Offshore Outsourcing & Scammer

Blog about offshore outsourcing and scammer in the outsourcing industry

Apple kicks anti-virus apps from the app store

The reason given for sacking from the App Store called the producers is that users may believe that there are viruses on iOS.

Apple has removed over the past few days, several anti-virus apps from the App Store. Among them was VirusBarrier for iOS by the manufacturer Intego. The app was located since 2011 in the App Store.

Once the app has been removed, Jeff Erwin, the CEO from Intego, has asked Apple for their reasons. According to Apple, the description of his app was misleading, since users might think there would be viruses on iOS. After he had changed the description of the app to make it clear that the app scans emails and downloads, Erwin has taken the case to the executive suite of Apple - without success.

Apple has not only thrown VirusBarrier, several apps and also the corresponding category from the App Store. Some apps are still online, such as Avira Mobile Security, Lookout Antivirus & Security and McAfee Security. These apps are free, VirusBarrier cost $ 0.99. What criteria exactly Apple classifies an antivirus app misleading, is not known.

Apple has been always arrogant. Arrogance comes sooner or later to a fall off.

Apple with Worm 

Thank god, we don't need that crap on iOS or on Macs. Plain and simple, you don't need antivirus on Apple platforms. Period. I've used Macs since 1990 and not once have I ever conceived of the notion of installing antivirus on my Macs.

You are doing yourself and all Mac users here a disservice by saying stuff like this. It is widely known in the industry, especially with companies like Sophos and Kaspersky, that there are definitely Mac viruses in the wild that can infect Mac computers that do not have antivirus installed.

Just because you have a Mac does NOT mean you are immune to viruses. It is a very dangerous misconception that you are 100% protected because you use a Mac.

Mac Virus & Malware Threats: http://www.kaspersky.com/internet-security-center/threats/mac

Mac Virus Lets Hackers Control Thousands Of Computers, Through Reddit: http://www.ibtimes.com/mac-virus-lets-hackers-control-thousands-computers-through-reddit-1699227

http://www.huffingtonpost.com/news/mac-virus/

Apple Vows To Fight Flashback Virus, Mac Users Receive Wake-Up Call: http://www.huffingtonpost.com/2012/04/11/apple-flashback-virus_n_1417886.html

Apple Stops Boasting That Macs Are Virus Free: http://www.huffingtonpost.com/2012/06/25/mac-virus-apple_n_1625110.html

Security Firm: Microsoft Ahead Of Apple: http://www.huffingtonpost.com/2012/04/26/microsoft-security-apple_n_1456073.html

Surprising Number Of Macs Infected With Malware: http://www.huffingtonpost.com/2012/04/24/mac-malware_n_1448561.html

Be safe out there, everyone. Don't believe the hype that you're protected just because you use Mac. With Apple's growing marketshare comes the greater possibility that Macs will be targeted. Especially when its a common belief among Mac users that they're invincible.

 

NSA Planted Stuxnet-Type Malware Deep Within Hard Drive Firmware

The U.S. National Security Agency (NSA) may be hiding highly-sophisticated hacking payloads in the firmware of consumer hard drives over the last 15 to 20 years in a campaign, giving the agency the means to eavesdrop on thousands of targets’ computers, according to an analysis by Kaspersky labs and subsequent reports.

 

'EQUATION GROUP' BEHIND THE MALWARE

The team of malicious actors is dubbed the the "Equation Group" by researchers from Moscow-based Kaspersky Lab, and describes them as "probably one of the most sophisticated cyber attack groups in the world," and "the most advanced threat actor we have seen."

The security researchers have documented 500 infections by Equation Group and believes that the actual number of victims likely reaches into the tens of thousands because of a self-destruct mechanism built into the malware.

 

TOP MANUFACTURERS' HARD DRIVES ARE INFECTED

Russian security experts reportedly uncovered state-created spyware hidden in the hard drive firmware of more than dozen of the largest manufacturers brands in the industry, including Samsung, Western Digital, Seagate, Maxtor, Toshiba and Hitachi.

These infected hard drives would have given the cyber criminals persistence on victims' computers and allowed them to set up secret data stores on the machines, which is only accessible to the malicious hackers.

 

UNABLE TO REMOVE THE INFECTION

One of the most sophisticated features of these notorious piece of hacking tools is the ability to infect not just the files stored on a hard drive, but also the firmware controlling the hard drive itself. The malware is hidden deep within hard drives in such a way that it is difficult to detect or remove it.

If present, once the victim insert that infected storage (such as a CD or USB drive) into an internet-connected PC, the malicious code allows hackers to snoop victims' data and map their networks that would otherwise be inaccessible.

Because the malware isn't sitting in regular storage, so it is almost impossible for a victim to get rid of it or even detect it. Such an exploit could survive a complete hard drive wipe, or the re-installation of an operating system, and "exceeds anything we have ever seen before," the company's researchers wrote in a report.

 

MORE ADVANCED TECHNIQUES USED BY EQUATION GROUP

The firm recovered two modules belonging to Equation group, dubbed EquationDrug and GrayFish. Both were used to reprogram hard drives to give the malicious hackers ability to persistently control over a target machine.

GrayFish can install itself into computer's boot record — a software code that loads before the operating system itself — and stores all of its data inside a portion of the operating system known as the registry, where configuration data is normally stored.

 GrayFish architecture - Kaspersky Labs

EquationDrug, on the other hand, was designed to be used on older versions of Windows operating systems, and "some of the plugins were designed originally for use on Windows 95/98/ME" - very old versions of Windows OS that they offer a good indication of the Equation Group's age.

 

TARGETED COUNTRIES AND ORGANISATIONS

The campaign infected tens of thousands of personal computers with one or more of the spying programs in more than 30 countries, with most infections seen in Iran, followed by Russia, Pakistan, Afghanistan, China, Mali, Syria, Yemen and Algeria.

The targets included government and military institutions, telecommunication providers, banks and financial institutions, energy companies, nuclear researchers, mass media organisations, and Islamic activists among others.

Equation Group Victims Map - Kaspersky Labs 

'ANCESTOR' OF STUXNET & FLAME

Security researchers are calling the malware as the "ancestor" of Stuxnet and Flame, the most sophisticated and powerful threats that were specially designed to spy and sabotage ICS and SCADA systems.

 

LINKS TO NSA

Kaspersky declined to publicly name the country or agency behind the spying campaign, but said it was closely linked to Stuxnet — the NSA-led cyberweapon that was used to sabotage the Iran's uranium enrichment facility.

Also, the similarities when combined with previously published NSA hard drive exploits have led many to speculate that the campaign may be part of the NSA program. NSA is the agency responsible for global surveillance program uncovered by Whistleblower Edward Snowden.

Another reason is that most of the infections discovered by the Moscow-based security firm have occurred in countries that are frequently US spying targets, such as China, Iran, Pakistan and Russia.

Meanwhile, Reuters reported sources formerly working with the NSA confirmed the agency was responsible for the attacks and developed espionage techniques on this level.

 

NSA INVOLVEMENT COULD BE RISKY

In case, if NSA found to be involved, the malicious program would have given the NSA unprecedented access to the world's computers, even when the computers are disconnected from the outer web. Computer viruses typically get activated as soon as a device is plugged in, with no further action required, and this because the viruses are stored on a hard drive's firmware.

Back in July, independent security researchers discovered a similar exploit targeting USB firmware — dubbed BadUSB — however there was no indication of the bugs being developed and deployed by Equation Group at this scale.

The issue once again raises the questions about the device manufacturers' complicity in the program. They should take extensive and sustained reverse engineering in order to successfully rewrite a hard drive's firmware.

For its part, the NSA declined to comment on the report.