Google has said 58 malicious apps were uploaded to Android Market and then downloaded to around 260,000 devices before Google removed the affected apps last Tuesday evening. It isn’t clear how many users activated the applications, a Google spokesman said. But users who did activate the apps, which included Super Guitar Solo, Advanced Barcode Scanner, Bubble Shoot and many others, ran the risk of having their personal data stolen from their phone and sent to a remote computer server.

One potential clue lies in the server used to help carry out the attack. John Hering, CEO of mobile security provider Lookout, said that as part of his company’s investigation of the incident it found that the attack’s “command and control” server, which received the stolen data from the smartphones, traced back to Hurricane Electric, an Internet service provider based in Fremont, Calif. Mr. Hering said his company contacted Hurricane Electric on the morning of March 2 soon after it discovered the server’s role in the attack, and asked the company to shut it down.

Read the rest of this post on the original site

Denied Internet access by Global Crossing and Hurricane Electric, bot-hosting network McColo is clearly having trouble spewing out spam and malware. There has been a 41 percent drop in spam volume since the Washington Post story broke.

Sadly, it’s certain to rise again, once McColo finds some new upstream providers.
(Thanks to reader Dave Barnes for the tip.)

Denied Internet access by Global Crossing and Hurricane Electric, bot-hosting network McColo is clearly having trouble spewing out spam and malware. There has been a 41 percent drop in spam volume since the Washington Post story broke.

Sadly, it’s certain to rise again, once McColo finds some new upstream providers.
(Thanks to reader Dave Barnes for the tip.)

There is damning evidence that this activity has been going on there for way too long, and plenty of people in the security community have gone out of their way to raise awareness about this network, but nobody seems to care.”

– Paul Ferguson, a threat researcher with computer security firm Trend Micro

According to security experts, Web-hosting outfit McColo is responsible for enabling the broadcast of more than 75 percent of all spam globally. Its client list is a rogues gallery of bad-guy syndicates involved in everything from botnets to counterfeit pharmaceuticals and kiddie porn. So how is it that MoColo’s ISPs, Hurricane Electric and Global Crossing, were unaware of that until notified by a Washington Post reporter?

I’m not sure there’s a good answer to that question, though it would certainly be interesting to hear one. Almost as interesting as hearing the two ISPs explain away their network traffic from known criminal botnets Mega-D, Srizbi, Pushdo, Rustock and Warezov, all of which have their master servers hosted at McColo.

“We shut them down,” Benny Ng, director of marketing for Hurricane Electric, told the Post. “We looked into it a bit, saw the size and scope of the problem you were reporting and said ‘Holy cow!’ Within the hour we had terminated all of our connections to them.”

“Holy cow?” More like, “Holy cow, someone finally noticed we’re the preferred ISP of a massive criminal syndicate! What do we do?!?”

“ISPs can’t take the ‘I see nothing, I hear nothing’ approach to this content,” said Mark Rasch, a former cyber crime prosecutor for the Justice Department. “It’s a little bit like a landlord who owns a building and sees people coming in and out of the apartment complex constantly at all hours and not suspecting their may be drug activity going on. There are certain things that raise red flags, such as the nature, volume, source and destination of the Internet traffic, that can and should raise red flags. And to have so many third parties looking at the volume and content from this Internet provider saying ‘This is outrageous,’ clearly the people doing the hosting should know that as well.”