Security Blog

HKCERT has received reports of incidents on a ransom-ware named "CryptoLocker". The malware attacks victims through phishing emails. Once infected, the malware encrypts not only the files located in the affected machines, but also the files shared on the network drive connected.   ...

 HKCERT is aware of  the announcement Adobe made on her blog  on 3rd October which revealed that the source code of multiple Adobe product including ColdFusion, ColdFusion Builder and Acrobat had been stolen by hackers, and that the hackers also removed from Adobe’s...

  Favourite Security Reads of the Week (4 Oct 2013)   "Favourite Security Reads of the Week". Each week we share five news or articles that we like. We hope you will love this column and we welcome your comment via email to hkcert@hkcert....

October 2013 Issue of Security Newsletter is available now: /my_url/en/newsletter/1310   Cover Story Pushdo Botnet Detection and Cleanup in Hong Kong  Security Guideline Bring Your Own Device (BYOD) Security Guidelines   Hot Topic Hong Kong Google Play...

  Hong Kong Computer Emergency Response Team (HKCERT) Coordination Centre cooperates with the National Institute of Network and Information Security (NINIS) for detecting malicious and suspicious behaviors of Apps from the Google Play Store, in order to study the security risk of apps in the Google Play Store in Hong Kong area. NINIS provides us analyzed result, and we collate the detection result and publish security alerts to the public.   In the report of September, we have downloaded 182 apps from Play Store, where 13 apps have been identified as high risk. 5 of them were removed from Play Store (on or before 27-September). The detail of report is shown as follow.   Target scope: Top 50 Free Applications in Hong Kong area Top 50 New Free Applications in Hong Kong area Top 50 Free Games in Hong Kong area Top 50 New Free Games in Hong Kong area   Scanned Apps Successful downloaded and scanned: 182 apps Unable to download via the system: 18 apps Downloaded date: 5-September 2013 List of the downloaded apps: "Appendix 1" [download]   Analysis Overview   In this analysis, 182 apps were scanned for bad behaviors. Based on the level of security threat, the apps were divided into 2 categories: apps with malicious and apps with suspicious behaviors. Malicious behavior refers to apps behavior pose malicious level of security risk, which can be identified explicitly, that causes security threat to users. Suspicious behavior refers to apps behavior pose certain level of security risk, but no malicious behavior can be explicitly identified.   1. Scanning Result   Among the 182 scanned apps, 13 apps were identified as security high risk. These 13 Apps were identified with 11 high risk behavior signatures, Android.Adware.Plankton.A, Android.Adware.Adwo.A, Android.Counterclank.A, Android.Adware.AirPush.G, Android.Trojan.Generic, Android.AdWare.Apperhand, Android.Adware.Plankton.l, Android.Trojan.GingerMaster, Android.AdWare.Ganlet, Android.AdWare.Leadbolt and Android.SMSSend.   List of security high risk apps   Application High risk behavior signature / Ad plug-in Malware detection ratio by VirusTotal Status # 1. Turbo Racing v1.1 Category: New Free Game Installs: >250,000 High risk behavior description: It is an Ad plug-in bundled with App, which can steal user's private information, such as phone number and email address, and send to the 3rd parties. Android.AdWare.LeadboltAndroid.Trojan.GenericAndroid.AdWare.Ganlet 17/48 [link] Removed from play store 2. Journey Wars _ Super Fighting v1 Category: New Free Game Installs: 50,000-250,000 High risk behavior description: This app contains the following high risk behaviors, obtain the name of SIM service provider, status of SIM, read phone number, enable camera automatically, connect to the Internet, etc. Android.AdWare.LeadboltAndroid.AdWare.GanletAndroid.Trojan.Generic 12/47 [link] Available on play store 3. Bubble Combos v1.0.5 Category: Top Free Game Installs: >250,000 High risk behavior description: It is an Ad plug-in bundled with App, which can steal user's private information, such as phone number and email address, and send to the 3rd parties. Android.AdWare.LeadboltAndroid.Trojan.GenericAndroid.AdWare.Ganlet 14/47 [link] Available on play store 4. 瘋狂猜成語 v1.38 Category: Top Free Game Installs: >250,000 High risk behavior description: It advertises application on pop-up ads and commercial ads, which can be downloaded and installed without getting user'...

What is BYOD?   In the past, corporations purchase electronic devices, such as laptops and mobile phones, for staff worked outside of the office. Security of these electronic devices are centralized and managed by IT departments.   In recent years, as the mobile devices develop...

  Favourite Security Reads of the Week (27 Sep 2013)   "Favourite Security Reads of the Week". Each week we share five news or articles that we like. We hope you will love this column and we welcome your comment via email to hkcert@hkcert....

Contents HKCERT operation on Pushdo botnet infection Impact of Pushdo botnet How to detect and remove Pushdo malware Reference   1. HKCERT operation on Pushdo botnet infection   In May 2013, HKCERT received a report from CERT Austria (CERT.at) about...

  Favourite Security Reads of the Week (19 Sep 2013)   "Favourite Security Reads of the Week". Each week we share five news or articles that we like. We hope you will love this column and we welcome your comment via email to hkcert@hkcert....

  Favourite Security Reads of the Week (13 Sep 2013)   "Favourite Security Reads of the Week". Each week we share five news or articles that we like. We hope you will love this column and we welcome your comment via email to hkcert@hkcert....