The Mobile Threat Tracker app consolidates the most recent two weeks’ worth of Lookout’s security data into a kind of mobile heat map. The user sees dots flying around the globe as a real-time visualization of where threats are happening.

When users scroll over the globe, a timeline appears, showing how much of the threat is malware and how much is spyware; the top three threats are listed along with plain-English descriptions, and why Lookout has identified them as malicious.

Kevin Mahaffey, Lookout’s co-founder and CTO, said the app isn’t necessarily about offering immediate solutions, but more about making people aware of when they might be particularly vulnerable on mobile. “People shouldn’t have to be security experts to stay safe. We want to remind them to download apps from reputable app stores, to not go to shady download sites; to look at the developer name behind an app, and make sure it’s legitimate.”

The Mobile Threat Tracker is only available on devices running an Android OS to start, and Mahaffey says it’s unclear whether there will be a version for iOS devices. “Right now, it makes less sense, because there isn’t any real malware on the iPhone,” Mahaffey said, “though at some point there might be a need for it.”

Lookout Mobile Security launched in 2007, and now claims more than 15 million users worldwide. The company says it takes an educational approach to informing people about products for malware and spyware, rather than using fear-mongering in its marketing; it offers most of its apps for free, with additional features available at a premium.

While threats on mobile devices still aren’t as high-scale as malware and spyware on PCs, Lookout’s internal research shows that the amount of malware on mobile has increased.

Lookout said the likelihood of an Android user encountering malware increased from 1 percent to 4 percent over the course of 2011. The company has identified more than a thousand instances of infected applications, double the number it saw in July 2011.

The Lookout report notes that Web-based threats like phishing can carry over easily from PCs, making the likelihood of clicking on a bad link higher than that of acquiring malware through mobile apps. The global yearly likelihood of an Android user clicking on an unsafe link is 36 percent — up 6 percent from just six months ago — while in the U.S., the likelihood is higher than the global average, at 40 percent.

(Photo courtesy of TheTechBlock/Flickr)

1971: Creeper

The first known virus-like program was written by an employee of a Cambridge, Mass., company that built part of Arpanet, the predecessor to the Internet. The program was a lab test to see whether it was possible to create a self-replicating bit of software.

1982: Elk Cloner

A junior-high student came up with the first self-propagating program released outside the lab. The program spread via floppy disks on old Apple II computers — displaying a short poem on infected machines.

Read the rest of this post on the original site »

Lookout’s analysis of data collected from more than 700,000 apps and 10 million devices worldwide reveals a significant increase in mobile malware since January, and while some of it was geared toward devices running Apple’s iOS, much was intended for Android. There were 80 Android apps infected with malware in January. By June, there were 400.

“Currently, malware and spyware have primarily targeted Android devices, though there are commercial spyware applications available for jailbroken iOS devices,” Lookout explains in its report. “According to our data, in June of 2011 Android users were two and a half times more likely to encounter malware than just six months ago.”

The reasons for this are well known. iOS apps are curated by Apple via a manual review process that hews closely to some very strict security guidelines. Apps in Google’s Android Market do not undergo the same rigorous review process. And while that might allow Android developers to update their apps more quickly, it also makes it easier for miscreants to distribute malware, or to update or repackage legitimate apps with malicious successors. Earlier this year, for example, a piece of malware dubbed DroidDreamLight infiltrated some 34 apps in the Android Market.

But if iPhone users are largely unaffected by malware, they’re not entirely immune to it — particularly if they’ve jailbroken their devices to run apps not sanctioned by Apple. Lookout charted a troubling spike in Web-based threats in the first half of 2011. These are cross-platform and thus of concern to Android and iOS users alike.

“In the past year, iOS has seen multiple web-based exploits in the wild that allow an attacker to run code as root if a user simply visits a web page,” Lookout said in its report. “These exploits first take advantage of a browser vulnerability to run code as the browser process, then take advantage of a local privilege escalation vulnerability to run code as root. Thankfully, we haven’t seen evidence of these exploits being used maliciously: they were primarily used to allow users to jailbreak their devices.”

Writing on Google’s blog, Damian Menscher, a security engineer, said the company discovered “unusual search traffic while performing routine maintenance on one of our data centers.” After collaborating with security engineers at several companies that were sending the data traffic, he said, Google concluded that the computers associated with the traffic were previously infected with a particular strain of malware.

A Google spokesman said the company believes more than a million computers were affected by the malware strain. The malware appears to have been downloaded by people who were fooled by online scams that offered them anti-virus protection but were really malware in disguise.

Read the rest of this post on the original site »

The company’s 16th report still sees attacks in which specific industries or even individuals, are targeted as one of the main threats, but highlights the developing vulnerabilities that social media and mobile devices open up.

The report identified more than 286 million unique variants of malware, which together were responsible for 3.1 billion attacks on computer users in 2010. The number of attacks delivered via the internet almost doubled, Symantec reported a 93 percent increase in the volume of Web-based attacks in 2010 over the volume observed in 2009. Shortened URLs appear to be playing a role here too. During a three-month observation period in 2010, 65 percent of the malicious URLs observed on social networks were shortened URLs.

Read the rest of this post on the original site

That’s the essence of a new report from researchers at George Mason University.

George Mason professor Angelos Stavrou and some colleagues used an Android smartphone to launch a covert attack, but Stavrou said that any smartphone could be vulnerable when synchronizing to a computer or even just plugged into a charger. Once a cable is compromised, Stavrou said, it can attempt to act as an input device. Like a mouse or keyboard, it can then send signals to take control of a connected computer or phone.

The attack vector is especially pernicious because users aren’t even thinking they might be vulnerable.

“The typical user inherently trusts the connection when hooking up devices using a USB cable because they think they know what it is supposed to do, and they own the two connecting devices,” says Stavrou in a blog post. “Attacks through USB cables haven’t been seen before, so there are no defenses in place to prevent or even detect them.”

They’ve been working on this particular scam for many months. Jeff Horne, director of threat research for anti-virus vendor Webroot, says an email account he set up to attract and study these types of email has received over one million phony tax-related messages since November.

These cyber-crooks also begin publishing malicious sites early in the tax season, with pages that allow people to download IRS forms for filing. “They automatically deliver the malware without you even realizing it,” said Horne. Whether delivered via email or a visit to a malicious site, the viruses lurk on your hard drive looking for keywords related to tax filing, such as social security numbers, street addresses, employer names and income, and then sends it back to the cyber-crooks.

Read the rest of this post on the original site

The so-called “Droid Dream” attacks took place earlier this week, prompting Google to quickly remove some 58 infected applications from its Android storefront. On Saturday, the company said it was taking several further steps to mitigate the damage.

The biggest action it is taking is to remotely remove the malicious applications from any devices that did manage to download the programs. It’s an option that Google has maintained, but has also reserved for only egregious cases such as these kinds of attacks. It is also pushing a security update to those devices to prevent attackers from gaining any further information from the infected devices.

“This remote application removal feature is one of many security controls the Android team can use to help protect users from malicious applications,” Android Security Lead Rich Cannings said in a blog posting. “We are pushing an Android Market security update to all affected devices that undoes the exploits to prevent the attacker(s) from accessing any more information from affected devices.”

The latest action marks only the second time that Google has used its power to remotely remove applications from a user’s device. The first time it did so was last June, when a proof-of-concept malicious app made it to the Android Market.

Google said it will also e-mail those who are affected and the devices will post a notice saying that “Android Market Security Tool March 2011″ has been installed and such users may also see a notification that applications have been removed from their device. Droid Dream worked by attaching malicious code to a number of seemingly useful applications.

Although the infected apps collected some information to identify the device and which versions of the Android software it was running, Google does not believe that any other information, such as personal user data, was compromised. The exploit used vulnerabilities that Google had closed in the most recent releases of Android, including Gingerbread. Only devices running versions of Android prior to version 2.2.2 could be affected, Google said.

The attack, which cropped up Tuesday evening, was attached to multiple applications posted to both the Google-run store and various third-party app markets.

Although Google managed to expunge the 50 or so affected apps within minutes of learning of their presence in the store, the fact they made it that far indicates the game is changing. In the latest attack, the malicious code was attached to legitimate applications, but also was collecting identifying data from the phone and sending that information to a remote server.

Experts have warned for a while now that as smartphones gain traction, there will be an increasing number of attacks. Anti-virus firm Symantec says that threats have been increasing significantly in recent months after being quite rare, often limited to more proof-of-concept type exploits.

Not only are today’s smartphones the equivalent of a desktop computer, each one has a connection to not only personal information and the Internet, but also to a carrier billing system–putting would-be attackers one step closer to where the money is.

“For first time in history, a malicious attacker can send a packet of data and money goes flying,” said John Hering, CEO of phone security software maker Lookout Mobile Security. “Think about that.”

Already there have been attacks that cause an infected phone to send a premium text message, generating instant revenue for the attackers. Those attacks, against both Symbian and Android, have been confined largely to Europe and Asia–areas where premium SMS is more common and where carriers are sometimes less vigilant about monitoring traffic, Hering said. An attack in December, centered in China, took a significant amount of data from Android phones and sent it to remote servers.

That the phone has been seen as less vulnerable than the PC is largely an artifact of the fact that the devices have only recently gained powerful operating systems and fast Web connections.

“It’s not like phones are inherently safer than computers,” Hering said. “It’s just been more attractive in the past to attack computers.”

In general, Android malware has been attached to applications–often to legitimate applications–and posted to various third-party stores, rather than to the Google-run Android market. Indeed, sticking to the official stores has been one of two major recommendations from security experts (the other is to pay careful attention to what permissions an app is requesting).

Keeping up to date on a phone’s operating system can also help. Droid Dream, for example, exploited a security flaw that was closed with the Gingerbread release of Android. However, unlike on the PC side, users don’t always get to choose which updates they install, as carriers and device makers often get a say in which apps are provided to customers.

The Android attack is also sure to raise the question of whether an open platform is less secure than a more closed one and also whether it is better to have a curated market or one that is community-managed. Hering said it is not fair to say that Droid Dream suggests Android is more vulnerable, noting that both open and closed systems have their benefits. Open-source code does mean everyone can look at things, but it also gives the community a chance to report flaws before the bad guys do.

Naturally, there is also a market that has emerged for security software that can be installed on a device. Lookout and Symantec both offer phone products, and Hering said that Lookout’s software was updated within hours to protect against infected applications from both official and non-official sources.

Given how quickly Google removed the infected apps, it still makes sense for the cautious to stick to the Android market. However, it is clearly not a failsafe.

The other big recommendation is to not just blindly click OK to all those warnings that pop up when installing an app. On Android and many other platforms, users have to explicitly give an application permission to do certain things, such as access location data or make phone calls.

“If someone is downloading a scientific calculator and it wants to send text messages, it should raise some eyebrows,” said Vikram Thakur, a principal security response manager at Symantec.

SecureWorks, which is privately held, says it has about 2,900 customers in 70 countries, and that its customers include 15 percent of the Fortune 500, as well as 1,500 banks and credit unions, though typical of a security company, it doesn’t name any of them. In 2009 it acquired the managed security business of VeriSign. It has about 700 employees and projected revenue of about $120 million.

It’s also known for its top-flight malware research team. Last year it was involved in the research and response around a banking Trojan called Origami, which originated in Russia and was designed to steal sign-in credentials.

Dell says the deal will expand its IT-as-service offerings. It also looks to be, at least in part, a reaction to Hewlett-Packard’s acquisition of security firm ArcSight in October. No financial terms are being disclosed, but Dell had been involved in a reselling partnership with SecureWorks since July of last year. It’s also Dell’s second acquisition in as many months. On Dec. 13 it spent $820 million for the health IT company Compellent.

I have had a little disagreement with my IT guy. He says that when taking my laptop out in public, I should never type anything with passwords or confidential information. He says that someone can pick up my information. I say that I can’t believe that everyone in public is totally exposed. There must be some way to protect yourself while on a public network. Who is right?

A:

There’s no single correct answer. It’s true that thieves in public places can and do steal passwords and other sensitive information transferred over public Wi-Fi hotspots. But it’s also true that methods like Virtual Private Networks can mitigate this problem, and that most public hotspots are, just by the odds, unlikely to harbor these thieves at any one time. However, my advice is to avoid doing any sensitive tasks, like banking or stock trading, while using public hotspots. And, if you’re doing anything confidential on your company or home network remotely, use a VPN, which is like a secure tunnel through the internet.

Q:

I recently purchased a new iMac and am considering installing anti-virus/spyware/malware programs on it. Reader forums in MacWorld magazine say it’s not needed. A local newspaper computer columnist says he’s had Macs since the early ’80s and has never run an AV program and has had no problems. Other online computer advisers say Macs are always vulnerable and advise to run AV programs. Any recommendations here?

A:

No computer is inherently invulnerable to malicious software, and that includes the Macintosh. However, nearly every malicious program known is meant to run on Windows and simply won’t operate on the Mac operating system. The handful of Mac viruses and other malware that have been discovered are either proofs of concept, or have spread to very few users and done little or no damage. Most Mac users I’ve known don’t run third-party security software and haven’t had malware problems. So I don’t routinely recommend Mac security software.

There are two caveats, however. If you are running Windows on your Mac, you should install Windows security software, to run while Windows is in use. Also, Mac users are just as vulnerable as Windows users are to online scams, or to insecure public networks. So, even though you may never get a virus, you still have to be careful about doing sensitive Internet tasks via public hotspots or careless behavior like clicking on links sent you by unknown email senders.

Q:

My car has an audio jack that integrates any input into the sound system. I know that Kindle has a text-to-speech feature. Would I be able to use that feature via the audio jack in the car?

A:

Without having tested your car’s input jack, I assume the answer is yes. The Kindle has a standard headphone jack.

However, note that the text-to-speech feature works only on certain books, not all of them. Publishers have the right to allow or disallow it for any book.

Also, even if it’s enabled, it isn’t the same as an audio book, which is usually read by a trained narrator or by the author. Instead, it’s a computer doing the reading.

You can find Mossberg’s Mailbox and my other columns at the All Things Digital website, http://walt.allthingsd.com.

Lookout said Geinimi displays botnet-like qualities and is the most sophisticated wireless malware it has seen. Thus far, infected programs have only been seen on various Chinese app stores.

“Geinimi is effectively being ‘grafted’ onto repackaged versions of legitimate applications, primarily games, and distributed in third-party Chinese Android app markets,” Lookout said in a blog post on Wednesday. “The affected applications request extensive permissions over and above the set that is requested by their legitimate original versions.”

The security firm said it has already updated both the paid and free versions of its software to protect against Geinimi.

Lookout raised $11 million in Series B funding back in May.

The company was launched in 2007, with its founders taking 18 months to develop a new core technology focused on mobile devices. While some of the big-name security firms are in the mobile arena, their approaches are brought over from desktop and PDA security efforts, CEO and co-founder John Hering told Mobilized.

“I think there’s a very reasonable opportunity to create the next Symantec but built around the mobile platform,” Hering said, noting that over the next three to seven years mobile devices will become the primary computing device for millions of people.

Although threats to mobile devices are still comparatively rare, their highly mobile and always connected nature makes them an increasingly attractive target for those seeking to do harm. A year ago, Hering said that most attacks were proof-of-concept or attacks for notoriety. This year, though, has seen the rise of financially motivated malware, including an attack on Android where an app posing as a movie player sent premium SMS messages costing infected users $5 a pop. A separate attack in China infected more than one million phones, Hering said.

Lookout aims to stop those kinds of attacks and also allow capabilities like device tracking and remote wipe capabilities. Its software currently works on Android, BlackBerry and Windows Mobile (but not the new Windows Phone 7) operating systems. Hering said the company plans to expand to other popular operating systems and said some of the new funding will be used to expand to new platforms.

Ping Li, a partner at Accel and a board member at Lookout said the company’s approach of splitting work between the device and the cloud to more efficiently work on a mobile device is part of what attracted him to the company. He also pointed out that Hering and his co-founders are in their twenties and just have a different awareness of the devices than their older competitors.

“They grew up hacking mobile phones,” Li told Mobilized. “They never grew up hacking PCs.”

Part of growing as a security company is having the right product in place when a new threat emerges, Li said, pointing to Webroot, which came out of nowhere to become a significant business when spyware emerged as a major security issue.

The company has more than four million users of its software, although the vast majority are getting the software for free. The company recently launched a $3 per month premium service, but Hering won’t say how many customers it has.

Hering said Lookout’s model aims to follow that of desktop antivirus firm AVG, which has a popular and well-known free product but makes money by selling a premium service.

As for whether the company could make an attractive acquisition target for another security company looking to jump-start its mobile efforts, Hering was noncommittal.

“We’re just trying to keep up with the growth,” he said.

Here’s a sample, from Google’s blog post announcing the change (via SearchEngineLand). Click on the image to enlarge:

Google has already been flagging sites it thinks are distributing malware, so this is just an incremental step. And Google apparently thinks a “compromised” site is less dangerous than one it thinks “may harm your computer”: If you click on the link for the latter, Google will send you to an “are you really sure you want to go there?” message, but Google won’t actually slow you down if you want to head to a hacked site.

[Image credit: Picture Perfect Pose]

In April, a federal appeals court found that the FCC had overstepped its bounds when it censured Comcast (CMCSA) for violating its net neutrality principles and in so doing, called into question the agency’s authority to regulate the Internet. In May, 282 members of Congress, from both political parties, petitioned him to suspend the FCC’s plans to reclassify broadband as a telecommunications service, a move that would, once and for all, put broadband under the agency’s purview and clarify its jurisdiction.

And so today, Genachowski heads an agency whose legal authority is in question, as is its ability to implement a much needed National Broadband Plan. And his ambitious policy agenda is, for all intents and purposes, on hold.

What will he do now to regain momentum and fix the country’s ailing broadband policies?

1:19 pm: You’re a different sort of FCC chairman, aren’t you, Walt asks. You have somewhat of a tech background.

Genachowski: I do. I spent the last 10 years in the tech space. I’m probably the only FCC chairman who worked for the same company as Jeffrey Katzenberg.

1:21 pm: The conversation quickly moves on to an issue top of mind today: broadband and how lousy it is in the United States. Genachowski talks for a moment about broadband, saying the U.S. is grievously behind. He cites a survey that ranked the U.S. 40th out of 40 when it came to rate of change of capacity. “That means we are moving more slowly than any other country in that survey.”

1:23 pm: Walt jumps in to note that U.S. broadband customers are being screwed on performance AND cost. “They have slower broadband than lots of other people and they pay more for it,” he says. “You’re the head of the FCC: Why won’t you fix this?”

Genachowski: Because I thought you might invite me, I spent the last year working on a broadband plan. But there’s no silver bullet. There are things we can do to drive more innovation. Unleashing mobile is the most important thing we can do. There’s no doubt in my mind that mobile broadband will drive innovation. We have an enormous chance with 4G.

1:25 pm: Genachowski–The FCC plan that I inherited provided for new spectrum coming on the market that’s about a threefold increase over now. Until you see the new demand being driven by devices like the iPhone and the iPad. It’s 40 times. And we need to address that.

Walt jumps in, noting that spectrum is finite. Is there enough spectrum available to solve the problem?

Genachowski: There’s enough available if we have the right policies in place. We’ve got to work on policies that themselves create better efficiency, policies for trading spectrum, for example.

1:28 pm: Genachowski recalls that a few years ago there was a band of spectrum that no one knew what to do with. Finally, someone said, ‘why don’t we just put this spectrum out unlicensed and see what people do with it?’ And the first thing that people came up with were garage openers…and later someone discovered that it could be used for Wi-Fi. Obviously, an important innovation, but also part of the congestion problem. So what we’re trying to do is identify things like that,” he says. We’re also looking into spectrum-related efficiency.

1:30 pm: Walt–Are you going to take spectrum away from TV broadcasters?

Genachowski says he has offered them the opportunity to put their spectrum up for auction. We think this creates a mechanism for freeing up spectrum that’s currently tied up, he says.

1:31 pm: Walt asks about Genachowski’s broadband plan. Does the FCC have the power to bring it to fruition?

Genachowski: First thing to understand about the plan is that we were asked to develop a plan that would apply to the FCC and other parts of the government as well. It includes recommendations for the FCC, for Congress, etc. So focusing on the things we recommended for ourselves, there’s no dispute that we have authority. With respect to others, there’s a court ruling that’s created problems for us. So what’s important is that we move forward on the broadband policies and strategies.

We run something at the FCC called the Universal Service Fund. It promotes universal phone service and it does a good job of that. One of the recommendations of our plan is that this fund be used to support broadband instead of legacy phone service. This court decision is preventing us from doing that.

1:34 pm: Genachowski–No one really cares what section of the statute we point to except for the lobbyists and lawyers. It would be unfortunate if that process slowed us down as a country on improving our broadband infrastructure.

1:36 pm: Genachowski–We need to have enough of a broadband infrastructure in the United States that companies want to do business here.

1:37 pm: Walt wonders if it’s even possible to get some sort of policy implemented that would improve broadband for consumers.

Genachowski says it is, but concedes that “some elements of the system are broken” and prevent the country from moving as quickly as it could on its infrastructure initiatives. “We’re kidding ourselves if we think that the infrastructure will come simply because we want it to come….We need dramatic investment and we need an environment that encourages innovation.”

1:39 pm: Walt recalls a question from yesterday’s session with Steve Jobs about AT&T’s capacity problem. Noting the dramatic increase in demand for data on AT&T’s network, he asks if Genachowski can fix it so that people who complain about not being able to make calls on AT&T (T) will be able to make calls.

Genachowski: I think on an issue like this where AT&T hears from its consumers every day about how bad it is, I don’t worry so much. I worry more about issues where consumers are disempowered. Things like the number of consumers who don’t know what their broadband speeds are, for example. Ultimately, we want to give consumers the information they need to be better consumers. … What we’re looking at is digital labels that will show consumers what their actual broadband speeds are as opposed to the speeds they’re told they’re getting. I think we’re in an era when information technology creates opportunities to empower the consumer to make the market work more efficiently.

1:44 pm: Walt talks a bit about the state of the set-top box. The boxes that the cable companies give you are awful, he says. But there’s a law meant to promote options. Why aren’t you enforcing it?

Genachowski says he is, noting that consumers can buy CableCards.

Walt: Why don’t you make companies make better CableCards and better cable boxes?

Genachowski concedes that the CableCard strategy hasn’t quite worked out the way the FCC had hoped. The agency is now looking to see if there’s a sort of universal gateway that will solve the set-top box issue and allow innovation in the living room, he says. But the pay folks are concerned about how this will preserve the integrity of the pay stream. We’re at the point technologically where we can explore devices that preserve that pay stream while improving the broadband experience, he says, and we’ve set a goal of 2012 for developing a device like this.

Q & A

Q: Why is the FCC putting the 4G spectrum next to the Wi-Fi and Bluetooth bands?

A: I don’t think that will happen. At the FCC we have terrific engineers who understand these interference issues.

Q: What do you think about rewriting the Telecommunications Act of 1996?

A: I think it’s true that the act gives us the authority that we need. But I also think that by virtue of its structure, it’s not quite ideal. I’m doing everything I can with the following goal: We need solutions, speed, etc., because we’re not just competing with ourselves, we’re competing with the rest of the world.

Q: Does Obama have an iPad?

A: I don’t know whether he has an iPad yet, but I’m sure that will be taken care of.

Q: Your thoughts on malware and security?

A: The dangers are very serious. The systems that should be in place aren’t in place yet. I’m very concerned about the substance of this and whether in Washington we can do what needs to be done to ensure the security of our networks.

A note about our coverage: This liveblog is not an official transcript of the conversation that occurred onstage. Rather, it is a compilation of quotes, paraphrased statements and ad-lib observations written and posted to the Web as quickly as possible. It is not intended as a transcript and should not be interpreted as one.

Accel Partners has been pretty busy handing over giant wads of dough to start-ups this week–and today is focusing its largess on San Francisco-based Lookout, a smartphone security provider.

The Palo Alto, Calif.-based venture firm will be the lead investor in an $11 million Series B funding round for Lookout, which offers solutions to protect phones from malware and viruses, back up and restore valuable data and help users find their phones in the event they are lost or stolen.

Accel Partner Ping Li will join the start-up’s board.

Lookout currently works only on phones using Google (GOOG) Android, Research in Motion (RIMM) BlackBerry and Microsoft (MSFT) Windows Mobile operating systems.

Previous venture investors Khosla Ventures and Trilogy Partnership are also participating. The pair, along with angel investors such as Chris Sacca, had already put $5.5 million into Lookout late last year. The company was founded as Flexilis in 2007.

Lookout said the former CEO of Vontu and executive at Symantec (SYMC), Joseph Ansanelli, would become chairman of Lookout and that it had brought in other execs, including a former Yahoo (YHOO) staffer. Ansanelli has been an angel investor in Lookout.

Here’s the official press release:

Lookout Closes $11 Million in Series B Funding Led by Accel Partners

Explosive Growth in Smartphone Market Underscores Need for Mobile Security

SAN FRANCISCO–May 18, 2010–Lookout, the leader in smartphone security, today announced an $11 Million Series B round of funding led by Accel Partners with Khosla Ventures and Trilogy Partnership also participating. The company also announced that it has added several new executives to its leadership team, including former CEO of Vontu and executive at Symantec, Joseph Ansanelli, as Chairman of the Board.

“The smartphone market is exploding, and consumers are downloading third-party apps by the hundreds, making security an increasingly vital component of the mobile market,” said Ping Li, Partner at Accel Partners, who will join the board. “Consumers need to know that their applications, their data, and their phone itself are protected. We are excited to work with Lookout as they continue to extend their lead in this dynamic market.”

The global smartphone market grew more than 50% during the past year and as a result, consumers have been introduced to thousands of third-party applications across leading mobile platforms through app stores and downloaded sites. The Android Marketplace alone gives consumers access to more than 50,000 applications. While they enjoy the benefits of these applications, consumers are often unaware of the risks that accompany their increased data and application usage. Similar to the PC market, as consumers do more with their phones, they need protection from threats such as mobile viruses and malware, data loss and theft of the phone itself.

Lookout has developed cross-platform, cloud-connected applications that immediately identify and block threats before they compromise a consumer’s mobile phone, backup and restore mobile content, find a lost or stolen phone and wipe data from a phone if necessary. Available now on more than 400 mobile networks in 170 countries, Lookout prevents thousands of malicious applications, finds countless lost phones and restores important information for users every month.

“We are thrilled to receive such enthusiastic support from Accel Partners,” said John Hering, CEO and founder of Lookout. “Their backing is recognition of Lookout’s accomplishments to date and a testament to the importance of this market. With this additional financing, we’ll continue to invest in new technology and infrastructure so that we can provide the most comprehensive smartphone protection available to millions of consumers worldwide.”

Lookout Executive Additions

Joseph Ansanelli brings his extensive knowledge of security to Lookout as Chairman of the Board. Prior to Lookout, he served as CEO and co-founder of Vontu, turning the company into the leading provider of data loss prevention solutions before being acquired by Symantec in 2007.

In addition to Ansanelli, Lookout has also added several key members to the company’s executive team including Eric Bothwell as vice president of engineering, who formerly held engineering leadership positions at Vontu and Symantec; Chris Jones as vice president of product management, formerly senior director of portfolio product management at Symantec; and Julie Herendeen as vice president of marketing, formerly vice president of network products and advertising solutions for Yahoo! Inc.

Security company McAfee Wednesday morning issued a software update intended to give the computers that it’s contracted to protect a new list of malicious files to block and delete. Somehow a file that is part of Microsoft’s (MSFT) Windows operating system made it on to the list. And when McAfee’s software deleted this file, all hell broke loose.

People all over the country reported that their computers stopped working. Among the victimized organization were a hospital in Rhode Island, police in Kentucky and the National Science Foundation, according to the AP.

Read the rest of this post on the original site

The survey conducted by the Online Trust Alliance said only eight percent of major Web sites surveyed made it onto the organization’s “honor roll” of sites taking stringent measures to reduce online fraud enabled by forged emails, phishing sites and malware. The survey, conducted between late March and early April, looked at 1,200 Web sites and 500 million emails purporting to be from those sites, all of which were either Fortune 500 companies, top Internet retailers and federal government Web sites.

To make it onto the honor roll, the Web sites had to be free of malware–malicious code that can be used to steal personal data from Web surfers–or links to sites containing malware.

Read the rest of this post on the original site

In a statement posted to the Ministry’s Web site Monday evening, spokesperson Nguyen Phuong Nga indignantly dismissed accusations that the Vietnamese government has been using botnets to silence opposition to a bauxite mining operation in the country run by China’s state-owned mining group, Chinalco.

“Such comments are groundless,” said Nga. “We have on many occasions clearly expounded our view on issues relating to access to and use of information and information technology, including the Internet. Vietnam law puts in place specific regulations against computer virus and malware as well as on information security and confidentiality.”

Sounds eerily similar to China’s bristling response to Google (GOOG) claims that it had detected a targeted attack on its corporate infrastructure originating in China, doesn’t it?

Which is not to say that the two are in any way linked. At the moment, security researchers say they are not. It’s just that indignant disavowals like these do seem to be the go-to PR strategy in countries where online political censorship to is known to be pervasive.

Though similar to the late-2009 attacks against Google (GOOG), this effort was a bit less sophisticated. Still, it appears to have been politically motivated and perpetrated by folks with some sort of allegiance to the government of the Socialist Republic of Vietnam.

“The malware infected the computers of potentially tens of thousands of users who downloaded Vietnamese keyboard language software and possibly other legitimate software that was altered to infect users,” Neel Mehta of Google’s security team wrote in a blog post describing the attack.

“While the malware itself was not especially sophisticated,” Mehta added, “it has nonetheless been used for damaging purposes. These infected machines have been used both to spy on their owners as well as participate in distributed denial of service (DDoS) attacks against blogs containing messages of political dissent.”

Which is frightening, because a number of Vietnamese Internet activists have already been imprisoned for attacking Chinese involvement in the bauxite mining project.

[Image credit: Wikimedia Commons]

For a man scorned, Adobe CTO Kevin Lynch looked awfully calm on my visit to the software company’s San Francisco HQ yesterday.

He could, I suppose, be hopping mad.

To add insult to injury–from an inside-baseball tech point of view, at least–after Apple (AAPL) introduced the iPad tablet in January without Flash Player technology, which Apple also kept out of the iPod and iPhone, word immediately floated up that CEO Steve Jobs had dissed Adobe as “lazy” at an employee meeting.

Also, added Jobs, Adobe (ADBE) had let Flash become a buggy security nightmare and resource hairball.

Lynch was only a tiny bit less cutting in his blog reaction to the lack of Flash in the iPad at its launch: “Some have been surprised at the lack of inclusion of Flash Player on a recent magical device.”

Of course, he was not surprised at all, which is why Adobe was very busy lately announcing a wide range of initiatives.

They included yesterday’s rollout at the Mobile World Congress in Spain of a version of Adobe’s AIR software for a wide range of smartphones, as well as showing off Flash 10.1 on Google’s Android devices.

Such effusive touting is now Lynch’s most important job as the head techie in charge of Flash. The ubiquitous video technology is under siege not only from Apple, but also from many others, including Google (GOOG), all of which are aiming to make the Web work someday without the need for Flash in an HTML5 universe.

Still, Adobe is forging ahead with Google and other makers of smartphone platforms, except for Apple, to make Flash work better–as well as with a range of publishers to become the technology used in e-reader products.

But rather than BoomTown explaining it all for you, here is Lynch himself talking about the flashpoints over Flash, including fixing Adobe’s well-documented security issues with malware, his feelings about what Jobs said and efforts to keep Flash innovative.

I will also have a demo by Lynch up later, but here is the video of his interview first: