The problem with security and technology is that it can make you paranoid. Don’t be! Most things aren’t out to get you. But you do have to be careful and you do have to be aware of the risks, as this helps when you encounter a piece of software (or hardware) that really is out to get you.
Take digital signatures. A system has evolved over time that aims to help ensure that signed software is safe. Digital signatures are intended as a form of guarantee that a piece of software has been examined for malware and doesn’t contain any. But sometimes it does. Or, at least, in one case a piece of signed software contains malware. It’s unlikely to be alone.
Avast’s Michal Krejd reports in his blog that many users asserted that some instances of Avast detecting Win32:Injected-AZ were false positives. A Google search for Win32:Injected-AZ shows up plenty of forum entries by users about the malware.
In practice, what seems to have happened is that a version of a package named Aventura in fact contained Win32:Injected-AZ, even though the developer had signed off the software as clean, using a digital signature. This can arise because developers, rather than re-inventing the wheel, will routinely re-use software from third parties to perform specific functions.
So in this case, even though the package’s container was malware-free and was signed, some of the contents were not — and were not signed. The issue is, how can you tell? If you run a signed installer, for example, you expect it to be malware-free if its signed. Yet Avast picked up the fact that the software contained malware, even though it was signed.
The moral of the story is that a signature does not necessarily guarantee that all the contents of a package are clean. Fortunately, as Krejd notes in his blog, “the malcode inside seems to have never been executed, therefore this specific case is not a critical issue”.
Krejd’s approach for the future? “If you encounter this detection on your PC, replace the infected binaries with original ones. And if the original binaries are also infected, ask their vendor to provide you with clean binaries.”
Going mobile
Do you know where you are? Probably, but do you want everyone else to know where you are too? There’s a new game out for the Android operating system for smartphones. It’s called TapSnake, and it’s a spin on the classic snake game, which used to be found on Nokia phones.
It turns out that the game contains a Trojan. The new rev of the game plays fine — but while it’s running, the game turns on the GPS location device and uploads data to a remote server so that your location is made public. All you need to find out where players of this game are is to download and run a package called GPS Spy on another Android device. It means you can see where players of the game have been and when.
Effectively, mobile software can compromise you in ways that personal computer software does not. Be aware – check the provenance of those fun little games…
