Malware silently roots phones; Dell sells SonicWALL and Quest; 154m Americans' data leaked

Dell has revealed it has signed a definitive agreement to sell its Dell Software Group to private equity firm Francisco Partners and hedge fund management firm Elliott Management Corporation.

The announcement came mere hours after Reuters reported that a deal was in the works.

Citing unnamed people familiar with the matter, the Reuters story said that Francisco Partners and Elliott Management were in advanced talks to acquire Dell’s software division for more than US$2 billion.

Reuters said its sources indicated that Dell was seeking to sell almost all of its software assets, including Quest Software and SonicWALL.

Boomi, however, would be retained by Dell and not sold as part of the transaction with Francisco and Elliott Management, one source told Reuters.

Dell released a statement several hours after the Reuters story was posted, saying that it had indeed signed a definitive agreement to sell its Dell Software Group to Francisco Partners and Elliott Management.

But while the statement suggested that both Quest and SonicWALL would be included in the sale, the statement did not provide complete details of which products currently falling under the Dell Software Group umbrella would be sold to Francisco and Elliott Management, and which would not.

The statement did not provide financial terms of the sale, leaving Reuters’ figure of more than US$2 billion as unconfirmed.

Android malware silently roots phones

Security researchers at Trend Micro have discovered malware-infected apps on Google Play that carry multiple exploits and can root a phone.

Veo Zhang, Mobile Threats Analyst at Trend Micro, detailed the malware in a blog post.

“We came across a family of mobile malware called Godless… that has a set of rooting exploits in its pockets,” Zhang wrote. “By having multiple exploits to use, Godless can target virtually any Android device running on Android 5.1 (Lollipop) or earlier. As of this writing, almost 90% of Android devices run on affected versions.”

The researcher highlighted several different versions of the malware and said that Trend Micro had found various apps available on Google Play containing the malware.

In one version, the malware waits until the affected device’s screen has been turned off before proceeding with a rooting routine. In the latest variant of the malware, the attack installs a backdoor with root access.

Once an infected device is rooted, the malware can download and silently install other apps on the device. This could lead to backdoors being opened on infected phones, allowing attackers to spy on users, Zhang said.

154 million Americans’ data leaked

A database containing profiles for 154 million American voters was left unprotected and publicly available on the internet, according to MacKeeper Security Researcher Chris Vickery.

“A few days ago I found a database containing profiles for 154 million American voters, and I have proof that foreigners may have been accessing it,” Vickery wrote on the MacKeeper blog.

The database — a CouchDB instance — was configured for public access and required no username, password or other authentication, he wrote.

Vickery said he found that the naming scheme used in an ID field in the database was the same as a naming scheme that a data brokerage company named L2 used for its records.

“I sent an email to every L2 email address I could easily locate notifying them of the situation. In my email I put forth the theory that a client of theirs was hosting data purchased from L2 in an insecure manner and asked for L2’s assistance in getting it taken down,” Vickery wrote.

“It turns out that my hypothesis was correct and L2 was more than willing to help me track down the client at fault.”

Vickery subsequently spoke to L2’s CEO, Bruce Willsie, about the database.

“The database was taken offline within three hours of our telephone conversation,” Vickery said. “That’s a pretty good turnaround time if you ask me.”

Vickery said that while he was examining the database, he found that a log file indicated that a Serbian IP address had interacted with the database on 11 April this year.

“Why was a Serbian IP messing around with a US voter database? Even if this was just a proxy server, it is still very troubling that this apparent incursion took place back on April 11th,” he wrote.