Jump to content
House Price Crash Forum

Archived

This topic is now archived and is closed to further replies.

interestrateripoff

New Android Malware Should Be Wake-Up Call For Security Admins

Recommended Posts

http://www.techrepublic.com/blog/security/new-android-malware-should-be-wake-up-call-for-security-admins/9641?tag=nl.e550&s_cid=e550&ttag=e550&ftag=

Just last week, security firm Kaspersky published a report about the most complex Android malware they have found so far. In many ways, it mimics what a modern desktop worm would have to do to infect computers. The first surprising finding is how many unknown vulnerabilities that this single malware was exploiting. Typically, most worms and viruses are created to exploit a single security hole. As soon as a Java or Flash exploit is found, for example, hackers go out and create code that can take advantage of it, and then try to get as many people as possible before a fix happens. But the serious desktop threats are those pieces of malware which are sophisticated enough to use many paths of entry, and complex enough to remain undetected via multiple means of stealth. This is what this particular malware is doing.

Backdoor intruder

Nicknamed Backdoor.AndroidOS.Obad.a, this malware used a hole in the code packing system to create an executable that should be found invalid, but still gets processed on an Android smartphone, by planting deliberate errors in the AndroidManifest file. Once there, it can get elevated to the Device Administrator status, but using a security hole in Android, it will not get listed in the apps listing, making it impossible to remove. And the complexity doesn’t stop there. The malware uses a lot of encryption to keep all of its variable names secret, and it will go out through a network connection, downloading a part of the Facebook home page, and use that as its encryption key, to ensure it is truly online and able to connect to its control servers.

It does make you wonder how many holes there are in Android that aren't being fixed. With people having bluetooth , wifi turned on etc... you could very easily spread a mass mobile phone virus. With contactless payment systems coming online the temptation to mass infect mobile phones for profit will be too hard to resist.

The update process for Android appears very sluggish meaning if you can create something you'll probably make a lot of money before they can fix the problem.

Is it just a matter of time before we have a major incident.

Share this post


Link to post
Share on other sites

Does this threat only apply if you've clicked on the 'Allow installation of non-Market apps' ?

If you're the sort of person who will click on this option to install a 'Flirt With Free Singles In Your Area' style app then you are probably less intelligent than your smartphone.

:lol: Ha ha! I like that!

Share this post


Link to post
Share on other sites

Does this threat only apply if you've clicked on the 'Allow installation of non-Market apps' ?

I think the danger is that type of malware may be able to bypass those type of safe guards because of flaws in the OS.

http://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/W32~Nachi-A/detailed-analysis.aspx

W32/Nachi-A is a worm that spreads using the RPC DCOM vulnerability in a similar fashion to the W32/Blaster-A worm.

Microsoft issued a patch for the vulnerability exploited by this worm on July 16, 2003. The patch is available from http://www.microsoft.com/technet/security/bulletin/MS03-026.asp.

The worm also attempts to spread using a buffer overflow exploit for ntdll.dll library in several versions of Microsoft Windows. The exploit is attempted through a Search request of the WebDAV protocol.

Microsoft issued a patch for the vulnerability exploited by this worm on March 17, 2003. The patch is available from http://www.microsoft.com/technet/security/bulletin/MS03-007.asp.

W32/Nachi-A uses two files, dllhost.exe (10,240 bytes) and svchost.exe (19,728 bytes). Dllhost.exe is the main worm component and svchost.exe is a standard TFTP (Trivial File Transfer Protocol) server that is only used by the worm to transfer itself from a source to a target machine.

All you need is something like this and the majority of phones would be infected, I can see in the future Android will need to be patched like Windows to plug the holes. Smartphones make a very attracted target especially if you can get it to send a couple premium texts.

Share this post


Link to post
Share on other sites

Seriously?

Considering that everything you do on an Android phone ends up in the NSA computers you worry about such trivialities such as malware? :rolleyes:

Android and IOS are themselves malware or rather spyware.

Share this post


Link to post
Share on other sites

  • Recently Browsing   0 members

    No registered users viewing this page.

  • 244 Brexit, House prices and Summer 2020

    1. 1. Including the effects Brexit, where do you think average UK house prices will be relative to now in June 2020?


      • down 5% +
      • down 2.5%
      • Even
      • up 2.5%
      • up 5%



×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.