  Meeting- Eastern  Province Provincial ICT Center, Trincomalee
13 Zonal ICT Coordinators  Meeting- Central Province Provincial Department of Education-Kandy
16-19 Workshop on Learning Content Management System (Batch 1) Provincial ICT Center, Pannipitiya
20-23 Workshop on Learning Content Management System (Batch 2) Provincial ICT Center, Pannipitiya
21 Public Seminar on Grade 5 Scholarship (Conducted under Web Patashala  project) "Nava Rangahala" , Royal College, Colombo7
23 Zonal ICT Coordinators  Meeting- Western Province Provincial Department of Education-Greenpath
28 Opening of "Mahindodaya" ICT Laboratory Mahinda Rajapakse Vidyalaya, Pitipana, Homagama
28 Opening of "Mahindodaya" ICT Laboratory Kothalawalapura MV, Rathmalana
31 Zonal ICT Coordinators  Meeting- North Western Province Provincial Department of Education-Kurunegala 
Training and Awareness Programmes - August 2012
Date Event Venue
1 Zonal ICT Coordinators  Meeting- North Northern  Province Provincial Department of Education-Jaffna 

Brought to you by: