×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Symantec Identifies Android Trojans That Mutate With Every Download

samzenpus posted more than 2 years ago | from the learning-at-a-geometric-rate dept.

Android 97

angry tapir writes "Symantec researchers have identified a new premium-rate SMS Android Trojan that modifies its code every time it gets downloaded in order to bypass antivirus detection. This technique is known as server-side polymorphism and has already existed in the world of desktop malware for many years, but mobile malware creators have only now begun to adopt it."

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

97 comments

New movie (3, Funny)

X.25 (255792) | more than 2 years ago | (#38940763)

X-Men: Androids

Re:New movie (0)

bonch (38532) | more than 2 years ago | (#38945581)

This technique is known as server-side polymorphism and has already existed in the world of desktop malware for many years, but mobile malware creators have only now begun to adopt it.

"mobile malware" = Android malware

Re:New movie (0)

Tyrannosaur (2485772) | more than 2 years ago | (#38946243)

3rd post and its a fanboi. Thank you. http://www.tomsguide.com/us/iOS-Apple-iPad-iPhone-malware,news-13122.html [tomsguide.com]

It exists. Might be less, maybe even much less, but it's there.

Re:New movie (0)

Anonymous Coward | more than 2 years ago | (#38946399)

No, you don't understand. He's implying that, as all Apple-related stuff is always more advanced, iOS malware creators innovated server-side polymorphism (aka cloud polymorphism) before, and the "mobile malware creators" referenced in TFA are just Andorids copycatting from glorious Apple.

Avast runs fine thanks... (4, Funny)

ewanm89 (1052822) | more than 2 years ago | (#38940795)

I do not need Norton Mobile, Avast is cheaper and just as good, so Symantec, stop using your fear tactics for advertising.

Re:Avast runs fine thanks... (0)

Anonymous Coward | more than 2 years ago | (#38940851)

Anti-virus for a phone? That is so fucking stupid it's untrue. Guess that's why they call them smart phones.

Re:Avast runs fine thanks... (1)

ewanm89 (1052822) | more than 2 years ago | (#38940997)

https://market.android.com/search?q=antivirus&c=apps [android.com] -- 1000+ results says otherwise. I think all the major antivirus vendors have an android version now. Finally usually it's not just antivirus but antitheft and firewall too.

Re:Avast runs fine thanks... (0)

Anonymous Coward | more than 2 years ago | (#38941207)

and I bet it runs constantly and drains your battery life in a matter of hours.

Re:Avast runs fine thanks... (4, Insightful)

L4t3r4lu5 (1216702) | more than 2 years ago | (#38941257)

And independent testing [cnet.com] proves they're mostly pretty useless.

As with all things, only install apps from trusted sources, don't click accept on every pop-up box, and check the permissions requested are consistent with the functionality of the app. The same as with any other application on any other OS.

Re:Avast runs fine thanks... (1)

ewanm89 (1052822) | more than 2 years ago | (#38941313)

Do that to, and about as useless as their desktop versions finally Avast and AVG are new since those tests have been done. Just cause your girl is on birth control no harm in still using a condom.

Re:Avast runs fine thanks... (2)

Canazza (1428553) | more than 2 years ago | (#38942023)

I prefer "If you don't want to catch AIDS why are you sticking your hands in that bag of used syringes?"

Re:Avast runs fine thanks... (1, Offtopic)

hairyfeet (841228) | more than 2 years ago | (#38942963)

Except if anybody actually followed your advice we wouldn't have desktop viruses either now would we? We've been handing out that same fucking advice for 30 damned years and it STILL DON'T WORK because all the malware writer has to do is wave the right cookie in front of their faces true story:

For the first time ever I had to throw someone out of my shop and threaten to call the cops if he didn't GTFO, all because a machine I had sold him was infected not 24 hours later and he was demanding i replace it for free. So did I hand him a machine with no updates? No AV protection? Nope he wanted when he was looking at the machines for me to install "the new limewire" and I told him "Look man, that program hasn't existed in a couple of years, the feds shut it down and that whole network is nothing but viruses and pornbugs now. If you'd like me to install a Bittorrent client there are several to choose from and I'll download you a tutorial video so you can learn how to use it" but he passed. So what did he do? The SECOND he got home he Googled "the new limewire" and when the AV wouldn't let him install it first he disabled it then when he couldn't disable it enough to let the malware run he uninstalled the AV. His last words when I threw his dumbass out of my shop were "Its says new limewire right there, you make it work!" stupid fuck. His "new limewire" was a trojan downloader that not only turned it into a spambot but landed over 150 viruses and malware which were doing everything from fighting with each other to infect every file on his system to clickjacking.

And THAT is why your idea won't work friend, because it requires common sense that sadly is so rare nowadays it might as well be a damned superpower. They could have placed the .exe for "the new limewire' in the middle of a life size picture of Goatse with "here it is LOL dumbass" written right above it and it wouldn't have mattered, he wanted limewire and no feds or common sense was gonna keep him away from having it dammit! All you have to do is replace limewire with porn codec, cool screensaver,letter from a Nigerian price, chance to win an iPad/iPod, and voila! You will have a HUGE section of the population that will happily ignore your common sense and will in fact be quite hostile to it.

"Apps from trusted sources" = SMALL help (1)

Anonymous Coward | more than 2 years ago | (#38943319)

Most infestations still come from compromised websites - research by AVG confirms that much, here:

http://betanews.com/2012/01/25/the-top-10-web-security-threats-you-should-avoid/ [betanews.com]

Pertinent quote/excerpt:

"The compromised website is still the most effective attack vector for hackers to install malware on your computer with 47.6 percent of all malware installs occurring in that manner, says security firm AVG. Another 10.6 percent are tricked into downloading exploit code -- many times, without their knowledge -- by clicking on links on pages to sites hosting malware... It also found that faked pharmacy sites are a popular attack method, seen in about 10.4 percent of all attacks. Fake antivirus scanners remain a popular malware injection method at 8.4 percent. "

---

* Fact is, what I noted, in compromised sites, comprises 77% of malware installations - not what users download & install themselves (ala shareware/freeware sites like download.com etc./et al)...

PC's &/or SmartPhones are NOT ALL THAT DIFFERENT EITHER really (smartphones are just smaller handheld personal computers nowadays in essence really).

APK

P.S.=> So, "all that said & aside" - Is an "appstore/walled garden" a BETTER/SAFER BET? Perhaps, & I'm not saying it's not a good idea to do that, but it's far from a 'permanent cure' vs. malware exploitations online (as long as there are fools making more malwares & bushwhacking users via compromised sites' code, that is)...

... apk

Re:Avast runs fine thanks... (0)

Anonymous Coward | more than 2 years ago | (#38941839)

What's your point? Just because those apps exist does not mean they are useful

Re:Avast runs fine thanks... (2, Insightful)

Anonymous Coward | more than 2 years ago | (#38940927)

If your running Anti-virus on a your phone, you've already lost the game...

Re:Avast runs fine thanks... (1)

ewanm89 (1052822) | more than 2 years ago | (#38941011)

Avast and Norton Mobile aren't just antivirus, but firewall and anti-theft (if simcard changed it sends of GPS coordinates and stuff, doesn't protect if someone knows how to factory flash, but how many people who nick phones understand how to use fastboot or odin).

Re:Avast runs fine thanks... (0)

Anonymous Coward | more than 2 years ago | (#38945113)

You've already been fooled if you think Android avast / norton mobile does firewalls.

No application can intercept another's Internet traffic without being rooting. There's no permission for that.

Re:Avast runs fine thanks... (0)

Anonymous Coward | more than 2 years ago | (#38940947)

You get what you pay for so think about why your still getting those pop-up porn ad's.

Re:Avast runs fine thanks... (3, Informative)

ewanm89 (1052822) | more than 2 years ago | (#38941041)

Considering I don't get popups to start with. And lets look at every study done on desktop antivirus solutions and you'll find Avast and AVG tend to come pretty high up the list in hit rate and lack of false positive rate (I also think at last check avast had the fastest on access scanning).

Server-Side Grammar Polymorphism? (4, Funny)

ScentCone (795499) | more than 2 years ago | (#38941287)

You get what you pay for so think about why your still getting those pop-up porn ad's.

Never mind pop-ups. I want to know which virus it was that yanked out the comma from your first clause, changed "you're" to "your" and turned "ads" into "ad's." These make-me-type-like-a-12-year-old malware infestations have really taken over. Because there's certainly no other explanation.

Re:Avast runs fine thanks... (1, Troll)

mcgrew (92797) | more than 2 years ago | (#38941977)

You get what you pay for

That's a lie propagated by marketers to get you to spend three times on a bottle of Alieve what you'd pay for the exact same drug ins a generic bottle. Buy Alieve and you get 1/3 of what you pay for.

I see you still use Windows. Linux is a superior OS in most ways, yet it is entirely free. What are you paying for when you buy a boxed copy of Windows? A pretty box? No, you do NOT always get what you pay for. Often you pay for a lot more than you get.

so think about why your still getting those pop-up porn ad's.

Well, I see why you're getting them.

Re:Avast runs fine thanks... (2)

hairyfeet (841228) | more than 2 years ago | (#38943333)

Most likely he doesn't want to play hardware roulette or keep a second machine with a different OS for Googling why the first machine crapped itself when some DE dev decided he didn't like the way things were and caused his video to take a crap, or the PukeAudio guys gave him a Goatse. There was a time, around 06-07, when i would have supported you on that McGrew but Canonical has done infected the ecosystem with "Lets throw everything out and add more bling! Blingapaloza baby yeah!" and now if anything Linux is more unstable than a bog standard Windows. Oh and before anybody says Debian, that's a workstation OS and about as designed for home users as an HPC server makes a good phone OS. Its support for the stuff you buy in walmart is non existent and its plug and play sucks. you had better REALLY know what you are doing before you make Debian stable your main OS or be ready for pain.

Now as for AV I agree completely, in fact with a few simple tools I am able to make a modern Windows machine pretty much dumbass proof. How? Simple replace IE with Comodo Dragon with ABP, that gives them a low rights mode browser that blocks the nastier ads which is the biggest source of drivebys, add Avast Free or Comodo CIS, both free and which have default sandboxing and scan before load for all webpages and new code. I've been using avast for home users and Comodo for businesses but i'm starting to use Comodo for home again because they have made it less "chatty" on initial setup which used to scare new users, and finally if I want it so nothing other than hardware failure is gonna break that sucker Comodo Time Machine set to do a daily snapshot. With CTM if their kid gets on and manages to pwn a machine so bad it can't even boot all they do is click the home key on start and voila! takes less than 15 minutes to get them back before the trouble. you can even tell it to pay extra attention to certain folders like my pics so they don't have to worry about losing that pic of grandma if they go back.

Now how much time does that take me to setup Mcgrew? Thanks to Almeza Multiset which i got free from Giveawayoftheday.com it takes less than 20 minutes and a grand total of 2 clicks, one to launch the automated installer, the other to click the "yes you can reboot now' button. Compared to the 4 and a half hours i spend on the forums trying to figure out why the last upgrade took a giant dump on my sound and left me nothing but static there really is NO comparison. Quick, where is the list that will tell me EXACTLY which devices sold in walmart are supported under distro X? Most of the lists are badly out of date IF you can find them, and if you DO find a device all you get is a cryptic "Distro S, version number, kernel foo" which might as well be in Chinese for home users. With Windows all they do is look for the Winflag as every device comes with support for XP/Vista/7 by default and frankly most don't even need a disc now, Windows Update will install the drivers when you plug it in.

So while it is pointless to pay for AV it is NOT pointless to pay for Windows. Linux is ONLY for those with the skills to do a systematic step by step troubleshooting diagnosis on error, thanks to Torvalds thinking his shit don't stink and that he is smarter than every other OS developer on the planet the driver situation has gotten so bad users will honestly tell you "Just do a clean wipe and reinstall' which is something they made fun of Windows for back in 05. which wouldn't be bad if we were talking once a decade but the max support is five years IF you plan your installs and sales around LTS, but who the fuck can do that other than enterprise buyers? I have machines in the field going on 9 years with ZERO need for reinstall or even tweaking, that's two service packs, countless updates and ZERO broken drivers. Linux is still too unstable and everything from DE to sound to kernel has been going through rapid and major changes the past 5 years. And in Linux you have the choice: Bleeding edge or no support for modern hardware unless you can compile, which just removed 99% of the population. hell most of the population won't even be able to make heads or tails of the forums because you need to know make/model/rev of ALL affected hardware and most people can't even tell you if they have an AMD or Intel CPU, much less the rest of the components.

So nice try McGrew but you are falling for the classic "If it is easy for me it MUST be easy for everybody else" which is like saying if its easy for that open heart surgeon to do a bypass you ought to be able to do it too. You have skills a good 99% of the population simply doesn't have and the amount of training IF they would be willing to undergo it, most won't, but if they would be willing the cost of the training would cost more than the $89 Windows home license so in this case what at first glance to be the most expensive actually turns out to be the cheaper. Linux is free if your time doesn't cost anything and you have the skills required. Now figure in the cost of having to take it to the shop when something goes wrong and pay for support and you'll see the OS cost is frankly trivial compared to how long you get, WinXP-2001-2014,Win 7-2009-2020.

Re:Avast runs fine thanks... (2)

madmark1 (1946846) | more than 2 years ago | (#38943869)

Why, I believe you are right, Ubuntu IS the only Linux distro available now. I thought there were more, that didn't involve Canonical at all, but after absorbing your wisdom, I went and looked, and sure enough, all gone! Red Hat, Mint, Fedora, Arch... Gone!

Re:Avast runs fine thanks... (1)

hairyfeet (841228) | more than 2 years ago | (#38945177)

The fallacy you are trying to invoke has a name and its called Use Distro X [tmrepository.com] and if you are gonna use BS that is so old it has its own meme, please use meme repo to invoke it, thanks. Use distro X is a fallacy because there is really only 3, with different levels of crap thrown on top, they are Slax, Debian, and Red hat, that's it. Everything else is based on those and to date i've tried over 14 "user friendly" distros and found use distro x is as much bullshit as telling someone who is looking at a black screen of death in linux to reboot. it does nothing, its pointless, thanks for wasting our time with your pointless flag waving. hell you don't even have the guts to name which distro x, just some mythical one that works. yep, bullshitter.

Re:Avast runs fine thanks... (0)

Anonymous Coward | more than 2 years ago | (#38946597)

I dunno if you're using "Slax" as an abbreviation for slackware, or you're talking about the slackware-derived distro of that name [slax.org] . If the former (as I expect), be aware of the latter, and maybe avoid that abbreviation in the future to avoid confusion. If the latter, there's still slackware itself, and the majority of distros based on it are not Slax derivatives (in fact, there's slightly more Slackware->SuSE->x than Slackware->Slax->x).

Then there's Gentoo, Arch, and some less popular ones, which are independent of the big three. They're also *singularly* bad choices for saying Use Distro X, as anyone with the skills to succeed with them (a) already knows about them and (b) can also succeed with whatever distro they use work, but they do exist.

Anyway, I disagree with your suggestion GP is actually saying Use Distro X, he's responding to your claim that "Canonical infested the ecosystem" by completely misunderstanding you as "Canonical infested Ubuntu", and suggesting Ubuntu's not the only game in town (which of course you knew -- do these fools really think they're the only one who's heard of non-Ubuntu systems?!). Where (to me) it's clear you mean that every distro attempting to be user-friendly is taking cues from Ubuntu, thus deteriorating in the same way. So it's just pitifully bad reading skills (which, you gotta admit, is a time-honored tradition on /.), not trotting out the tired claim* that "my distro" will fix everything.

Don't ask me which is worse... ;)

*Note: I will rarely (twice to date) tell someone Use Distro X -- where X = "Arch, or slackware, but I recommend Arch". I've only done this for people who I know have the requisite skills (as proved by their success bending SuSE and Ubuntu, respectively, to their wills), but they don't realize they've learned that much, and are still holding to a "user-friendly" distro even though it's now just getting in their way.

Re:Avast runs fine thanks... (1)

madmark1 (1946846) | more than 2 years ago | (#38947281)

Oh, I understood you just fine, and there is nothing wrong with my reading skills. I run linux just fine, every single day, on 9 different systems. I have no problems with any of them. The fact that you can't seem to get one to do anything but crash, or don't like the add-ons some companies have put forward, doesn't in any way make linux a less viable option. I imagine it's a problem with you, in particular, given the challenges you obviously also face with things like punctuation.

Thanks also for wasting our time with your bullshit anecdotes about how nothing in linux works, and all distros are crap.

Re:Avast runs fine thanks... (1)

hairyfeet (841228) | more than 2 years ago | (#38948015)

Tell me which mean were you intending to invoke, was it works for me [tmrepository.com] or works for me at home it does really [tmrepository.com] because it really would help if you would just point to which meme you are gonna sling. Personally i think they ought to just number them, then you can say 'i'm gonna call a number 4, followed by a 6 and a 19" and call it a day.

You want something besides anecdotes? be careful what you wish for because you just [theinquirer.net] might get [computerworld.com.au] it friend. BTW if your OS wasn't broken why did ASUS abandon it? could it be the the insane return rate [laptopmag.com] from people buying your shit and finding it be broke? how do you answer the fact that dell has to run their own repo, even though they only offer Linux on a teeny tiny amount, because otherwise the deathmarch upgrades shit all over the drivers?

The simple answer is you can't, you can't and you won't because that would mean stopping all the koolaid guzzling and admitting the dirty little secret of FOSS, and that is the driver model is shit. Its shit because Linus Torvalds doesn't care if its shit and has said there will NEVER be an ABI, even though Solaris, BSD, OSX, Windows and every other OS that is NOT Linux has one. Do you HONESTLY believe Linus is smarter than every single OS designer in the world? arrogant much? Oh and please post that bit from one of the kernel devs against ABIs because i don't have that cultist rant bookmarked yet, thanks. When the guy goes so far as to say 'I hope anybody who uses non free drivers has their devices break often!" he has ceased being a developer and became a FOSSie, which like Moonies only accept "the one true way" all bow before the smelly feet of RMS.

But if you'd like more examples, please just ask, 5 minutes in google and i can wallpaper this page with link after link saying the same thing I am, your shit be broke yo.

Re:Avast runs fine thanks... (1)

madmark1 (1946846) | more than 2 years ago | (#38953771)

Yes,and I could wallpaper this page with link after link saying it isn't. Once again, the fact that you can't get it to work doesn't mean others can't. Linking to a joke site certainly proves your point though, thank you for that. I'm sure that clears it up for everyone. Oh, and here's another hint for you genius, the same thing holds true for Windows.

The link to theinquirer.net also certainly proves your point. Dell shipping a laptop with non-functioning drivers or software (and really old software at that) is certainly Linus's fault, cause everyone knows Dell would never even be ABLE to do that with Windows, right? Like here [dell.com] or here [tomshardware.com] or, say, here [sevenforums.com] .

As for Asus, the first article you linked explains exactly why they 'abandoned' Linux. To help you out, since reading that much text must really be hard, I'll repeat it here: “People bought the original seven- and eight-inch Eee PCs for a computer to give to the kids,” Kerr said seriously.

The last article is even funnier. Did you even read it? Did it say anything about linux being broken? Bad drivers? Things not working? Nope, none of those. Why are return rates so high? Again, let me paste it in, since reading is so challenging for you:

“Unclear selling is happening, typically online. The customer will get their netbook sent to their home and they imagine to find something like a Microsoft desktop, but they see a brown Ubuntu version. They are unwilling to learn it and they were expecting to have Windows.” Carr stressed that, in these cases, it doesn’t even matter how good or bad the Linux OS is. These customers just don’t want to try something new.

So it turns out, the return rate is so high because folks like you are too lazy or stupid to even give something a try. Go figure.

In the future, if you want to prove how the driver model is broken, or it crashes constantly, or the entire thing is 'shit', you might want to actually find some supporting articles that say that, and not something else. It's how people do this whole 'debate' thing. Argue their side, provide supporting evidence...

Just for the record though, no, I don't think Linus is 'smarter than every single OS designer in the world'. I do think he's a pretty brilliant guy (when did you write your last OS?), and I think the other THOUSANDS of people who work on, and contribute to, the Linux kernel are also by and large pretty bright guys. Brighter than you, certainly. Just the fact that you think Linus is the only person controlling kernel development proves that.

Re:Avast runs fine thanks... (1)

mcgrew (92797) | more than 2 years ago | (#38954357)

Most likely he doesn't want to play hardware roulette or keep a second machine with a different OS for Googling why the first machine crapped itself when some DE dev decided he didn't like the way things were and caused his video to take a crap, or the PukeAudio guys gave him a Goatse.

You don't need a second machine, you can install dual-boot. I'd not wipe the OS that came with the machine unless it was ruined beyond repair; say, you've installed too much new hardware and Windows thinks you're a pirate. When I slap Linux on the Acer, Windows will still be there.

if anything Linux is more unstable than a bog standard Windows.

Windows has gotten pretty stable, but I don't understand why you're having instability problems with Linux. What's crapping out on you?

Thanks for the tip on Comoto, there are a few follks I know that sorely need it. The Windows box is running AVG Free, I haven't tried Avast. Which one bogs the machine down more? AVG Free is pretty acceptable.

So while it is pointless to pay for AV it is NOT pointless to pay for Windows.

Windows comes with the computer, but you would actually shell out that hundred bucks for a boxed copy to upgrade? Especially when newer versions of Windows won't run well or at all without a new machine?

Linux is ONLY for those with the skills to do a systematic step by step troubleshooting diagnosis on error

In my experience, that's Windows (at least up to XP, haven't had any problems with 7 except its lack of useability). Back around 2004 or so when the Sony XCP rootkit hit, my daughter installed the damned rootkit never believing that a company like Sony would deliberately vandalize a computer. Win 98 was getting long in the tooth, I'd lost the driver disks in a move, and I couldn't get better than 640x480 video and no audio. So I shelled out $125 at Best Buy for XP, since the Linux video drivers for my video card wouldn't display on the TV with the S-Video (it's working fine now, using the same card in a different machine, someone must have fixed the drivers).

But the audio still wouldn't work in XP. I broke down and spent another hundred bucks on a USB Sound Blaster box (which wouldn't work in Linux) and wiped Linux.

I set it all up, reinstalled all the software, and set it for automatic updates. But there was a problem -- Windows refused to run the CD burning software that had come with my burner, saying it made the system unstable. Odd, I'd used that program for years with no instability. But it refused to let me uninstall it and on every boot (which was as I was installing software) I'd get that annoying balloon telling me that it had disabled the software. I was set to wiipe the drive again and re-reinstall XP.

The next morning I had no internet access. The tech at the cable company thought my LAN chip must have gone out because he could see the card but I couldn't see the network. I tried a new cable thinking maybe that's it... nope. I was ready to wipe the drive to excise the program that windows would neither run nor remove any way, so I thought I'd redo the machine before buying a LAN card (hell, that's only ten or fifteen bucks).

When I reinstalled Windows, I had network access again!

The next morning the internet no longer worked. Again. It turned out the Windows had replaced a perfectly good LAN driver with one that didn't work at all!

If you're installing dual-boot on a wiped drive, you must always install Windows first. Windows doesn't work or play well with other (deliberately, I believe). And don't just install Linux blindly -- these days, every distro I've seen's install CD lets you try it out before you install, running from the CD, so you can see beforehand if there will be problems.

I'm working on an old Dell for a friend, it has the Windows XP and driver disks, but I can NOT get the sound to work on that sucker. Getting networking to work was a PIA as well, but I was finally able to get that driver from the internet. No luck finding a sound driver, either on the disks or the internet.

last night I gave up and decided to install kubuntu. It wouldn't load, so tonight I'll dig out an old Mandrake distro and try that. No way would Win 7 run on that 500 mz chip and 256 megs memory, either.

As to the entrprise, my promoting FOSS isn't so much the OS but the office software itself. Then there's the Ernie Ball reason -- a visit from the BSA. IMO that would be the only reason to run Linux on the enterprise desktop.

But as to training, end users don't need any more training with FOSS than they do proprietary software. And note that TSF/A is talking not about OSes but office suites.

Oh, one more thing -- users will honestly tell you "Just do a clean wipe and reinstall' which is something they made fun of Windows for back in 05

Things change in five years, but the reason Windows users were being made fun of for reinstalling is because a Windows install is at least two hours of tedium, followed by two more hours of tedium reinstalling all your software, with a reboot for each and every program and each and every driver. You can wipe and reinstall Linux with five minutes or less of actual user participation, and half hour to 45 minutes later you reboot and you're done, all programs installed and ready to run. All it takes then is restoring your data backups, which will take exactly as long as restoring your data in Windows.

Re:Avast runs fine thanks... (1)

JasterBobaMereel (1102861) | more than 2 years ago | (#38941113)

Norton Mobile, slow you phone down and annoy you, for a cost, to protect yourself against stupidity...

How many viruses can infect my phone if I never download the crapware that they need to do this ...Dancing Bunnies do not interest me

Re:Avast runs fine thanks... (1)

Rockoon (1252108) | more than 2 years ago | (#38941553)

Dancing Bunnies do not interest me

Famous last words?

If you have one of these smart phones then you've already fallen for some dancing bunnies, because right now these smart phones are full-on 1984. I know its a deductive 1984, but its still 1984.

Re:Avast runs fine thanks... (0)

Anonymous Coward | more than 2 years ago | (#38941139)

I use iOS, where there have been zero malware incidents.

Re:Avast runs fine thanks... (1)

mwvdlee (775178) | more than 2 years ago | (#38941293)

And zero anti-malware products to notice them even if there were malware incidents.

Re:Avast runs fine thanks... (3, Informative)

BasilBrush (643681) | more than 2 years ago | (#38942437)

1) A vulnerability with a demo. There was never any malware written to exploit it, and as it was long since fixed, there never will be.

2) Only affects jailbroken iPhones.

3) You're the victim of an APRIL FOOL! From 2 years ago!
http://vimeo.com/10587301 [vimeo.com]

4) Is nothing more than a user with a problem and no tech knowledge blaming his problem on a virus. There is no virus.

While reasonably rare, iPhone viruses and malware do exist in the wild.

No they don't. At least not on non-jailbroken iPhones.

Re:Avast runs fine thanks... (1)

dave420 (699308) | more than 2 years ago | (#38942721)

It used to be possible to jailbreak an iPhone/iPod using a single website, so I guess your "No they don't" is not as certain as you might imagine.

Re:Avast runs fine thanks... (1)

BasilBrush (643681) | more than 2 years ago | (#38943009)

That's not a virus or malware.

I understand what you're saying. That there have been vulnerabilities, and therefore you'd expect at some stage for some virus or malware to take advantage of one. And of course that possibility does exist for the future.

But it's not happened as yet. So as I say, they're not "rare", they're non-existant.

Re:Avast runs fine thanks... (0)

dave420 (699308) | more than 2 years ago | (#38943811)

So until something that is already demonstrably possible, clearly worthwhile, and very well understood is spotted in the wild, it's safe to assume they don't exist? That's not really how security works...

Re:Avast runs fine thanks... (1)

BasilBrush (643681) | more than 2 years ago | (#38944043)

So until something that is already demonstrably possible, clearly worthwhile, and very well understood is spotted in the wild, it's safe to assume they don't exist?

You're in the realm of big foot, the yeti and the loch ness monster there. Sure, they're theoretically possible. But you'd expect someone to have found evidence for them by now.

Malware does some harm, or at the very least spies on people which requires sending information over the network. Either of these things would have been spotted by now.

They've certainly had no problem spotting malware on Android!

Not clearly worthwhile (1)

SuperKendall (25149) | more than 2 years ago | (#38944997)

demonstrably possible, clearly worthwhile, and very well understood

You are wrong on two counts, partially wrong on the one remaining.

Possible? Yes, in one rare incident. Not possible over a longer timeframe, as Apple closes remote vulnerabilities quickly. It's tethered jailbreaks they tend to leave alone much longer and they don't present an infection vector. And because Apple pushes out updates they go out to almost all the devices over a short period of time.

But your other two points are really what is wrong:

"well understood" - actually most of the jail breakers are not that forthcoming with exact techniques. There is for example currently no "well understood" remote vulnerability on iOS.

"clearly worthwhile" - this is where you went really wrong.

Unlike Android where having malware run on a device can get you some financially positive results (like SMS while you are not looking, or replacing the system keyboard to capture banking passwords) none of that is possible if you trick a user into downloading a trojan or malware iOS app. You cannot send out an SMS without user intervention. It cannot even run in the background reporting things to a remote website.

Simply put, it's actually much more clear that there is no value in producing iOS malware, which is why none has been written to date. I'm sure if there were sufficient cause to do so we would have seen something by now but the security model has too many layers for malware writers to bother currently.

Re:Not clearly worthwhile (0)

Anonymous Coward | more than 2 years ago | (#38959053)

http://www.google.ca/url?sa=t&rct=j&q=developer+banned+stock+app&source=web&cd=4&ved=0CE4QFjAD&url=http%3A%2F%2Fwww.networkworld.com%2Fnews%2F2011%2F110811-miller-ios-bug-252886.html&ei=V4YxT_DpCObn0gHvppGCCA&usg=AFQjCNEbtcb8UOGPNMpFrVg5zA3GgQsplQ&sig2=1ofAhxkADTsOAWdU0vRyGA&cad=rja

The app was in the market for weeks / months, garnering 10,000+ downloads, and the only reason he was caught was because HE WENT PUBLIC WITH IT (as he was a security researcher)?

All your arguments get thrown out the window simply because of this case. If the only reason this "malware" was caught was because he publicly announced it (just like the flashlight tether app a while ago), how do you know one of the other 400,000 applications don't contain something similar?. One little command, and he could have remote wiped every one of those devices.

Re:Avast runs fine thanks... (1)

JamesP (688957) | more than 2 years ago | (#38944099)

I really wonder what's all the crap people download for mobile phones that's infected

People don't need an Anti-Virus they need a Brain (and a secure OS)

Its a Symantec mobile trojan warrior (0)

annieblog (2568481) | more than 2 years ago | (#38944277)

Norton Mobile, slow you phone down and annoy you, for a cost, to protect yourself against stupidity... How many viruses can infect my phone if I never download the crapware that they need to do this ...Dancing Bunnies do not interest me and for more bollywood movies go to pro.howublog.com

Turn it off! (5, Informative)

ArcherB (796902) | more than 2 years ago | (#38940799)

I had my carrier, Sprint, turn "premium rate" text messaging off completely. My phone is clean, but I don't have to worry about it anyway.

Also, it's worth noting that these guys don't need a virus to charge you for this stuff. About 2-3 times a year, I would get some charge on my bill from a joke line, horoscope line or whatever that I never signed up for through text messaging or any other way. The last time it happened, I explained to the customer service rep that I would never use this type of service and she suggested that I block it. I have not had another charge since.

Re:Turn it off! (4, Interesting)

Aladrin (926209) | more than 2 years ago | (#38940889)

This is my only complaint about T-Mobile's customer service. The only way to block this is to pay $5/month and then micromanage your lines. -sigh-

I had this problem with my father's line. He somehow got signed up for all kinds of garbage, and we didn't figure it out until later. (Really gotta watch that bill better.) They reversed a few months' charges, but they're only willing to go back so far. (I don't blame them, there.)

But I did expect them to help me prevent the charges in the future, without me paying for the service.

Re:Turn it off! (1)

Amouth (879122) | more than 2 years ago | (#38941153)

they shouldn't be able to charge you to block that "feature" from use.. i'd call them out on that..

Re:Turn it off! (1)

Skapare (16644) | more than 2 years ago | (#38941275)

It should just a be a flag on the account "this account is not eligible for outside service billing". All outside billing would be rejected to those doing the billing (and then it's up to them to not provide those services for the legitimate services). Whether on or off, it only takes 1 bit.

Re:Turn it off! (1)

L4t3r4lu5 (1216702) | more than 2 years ago | (#38941393)

The only way to block this is to pay $5/month and then micromanage your lines.

Wrong. You also have the option of leaving T-Mobile.

Re:Turn it off! (0)

Anonymous Coward | more than 2 years ago | (#38941613)

You can call and ask for it and they will do it.

Have you ever tried actually *calling* tmobile, dumbass?

Re:Turn it off! (2, Funny)

Anonymous Coward | more than 2 years ago | (#38941681)

You can call and ask for it and they will do it.

Have you ever tried actually *calling* tmobile, dumbass?

I'm sure he called them a lot of things, but it didn't help. :-)

Re:Turn it off! (1)

azalin (67640) | more than 2 years ago | (#38941235)

Simple solution? Go for the money and this will disappear.
Any company setting up a premium number must sign a lot of liability clauses in their contract. No money is transferred to the company right away for any premium number. They get a "payment received" messages, but the money itself is frozen for at least 2 months, either with the carrier or an accredited payment service provider. If reports of abuse come in, this period is extended. If to many complains come in, all transfers to this company are frozen and an investigation is launched.
Most of these schemes work, by grabbing as much as they can before they are noticed. Then it's run with as much as you can.
The idea could probably use some more work, before actually being useful, but I think the basic concept should be fine. The bad news is, that telco carriers probably won't do this without a push from new legislation/regulation.

Re:Turn it off! (0)

Anonymous Coward | more than 2 years ago | (#38944381)

Thank you for subscribing to Cat-Facts...

notnews (4, Informative)

Cyberax (705495) | more than 2 years ago | (#38940803)

So they've discovered polymorphic viruses? You know, like in good old days of DOS where viruses were real viruses and not simple worms.

http://en.wikipedia.org/wiki/Polymorphic_code [wikipedia.org]

Re:notnews (4, Interesting)

gl4ss (559668) | more than 2 years ago | (#38940875)

it's not as elegant as polymorphic on it's own virus. it's server side generated, the server adds some randomization to the code changes classnames, adds'/removes unneeded code and then builds a new package. meaning the signature changes. Now, it's perfectly possible to build a binary and a new package _on_ device too, it just doesn't seem that any malware does it, polymorphic on device _and_ spread through bluetooth would be newsworthy I'd think(it needs the victim to press yes about 3 times and to open the file though - and the user to keep bt on too.. as it happens, you can't on android keep just the handsfree parts of bluetooth on, if you got bt on then obex is on, but you'll still need to accept the incoming files as said).

Re:notnews (2, Funny)

Anonymous Coward | more than 2 years ago | (#38940923)

it needs the victim to press yes about 3 times and to open the file though - and the user to keep bt on too..

No problem; to see cute bunny, press yes 3 times.

Re:notnews (1)

gl4ss (559668) | more than 2 years ago | (#38940933)

it needs the victim to press yes about 3 times and to open the file though - and the user to keep bt on too..

No problem; to see cute bunny, press yes 3 times.

I was thinking more along the lines of "psst. are you available??? ;)". would work wonders.

Re:notnews (1)

azalin (67640) | more than 2 years ago | (#38941019)

it needs the victim to press yes about 3 times and to open the file though - and the user to keep bt on too..

No problem; to see cute bunny, press yes 3 times.

I was thinking more along the lines of "psst. are you available??? ;)". would work wonders.

The proud people of slashdot would never fall for that. Even if a few might actually think that it would be genuine, those would probably faint from hormonal overload on the spot.

Re:notnews (2)

martin-boundary (547041) | more than 2 years ago | (#38941123)

Sounds complicated and fairly limited. They'd be better off encrypting the package, and using a salt that changes with each download. That'd work really well for dumb filters that match binary signatures.

polymorphic on device _and_ spread through bluetooth would be newsworthy

Does bluetooth transmit processes for running remotely? The way viruses worked in the ol' DOS days is that the front section of an executable file was overwritten and the virus code was appended at the end of the file. Then instead of the OS loading the program straightaway, the virus code was loaded, which then loaded the program seamlessly.

That kind of thing wouldn't really be possible with data sent over the network, unless it was directly executable code on the target machine. With current client/server specializations (consumer device == always client, company hardware == always server), a virus couldn't spread far unless it could inject executable code both ways, from client to server and from server to client.

I guess server to client is the easiest, it could be injected javascript in an infected web page. But client to server would require an exploit, and then figuring out where to put the malicious code so that it shows up on the next client's web browser.

Re:notnews (1)

gl4ss (559668) | more than 2 years ago | (#38943469)

* bluetooth transmit processes for running remotely? * ..not when the bluetooth server is done properly, user interaction is always needed to run things originating from bluetooth.

Re:notnews (0)

Anonymous Coward | more than 2 years ago | (#38946673)

Yeah, it still wouldn't be a virus, it'd be a worm, but many phones will let you receive an app over OBEX, click ok 4 times or so, and have it install. It will be completely obvious it's installing an app, and anyone with tech knowledge will know it's a Trojan at that point for sure, and cancel the install if they're quick, or uninstall it (hope it didn't have any exploits to get root and install the payload outside the package!), but then again that same knowledge will protect you from the existing server-based malware.

Re:notnews (0)

Anonymous Coward | more than 2 years ago | (#38946577)

If you actually read the Sym blog, the files they highlight as changed are:

META-INF/MANIFEST.MF
META-INF/ALARM.SF
META-INF/ALARM.RSA
res/raw/data.db
META-INF/CERT.RSA
META-INF/CERT.SF ...

There is no code changes. The only thing that has changed is the manifest file (i.e. permissions and whatnot, there's no executable code), the SF/RSA are developer-specific certificates (no executable code), and "data.db" is clearly an SQL database (they even say so: " ... contains a database of network operators with a list of premium numbers and messages that are to be sent ... ".

So the trick to identifying the malware? You're looking for the same executable code. This isn't even polymorphism. This is changing some rows in a database somewhere. Any good software scanner will primarily focus on the executable parts because that's where the damage is done.

I use to be a fan of Symantec. I am now uninstalling their products with these two stunts. Fuck you.

Sigh

Re:notnews (-1, Troll)

bonch (38532) | more than 2 years ago | (#38945617)

The news is that mobile malware developers are now adopting the technique for Android, rendering all the usual antivirus apps ineffective. It's a YAAM (Yet Another Android Malware) story.

WOLF! (2, Funny)

Anonymous Coward | more than 2 years ago | (#38940823)

cried Symantec...

Re:WOLF! (1)

Reverand Dave (1959652) | more than 2 years ago | (#38942713)

They didn't cry wolf, they just recorded every time norton mobile was downloaded since it is more of a virus than a protector.

Nothing to see here (3, Informative)

Anonymous Coward | more than 2 years ago | (#38941107)

"According to Armstrong, server-side polymorphism is not very widespread on the Android platform at the moment because most users get their apps through official channels and the current structure of the Android Market does not allow for a malware distribution scheme like this one."

Re:Nothing to see here (1)

MrDoh! (71235) | more than 2 years ago | (#38941843)

Yeah, that's how I see it. If you're downloading from dodgy websites/torrents,well... you're kinda asking for virus/trojans/who knows what.

Funny how they've announced this as Google announces 'Bouncer' to check market apps.

Brings Back Memories... Mark Ludwig was the BOMB (1)

chrisphotonic (2450982) | more than 2 years ago | (#38941659)

Brings back memories of when I was in high school... I bought Mark Ludwig's book, 'The big black book of computer viruses'.



I didn't actually write any viruses from reading the book, just a fun boot sector program that displayed subliminal messages. It also happened to get installed on a few choice computers.

Here's his 'little black book' book: http://vxheavens.com/lib/vml00.html [vxheavens.com] . Of course his work talked about polymorphism over a decade ago.

Re:Brings Back Memories... Mark Ludwig was the BOM (1)

Zero__Kelvin (151819) | more than 2 years ago | (#38943413)

So that's why people treat C++ like some kind of virus! It's the damn polymorphism!

Symantec Desperate for Sales (1, Insightful)

na1led (1030470) | more than 2 years ago | (#38941799)

Sounds like Symantec's usual tactics of - create a terrible virus, tell everyone how bad it is, and only their products can protect you. This has been done before to try and sell AV. With Microsoft now having it's free Security Essentials, AV companies are getting desperate!

Re:Symantec Desperate for Sales (1)

tokul (682258) | more than 2 years ago | (#38946607)

With Microsoft now having it's free Security Essentials

MSE is not free for anything bigger than SOHO. Check licensing terms again.

Symantec DEVELOPS Android Trojans That Mutate... (1, Funny)

xxxJonBoyxxx (565205) | more than 2 years ago | (#38941889)

Symantec Identifies Android Trojans That Mutate With Every Download

Symantec DEVELOPS Android Trojans That Mutate With Every Download

There - fixed that for ya'!

Re:Symantec DEVELOPS Android Trojans That Mutate.. (1)

frank_adrian314159 (469671) | more than 2 years ago | (#38943661)

You know, every time an AV story comes up, so does this stupid canard. AV companies have no real need to develop viruses and other malware - there are enough people doing that external to their companies to keep them quite busy enough all of their working hours and to allow them to continue making sales. And do you think these companies would risk the millions of dollars they make each year doing something as idiotic as this?

You may not like their products, but please... Your post (like the others of the same ilk that can be found on this thread) is just stupid.

Why don't we address the source of the problem (4, Insightful)

Rix (54095) | more than 2 years ago | (#38943515)

Has anyone, anywhere ever intentionally used a "premium" SMS service?

Telecoms obviously need a regulatory smackdown requiring them not to act as payment processors.

Re:Why don't we address the source of the problem (1)

gl4ss (559668) | more than 2 years ago | (#38946461)

yep.. for using a laundry machine. for ordering a bus ticket. couple of times for checking an address(of a phone number).

usually it would be nicer to pay through other means, but if you don't have cash and they don't take cards.. doesn't happen too often though.

This means the app didn't come from the market (0)

Anonymous Coward | more than 2 years ago | (#38946655)

You can't apply this technique to the android market as you have to upload your apk to their website, there it gets scanned and it appears in the market a few hours later. Relatively small threat, then.

server-side polymorphism? (1)

dgharmon (2564621) | more than 2 years ago | (#38946807)

How does 'server-side polymorphism` apply to a read-only bootable Ubuntu USB distro, which is the one I use here?

Not about the Android Market (1)

sl4shd0rk (755837) | more than 2 years ago | (#38947011)

FTFA "A special mechanism that runs on the distribution server modifies certain parts of the Trojan in order to ensure that every malicious app that gets downloaded is unique. "

So basically we're talking about "some guys website" hosting malware. This is not about Android Market.

Check for New Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...