Warning: Heartbleed bug is back and it's in reverse

Users of Android phones running a particular version of the Jelly Bean operating system should take extra care with free Wi-Fi hotspots and unfamiliar websites as they are vulnerable to a new variant of the "Heartbleed" bug, IT experts warn.

The Android 4.1.1 system is susceptible to the "Reverse Heartbleed" virus - a variation of the bug that has alarmed authorities worldwide and last week helped hackers to steal social insurance numbers from the Canada Revenue Agency.

With the original Heartbleed, hackers use a flaw in the encryption tool Open SSL to attack computer servers and gain access to users' communication records, login usernames and passwords.

"As for Reverse Heartbleed, it is not a hacker who attacks a server, but a server that attacks users," said Hong Kong Computer Emergency Response Team's senior consultant Leung Siu-cheong.

Users of Android 4.1.1 who connected to a bad server, website or android application were putting themselves at risk of being hacked, he said.

"A bad server could be disguised as a free Wi-fi hotspot," he added.

Gabriel Leung Shing-koon, general manager of EMC Hong Kong and Macau, said users could get around the Reverse Heartbleed bug by upgrading their operating system.