STE WILLIAMS

Google has been accused of “fraudulently” accessing a rival Kenya-based business listings database and then attempting to sell the internet giant’s competing GKBO product to that customerbase.

That’s the remarkable claim made by Stefan Magdalinski of startup Mocality.

The outfit alleges that some of Google’s staff based in both Kenya and India had contacted nearly 30 per cent of the people listed on Mocality’s database as of 11 January.

The evidence provided by Magdalinski is certainly compelling as it appears to have caught Google employees acting inappropriately.

“Our database IS our business, and we protect and tend it very carefully. We spot and block automated attacks, amongst other measures. We regularly contact our business owners, to help them keep their records up-to-date, and they are welcome to contact our call centre team for help whenever they need it,” said Magdalinski, who told The Register that he was yet to hear from Google, following publication of his damning blog post earlier today.

He noted that Google launched its Getting Kenyan Businesses Online (GKBO) site in September last year.

“Whilst we saw aspects of their programme that were competitive, we welcomed the initiative, as Kenya still has enough growth in it that every new entrant helps the overall market,” Magdalinski wrote.

“We are also confident enough in our product, our local team, and our deep local commitment that we believe we can hold our own against any competition, playing fair.”

But according to Magdalinski’s claim, Google has – since October 2011 – allegedly been “systematically accessing Mocality’s database and attempting to sell their competing product to our business owners. They have been telling untruths about their relationship with us, and about our business practices, in order to do so.”

Initially, Mocality’s boss thought a “rogue” call centre employee at Google was responsible for the apparent misdeed. He planned to contact Mountain View and tell the company that an individual was violating its terms and conditions.

But an investigation of its server logs carried out by Mocality uncovered what Magdalinski described as “a human-powered, systematic, months-long, fraudulent (falsely claiming to be collaborating with us, and worse) attempt to undermine our business, being perpetrated from call centres on two continents.”

He acknowledged that Google’s search was vital to Mocality’s business, whose directory is designed specifically for mobile phone users in Kenya.

But Magdalinski, who co-founded Silicon Roundabout’s celebrated business card startup Moo.com, isn’t happy with Mountain View.

“Kenya has a comparatively well-educated but poor population and high levels of unemployment. Mocality designed our crowd-sourcing programme to provide an opportunity for large numbers of people to help themselves by helping us,” said Mocality’s CEO.

“By apparently systematically trawling our database, and then outsourcing that trawl to another continent, Google isn’t just scalping us, they’re also scalping every Kenyan who has participated in our programme.”

A Google spokesman gave The Register this statement: “We’re aware that a company in Kenya has accused us of using some of their publicly available customer data without permission. We are investigating the matter and will have more information as soon as possible.”

The reason that Google describes the data as “publicly available” is probably due to the fact that the business listing built up by Mocality was stitched together using a crowd-sourcing method, which might yet prove to be a stumbling block for Magdalinski in this whole sorry affair.

However Magdalinski alleges that Google representatives lied by telling punters they were working in collaboration with Mocality – a claim that he admits is “deadly serious”. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/01/13/mocality_kenya_business_listing_startup_google_false_collaboration_claim/

A new strain of the Sykipot Trojan is been used to compromise the Department of Defense-sanctioned smart cards used to authorise network and building access at many US government agencies, according to security researchers.

Smart cards are a standard means of granting active duty military staff, selected reserve personnel, civilian employees and eligible contractors access to intranets at US Army, Navy and the Air Force facilities. They can be used to get into buildings or, when used in conjunction with a static password, to access networks.

Chinese hackers have adapted the Sykipot Trojan to lift card credentials from compromised systems in order to access classified military networks, according to researchers at security tools firm AlienVault. An adapted version of the Trojan targets PCs attached to smart card readers running ActivClient, the client application of ActivIdentity, in what’s been described as a ‘smart card proxy’ attack.

The Sykipot Trojan was first created three years ago and featured in a number of industrial espionage-style attacks. Researchers at AlienVault captured an adapted version of the malware – specifically designed to circumvent authentication technology supplied by ActivIdentity – in a honeypot around two weeks ago. Subsequent analysis suggests that hackers added a smart card module to existing malware around March 2011.

The development of super-spy software

AlienVault reckons the new strain of Sykipot Trojan was developed by the same Chinese authors that created earlier versions of the malware, first seen around three years ago. Previous builds of the Trojan were promoted by spammed messages that posed as information about the next-generation of US Air Force drones. In reality the message pointed at drive-by-download sites that featured the Sykipot Trojan as a payload and took advantage of various IE and Adobe Reader security flaws, as explained in more detail here.

The malware featured in targeted attacks against aerospace technology firms, among others, that were ultimately designed to extract commercially sensitive information from compromised systems.

The latest run of attacks also features spear phishing emails that attempt to trick marks into clicking on a link that deposits the Sykipot malware onto their machines. This time around the malware uses a key-logger to steal PINs associated with smart cards. Once attackers have authentication codes and associated PINs they gain the same level of trusted access to sensitive networks as the user whose credentials they have stolen.

The cyber-criminals behind the attack are using a version of Sykipot first baked in March 2011 that has featured in dozens of attacks since, according to AlienVault.

Jaime Blasco, AlienVault’s lab manager, told El Reg that Chinese messages in embedded code, the use of command and control servers in China as well as the use of exclusive use of the software in China all provide evidence that Chinese hackers are ultimately behind the attack. Blasco added that the use of dynamic tokens that offer two-factor authentication would thwart this particular line of attack.

AlienVault supplies security event logging technology and does not compete with ActivIdentity. Blasco said it had not supplied either ActivIdentity nor the DoD with malware samples or notification of its research, which was first publicised via an article in the New York Times on Thursday. ActivIdentity’s smart cards are standard issue at the DoD and a number of other US government agencies. Other users include Monsanto, BNP Paribas and Air France, the NYT adds.

In response to AlienVault’s research, ActivIdentity said in a statement: “We are aware of the recent reports that purportedly identified a new attack method that could hijack smart card-based certificates.

“We take these reports very seriously and are working diligently to investigate the potential threat. At this time, we are confident that the purported threat poses no immediate risk to our customers.” ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/01/13/sykipot_trojan_dod_smart_card_attack/

The Information Commissioner is proposing to issue its heaviest ever fine for a breach of UK data protection laws. It proposes fining a health body after patient records were stolen from a hospital and sold on eBay.

Brighton and Sussex University Hospitals NHS Trust told Out-Law.com that hard drives containing patient data had been sold on the auction website by a contractor it employed to destroy them. A spokesperson for the Information Commissioner’s Office (ICO) said the watchdog had proposed fining the Trust £375,000 over the incident. The Trust has challenged the suggested penalty. “We were the victims of a crime,” Duncan Selbie, chief executive of Brighton and Sussex University Hospitals NHS Trust said in a statement. “We subcontracted the destruction of these hard drives to a registered contractor who subsequently sold them on eBay.”

“As soon as we were alerted to this we informed the police and with their help we recovered all the hard drives stolen by this individual,” he said. “We are confident that there is a very low risk of any of the data from them having passed into the public domain. We have subsequently received a Notice from the Information Commissioner’s Office proposing a fine of £375,000 which we are, in the circumstances, challenging.”

Under the Data Protection Act (DPA) organisations must take “appropriate technical and organisational measures … against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data”. The law requires organisations to be extra protective over sensitive personal data, such as patient medical records. In a statement the ICO said it is “currently making inquiries into a possible breach of the Data Protection Act and is unable to speculate on what action will be taken at this time.”

The data was lost from Brighton General Hospital in September 2010, according to a report by the BBC.

Under the DPA the ICO has the power to issue penalties of up to £500,000 for serious data breaches. The ICO can issue notices indicating to organisations responsible for the data what punishment, if any, it considers appropriate for the breach but can decide to alter or withdraw the proposed penalty in a final determination if representations made by those organisations persuade it to do so.

The biggest fine the ICO has ever issued is £130,000. The watchdog fined Powys County Council the money after pages from a child protection report were wrongly included as part of a separate document sent to a member of the public.

The ICO recently published an information rights strategy in which it detailed its intention to give “particular regulatory attention” to health organisations as part of prioritisation of its enforcement action.

Copyright © 2012, OUT-LAW.com

OUT-LAW.COM is part of international law firm Pinsent Masons.

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/01/13/nhs_fined_stolen_data/

Cybercrime buster ThreatMetrix has added Australian malware protector TrustDefender to its global fold.

Following the acquisition TrustDefender will operate under the ThreatMetrix name with global operations in the United States, Australia and Europe. The corporate headquarters will be located in San Jose, California. The co-founder and CEO of TrustDefender Andreas Baumhof, will join ThreatMetrix as CTO.

“In 2011 we saw a huge increase in sophisticated MitB Trojan activities supporting fraudulent transactions with stolen identities,” said Baumhof.

“Malware protection and fraud prevention are closely related, yet no truly integrated solutions were available in the market. The merger allows ThreatMetrix to address fraud prevention and malware protection as a single problem and deliver real benefits to customers at a lower cost,” he added.

TrustDefender, which was founded in Sydney in 2006, services clients across banking, e-commerce, government, and cloud application providers to reduce the cost of online fraud.

The company gained attention for its combination of device and page fingerprinting technologies, which instantly detects the source of any attempts to compromise an organization’s online defenses. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/01/12/trustdefender_acquired_by_threatmetrix/

The latest survey scam doing the rounds on Facebook works by falsely offering to change the profile of prospective marks from blue to red, black or shocking pink.

Typical lures state: “Switch to Pink Facebook (Limited Time!) [LINK] Say goodbye to the boring blue profile and say hello to the pink profile!!”

If users follow these links, they’re first told they need to share the link with their online friends, further spreading scam messages, or alternatively are invited to offer endorsements for the link. Surfers are then invited to complete a worthless survey, earning scammers a commission in the process.

Survey scams have become endemic over recent months and the latest scam is, in truth, noteworthy mainly because the “prize” on offer is especially lame. More details of the scam – including screenshots – can be found in a blog post by Sophos here.

Sophos points out that it is possible to customise the colour of Facebook profiles without becoming unwitting participants in a privacy-threatening survey scam. “There are number of GreaseMonkey scripts which will work alongside the Firefox web browser to customise the look of Facebook – just as the look of eBay or GMail can be similarly changed on the fly if you choose,” it notes.

“Clearly there’s a demand for such customisation – even if it serves no practical purpose. But just make sure that your hunger for a pink-themed Facebook doesn’t lead you into a scheme designed purely to earn money for scammers.”

Facebook is rolling out Timeline as a “new” feature to replace traditional user profile pages. True to form, this feature has also become the target of survey scams over recent days, net security firm Eset warns.

An infographic on Facebook scams, and tips for avoiding them, can be found in a blog post from Check Point’s Zone Alarm personal firewall division here. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/01/12/colour_change_facebook_survey_scam/

Stratfor has restored its website to normal operation on Wednesday, more than two weeks after a hack attack by Anonymous that made the global intelligence analyst firm a byword for information insecurity.

Members of Anonymous made off with stolen emails and credit-card data after breaking into Stratfor’s chronically insecure website in early December, much earlier than previously acknowledged. The website, torched during the attack, was restored on Wednesday to normal operation, along with an apology of sorts from its chief exec for its poor pre-hack security.

Chief among Stratfor’s mistakes was the failure to encrypt the credit card files that hacktivists stole and later dumped online. George Friedman, chief exec of Stratfor, blamed the rapid growth of the firm for this school boy error, which it has belatedly rectified.

The FBI made it clear that it expected the theft to be exposed by the hackers. We were under no illusion that this was going to be kept secret. We knew our reputation would be damaged by the revelation, all the more so because we had not encrypted the credit card files.

This was a failure on our part. As the founder and CEO of Stratfor, I take responsibility for this failure, which has created hardship for customers and friends, and I deeply regret that it took place. The failure originated in the rapid growth of the company. As it grew, the management team and administrative processes didn’t grow with it.

The trickster hacktivists who hit Strafor not only stole its data but defaced its website and thrashed its systems, as Friedman explains.

With the credit card information stolen, I assumed that the worst was done. I was wrong.

Early in the afternoon of Dec 24, I was informed that our website had been hacked again. The hackers published a triumphant note on our homepage saying that credit card information had been stolen, that a large amount of email had been taken, and that four of our servers had been effectively destroyed along with data and backups. We had expected they would announce the credit card theft. We were dismayed that emails had been taken. But our shock was at the destruction of our servers. This attack was clearly designed to silence us by destroying our records and the website, unlike most attacks by such groups.

Strafor specialises in geopolitical analysis, but judging from Friedman’s post it remains pretty much in the dark about the motives of the hackers who hit it with such force, beyond suggesting that they supposedly perceived Stratfor as the intelligence hub in a non-existent global conspiracy. Friedman suggests Anonymous was trying to silence it, defiantly boasting that these efforts have failed.

The attempt to silence us failed. Our website is back, though we are waiting for all archives to be restored, and our email is working again. Our failures have been reviewed and are being rectified. We deliberately shut down while we brought in outside consultants to rebuild our system from the ground up.

A video statement from Friedman can be found here.

Anonymous boasted of stealing Stratfor’s confidential client list as well as email spools and more than 4,000 credit card details after extracting 20GB of data from Stratfor’s systems. One member boasted of plans to use the stolen credit card data to make donations to charities including the Red Cross. Such transactions are highly likely to be identified and reversed, potentially leaving charities worse off in the process (as a result of charge-back fees) but more likely just achieving a huge inconvenience all round.

Hacktivists threatened to release stolen emails but nothing much has come of this threat so far. Strafor provides intelligence services for law enforcement agencies, among others, making them target for anti-sec hacktivists, who enjoy exposing the security failings of infosec consultancies and FBI affiliates.

Various comments from the semi-official AnonymousIRC account gently mocked Stratfor’s statement and Wednesday and mocked the supposed ability of the firm to keep its website available. “What’s that? stratfor.com – Not able to keep up your site for just a few hours!?” Later the hacktivists added: “To avoid misinterpretations: we’re NOT dosing #Stratfor. We just interpreted their statement. :)” ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/01/12/stratfor_returns/

Cyber-attacks against governments and businesses are among the top five risks in the world in terms of likelihood, according to the startlingly obvious World Economic Forum’s (WEF) Global Risks for 2012 report.

According to the international organisation, famous for its annual conferences held in the Swiss resort of Davos, cyber-attacks come in at number four of the risks most likely to materialise: just behind economic fears about income disparity and fiscal imbalances, and concern about rising greenhouse gas emissions.

After holding a mix of interviews, surveys and workshops with experts, the WEF’s Risk Response Network penned the pretty document, which weighs up what’s pressing on the minds of nation states and top firms.

In the technological sphere, the experts are most afraid of cyber-attacks that spark some sort of devastating malfunction in power plants, water supplies and other critical systems, but they figure that has a relatively low likelihood of happening.

Steve Wilson, chief risk officer for general insurance at Zurich and a member of the project, said the biggest concern for the WEF was the complexity of internet security. He said: “We don’t even really understand the risks yet.”

The report, which tries to look at the next 10 years of risk, pointed out that technology moves so fast, it’s difficult for anyone to keep up with:

Only ten years ago, the dot-com bubble burst, and claims about the internet’s potentially transformative benefits seemed to have been wildly overstated. We can now see that they were not so much overstated as premature. It is worth considering whether the same could prove to be true of current alerts about the internet’s potentially transformative risks.

The WEF dossier concludes: “A healthy digital space is needed to ensure stability in the world economy and balance of power.” While this is nothing new to folks in the technology sector, the issue is creeping up many political agendas, and the the report calls “urgently” for new mechanisms to get private investment into exploring system vulnerabilities.

The report also said that information about cyber-attacks and cybercrime is hard to come by:

Research into cyber threats against governments and the private sector has largely been funded by those who are in the business of selling internet security solutions – a potential bias that causes scepticism. Academic and policy papers are based largely on anecdotal case studies.

Vendors of online security products have an interest in talking up the threats of cybercrime, while victims of cybercrime often have an interest in remaining silent. It is therefore very difficult for firms and organisations to get a clear picture of the true levels of the risk and needs for investment. Correcting such information asymmetries should be at the centre of policies to improve global cyber security and to ensure an efficient market.

Although technological concerns are featuring in the top 5 most likely risks this year for the first time since 2007, the experts are still most worried about the ongoing financial crises around the world.

The risk with the most likelihood of happening, according to the experts, is severe income disparity.

While most of us don’t feel that wage inequality is quite as bad as when the world had serfs (which is up for debate really), those 1 per cent statistics are nevertheless bringing people down. The report said:

On an unprecedented scale around the world, there is a sense of receding hope for future prospects. Gallup polling data in 2011 reveal that, globally, people perceive their living standards to be falling, and they express diminishing confidence in the ability of their government to reverse this trend.

Their discontent is exacerbated by the starkness of income disparities: the poorest half of the global population owns barely 1 per cent of the global wealth, while the world’s top 1 per cent owns close to half of the world’s assets.

Knowing that a lot of folks earn more than them can be an incentive, but if people, especially the yoof, think that they can’t get anywhere no matter how hard they work, they get pretty hacked off. The report warned:

The social unrest that occurred in 2011, from the United States to the Middle East, demonstrated how governments everywhere need to address the causes of discontent before it becomes a violent, destabilising force.

You can read the full report on the potentially bleak future awaiting mankind here (64-page PDF/6.8MB). ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/01/12/world_economic_forum_risks/

Cyber-attacks against governments and businesses are among the top five risks in the world in terms of likelihood, according to the startlingly obvious World Economic Forum’s (WEF) Global Risks for 2012 report.

According to the international organisation, famous for its annual conferences held in the Swiss resort of Davos, cyber-attacks come in at number four of the risks most likely to materialise: just behind economic fears about income disparity and fiscal imbalances, and concern about rising greenhouse gas emissions.

After holding a mix of interviews, surveys and workshops with experts, the WEF’s Risk Response Network penned the pretty document, which weighs up what’s pressing on the minds of nation states and top firms.

In the technological sphere, the experts are most afraid of cyber-attacks that spark some sort of devastating malfunction in power plants, water supplies and other critical systems, but they figure that has a relatively low likelihood of happening.

Steve Wilson, chief risk officer for general insurance at Zurich and a member of the project, said the biggest concern for the WEF was the complexity of internet security. He said: “We don’t even really understand the risks yet.”

The report, which tries to look at the next 10 years of risk, pointed out that technology moves so fast, it’s difficult for anyone to keep up with:

Only ten years ago, the dot-com bubble burst, and claims about the internet’s potentially transformative benefits seemed to have been wildly overstated. We can now see that they were not so much overstated as premature. It is worth considering whether the same could prove to be true of current alerts about the internet’s potentially transformative risks.

The WEF dossier concludes: “A healthy digital space is needed to ensure stability in the world economy and balance of power.” While this is nothing new to folks in the technology sector, the issue is creeping up many political agendas, and the the report calls “urgently” for new mechanisms to get private investment into exploring system vulnerabilities.

The report also said that information about cyber-attacks and cybercrime is hard to come by:

Research into cyber threats against governments and the private sector has largely been funded by those who are in the business of selling internet security solutions – a potential bias that causes scepticism. Academic and policy papers are based largely on anecdotal case studies.

Vendors of online security products have an interest in talking up the threats of cybercrime, while victims of cybercrime often have an interest in remaining silent. It is therefore very difficult for firms and organisations to get a clear picture of the true levels of the risk and needs for investment. Correcting such information asymmetries should be at the centre of policies to improve global cyber security and to ensure an efficient market.

Although technological concerns are featuring in the top 5 most likely risks this year for the first time since 2007, the experts are still most worried about the ongoing financial crises around the world.

The risk with the most likelihood of happening, according to the experts, is severe income disparity.

While most of us don’t feel that wage inequality is quite as bad as when the world had serfs (which is up for debate really), those 1 per cent statistics are nevertheless bringing people down. The report said:

On an unprecedented scale around the world, there is a sense of receding hope for future prospects. Gallup polling data in 2011 reveal that, globally, people perceive their living standards to be falling, and they express diminishing confidence in the ability of their government to reverse this trend.

Their discontent is exacerbated by the starkness of income disparities: the poorest half of the global population owns barely 1 per cent of the global wealth, while the world’s top 1 per cent owns close to half of the world’s assets.

Knowing that a lot of folks earn more than them can be an incentive, but if people, especially the yoof, think that they can’t get anywhere no matter how hard they work, they get pretty hacked off. The report warned:

The social unrest that occurred in 2011, from the United States to the Middle East, demonstrated how governments everywhere need to address the causes of discontent before it becomes a violent, destabilising force.

You can read the full report on the potentially bleak future awaiting mankind here (64-page PDF/6.8MB). ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/01/12/world_economic_forum_risks/

Mozilla has pledged to update old versions of Firefox with security fixes, granting enterprises extra time to test and deploy major upgrades of the browser safe in the knowledge that vulnerabilities in existing installations will be patched.

It’s not clear which builds will fall onto Mozilla’s safety net, however, so IT departments are more or less left to bet on running the right versions on their corporate machines.

Announced on Tuesday, the Firefox Extended Support Release (ESR) will maintain builds of desktop Firefox for a period of 54 weeks, covering nine full releases of Mozilla’s browser, the non-profit said.

Each ESR will be updated with point releases that will be limited to what Mozilla called “high-risk/impact security vulnerabilities” – those risks considered “critical” and “high”. Functional enhancements and stability fixes in new point releases won’t be back ported.

Once the 54 weeks is up, that’s it according to Mozilla:

When an ESR reaches end-of-life, no further point releases or chemspill updates will be offered for that ESR, and an update to the latest supported version of the ESR (or Desktop Firefox, if the ESR for that platform is discontinued) will be offered to users of the end-of-lifed version.

The versions of Firefox that will qualify as ESRs is left to Mozilla’s discretion. Based on the original ESR proposal, outlined by Mozilla vice-president of products Jay Sullivan here, it will be the non-profit that anoints the versions of Firefox that receives extended coverage. Sullivan’s blog talks of an ESR period of 42 weeks but that has been pushed out 54 weeks under the finished plan.

Based on a handy chart, here and some accompanying text from Mozilla it does seem that ESRs will not accompany each version of Firefox. This means you will have to pre-empt Mozilla in picking the versions of Firefox considered important enough to qualify for ESR support.

Nobody from Mozilla was available to clarify this aspect of the ESR at the time of publication. ESRs will start with Firefox 10, currently in beta.

The ESR programme was introduced by Mozilla’s Enterprise Working Group after the rapid release cycles seen in 2011 were criticised for not giving enterprises enough time to test new versions of Firefox with their apps, extensions and plug-ins.

At one point last year, one of Mozilla’s top figures Asa Dotzler dismissed the importance of corporate users in response to disapproval from an adopter who’d spent months readying 500,000 corporate users for Firefox 4 when Mozilla released Firefox 5.

Mozilla chief executive Gary Kovacs subsequently tweeted that enterprise customers are important to Mozilla and Firefox. “Enterprises are built of people, and Mozilla is fundamentally about people. We support Firefox users wherever they are,” he said. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/01/11/mozilla_firefox_extended_support/

Security researchers have spotted spam emails that point at URLs featuring embedded Quick Response codes (QR codes).

QR codes are a two-dimensional matrix barcode that can be scanned by a camera phone to link users directly to a website that can host any type of content, malicious or otherwise. By using QR codes (rather than links) as a jump-off point to spamvertised sites, spammers can disguise the ultimate destination of links as well as improving click-through rates. In particular, the approach helps when it comes to targeting mobile users.

Spam messages spotted by Websense look like traditional pharmaceutical spam emails, with the twist that they link to a legitimate (but abused in this case) website, 2tag.nl. The legitimate web service allows users to create QR codes for URLs but has in this case been abused to create links that ultimately point to Canadian Pharmacy penis pill sites.

This is how the scam works. When the spammed user loads the trusted URL in the browser, a QR code appears. Scanning the QR code with a QR reader loads the pharmaceutical spam URL in the browser.

QR codes could be the next step in mobile malware propagation because the technique offers the “ultimate URL obfuscator”, according to net security firm Websense, which was the first to warn of the QR code mobile spam ploy.

Elad Sharf, a security researcher at Websense Security Labs, commented: “We’ve been looking at QR codes as a potential malware/spam route for a while now. Inherent in the design is a level of trust and novelty that can be abused. In many ways it was just a matter of time before we saw spam messages point to URLs that use embedded QR codes. This is a clear movement and evolution of traditional spammers towards targeting mobile technology.”

More details, including screen grabs of the scam in action, are available in a post by Websense here.

QR codes have been cropping up in increasing numbers in magazines and newspapers, on posters, tickets and websites. According to a recent study by Chadwick Martin Bailey, around half of the 1,200 consumers surveyed interacted with a QR code when they saw one, with 21 per cent then going on to share personal information. Curiosity and information-gathering were the primary reasons for wanting to scan a code, with the promise of discounts and special offers a particular incentive, just the sort of interest that cybercrooks often exploit for their own nefarious ends.

“While these are primarily used as a marketing tool for advertisers so that customers can get more information on products or services, cybercriminals know that services that pique interest or offer ‘special deals’ are often prime targets for spreading malware, stealing identities and phishing for personal information,” commented Claus Villumsen, CTO at BullGuard. “In other words, QR codes make things run faster and easier, but they can also pose a threat to your mobile security.”

One notable malicious attack using QR code took place in Russia in 2011, and involved a Trojan disguised as a mobile app called Jimm. Once installed, “Jimm” sent a series of expensive text messages to premium-rate numbers, leaving victims out of pocket as a result. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/01/11/qr_codes_mobile_spam/