Scan a QR code – Expose yourself to mobile malware

Guest post by David Maman – CTO & Founder of GreenSQL.

A single poisoned link is all it takes to expose an entire organization to a full-scale attack.

Hackers write sophisticated browser-based attacks that operate quite stealthily. Now, they’re going after our mobile phones, which are soon to be the number one way we access the web.

As QR codes have evolved, they now can offer users – and thieves – unlimited information within seconds of scanning.

And we scan them voluntarily.

We’ve already been trained to think twice before entering an unknown link we get from a stranger or even a friend, but almost anyone will scan an unknown QR code with a smartphone or a tablet, if the offer it’s embedded in looks tempting enough.

The Experiment:

Over a three-day security conference in London, I created a small poster featuring a big security company’s logo and the sentence “Just Scan to Win an iPAD.” Thousands of people walked by, no one asked where the sign came from, and no one took it down, not even a representative of the company featured on the sign.

The results: 455 people scanned the sign and browsed the link over the three days. The breakdown: 142 iPhone users, 211 Android users, 61 Blackberry, and 41 unknown browsers.

Remember, this was a conference for security professionals.

As I’m a nice guy fighting for the right side, the QR code simply linked to a web page featuring a smiley face. If I had decided to include a malware or poisoned URL attack based on multiple mobile smart phone browsers, I wonder whose phone I would have penetrated…

To make a long story short: QR codes are becoming more and more prevalent. And most of us don’t have the same AV or URL filtering technology on our phones or tablets that we have on our PCs.

The question is: Can we really fully trust the QR codes we see on the streets, in restaurants, or in ads? Regretfully, the answer is no.

Any attacker can take advantage of QR codes. And remember, unlike computers, most mobile devices do not include antivirus solutions to protect us against mobile malware.

Think before you scan.

· Does this QR code seem to come from a reliable source?

· After scanning the QR code and seeing the link, is the link really from whom it claimed to be?

· Would I click on this link if it came through my email?

Even if you miss out on the iPAD or the free ice cream cone, you’re probably better off.

Author bio:

David Maman is CTO & Founder of GreenSQL, the database security company.

About GreenSQL:

GreenSQL, the Database Security Company, delivers out-of-the-box database security solutions for small and mid-sized organizations. Started as an open source project back in 2006, GreenSQL became the no. 1 database security solution for MySQL with 100,000 users worldwide. In 2009, in response to market needs, GreenSQL LTD developed a commercial version, bringing a fresh approach to protecting databases of small- and medium-sized businesses.

GreenSQL provides database security solutions that are affordable and easy to install and maintain. GreenSQL supports Microsoft Azure, SQL Server (all versions including SQL Server 2012), MySQL and PostgreSQL.

Norman Malware Cleaner –Another Free Tool To Remove Tough Malware

Just like the 14 free specialty malware removal tools I wrote on earlier this year, Norman Malware Cleaner has been designed to identify tough malware infections, including specific malware, and then help you eradicate those infections.

Since this particular application is a stand alone executable, it does not require installation (perfect for a Flash Drive). Since scanning with the most recent definition database is a must, you will need to download a new version of the application on a per use basis.

On execution, you will be presented with the following end user agreement. This may be the shortest end user agreement I’ve ever seen.

Despite the fact that this is a powerful application, setting the options is fairly straightforward.

For the first test, I ran a simple Quick scan as illustrated in the following two screen captures.

This scan completed in less than four minutes, and indicated that no infections were present.

I then changed two critical group policies which duplicated common malware attacks – no access to the Task Manager, and restricted access to Windows Explorer (show hidden files).

As you can see in the following screen shot, Norman Malware Cleaner had no difficulty picking up on, and cleaning, these registry changes on a scan rerun.

A scan results log file is saved to the desktop, as illustrated.

Fast facts:

Detect and Remove malware (viruses, Rootkit’s, FakeAV, worms and more)

Utilize advanced Anti-Rootkit technology

Quarantine module

Scanning and cleaning including Norman patented Norman SandBox technology

Supports Quick- Normal- Full- Custom Scan mode

Command line function for better tailor scanning across several machines (businesses)

Daily signature updates available

Systems requirements: Windows 2000, XP, 2003, Vista, 2008 and Win 7.

Download at: Norman

Registration is required.

Note: This application is for use when you are dealing with a machine you know is infected. It is not a replacement for a real-time AV.

As with most tools in this class, advanced computer knowledge is required. Unless you feel confident in your diagnostic skills, you would be better off avoiding this application.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.