Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Android Trojan Found, Spreading From Chinese App Stores

timothy posted more than 3 years ago | from the step-one-install-skype dept.

Security 277

wiredmikey writes that researchers from Lookout Mobile have discovered a sophisticated Trojan targeting Android devices. "The company says the mobile malware is 'The most sophisticated Android malware we've seen to date. Geinimi is also the first Android malware in the wild that displays botnet-like capabilities. Once the malware is installed on a user's phone, it has the potential to receive commands from a remote server that allow the owner of that server to control the phone.' What makes the Trojan different from most 'standard' mobile malware is that Geinimi is being 'grafted' onto repackaged versions of legitimate applications, primarily games, and distributed in third-party Chinese Android app markets."

cancel ×

277 comments

First post (5, Funny)

GameboyRMH (1153867) | more than 3 years ago | (#34713864)

Posting from my Androi^B^B BUY HERBAL VIAGRA

Easy to stop, & how to do so... apk (1, Insightful)

Anonymous Coward | more than 3 years ago | (#34713952)

ANDROID OS allows for the usage of custom HOSTS files, & that's how you stop this botnet from communicating "back to mama" (it's C&C botnet servers):

DO THE FOLLOWING (after obtaining a good reputable solid HOSTS file, like mvps' -> http://www.mvps.org/winhelp2002/hosts.htm [mvps.org] )

---

1.) Get ahold of the "Android Debugging Bridge" (ADB) & install it

2.) Mount your system mountpoint as READ + WRITE (as powerful of priveleges as you need is this)

3.) Using the PULL command, copy the file over from your PC (or even on your ANDROID if its there already) using PULL & overwrite the etc. folder's copy of HOSTS

---

DONE! Yes, it's THAT simple... &, it works!

APK

P.S.=> Of course, your HOSTS file will need to have the domain/hosts name of the C&C servers, & that you have to obtain for this to work vs. this threat!

(However - I don't think the article noted them, & articles of THAT "nature" are poor imo, not detailed enough - it's nice to say "hey, there's a botnet out there" but to not list its servers too? WTF! Thankfully though, the HOSTS file sources I use to populate my custom HOSTS file update every hour on some of them, & around once a day on most, & once a month for the "worst of them"!)

Other /. articles have helped ME this way before (which is WHY I am sort of "disappointed" in the source article here, per my last paragraph in reply just above now):

2 examples thereof in the past I have used, & noted it there, are/were:

http://it.slashdot.org/comments.pl?sid=1898692&cid=34473398 [slashdot.org]
http://it.slashdot.org/comments.pl?sid=1896216&cid=34458500 [slashdot.org]

apk

Re:Easy to stop, & how to do so... apk (2)

mark72005 (1233572) | more than 3 years ago | (#34714008)

Certainly, the average doofus who bought "one of those smartphones" will be able to follow all those directions.

Hopefully, folks are interested enough to learn! (-1)

Anonymous Coward | more than 3 years ago | (#34714178)

"Certainly, the average doofus who bought "one of those smartphones" will be able to follow all those directions." - by mark72005 (1233572) on Thursday December 30, @03:10PM (#34714008)

Well, WHO SAID /. HAS NOTHING BUT (what was it you called them? Oh, yea, lol -> ) "average doofus'" on it only?

Heck, by contrast?

I feel, @ least, that MOST of the folks posting here are @ least, imo, 1/2 technical usually! Especially in the strictly "computer sciences" related sections of these forums (which this one, is).

APK

P.S.=> I really can't make my directions any easier really, but I would be willing to answer questions on it, as I just did this about 3-4 weeks ago or more on an ANDROID OS, & it WORKS (even on an ANDROID phone/OS) - especially vs. KNOWN THREATS like this one is now...

PLUS, now? I actually have the blocking data in host/domain names that need to be blocked off, thanks to AltairDusk (a user here who found a SOLID source article for us) -> http://mobile.slashdot.org/comments.pl?sid=1930156&cid=34714024 [slashdot.org] ...apk

Thanks to another poster here? We have them! (0, Redundant)

Anonymous Coward | more than 3 years ago | (#34714024)

FROM -> http://blog.mylookout.com/2010/12/geinimi_trojan/

BOTNET SERVERS TO ADD TO YOUR CUSTOM HOSTS FILE FOR ANDROID TO BE IMMUNIZED VS. THIS BOTNET:

---

0.0.0.0 www.widifu.com
0.0.0.0 widifu.com
0.0.0.0 www.udaore.com
0.0.0.0 udaore.com
0.0.0.0 www.frijd.com
0.0.0.0 frijd.com
0.0.0.0 www.islpast.com
0.0.0.0 islpast.com

---

You can thank this fellow, not I -> http://mobile.slashdot.org/comments.pl?sid=1930156&cid=34713892 by AltairDusk (1757788) on Thursday December 30, @02:57PM (#34713892)

Thank him, for my getting those of you interested in protecting yourselves vs. this threat, even on your ANDROID phones, via a CUSTOM HOSTS FILE - because he turned up the sources you need, per my last post here -> http://mobile.slashdot.org/comments.pl?sid=1930156&cid=34713952

APK

Re:Thanks to another poster here? We have them! (1)

Pharmboy (216950) | more than 3 years ago | (#34714190)

In a hosts file, don't you normally assign 127.0.0.1 (localhost) instead of 0.0.0.0 (default router/every ip)? Or is it different for phones for some reason?

Re:Thanks to another poster here? We have them! (0)

Anonymous Coward | more than 3 years ago | (#34714342)

You are correct, and it is not different for phones. The AC you replied to is a fucking moron. You can tell this quite easily by a) his inability to form a rational sentence and b) his horrendous suggestion for what he thinks is a reasonable way to combat malware.

Re:Easy to stop, & how to do so... apk (4, Insightful)

icebike (68054) | more than 3 years ago | (#34714242)

ANDROID OS allows for the usage of custom HOSTS files,

None of that is necessary. Why even post this crap?

Simply load your apps from the Android market instead of dodgy Chinese warz sites.

Re:Easy to stop, & how to do so... apk (0)

Anonymous Coward | more than 3 years ago | (#34714366)

And loading apps from the Android market will remove the trojan how?

Re:Easy to stop, & how to do so... apk (1)

h4rr4r (612664) | more than 3 years ago | (#34714410)

It won't. What will is a simple wipe to factory settings. Then the user just logs back in and this time only installs apps from reputable apps stores.

Re:Easy to stop, & how to do so... apk (1)

CommunistHamster (949406) | more than 3 years ago | (#34714390)

What if someone makes malware to make the phone dial premium-rate telephone numbers? Is this the return of the autodialler-type-virus?

Re:Easy to stop, & how to do so... apk (1)

catmistake (814204) | more than 3 years ago | (#34714438)

Ok, that's dynamite, Dino. Huh... HOSTS file. Yeah... just edit that on all you *nix devices and you're golden. Or you could run your own DNS... far less mucking about with adjusting HOSTS files like some square throwback admin from 1974. YMMV

Re:First post (0)

Anonymous Coward | more than 3 years ago | (#34714252)

Posting from my Androi^B^B BUY HERBAL VIAGRA

You seriously just made me send water out my nose I laughed so hard when i saw that.

I suppose it's time to invest in android antivirus software...

ummm... (2)

snugge (229110) | more than 3 years ago | (#34713878)

...no link?

But it's Linux (0)

Anonymous Coward | more than 3 years ago | (#34713880)

Oh the humanity.

This has to be somebody's fault -- as long as it's not Linus's.

Re:But it's Linux (2)

tacarat (696339) | more than 3 years ago | (#34713916)

If it's not Linus, then we might assume it's Rerun or Lucy.

I guess RTFA went out the window entirely... (5, Informative)

AltairDusk (1757788) | more than 3 years ago | (#34713892)

Sophisticated? (0)

Anonymous Coward | more than 3 years ago | (#34713988)

have discovered a sophisticated Trojan targeting Android devices

Apparently the trojan runs entirely in user space, it can't even install another app without getting the user's permission.

The fact that it can send information to another computer is the very definition of a trojan, and sure as hell isn't going to make it a "sophisticated" one.

Re:I guess RTFA went out the window entirely... (1)

frinkster (149158) | more than 3 years ago | (#34713998)

Thank you for the link... The blog post says that the Trojan can "control" the phone but nowhere does it say that "control" means anything other than prompting the user to install or delete other applications.

AltairDusk, thanks... apk (0)

Anonymous Coward | more than 3 years ago | (#34714070)

Thanks - specifically for getting me the C&C servers, etc. to block in my HOSTS file on ANDROID (and my PC too) per my earlier posts here on that subject, & how to SECURE YOURSELF vs. this new ANDROID botnet malware etc.:

http://mobile.slashdot.org/comments.pl?sid=1930156&cid=34713952

&

http://mobile.slashdot.org/comments.pl?sid=1930156&cid=34714024

APK

App names? (0, Flamebait)

Tenant129 (1362913) | more than 3 years ago | (#34713910)

So beware of downloading things from Chinese websites? That's news? It would be nice if there was a list of what app's this is being packaged with. For those of us actually enjoying the open source aspect of the Android OS, what is this going to tell us? That someone is harvesting data off of your phone? This is nothing new, it describes how half the apps on the Android Market work. This is just telling us that now someone who isn't hiding behind the false curtain of legitimacy is doing it too. Shocking!

Re:App names? (2)

1000101 (584896) | more than 3 years ago | (#34713948)

So beware of downloading things from Chinese websites? That's news?

Um, what if you are Chinese?

Re:App names? (2, Funny)

Anonymous Coward | more than 3 years ago | (#34714218)

I've checked, and it turns out I'm not Chinese.

Re:App names? (0)

Anonymous Coward | more than 3 years ago | (#34714476)

I've checked, and it turns out I'm not Chinese.

Bully for you. Now what do you propose to do for the Android users who are?

Re:App names? (1)

Pharmboy (216950) | more than 3 years ago | (#34714326)

Um, what if you are Chinese?

Sucks to be you.

Re:App names? (1)

Joce640k (829181) | more than 3 years ago | (#34713960)

The summary suggests that the list probably changed while you were writing that...

Re:App names? (0)

MichaelKristopeit345 (1967646) | more than 3 years ago | (#34713968)

it's very telling that your response to this information is to develop your prejudice towards a country rather than the application distribution infrastructure that enabled citizens of every country from doing the exact same thing.

why do you cower behind a chosen pseudonym? what are you afraid of?

you're completely pathetic.

Re:App names? (0)

mark72005 (1233572) | more than 3 years ago | (#34714022)

Lighten up, Francis

Re:App names? (-1, Offtopic)

MichaelKristopeit345 (1967646) | more than 3 years ago | (#34714150)

my name is michael kristopeit.

you're an idiot.

Re:App names? (0)

mark72005 (1233572) | more than 3 years ago | (#34714212)

his name is michael kristopeit
his name is michael kristopeit

Re:App names? (0)

MichaelKristopeit345 (1967646) | more than 3 years ago | (#34714254)

i'm sure you'll forget again, nancy.

Re:App names? (0)

dreamchaser (49529) | more than 3 years ago | (#34714320)

His name is mark
You need anger management training

Re:App names? (1)

MichaelKristopeit330 (1963782) | more than 3 years ago | (#34714386)

ur mum's face need anger management training.

why do you cower behind a chosen pseudonym? what are you afraid of?

you're completely pathetic.

Re:App names? (0)

mark72005 (1233572) | more than 3 years ago | (#34714458)

Lighten up, Francis.

Re:App names? (0)

MichaelKristopeit335 (1966810) | more than 3 years ago | (#34714552)

my name is michael kristopeit.

you're an idiot.

Re:App names? (0)

Ornlu (1706502) | more than 3 years ago | (#34714462)

You must have the worst Karma EVER. Have you ever posted without directly insulting the parent?

Re:App names? (0)

tophermeyer (1573841) | more than 3 years ago | (#34714284)

No, I am Michael Kristopeit!

Re:App names? (1)

h4rr4r (612664) | more than 3 years ago | (#34714426)

No, I am Michael Kristopeit!

Re:App names? (0)

Anonymous Coward | more than 3 years ago | (#34714244)

Does anyone else think that there actually is some "Michael Kristopeit" somewhere in the world who doesn't read Slashdot at all, but one guy has this massive, childish grudge against him, and decided on a bot-assisted trolling spree as a sort of mom's-basement-scale revenge? I mean, it certainly would explain the truly unjustified obsession with pseudonyms and fear; it would easily reflect on the poster's fears that someone will discover (or at least reason) that, in this context, "Michael Kristopeit" itself is a pseudonym, and that he is desperately throwing out a smokescreen to try to shift the defensive stance on others.

Re:App names? (0)

Anonymous Coward | more than 3 years ago | (#34714396)

No, I think he's probably just a douche.

Re:App names? (0)

MichaelKristopeit332 (1966804) | more than 3 years ago | (#34714418)

ur mum's face's probably just a douche.

why do you cower? what are you afraid of?

you're completely pathetic.

Re:App names? (-1, Troll)

MichaelKristopeit331 (1966802) | more than 3 years ago | (#34714404)

why do you cower? what are you afraid of?

you're completely pathetic.

Re:App names? (1)

h4rr4r (612664) | more than 3 years ago | (#34714446)

This is the only possible explanation.

Re:App names? (0)

Anonymous Coward | more than 3 years ago | (#34714382)

you're completely pathetic.

Re:App names? (0)

MichaelKristopeit333 (1966806) | more than 3 years ago | (#34714432)

ur mum's face're completely pathetic.

why do you cower? what are you afraid of?

you're an ignorant hypocrite.

Re:App names? (2)

swanzilla (1458281) | more than 3 years ago | (#34713986)

From TFA (linked above)

There are a number of applications—typically games—we have seen repackaged with the Geinimi Trojan and posted in Chinese app stores, including Monkey Jump 2, Sex Positions, President vs. Aliens, City Defense and Baseball Superstars 2010.

Re:App names? (1)

Tenant129 (1362913) | more than 3 years ago | (#34714120)

Ah cool. I googled it and didn't find any links with a list of apps. Thanks for quoting the text from the link above. I'll check it out in full. Would have been nice to have in the /. story.

Re:App names? (0)

Anonymous Coward | more than 3 years ago | (#34714160)

So beware of downloading things from Chinese websites? That's news?

It would be nice if there was a list of what app's this is being packaged with. For those of us actually enjoying the open source aspect of the Android OS, what is this going to tell us? That someone is harvesting data off of your phone? This is nothing new, it describes how half the apps on the Android Market work.

This is just telling us that now someone who isn't hiding behind the false curtain of legitimacy is doing it too. Shocking!

Look, I know R'ing TFA isn't the in thing to do these days... but could you at least RTFS? There's a huge difference between silently collecting personal information, and taking complete control of the system remotely for nefarious use. TFS makes it clear this case deals with the latter.

Next.

Link? (-1)

Anonymous Coward | more than 3 years ago | (#34713914)

How about a link, Timmy?

And that's why children, (2, Interesting)

Anonymous Coward | more than 3 years ago | (#34713920)

proper code signing (and not letting unsigned code run) is important.

Re:And that's why children, (0)

MichaelKristopeit345 (1967646) | more than 3 years ago | (#34714056)

proper code signing? you're delusional. keep drinking the kool aid.

what about not letting code signed with with ill obtained keys run? is that important too?

cower some more, feeb.

you're completely pathetic.

Re:And that's why children, (1)

bigredradio (631970) | more than 3 years ago | (#34714210)

So do you always end your posts with "you're completely pathetic"? A little humility might suit you better. you're completely pathetic.

Re:And that's why children, (1)

MichaelKristopeit343 (1967642) | more than 3 years ago | (#34714280)

anonymity can never beg humility.

you're an ignorant hypocrite.

did your mother name you "bigredradio"? why do you cower behind a chosen pseudonym? what are you afraid of?

you're completely pathetic.

Re:And that's why children, (0)

Anonymous Coward | more than 3 years ago | (#34714526)

So do you always end your posts with "you're completely pathetic"? A little humility might suit you better.

you're completely pathetic.

Yeah, he does. He's a pretty well-known troll around here, probably bot-assisted, too, though the mom's-basement-quality rants he goes on could imply a level of paranoia and hate that means he's actually typing it out every time so it "counts" more, or something similar.

Frankly, we'd probably just ignore him, but his fear and rage make him just so predictable and easy to manipulate, plus he's got this so-pathetic-it's-hilarious quality about him it's hard NOT to be amused. I mean, watch: Chances are he'll respond to this post with something about how I cower behind an anonymous face, asking me what I have to hide, or make insults about my mother.

Re:And that's why children, (0)

Anonymous Coward | more than 3 years ago | (#34714232)

what about not letting code signed with with ill obtained keys run?

That's part of proper code signing, yes.

Re:And that's why children, (1)

MichaelKristopeit343 (1967642) | more than 3 years ago | (#34714338)

it seems as if you've confused "proper" with "impossible". keep pushing your wares, marketeer. you're an ignorant hypocrite.

cower some more, feeb.

you're completely pathetic.

Re:And that's why children, (0)

Anonymous Coward | more than 3 years ago | (#34714246)

what about not letting code signed with with ill obtained keys run?

Because anyone can tell that the string of 1s and 0s in an "ill obtained" key (whatever that means) are bad, while the identical string of 1s and 0s in a properly obtained key are good. Who's a feeb now? Who's pathetic now? You are.

Re:And that's why children, (1)

MichaelKristopeit342 (1967640) | more than 3 years ago | (#34714358)

bravo on the most ignorant post i've ever read.

it's a shame you cower... pathetic ur mum's face are.

Re:And that's why children, (0)

Anonymous Coward | more than 3 years ago | (#34714068)

How is that going to change anything? This "trojan" is being hacked in and reuploaded.

Once a platform's OS has been compromised (i.e. all major platforms), it becomes "trivial" to rip the executable out of memory, graft on a trojan, resign with your own key, and upload -- which is exactly what SOMEONE (the app is cannot self-replicate, nor affect other apps) is doing. It's also trivial to remove since it still is just a regular app (hit uninstall).

If you note in the article, the app still must request every single permission it wants to use. Compare this with any other platform, in which there is nothing stopping a similar attack as you have no idea what's going on.

Plus, if this was the Android Market, these apps would have been pulled already.

Re:And that's why children, (0)

Anonymous Coward | more than 3 years ago | (#34714192)

proper code signing (and not letting unsigned code run) is important.

You must be working for Microsoft if you think that solves it...

Re:And that's why children, (0)

Anonymous Coward | more than 3 years ago | (#34714352)

And you must be an idiot. And... no, you're not worth any further comment. I don't feed trolls.

The problem with buying from Chinese app stores (3, Funny)

Anonymous Coward | more than 3 years ago | (#34713924)

An hour later and you're hungry for privacy again.

A lot like Windows after all (-1, Troll)

Stenchwarrior (1335051) | more than 3 years ago | (#34713942)

Like someone had said in a story from earlier this week, Android is the new Windows with its wide-hardware compatibility and susceptibility to viruses.

Re:A lot like Windows after all (-1)

Anonymous Coward | more than 3 years ago | (#34714042)

But it's powered by Loonix and as slashtards routinely remind us Loonix is immune to viruses, trojans and other malware.

Re:A lot like Windows after all (-1)

Anonymous Coward | more than 3 years ago | (#34714052)

Don't forget the regular required hard resets. My droid 2 brings back memories of Win 3.11

Re:A lot like Windows after all (3, Informative)

MrHanky (141717) | more than 3 years ago | (#34714066)

Yeah, except this is not a virus and Android doesn't seem to be very susceptible to viruses.

Re:A lot like Windows after all (-1)

Anonymous Coward | more than 3 years ago | (#34714080)

Shame that Android is based on Linux then isn't it?..

So what doe that make Linux now then???

Oh the Irony

So SICK of that comparison.

Re:A lot like Windows after all (0)

Desler (1608317) | more than 3 years ago | (#34714112)

But you have to remember that Android is only "Linux" for purposes of market share statistics and whenever some good happens. Whenever anything bad happens on the android platform related to malware, trojans, etc this distinction is heavily downplayed.

Re:A lot like Windows after all (4, Informative)

0123456 (636235) | more than 3 years ago | (#34714162)

Whenever anything bad happens on the android platform related to malware, trojans, etc this distinction is heavily downplayed.

Again, if I download and install malware on one of my Linux boxes, how is this a Linux problem?

Linux protects much better than Windows against remote attacks, it can't protect against stupid users.

Re:A lot like Windows after all (0)

Anonymous Coward | more than 3 years ago | (#34714306)

The Ubuntu Software Center, Android Market, (Mac) App Store, Steam, and Desura are the only legitimate places to get software that I know of. If you go outside of those sources, you're looking at problems. This isn't an Android trojan. This is a pirate trojan.

Re:A lot like Windows after all (1)

Desler (1608317) | more than 3 years ago | (#34714508)

The ... Android Market ... only legitimate places to get software that I know of.

So then what is your excuse for this [bit-tech.net] ?

Re:A lot like Windows after all (1, Insightful)

99BottlesOfBeerInMyF (813746) | more than 3 years ago | (#34714322)

Whenever anything bad happens on the android platform related to malware, trojans, etc this distinction is heavily downplayed.

Again, if I download and install malware on one of my Linux boxes, how is this a Linux problem? Linux protects much better than Windows against remote attacks, it can't protect against stupid users.

Sure it can, at least a lot more than it does now. It can sandbox all apps by default, automatically check a malware blacklist and elevate permissions for trojans to ones that are useful to malware only when explicitly told to do so by the user, i.e. he goes in and checks the (allow to send mass e-mails) checkbox for that app.

There is a lot that can be done to more tightly secure Linux distros, applying SELinux style permissions universally is good start. The difference is, for normal home use users don't need these improvements yet because the risks are still so small. Linux does a great job of adapting and improving security as it becomes needed because the developers are the users as well so they are very motivated.

Re:A lot like Windows after all (2)

0123456 (636235) | more than 3 years ago | (#34714146)

Shame that Android is based on Linux then isn't it?..

Linux can't stop Joe Sixpack from downloading malware from the Internet and installing it on his computer. At least, not without becoming another iThing that only allows installation of Jobs-approved software.

Re:A lot like Windows after all (0)

Desler (1608317) | more than 3 years ago | (#34714168)

Linux can't stop Joe Sixpack from downloading malware from the Internet and installing it on his computer.

And neither can Windows, yet it is always blamed for someone installing malware on their systems yet when people install Linux malware [digitizor.com] all these excuses are made about how it's the fault of the user not the system.

Re:A lot like Windows after all (2)

KublaiKhan (522918) | more than 3 years ago | (#34714200)

You're right, it isn't fair to blame Windows for user-supplied malware.

However, that does not mean Windows is any more secure; not all windows malware is user-supplied.

Re:A lot like Windows after all (2, Insightful)

0123456 (636235) | more than 3 years ago | (#34714206)

And neither can Windows, yet it is always blamed for someone installing malware on their systems

What's the percentage of Windows users who install malware on their system rather than being hit by a remote exploit?

Pretty much every major Windows security story I've read in the last couple of years is due to some hole being exploited either in Windows or commonly used Windows software which lacks the sandboxing that's common on Linux (Apparmor, SELinux, etc), not users downloading trojans.

Re:A lot like Windows after all (0)

Desler (1608317) | more than 3 years ago | (#34714374)

What's the percentage of Windows users who install malware on their system rather than being hit by a remote exploit?

I don't know and I certainly doubt you do either. But considering how much anecdotal evidence there is to show that people are in large numbers willingly clicking on malware in emails and installing malware from pops to websites, it's not nearly as small as you try to make it out.

which lacks the sandboxing that's common on Linux (Apparmor, SELinux, etc),

Sure if you ignore things like DEP, ASLR, etc. Oh and before you try to claim that Linux is so superior in security lets listen to the words of the big winner of Pwn2Own 2009 Charlie Miller:

Q: In Pwn2Own 2010 there is still no trace of Linux as possible target. Is it too harder to find exploits for Linux or a non commercial operating system has no interest for exploit hunters?

A: No, Linux is no harder, in fact probably easier, although some of this is dependent on the particular flavor of Linux you’re talking about. The organizers don’t choose to use Linux because not that many people use it on the desktop. The other thing is, the vulnerabilities are in the browsers, and mostly, the same browsers that run on Linux, run on Windows.

Oh and let's not forget this good story based on other statements made by him: Charlie Miller: Windows 7 + IE 8 or Chrome provides safest computing experience [neowin.net] .

I'm sure he's just a Microsoft shill, though, right?

Re:A lot like Windows after all (1)

Desler (1608317) | more than 3 years ago | (#34714400)

Oh and many Linux distros do not come with either SELinux installed or even enabled by default so to try to act like that is common or even remotely universal is a lie.

Re:A lot like Windows after all (1)

Riceballsan (816702) | more than 3 years ago | (#34714394)

Well there's a big difference between the 2. The windows security holes people complain about are generally not "Joe sixpack opened an EXE and clicked OK to the run as admin prompt", that is a user problem not a security hole. The security holes that are newsworthy are "Joe sixpack was browsing CNN.com and a banner add was able to jump from his browser and take over his system" or "Joe Sixpack was reading a PDF file and his system was taken over" Same as on the android, in this case "Joe sixpack chose to use an unknown provider to download an app, then didn't question why a calculator/screensaver/word processor/game wanted permission to get to his contacts, phone numbers GPS data and internet access etc..., then a week later got a prompt asking to install another program with similarly ludicrious requests". The darn phone tells you point blank exactly what the program can access, it dosn't even have the ability to sneak in more then it tells you it can. If you want to call that a security flaw, then complain to your telephone company that if someone calls you and asks for your credit card number, they might be able to get it if you tell it to them.

Re:A lot like Windows after all (1)

Desler (1608317) | more than 3 years ago | (#34714444)

The windows security holes people complain about are generally not "Joe sixpack opened an EXE and clicked OK to the run as admin prompt",

That's funny because there are still constantly stories about people doing exactly that from files in their emails that install worms, trojans, viruses on their computer. Hell, I know someone from a local State Farm branch in Houston that had their entire office infected that way. To claim that this isn't a general case of malware infection is to be completely dishonest.

Re:A lot like Windows after all (1)

Riceballsan (816702) | more than 3 years ago | (#34714548)

Never said it wasn't a malware infection, it just isn't an operating system flaw that anyone can fairly bash microsoft for. Now in the case of a company in this case, for clicking allow to administrative privilages, that is a flaw of their IT staff for letting non-technical users have administrative rights. I never said that wasn't a general infection, I said it wasn't a windows security hole, short downgrading all systems to an ipad-esque system (which even that has holes in it as anyone who is going to go out of their way to download from an untrusted source would probably be just as willing to follow instructions to jailbreak)

Re:A lot like Windows after all (0)

Anonymous Coward | more than 3 years ago | (#34714104)

It isn't a virus. It requires user interaction to install, and I'm willing to bet it requires (and seems to be suggested, but not outright stated, in the summary) that the user be engaging in, shall we say, risky behavior? If a user trusts software from such a source, they get what they deserve. A jailbroken iphone isn't any better. It is their hardware, they should be able to do what they want. Though I suppose if their phone starts messing with the network other people use, the telco is perfectly within their duty to deal with it.

Trolling, trolling, over the bounding main (-1)

Anonymous Coward | more than 3 years ago | (#34713944)

My iPhone is looking a lot better :D :D :D

Re:Trolling, trolling, over the bounding main (-1)

Anonymous Coward | more than 3 years ago | (#34713984)

iPhones don't need trojans or malware; Steve Jobs' deathgrip is enough.

Not "malware" (5, Informative)

Anonymous Coward | more than 3 years ago | (#34713966)

Lookout Mobile appears to be in the process of trying to redefine "malware" to mean "software that sends more data about a phone to a remote server than Lookout think it should". This is not the standard definition of malware that we all know and love.

This Android "trojan" is not like regular viruses from the PC world in many ways. It cannot resist uninstallation. It cannot infect other applications. It cannot lie about what it will do - the permission screen states quite clearly what the apps in question have access to. It cannot steal your passwords or bank details.

There are legitimate questions to ask about apps that send phone IDs surreptitiously to some remote people, but calling these apps "trojans" or "malware" is dangerous, it makes people think they need a virus scanner for their phone when in reality they don't. That's exactly what "Lookout" want of course but it's no reason to believe them.

Re:Not "malware" (1)

owlstead (636356) | more than 3 years ago | (#34714454)

If the software tries to send information without explicit consent from the user in one way or another, it's malware. Some of that information may be implicit (e.g. pointing out updates, retrieving news for a news application, sharing high-scores for games). Sending out personal information while the application is not meant for that information to be send is clearly malicious. If a program is designed to send information maliciously, isn't it malware (== malicious software) by definition?

Stuxnet Redux (1)

Troll-Under-D'Bridge (1782952) | more than 3 years ago | (#34713978)

The last time "sophisticated" was attached to the word malware, a certain Middle East country had problems with its uranium-enrichment program. So what are the chances of this being the mobile version of the Stuxnet worm?

Re:Stuxnet Redux (2)

ColdWetDog (752185) | more than 3 years ago | (#34714134)

The last time "sophisticated" was attached to the word malware, a certain Middle East country had problems with its uranium-enrichment program. So what are the chances of this being the mobile version of the Stuxnet worm?

About the same as the chances of anyone using an Android phone to concentrate uranium.

Zero.

Going to spread like wildfire (1)

adosch (1397357) | more than 3 years ago | (#34714026)

I could almost put money this causing a big problem in the mobile community. Originating from a Chinese mobile app store is one thing from some very tailored application is one thing, but if it's repackaged apps out in the wild for popular (a la pirated, full-version) apps, then it's most definitely going to cripple Android-equipped phone users. Let's be honest, if you can get the app for free, who wouldn't install it? Especially half-wit phone users who have enough technical savvy to go look elsewhere for apps or got that latest 1000-app pack off of Usenet/P2P/Torrent from their buddy.

Re:Going to spread like wildfire (1)

Anonymous Coward | more than 3 years ago | (#34714182)

Then that's their own problem.

Any platform can have viruses or malware written for them if you download them through unofficial channels (even people's precious i devices... there's already been malware out for jailbroken users a while ago). Any retard who does so without due diligence deserves to have his information stolen, plain and simple.

To be perfectly honest, I would trust Android to protect my privacy over any other platform, mobile or desktop *BEACUSE* of it's permission system. *I* am in control of what the app can access, and I can choose to say F*** YOU to the app if it requests things I don't want it to.

Re:Going to spread like wildfire (0)

Anonymous Coward | more than 3 years ago | (#34714356)

To be perfectly honest, I would trust Android to protect my privacy over any other platform, mobile or desktop *BEACUSE* of it's permission system. *I* am in control of what the app can access, and I can choose to say F*** YOU to the app if it requests things I don't want it to.

(Weren't you being perfectly honest up to that point? Notwithstanding that...)

Agreed. And if only we had a line-item veto over the permissions set granted to an app, that would be really helpful.

Re:Going to spread like wildfire (0)

Anonymous Coward | more than 3 years ago | (#34714256)

Let's be honest, if you can get the app for free, who wouldn't install it?

Considering most people don't do this on their computers, I would say most people won't do it on their phones.

Re:Going to spread like wildfire (1)

owlstead (636356) | more than 3 years ago | (#34714512)

Mweh, I haven't had much need to go outside the Google Market to be honest. If I did, it was for some demo code or specialized geeky application which I don't think they will ever target. I don't think most people will visit such sites or share apps with friends (I get loads of tips on apps, but they are by name only, and I look them up / check them out in the Google Market myself). I cannot see anybody visiting Chinese app stores unless they are linked up with them by a Chinese provider.

"Android Trojan Found"? (4, Funny)

RevWaldo (1186281) | more than 3 years ago | (#34714040)

EWWWW!! It was in the back of the machine shop? And it was covered in WD40? EWWWWW!!1!

.

Re:"Android Trojan Found"? (4, Funny)

localman57 (1340533) | more than 3 years ago | (#34714092)

Really? I just saw a very distressed electric sheep running out the back door...

Sorry, Android still rocks (2)

nicholas22 (1945330) | more than 3 years ago | (#34714314)

Even if fanbois from various camps jump with joy/sorrow with the news, I still think that the open model that Android brought to the mobile world will be much more beneficial for everyone (end users, developers, companies, etc.) in the long run, all things considered. People saying that the Apple model is better than Android's are not realizing this.

Anti-malware? (1)

kungfugleek (1314949) | more than 3 years ago | (#34714360)

So is anti-virus/anti-malware worth installing on an Android phone? Because, yeah, I don't like installing apps that ask for permissions, but it seems like almost every app asks for "Full Internet Access," at least. I can't always tell the good ones from the bad. Would a free anti-malware app help or is it just a waste of time?

Who dunnit (0)

Anonymous Coward | more than 3 years ago | (#34714472)

I hate to sound all "conspiracy theory", but who would create such an virus to control the device?
Chinese government? Apple? Surely they would have the most to gain.

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...