Thinking of updating your web browsers? Just make sure that you download from legitimate sources, instead of downloading malware disguised as browser updates onto your system.

Just recently, we were alerted to a report of several websites offering updates for Internet browsers like Firefox, Chrome, and Internet Explorer just to name some. Users may encounter these pages by clicking malicious ads.

The bad guys behind this threat made an effort to make this ruse appear legitimate. These pages, as seen below, were made to look like the browsers’ official sites. To further convince users to download the fake update, the sites even offers an integrated antivirus protection:

Instead of an update, users download a malware detected as JS_DLOADR.AET, which was found capable of changing the downloaded binary to have a different payload.

The malicious JavaScript, in turn, downloads TROJ_STARTPA.AET and saved it as {Browser Download Path}\install.exe. Based on our initial analysis, the Trojan modifies the user’s Internet Explorer home page to http://{BLOCKED}rtpage.com, a site that may host other malicious files that can further infect a user’s system.

Read the rest of this entry »

This is the second in a series of blog posts describing the mobile threat landscape in Japan. The first one may be found here. 

Smartphone users in Japan are able to download a wide variety of apps, many of which are either inexpensive or free. Not all of these actually meet what users expect in terms of features, and some even introduce risks that users may not fully understand. In this blog entry, I will report the privacy risks caused by certain apps that we have looked into.

The Ad Delivery Cycle for “Free” Apps

As mentioned in the first entry, we define those apps that demonstrate the following routines without user consent as high-risk apps (referred as “ego apps” in Japan):

• Displaying pop-up ads
• Getting the user’s private information

One reason these apps are significantly increasing lately is the way that ads are sold in Japan.

As you can see in this graph, these ad agents/networks provide software development kits (SDKs) for app developers. By inserting the SDK-provided code into their apps, app developers can have ads appear inside their apps. They would then earn money from how many ads are viewed and/or clicked. This revenue allows the developer to charge little or no money for his app.
Read the rest of this entry »