According to a report from the Washington Post, the United States Department of Homeland Security has issued an order to all civilian agencies in the federal government to identify any software from Kaspersky Lab on their networks. This is in preparation for a potential outright ban on the use of Kaspersky software in those agencies after 90 days.
For some time now there have been rumblings from the US intelligence and private information security communities about Kaspersky’s alleged links to Russian intelligence agencies. Its founder Eugene Kaspersky, in particular, is understood to have a history of association with Russian intelligence.
The first well-known fake mobile antivirus software was called Virus Shield, and it was placed in the Google Play Store. Since then, the malware has become progressively more sophisticated. Now, it seems to be using the names of legitimate antivirus software companies.
Kaspersky posted an article five days ago about a couple of these malware packages using their name, one on Google Play and the other, unusually, in the Windows Phone Store. Most major antivirus vendors have mobile versions of their software, but the layout and apparent lack of source verification in mobile app stores, coupled with the sometimes complicated named software vendors give to their products, can make it easy to mistakenly install the wrong app. For example, in the Kaspersky example above, the real antivirus software is called “Kaspersky Internet Security for Android,” while the fake apps were given the much simpler names “Kaspersky Mobile” and “Kaspersky Anti-Virus 2014.”
It seems that the only safe way to obtain mobile antivirus apps is by visiting the vendor’s website and locating it there, rather than trusting any mobile app store.
Kaspersky has recently released a detailed description of the “Red October” attack, an espionage operation involving the infection of hundreds of computers targeting government networks, embassies, and scientific organizations. The victims have mostly been in Eastern Europe, according to Securelist, but computers around the world have been infected, including some in the United States.
The Kaspersky report linked above is fairly technical, but a number of other outlets have provided useful summaries of the analysis of Red October, including this article from TechNewsWorld and Securelist’s article linked above.
Reportedly, the attackers who wrote the code appear to be Russian-speaking. Red October also includes elements that have previously been used in attacks against Tibetan activists and other Asian military and energy targets.