SMS text message spam has been greatly increased in the US thanks to an Android Trojan horse that infects your phone and turns it into a spam-bot. The Trojan in this case is SpamSoldier, and it’s allegedly the first such spambot for Android phones and tablets. Whilst other spam bots have infected PCs to send text messages, this is the first SMS-happy spammer to infect Android phones. Thus reiterating my previous warnings that the more a smartphone becomes like a computer, the more viruses will be problematic for smartphones. It’s just the nature of the beast.

In this particular case, SpamSoldier likes to send out SMS messages enticing people to visit web links where they can snag games like Need for Speed: Most Wanted and Angry Birds Space. But, of course, that’s not all that you’re getting, even if the installer app does often times actually give you a free version of the game. That installer also gives you a virus, turning your Android device into an SMS-spewing monster. Which, of course, includes sending other people those same SMS messages that tricked you into downloading it in the first place. And thus it spreads.

It also provides the virus writer with a means to send out other SMS spam for free, which has been used for fishing attacks and other nefarious “fun” and profit. But not profit for you, because you’re the one paying for the SMS text messages that are annoying everyone else. Hope you have an unlimited account.

Antivirus packages, such useless things as they tend to be on phones so far, have as of yet not caught a darned instance of SpamSoldier. Sometimes I wonder why anyone even tries. What good is an antivirus package that doesn’t catch viruses after all?

Admittedly, so far SpamSoldier isn’t exactly spreading like wildfire. It’s not exactly “out of control” as good viruses tend to get. Though perhaps that’s part of the problem, that it’s staying under the radar enough so that people are taking it seriously.

In any event, consider yourself warned. If you want an app, get it from the proper marketplace, not from an unrequested SMS message. (Seriously people. It’s just like email. If you weren’t expecting it and the source is sketchy, don’t go all click-happy! Just delete it.) And if you own a smartphone, or plan to in the future, remember: the more it’s like a PC, the more it’ll get nasty viruses. So far security downright sucks on smartphones. Keep that in mind as you happily enter personal information into them. The more connected a gizmo is, the less secure it is. And you don’t get much more connected than a smartphone. So the next time you get a message for deal that’s too good to be true, please, practice safe text.

Here’s a tricky one, a mass injection virus is hitting the web, specifically targetting … websites.  The “Websense Security Labs^TM Threatseeker^TM Network” has detected a new attack on the world wide web.  It injects malicious Javascript code into legitimate websites, obfuscated as Google Analytics.  The people who visit these infected websites are then redirected to servers that analyze the visitor’s computer, attempting to crack into the computer through any one of at least 10 possible unpatched vulnerabilities.  And if that fails, then falsly notifies the visitor that they have a virus infection and prompts them to download an antivirus software that is actually a trojan horse for the virus, which will in turn try to infect any web pages hosted on the user’s computer.

This attack is itself hard to find (and thusly eliminate) for two reasons.  The first being that it really does look like the legitimate Google Analytics code at work.  The second being that the infection itself is polymorphic, meaning that it actually changes itself with each infection so that you can’t just look for a common snippet of code that clearly marks someone as being infected, as is done to identify most viruses.  This makes it hard to spot and even harder to remove.

Varied numbers of infections have come in, claiming anywhere between 30,000 and 60,000 websites infected so far.  But rest assured, security experts are on the case.

In related news, Electronic Arts is being hit hard for their choice to not DRM The Sims 3.  There have been countless downloads of the game from illegal piracy sites before the game even hit the shelves in stores.  It’s quite possible that The Sims 3 will be pirated even more than Spore.

And this looks bad for EA.

Until you think about it, that is.

Spore, a game that really hindered a lot of legitimate purchasers with an incredibly heavy-handed DRM, was pirated quite a bit.  It took very little effort for hackers to strip out the DRM and make Spore available without it.  A problem that, in fact, may have even turned a number of honest people who payed for Spore into pirates themselves, just to be free of the highly annoying DRM.  But so even with a very nasty bit of DRM “protecting” Spore, it was still one of the most pirated bits of software, ever.

Now step up to EA’s newest hit game, The Sims 3.  It hasn’t wasted all of that money investing in the next DRM, nor is it pissing off consumers with such heavy-handed DRM.  So as long as it is pirated only as much as Spore, that then makes it rather a clear success story if you ask me.  With the same amount of money lost to piracy either with or without DRM, then it comes down to which cost more to distribute.  Obviously DRM costs money, making it a clearly bad investment when it doesn’t actually stop piracy like it’s supposed to.

And as Spore has shown, DRM doesn’t stop piracy.  It only hurts legitimate purchasers.

So then if you’re damned if you do, and damned if you don’t, it seems to me saving the money by “don’t” is the financially responsible way to go.  Not to mention far more pleasing to your customers.

There are plenty of times when good security is very important to have.

And there are a few times, like with most DRM, when any attempt at “security” is a waste of money and time, a nuicense at best, and a profit-loss at worst.

Apple Macintosh computers have long gone unnoticed in the computer security world.  Mainly because hackers have rarely targeted them.  Why target a system with such a small market share when there’s Windows to exploit?  But lately the Mac is making headway in the war against Windows, and black hats have taken notice.

Bundled in with illegal downloads of things like Apple’s iWork 09 productivity suite and Adobe’s Photoshop CS4 from warez websites have come something new: A Macintosh-specific trojan horse virus.  And not just any virus, but a complex and elegant botnet.  Otherwise known as OSX.Trojan.iServices.A and OSX.Trojan.iServices.B, just iServices.A and iServices.B, or just generally grouped as OSX.Iservice, this botnet trojan is no simple bang-out from your average script kiddie.  It has its own peer-to-peer (p2p) engine, it has startup and encryption services, and it is designed around a highly adaptable structure.  In other words, it’s everything a dangerous virus should be.  And the botnet of zombie-Macs infested with this virus is already launching Denial of Service (DoS) attacks, just like you’d expect from a PC.

“The code indicates that, wherever possible, the author tried to use the most flexible and extendible approach when creating it – and therefore we would not be surprised to see a new, modified variant in the near future,” say virus researchers Mario Ballano Barcena and Alfredo Pesoli.  To which they add, “With malware authors showing an increasing interest in the Mac platform, we believe that more advanced [user interface] spoofing tricks may be seen in the future.”

I’ve been warning about it for a long time.  As Macs regain popularity (especially in light of the world disgruntled with Windows Vista) the “safety” of the Apple Macintosh is a thing of the past.  The only reason Macs traditionally haven’t been riddled with viruses like PCs have is because Macs are a niche market.  But as their market share grows, so too does the big bullseye on them.  We’ve been seeing more viruses hitting Macintoshes lately, and now we’ve seen the first true in-the-field Mac zombie botnet.  Mac security may never be the same again.  The curtain has been pulled, and we’ve found The Wizard to be nothing more than the same hackable software of everyone else.

I absolutely love these finds. Not because I want Apple Macintosh owners to get hacked, but because I’m tired of their insipid smugness that it just never happens. Because it does. And it can happen more often. But when you’re running something specific to a tiny portion of the market share, you’re going to see an equally tiny number of attempts to hack you. It’s not that you can’t be hacked. It’s not that you’re in any way more secure. It’s just that you’re not worth anyone’s effort.

Mostly.

But it still happens.

And pretending otherwise and living in a fantasy world where you’re perfectly safe because you use a Mac only makes you a complete tool.

SecureMac has discovered a trojan virus running in the wild. (No, not a case of syph in a used prophylactic. A computer virus specific to an Apple Macintosh.) This little bugger, called the AppleScript.THT Trojan Horse, can infect Mac OS X 10.4 and 10.5. It’s currently downloadable from a hacker website, but on that very website is also talk of wider distribution, such as over iChat and Limewire to start with.

This AppleScript.THT trojan avoids detection by turning off system logging of your firewall and then opening the ports that it needs, so nothing stops it and nothing warns you what it’s up to. And after that, it has complete control of your system. It allows Mr. Bad complete and total remote access to run whatever on your system. It has a keylogger so that all your password are belong to us*. It can even take pictures of you using your adorable built-in webcam. (Let’s hope you’re not one of those people who banks online in their underwear. Or worse.)

In other words, this is everything Mac proponents have feared.

It’s a virus that specifically attacks a Macintosh. It’s built well. It does it all, remote execution, keylogging, et cetera. Complete and total ownership. You’ve been pwned! And to add that extra twist of the knife it even hides itself well, using your own security against you. It’s something, in fact, that could never be duplicated so successfully on a PC because a PC’s hardware and software are a collection of random assortments, so try as you might you can never nail a PC so thoroughly as this virus nails a Mac. And this trojan horse is ready to run.

So how do you stop it? Well, luckily for Mac owners it is a trojan horse. That means you have to be dumb enough to download and execute it. Which people will. So how do you identify it then so that you don’t do that? So far there are only two known varieties of distribution. The first is a compiled AppleScript named ASthtv05 that is 60KB in size. The second is n application bundle called AStht_v06 that is 3.1MB in size. Once knowledge of this being known becomes in turn known to the virus authors, it will no doubt undergo some changes. But for know at least you have this much of a heads-up.

In case you’ve already gone and infected yourself, the AppleScript.THT trojan moves itself into the /Library/Caches/ folder. It also adds itself to the System Login Items of course.

And, of course, MacScan, a product of SecureMac (those loverly people issuing this warning), can supposedly already find this nasty little trojan bugger for you.

So be warned. Be wary. And for goodness sake, if you own a Mac, stop pretending viruses can’t get you. Because they can. And this one just may.