Security Researchers Discover New Trojan Targeting Blackberry Operating System 

by iClass - Wednesday, March 09, 2011
The last few years have witnessed increased popularity of smartphones. They offer numerous features, which enhance user experience. However, smartphones and other mobile devices are not immune to security threats. Recently, security researchers at Trend Micro identified a Zeus Trojan variant that targets Blackberry operating system. The Trojan has been named as BBOS_Zitmo.B.

Banks are leveraging the popularity of mobile phones to offer mobile banking services. Some banks are also sending high security passwords through Short Message Service (SMS) for validating online transfers Security researchers affiliated to various Internet security firms have repeatedly warned against increased threats to mobile phones and mobile applications. Once installed in the blackberry device, BBOS_Zitmo.B Trojan sends a confirmation message to a remote botnet administrator. An attacker can send commands to the Trojan installed on the targeted blackberry device without the knowledge of the user. The Trojan evades detection by removing itself from the list of applications on the device. The Trojan is capable of blocking numbers, removing phone numbers from the block list, turning the device on and off, blocking and unblocking calls, forward SMS to the remote attackers and register as a new administrator. A remote attacker may also instruct the installed malware to set and add arbitrary senders and remove those already listed. The Trojan may also allow an unmonitored SMS to be displayed in the inbox.

Blackberry devices are popular among users worldwide. While security firms have been cautioning against security threats to blackberry devices, they have escaped security breaches. The arrival of BBOS_Zitmo.B Trojan indicates that cybercriminals are evolving their modus operandi and attack techniques to target popular communication devices. The security firm has cautioned against similar threats to other smartphone operating systems. The increasing use of mobile devices for accessing Internet, conducting mobile banking and retail transactions make them susceptible to security breach. Trojans are designed to extract authentication, high security passwords, international mobile equipment identity (IMEI) numbers and other sensitive information available on the mobile phones.

A variant of the Zitmo Trojan was in the news recently for targeting ING Bank customers in Poland. The Trojan intercepts the SMS messages send by the bank to a mobile device and makes unauthorized money transfers. Hiring professionals qualified in IT masters degree and other security certifications may help banks in securing the information infrastructure. Security professionals must devise new ways to ensure confidentiality of banking information communicated to a customer.

Regular evaluation of threats may help developers in removing the threat vectors and improving the security of the devices. Security professionals may benefit from online technology degree and e-learning programs to apprise themselves of the latest technologies.

User awareness is vital to combat threats emanating from the Internet. online computer degree programs and video tutorials may generate security awareness among Internet users. Users must avoid installing applications from suspicious sites, ignore attachments from unknown sources and resist from clicking on suspicious links. Users must also install mobile security software solutions to protect their devices from security breaches.

Contact Press

EC-Council
Website: http://www.eccouncil.org
Email: iclass@eccouncil.org
Tel: 505-341-3228

EC-Council University is based in Albuquerque, New Mexico and offers Master of Security Science (MSS) degree to students from various backgrounds such as graduates, IT Professionals, and military students amongst several others. The MSS is offered as a 100% online degree program and allows EC-Council University to reach students from not only the United States, but from all around the world.

EC-Council is a member-based organization that certifies individuals in cybersecurity and e-commerce skills. It is the owner and developer of 16 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and EC-Council Certified Security Analyst (ECSA)/License Penetration Tester (LPT). Its certificate programs are offered in over 60 countries around the world.

EC-Council has trained over 80,000 individuals and certified more than 30,000 members, through more than 450 training partners globally. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. federal government via the Montgomery GI Bill, Department of Defense via DoD 8570.01-M, National Security Agency (NSA) and the Committee on National Security Systems (CNSS). EC-Council also operates the global series of Hacker Halted security conferences.

-

0    submitted by iClass -
Read More Press Releases

Practitioner seeks state funds to widen study of naprapathy to treat vets’ PTSD

Comet Infowave Pvt. Ltd.

GetVisa - A game on US Immigration

HUMAN CAPITAL PARTNERS REINVENTS HR TO MEET THE NEEDS OF SMALL TO MID-MARKET BUSINESSES

UN-ILD 2014 Observance at Bangladesh to Far Impact the MDGs and Post-2015 Agendum’s Literacy Objectives.

Pakistan Marks 68th Day of Independence By A Momentous Shine On Global Academic Forefronts—The Historic Launch Of IRT Research Model.

Press Release

Wackiest Pharma Conspiracy Debunked by Pakistani Arch-researcher Dr. Aurangzeb Hafi’s Polygonal Research.

The News--The Pharma-Media Alliance Never Wants The Public Know

Saahil Peerzaada - Turning good ideas into successful brands

Get press releases by email