Now e-cigarettes can give you malware

Better for your lungs, worse for your hard drives, e-cigarettes can potentially infect a computer if plugged in to charge

E-cigarettes may be better for your health than normal ones, but spare a thought for your poor computer – electronic cigrettes have become the latest vector for malicious software, according to online reports.

Many e-cigarettes can be charged over USB, either with a special cable, or by plugging the cigarette itself directly into a USB port. That might be a USB port plugged into a wall socket or the port on a computer – but, if so, that means that a cheap e-cigarette from an untrustworthy supplier gains physical access to a device.

A report on social news site Reddit suggests that at least one “vaper” has suffered the downside of trusting their cigarette manufacturer. “One particular executive had a malware infection on his computer from which the source could not be determined,” the user writes. “After all traditional means of infection were covered, IT started looking into other possibilities.

“The made in China e-cigarette had malware hardcoded into the charger, and when plugged into a computer’s USB port the malware phoned home and infected the system.”

Rik Ferguson, a security consultant for Trend Micro, says the story is entirely plausible. “Production line malware has been around for a few years, infecting photo frames, MP3 players and more,” he says. In 2008, for instance, a photo frame produced by Samsung shipped with malware on the product’s install disc.

Even more concerning is a recent proof-of-concept attack called “BadUSB”, which involves reprogramming USB devices at the hardware level. “Very widely spread USB controller chips, including those in thumb drives, have no protection from such reprogramming,” says Berlin-based firm SRLabs, which released the code.

Combine the two, says Ferguson, “and a very strong case can be made for enterprises disabling USB ports, or at least using device management to allow only authorised devices.

“For consumers it’s a case of running up-to-date anti-malware for the production line stuff and only using trusted devices to counter the threat.”

Dave Goss, of London’s Vape Emporium, says that vapers can remain safe by buying from respected manufacturers such as Aspire, KangerTech and Innokin, and by checking for “scratch checkers” on the box, which mark out authentic goods from counterfeits.

“Any electrical device that uses a USB charger could be targeted in this way, and just about every one of these electrical devices will come from China,” he adds.

In early November, figures obtained by the Press Association revealed that e-cigarettes and related equipment, such as chargers, were involved in more than 100 fires in less than two years...

The Best Antivirus Software: New Winners and Losers

Those malware coders who cobble
together all the Trojans, viruses, and
other nasty programs are constantly
working on new creations, hoping to
get past existing antivirus defenses.
Security vendors are likewise
constantly working on new
technologies to foil the bad guys. That
means PCMag's long running Best
Antivirus story is a work in progress.
The latest revision, published earlier
this week, adds nine new or updated
programs, some of which are quite
interesting.
New Editors' Choice
Ad-Aware Free Antivirus+ 10.5 is only
a point-five revision, but my Lavasoft
contacts insisted it merited a new
review. They were right; it earned
great scores in my hands-on tests. Its
score in my malware blocking test,
9.4 points, beat out all other products
tested using the same collection of
samples, and only one of those
products matched its 94 percent
detection rate. With 83 percent
detection and 5.8 points overall, it
also beat all of the latest products,
though it didn't stay at the top.
These dandy scores along with a
super-smooth installation process
earned Ad-Aware the designation of
Editors' Choice for free antivirus. It
joins existing free Editors' Choice AVG
Anti-Virus FREE 2013 .
Funny-looking Newcomer
Funded using Kickstarter, Jumpshot is
definitely the strangest-looking
antivirus around. All antivirus and
system tune-up tasks are handled by
cartoonish "minions," each with its
own specific task. For example,
Kobayashi the ninja is in charge of
wiping out malware.
This product is actually a bootable
Linux antivirus, but you won't see any
signs of Linux. After a scan, restuls
are presented by the various minions
in cartoon talk-balloons. The
surprising fact is that Jumpshot
outscored all other recent products in
my malware removal test, even Ad-
Aware, with 86 percent detection and
6.5 points. Its tuneup measurably
improved performance on a physical
test system. Do note, though, that
you'll still need a regular antivirus for
ongoing protection, as Jumpshot is
strictly a scan-and-clean tool.
Not So Hot
The antivirus field in general is
growing and evolving, with most
products doing at least a decent job of
rooting out malware and preventing
new infections. IObit Malware Fighter
2 , recently reviewed for the first time
by PCMag, is a notable exception. In
both my malware blocking and
malware removal tests, it achieved
new low scores.
For malware removal, IObit scored an
unprecedented 0.8 of 10 possible
points; the next-lowest score was 4.2
points. IObit identified seven of my
twelve malware-infested systems as
perfectly clean. It earned just 1.5
points for malware blocking, far below
the next-lowest score of 5.9 points,
yet still managed to identify some
valid programs as suspicious. The
best thing I can say about this
program is that it has plenty of room
for improvement.
These are just three of over forty
recent antivirus reviews.

Report: Android’s malware problem isgetting worse, and only users of thelatest version are safe from harm

Earlier this year, we saw a report that said there was a 163% rise in the number of malware-infected Android devices in 2012. As shocking as that figure might be, we have a new report now that says the problem has blown up even further. 

According to a recently published report[ 1] from networking vendor Juniper Networks, the number of mobile threats grew an astonishing 614% from March 2012 to March 2013. This equates to a grand total of 276,259 malicious samples, according to research done by the company’s Mobile Threat Center or MTC. 

What exactly constitutes such a large amount of mobile threats? It is said that the majority of these mobile threats — 77% of the total — come in the form of money-siphoning applications that either force users to send SMS messages to so-called premium-rate numbers or somehow manage to perform the sending of SMS messages all on their own. 
They go virtually undetected as they are normally bundled with pirated apps and appear as normal applications. Typically, these malicious apps can net their creators an average profit of about $10 per user, according to Juniper Networks. 

As it is currently the most popular mobile device platform in the world, it’s easy to see why Android would be targeted with such malicious activities. But perhaps you’re wondering, is there anything that can be done to combat this problem? Indeed, there is. 

In Android 4.2 Jelly Bean, a new safety feature was introduced in order to stop wayward SMS messages dead in their tracks. But that in itself is a huge problem: Android 4.2, the latest version of the Google mobile operating system, is only available on a tiny fraction of all Android-powered devices out on the market. In fact, many of today’s newer devices don’t even ship with it. 

So the relevant safety features, as useful as they might be, becomes pretty much useless. Even worse, the money-making malware mentioned above represents only one type of mobile threat on Android. 

Android spyware is also present, accounting for 19% of the total malicious samples collected in the above-mentioned research. These could potentially put a user’s privacy at risk, collecting sensitive data and all kinds of information then relaying them to the spyware’s creator. Trojan apps have also been discovered to be part of the overall Android ecosystem. 

Although they form a very small part of the entire body of mobile threats on Android right now, it is possible for them to become more widespread in the future. 

If the fix really only lies in having the latest version of Android installed on a device, and the issue of fragmentation — not to mention the slow software updates from carriers and OEMs — persists, that’s almost a certainty. 

What do you think could be done to finally overcome these kinds of problems? Will it be the end of Android as we know it? Let us hear your thoughts in the comments.