<?xml version="1.0" encoding="UTF-8"?>
 <rdf:RDF xmlns="http://purl.org/rss/1.0/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:taxo="http://purl.org/rss/1.0/modules/taxonomy/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:cc="http://web.resource.org/cc/" xmlns:syn="http://purl.org/rss/1.0/modules/syndication/" xmlns:admin="http://webns.net/mvcb/">
  <channel rdf:about="http://pinboard.in">
    <title>Pinboard (guardiantech)</title>
    <link>https://pinboard.in/u:guardiantech/public/</link>
    <description>recent bookmarks from guardiantech</description>
    <items>
      <rdf:Seq>	<rdf:li rdf:resource="http://www.h-online.com/security/news/item/Android-virus-scanners-are-easily-fooled-1856133.html"/>
	<rdf:li rdf:resource="http://arstechnica.com/microsoft/news/2011/09/privacy-violating-useless-avg-anti-virus-app-pulled-from-windows-phone-marketplace.ars"/>
	<rdf:li rdf:resource="http://voices.washingtonpost.com/securityfix/2009/03/obscene_profits_fuel_rogue_ant.html"/>
	<rdf:li rdf:resource="http://nakedsecurity.sophos.com/2011/06/02/apple-to-malware-authors-tag-youre-it/"/>
      </rdf:Seq>
    </items>
  </channel><item rdf:about="http://www.h-online.com/security/news/item/Android-virus-scanners-are-easily-fooled-1856133.html">
    <title>Android virus scanners are easily fooled &gt;&gt; The H Security</title>
    <dc:date>2013-05-06T19:30:48+00:00</dc:date>
    <link>http://www.h-online.com/security/news/item/Android-virus-scanners-are-easily-fooled-1856133.html</link>
    <dc:creator>guardiantech</dc:creator><description><![CDATA[<blockquote>Researchers at Northwestern University and North Carolina State University <a href="http://list.cs.northwestern.edu/mobile/droidchameleon_nu_eecs_13_01.pdf">have discovered</a> that anti-virus programs for Android can usually be bypassed using trivial means. The researchers developed DroidChameleon, a tool that can modify known malware apps in numerous ways to prevent them from being detected.<p>
Most of the ten scanners they tested mainly performed signature-based analyses. In some cases, simply changing the package name in the metadata was enough for virus scanners to consider the malware harmless. Several scanners could be fooled by unpacking the malware and then creating new installation packages. In other cases, the researchers were successful after encrypting parts of the app or redirecting function calls.<p>Their conclusion is unambiguous: all ten anti-virus programs could be fooled in one way or another…<p>The researchers' findings are a further reason for users to not allow the installation of apps from untrusted sources, also called sideloading, in the first place.</blockquote>

(Thanks @rquick for the link.)]]></description>
<dc:subject>android malware antivirus</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:guardiantech/b:376a343fad53/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:android"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:malware"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:antivirus"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://arstechnica.com/microsoft/news/2011/09/privacy-violating-useless-avg-anti-virus-app-pulled-from-windows-phone-marketplace.ars">
    <title>Privacy-violating, useless AVG antivirus app pulled from Windows Phone Marketplace</title>
    <dc:date>2011-09-14T05:20:16+00:00</dc:date>
    <link>http://arstechnica.com/microsoft/news/2011/09/privacy-violating-useless-avg-anti-virus-app-pulled-from-windows-phone-marketplace.ars</link>
    <dc:creator>guardiantech</dc:creator><description><![CDATA["To the surprise of many, an antivirus application was published on the Windows Phone Marketplace earlier in the week. The publication of AVG Mobilation for Windows Phone was peculiar for two main reasons. The first is that Windows Phone simply doesn't have any viruses to scan for. Second, Windows Phone applications are sandboxed; they have no access to the system files or other applications. Even if a virus were to be developed for the platform, the virus scanner would not be able to detect or remove it.<br />
"AVG was apparently undaunted by these obstacles, and developed the free, but ad-supported, Mobilation regardless."<br />
<br />
AVG didn't really cover itself in glory here.]]></description>
<dc:subject>windowsphone antivirus</dc:subject>
<dc:identifier>https://pinboard.in/u:guardiantech/b:796f68244fe0/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:windowsphone"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:antivirus"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://voices.washingtonpost.com/securityfix/2009/03/obscene_profits_fuel_rogue_ant.html">
    <title>Massive profits fuelling rogue antivirus market &gt;&gt; Brian Krebs's Security Fix</title>
    <dc:date>2011-06-23T20:09:21+00:00</dc:date>
    <link>http://voices.washingtonpost.com/securityfix/2009/03/obscene_profits_fuel_rogue_ant.html</link>
    <dc:creator>guardiantech</dc:creator><description><![CDATA["TrafficConverter.biz was dismantled on Nov. 29, 2008, most likely because the same domain was referenced deep inside the guts of the Conficker worm, a family of malware that is estimated to have infected at least 10 million Microsoft Windows systems.<br />
"Prior to site's demise, security researchers managed to snag a copy of the database for the TrafficConverter affiliate program. While that data set is incomplete, the information available on the top-earning affiliates helps explain why so many consumers are reporting infections from rogue anti-virus products: Successful affiliates are making money hand over fist with these programs."]]></description>
<dc:subject>charlesarthur security antivirus scam</dc:subject>
<dc:identifier>https://pinboard.in/u:guardiantech/b:34734f41c21d/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:charlesarthur"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:antivirus"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:scam"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://nakedsecurity.sophos.com/2011/06/02/apple-to-malware-authors-tag-youre-it/">
    <title>Apple to malware authors: Tag, you’re It! &gt;&gt; Naked Security</title>
    <dc:date>2011-06-02T08:24:53+00:00</dc:date>
    <link>http://nakedsecurity.sophos.com/2011/06/02/apple-to-malware-authors-tag-youre-it/</link>
    <dc:creator>guardiantech</dc:creator><description><![CDATA[About eight hours after the bad guys altered their product, Apple came back with an update. "As the cat-and-mouse game continues it will be interesting to see how the attackers proceed. The major change to bypass detection yesterday was to use a small downloader program to do the initial infection, then have that program retrieve the actual malware payload.<br />
"This approach may be successful as it will be easier for them to continually make small changes to the downloader program to evade detection while leaving the fake anti-virus program largely unchanged.<br />
"Why is this important? Apple's XProtect is not a full anti-virus product with on-access scanning. XProtect only scans files that are marked by browsers and other tools as having been downloaded from the internet.<br />
"If the bad guys can continually mutate the download, XProtect will not detect it and will not scan the files downloaded by this retrieval program."<br />
<br />
And they can mutate it, for sure.]]></description>
<dc:subject>charlesarthur apple malware antivirus</dc:subject>
<dc:identifier>https://pinboard.in/u:guardiantech/b:d6d6974ccbed/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:charlesarthur"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:apple"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:malware"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:antivirus"/>
</rdf:Bag></taxo:topics>
</item>
</rdf:RDF>