The Mobile Threat Tracker app consolidates the most recent two weeks’ worth of Lookout’s security data into a kind of mobile heat map. The user sees dots flying around the globe as a real-time visualization of where threats are happening.

When users scroll over the globe, a timeline appears, showing how much of the threat is malware and how much is spyware; the top three threats are listed along with plain-English descriptions, and why Lookout has identified them as malicious.

Kevin Mahaffey, Lookout’s co-founder and CTO, said the app isn’t necessarily about offering immediate solutions, but more about making people aware of when they might be particularly vulnerable on mobile. “People shouldn’t have to be security experts to stay safe. We want to remind them to download apps from reputable app stores, to not go to shady download sites; to look at the developer name behind an app, and make sure it’s legitimate.”

The Mobile Threat Tracker is only available on devices running an Android OS to start, and Mahaffey says it’s unclear whether there will be a version for iOS devices. “Right now, it makes less sense, because there isn’t any real malware on the iPhone,” Mahaffey said, “though at some point there might be a need for it.”

Lookout Mobile Security launched in 2007, and now claims more than 15 million users worldwide. The company says it takes an educational approach to informing people about products for malware and spyware, rather than using fear-mongering in its marketing; it offers most of its apps for free, with additional features available at a premium.

While threats on mobile devices still aren’t as high-scale as malware and spyware on PCs, Lookout’s internal research shows that the amount of malware on mobile has increased.

Lookout said the likelihood of an Android user encountering malware increased from 1 percent to 4 percent over the course of 2011. The company has identified more than a thousand instances of infected applications, double the number it saw in July 2011.

The Lookout report notes that Web-based threats like phishing can carry over easily from PCs, making the likelihood of clicking on a bad link higher than that of acquiring malware through mobile apps. The global yearly likelihood of an Android user clicking on an unsafe link is 36 percent — up 6 percent from just six months ago — while in the U.S., the likelihood is higher than the global average, at 40 percent.

(Photo courtesy of TheTechBlock/Flickr)

All the security attention paid in recent years to securing the Windows desktop and the applications running on it have paid off a little, Cisco found, making it harder for computer scammers to successfully carry off their intended crimes on that platform. The trouble is they’re now starting to focus more attention on mobile devices, including Apple’s iPhone and iPad, and devices running Google’s Android operating system, Cisco said.

Meanwhile, the overall global volume of spam, which often contains troublemaking links that are used to deliver attacks, decreased for the first time ever in 2010. Even so, spam still increased in some developed countries where broadband connections are multiplying. In the United Kingdom, spam volume nearly doubled, while the volume in France went up 115 percent. The U.S. saw a slight decline–11.1 trillion messages down from 11.3 trillion in 2009. Spam in Brazil, China and Turkey also declined. Some of the decline can be attributed to last year’s arrest by FBI agents in Milwaukee of a Russian accused of being the “king of spam,” and to the shutdown of a few botnets used by scammers to send spam.

One thing about Cisco’s report that’s likely to draw some attention is its finding that the raw number of vulnerabilities on Apple products appear to be growing. Apple users are usually pretty sensitive about this topic, and any comparison of the Mac to Windows on the security front tends to make them grind their teeth and pound out annoyed comments on tech blogs. I know because I’ve done the same teeth-grinding and have in the past criticized other reports for similar findings.

Here Cisco is addressing vulnerabilities that Apple has itself documented and patched in software updates. One thing that’s not clear to me–though it sure looks like it–is whether Cisco is combining vulnerabilities found on both iOS (iPhone and iPad) and OS X (the Mac). The data it’s using is from its IntelliShield service, which tracks vulnerabilities and security incidents, and shows that over five years Apple’s vulnerabilities rose, from less than 200 in 2006 to more than 350 in 2010. That rate was higher than Microsoft and Hewlett-Packard and Cisco itself, the report found, though it goes on to say that Apple has worked harder than most other vendors to protect its users. Security is one of the reasons Apple imposes such strict rules on what’s available in the App store, though people still jailbreak their phones.

Another trend Cisco found is something called “money muling.” Tom Gillis, VP and general manager of Cisco’s Security business unit, describes money muling as using unsuspecting people who are attracted by “work at home” spam messages and Web ads to participate in money laundering by moving small amounts of money into bank accounts, just a few thousand dollars at a time. He says the operations around this are becoming increasingly elaborate, and criminals will devote a lot of effort to developing it this year.

I talked with Gillis about the report and other security trends that Cisco found. Here are a few highlights from our conversation:

NewEnterprise: So you’re seeing fewer attacks on Windows and more on mobile devices. Is that simply because there are more of them?

Tom Gillis: It’s the simple fact that there’s this new class of mobile device coming into the enterprise that used to be a phone and now it’s a computer, and it can access enterprise information. So what we’re seeing is that the raw number, but not the severity, is down on Windows. Part of this is that Windows 7 was a very good release on Microsoft’s part from a security standpoint. And we’ve got these new devices coming into the enterprise, and so we’re seeing a shift in focus of attacks on these mobile devices. They’re vulnerable to attack and they’re relevant in the enterprise. Two years ago this would have been too small a population to be meaningful.

What kind of attacks are you seeing?

It varies. In some cases there’s a little “phone home” code in a free gaming app. Pretty gentle stuff so far. But as people start using smartphones to access sensitive information we need to start thinking about security considerations on these devices. There’s a larger theme here that the whole nature of attacks is changing dramatically. The fact that spam volumes dropped at all is a big tell. For 10 years this has only gone up. We’re not forecasting a steady decline in spam, but the fact that it slowed down at all is an indicator of the shift in the way that attackers are using email. The attacks are more targeted and personal, for one thing.

Can’t some of this decrease be attributed to some of the arrests that happened last year?

It can. There’s been a handful of arrests. And they went after not only the botnet operators but other parts of the spam value chain. There are firms and entities that build botnets of compromised machines that relay the spam, and then there are other firms and entities that rent time on those botnets that do the merchandising. The biggest category is selling fake pharmaceuticals. Some of these fake pharma operations were shut down and the people associated with them arrested. It’s not an easy thing to do, because they’re global, they move around, and so to make an arrest in this space is a huge accomplishment.

So what is the thinking now about securing the mobile device?

We think there are two ways to make mobile devices work in the enterprise. The flood of devices into the enterprise is huge, and everyone wants to use them to check their email and access corporate directories and other fundamental things. There needs to be some kind of software on the end point–the phone or device. It will have to be light. You can’t have some kind of antivirus suite running on the phone. It would be a little piece of software that’s on all the time that knows when you’re behind the corporate firewall and when you’re not, and manages your connection accordingly. We bought a company called ScanSafe that has 40 data centers around the world. When you’re outside the firewall it connects to you the nearest data center and enforces your corporate policies, but all you as the user know is that it just works. This notion of being on or off the corporate network goes away. And we can do all kinds of scanning for security, independent of the device that’s being used.

This year we also saw the Stuxnet attacks, which we now know for certain were carried out against the Iranian nuclear program. Clearly this is a new kind of attack that can be mounted against industrial control systems via computer networks. Is Cisco researching this?

Massively. Often these types of attacks are targeted against Cisco’s biggest enterprise customers. Who buys Cisco’s infrastructure? The biggest banks in the world, the defense contractors. If the goal of an attacker is to disrupt an economy, their targets will be our customers, and they’re demanding a response from us. I like to call it global threat correlation, but it comes down to taking huge samples of network traffic and picking out good traffic from the bad. Cisco has a good advantage here because our equipment is so widely deployed around the world. As we start measuring traffic we can develop reputation data on every publicly routable IP address on the Internet. As we start putting telemetry info into that equipment–and the customer can choose to enable it or not, and it’s turned off by default. But people turn it on because it helps them against the unknown kind of attacks that are popping up. If a Web server says its a Web server, but you just saw it sending spam three minutes ago, there’s a pretty good chance it’s part of a botnet. Once you know that you know that, you can start to mount a pretty good defense. We’re putting a lot of energy into developing that, and it’s proven to be pretty robust.

SecureWorks, which is privately held, says it has about 2,900 customers in 70 countries, and that its customers include 15 percent of the Fortune 500, as well as 1,500 banks and credit unions, though typical of a security company, it doesn’t name any of them. In 2009 it acquired the managed security business of VeriSign. It has about 700 employees and projected revenue of about $120 million.

It’s also known for its top-flight malware research team. Last year it was involved in the research and response around a banking Trojan called Origami, which originated in Russia and was designed to steal sign-in credentials.

Dell says the deal will expand its IT-as-service offerings. It also looks to be, at least in part, a reaction to Hewlett-Packard’s acquisition of security firm ArcSight in October. No financial terms are being disclosed, but Dell had been involved in a reselling partnership with SecureWorks since July of last year. It’s also Dell’s second acquisition in as many months. On Dec. 13 it spent $820 million for the health IT company Compellent.

Lookout said Geinimi displays botnet-like qualities and is the most sophisticated wireless malware it has seen. Thus far, infected programs have only been seen on various Chinese app stores.

“Geinimi is effectively being ‘grafted’ onto repackaged versions of legitimate applications, primarily games, and distributed in third-party Chinese Android app markets,” Lookout said in a blog post on Wednesday. “The affected applications request extensive permissions over and above the set that is requested by their legitimate original versions.”

The security firm said it has already updated both the paid and free versions of its software to protect against Geinimi.

With the red-hot acquisition dance between Google and Groupon sucking up all the attention, it’s easy once again to ignore the No. 2 player in the fast-growing social buying space–LivingSocial.

But not everyone is–according to sources close to the situation, the Washington, D.C.-based company that also focuses on local deals is in advanced talks for a major strategic investment–as high as $150 million–by online retail giant Amazon, at a very hefty valuation of over one billion dollars.

Sources said there will also be a deep operating partnership between the pair, as part of the deal.

Sources said the investment negotiations with Amazon is not complete yet, of course, and could fall apart.

But interest in LivingSocial has heightened of late, given the $6 billion in cash, stock and earnouts that BoomTown has reported that Google is considering ponying up to purchase the category leader, Chicago-based Groupon, and grab ahold of its 12 million users across the globe and $500 million in annual revenue.

But LivingSocial–which has been thriving even in Groupon’s flashier shadow–has 10 million subscribers worldwide in more than 120 markets and five countries, including the U.S., Canada, the U.K., Ireland and Australia.

And, as the start-up noted when LivingSocial announced its acquisition of Jump On It recently, it is currently booking an average of more than $1 million a day and is projected to book well more than $500 million in revenue in 2011.

That is what is apparently attracting Amazon, which has almost no profile in this lucrative local space, despite some attempts at its own solution. It bought a small and quirky daily deals site Woot, for $110 million in June.

But, rather than sell, sources said LivingSocial management wants to keep the company independent, and thinks a sale of Groupon will give it a huge opportunity for growth.

Why? Well, even though Groupoogle or Goopon are fun to say, the inevitable regulatory review could drag on, resulting in a slowing down of innovation in the bigger Google culture and the distinct possibility of newly rich Groupon execs flying the coop (in private planes).

More investment money should help.

LivingSocial announced in April that it had raised $14 million in a Series C round, after grabbing $25 million in a Series B venture financing only a month before. And it raised $10 million on top of that since 2008.

Sources estimated at the time that the valuation for LivingSocial was several hundred million dollars.

The newest round was led by Lightspeed Venture Partners; Earlier investors U.S. Venture Partners, Grotech Ventures and former AOL head Steve Case.

A report of the Amazon interest in LivingSocial was first posted several weeks ago in a in VentureBeat, a day before BoomTown first broke the news of the Groupon and Google discussions.

Both Amazon and LivingSocial declined to comment.

But here is an October video interview I did with LivingSocial CEO Tim O’Shaughnessy on a recent visit to Silicon Valley.

The entrepreneur has worked at AOL, as well as at Case’s Revolution Health in Washington, before moving on to the local deals start-up.

Enjoy:

]]> http://allthingsd.com/20101201/amazon-poised-to-make-a-major-strategic-investment-in-livingsocial-to-counter-groupoogle-threat/feed/ 3 http://allthingsd.com/20101007/microsoft-wants-isolation-ward-for-infected-pcs/ http://allthingsd.com/20101007/microsoft-wants-isolation-ward-for-infected-pcs/#comments Thu, 07 Oct 2010 16:51:03 +0000 Beth Callaghan http://voices.allthingsd.com/?p=30797 Microsoft security chief Scott Charney wants to protect your computer from botnet-infected PCs on the Internet. In a paper published yesterday, Charney proposed issuing “health certificates” to malware-free machines, requiring antivirus updates for those with vulnerabilities, and quarantining PCs infected by botnets. In a post to a company blog, he argued, “Just as when an individual who is not vaccinated puts others’ health at risk, computers that are not protected or have been compromised with a bot put others at risk and pose a greater threat to society.”

]]> http://allthingsd.com/20101007/microsoft-wants-isolation-ward-for-infected-pcs/feed/ 1 http://allthingsd.com/20100316/china-to-google-please-exit-in-an-orderly-fashion/ http://allthingsd.com/20100316/china-to-google-please-exit-in-an-orderly-fashion/#comments Tue, 16 Mar 2010 16:55:58 +0000 John Paczkowski http://digitaldaily.allthingsd.com/?p=36515 If Google’s talks with the Chinese government end with an impasse and the company shutters Google.cn and ramps down its operations in the country, it best do so properly and according to law. That’s the latest from Beijing, which continues to threaten and posture amid reports that the search giant is on the brink of closing its Chinese search engine.

“On entering the Chinese market…[Google] clearly stated that it would respect Chinese law,” Ministry of Commerce spokesman Yao Jian said Tuesday. “We hope that whether Google Inc continues operating in China or makes other choices, it will respect Chinese legal regulations….Even if it pulls out, it should handle things according to the rules and appropriately handle remaining issues.”

It’s not clear just what these “remaining issues” are–perhaps some sort of formal notification of withdrawal and the forfeiture of Google’s Internet Content Provider license, which is evidently up for renewal this month. In any event, the rhetoric seems to suggest that Beijing assumes Google (GOOG) will be following through on its “new approach to China” threat relatively soon.

PREVIOUSLY:

• Beijing to Google’s China Partners: Nice Site You Got There. Shame if Something Happened to It.
• China: We Are in Talks With Google. Also, We Are Not in Talks With Google.
• Chinese Scientists Recalibrate Google’s Evil Scale
• Chinese Schools Tied to Attacks on Google? Where’d You Read That, Mad Magazine?
• World War WAN: Google Hack Traced to Schools in China
• Nearly a Month After Debut, Google’s “New” Approach to China Still a Lot Like the Old One
• Google CEO: Ask Not What Google Can Do for China–Ask What China Can Do for Google
• China on “Google Farce”: Our Internet Is Open
• China to Google: No Worries, We Were Planning to Clone Those Android Phones Anyway
• U.S. State Department to Complain to China About Google Hack. Not That China’s Going to Listen.
• Microsoft: “Don’t Be Evil” Is Google’s Motto, Not Ours
• What’s the Chinese Word for Bing? Google Threatens to Leave China.

]]> http://allthingsd.com/20100316/china-to-google-please-exit-in-an-orderly-fashion/feed/ 0 http://allthingsd.com/20081013/whoops-false-positive-sorry-bout-that-heheh/ http://allthingsd.com/20081013/whoops-false-positive-sorry-bout-that-heheh/#comments Mon, 13 Oct 2008 07:00:05 +0000 John Paczkowski http://digitaldaily.allthingsd.com/?p=6387 It figures. Not only are the predictive data mining and behavioral surveillance efforts through which the government hopes to identify terrorists a threat to privacy, they don’t really work, either.

In a 352-page report published last week, the National Research Council said data mining and behavior detection aren’t nearly as useful as their proponents claim. In fact, they’re of dubious scientific merit and have “enormous potential” for infringing on law-abiding Americans’ privacy. “Automated identification of terrorists through data mining (or any other  known methodology) is neither feasible as an objective nor desirable as a goal of technology development efforts,” the Council found. “Even in well-managed programs, such tools are likely to return significant rates of false positives, especially if the tools are highly automated.”

While not an explicit condemnation of the techniques at issue here, the report does recommend that the government evaluate the effectiveness and lawfulness of these data mining and behavior-detection programs it’s so keen on before implementing them, and periodically thereafter. Said the Council, “History demonstrates that measures taken in the name of improving national security, especially in response to new threats or crises, have often proven to be both ineffective and offensive to the nation’s values and traditions of liberty and justice.”

]]> http://allthingsd.com/20081013/whoops-false-positive-sorry-bout-that-heheh/feed/ 0