Malware threats, Facebook privacy and criminal charges all made their way into various security stories in the past week.
The week started out with another battle tied to privacy and security on Facebook, this time stemming from the social network’s decision to allow applications to access users’ mobile phone and address information. Facebook eventually backed down, putting the feature on hold while it institutes changes to ensure users only share information when they intend to. The company did not state exactly what those changes will be, but said they are slated to come in the next few weeks.
The FBI arrested two men in connection with an attack on the AT&T Website last year. Daniel Spitler of San Francisco and Andrew Auernheimer of Fayetteville, Ark., were charged with one count of conspiracy to access a computer without authorization and one count of fraud in connection with personal information. According to the feds, the two were involved in the theft of more than 100,000 e-mail addresses belonging to iPad 3G users last June.
Both men face a maximum penalty of five years in prison and a fine of $250,000 for each count.
Trapster.com notified its users that the company had been attacked, potentially exposing e-mail addresses and passwords belonging to users. Trapster makes a mobile application that warns users about speed traps on the road. While the company released few details about the incident, it said the exploited security hole has been plugged.
On the malware front, researchers at Microsoft brought attention to the Bohu Trojan, which made headlines due to its targeting of cloud-based antivirus technologies. The malware was first observed in China. Once on a system, the Trojan creates and installs a number of files, modifies the registry and writes random junk data into the end of its key payload components to dodge hash-based detection used by cloud-based antivirus technologies. It also installs a Network Driver Interface Specification (NDIS) filter.
According to Microsoft, Bohu blocks access to antivirus cloud servers via a Windows Sockets service provider interface (SPI) filter that blocks network traffic between the cloud security client and server.
“The purpose of the [NDIS] driver is to prevent the antivirus client from uploading data to the server by looking for the server addresses in the IP datagram,” Microsoft researchers Jingli Li and Zhitao Zhou wrote in their blog post. “The driver probes the data stream and find HTTP request keywords and cloud-server names of some of the major Chinese AV vendors, such as Kingsoft, Rising, and Qihoo. We have contacted the relevant vendors about this malware threat.”