×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

New Android Malware Uses Google Play Icon To Trick Users

samzenpus posted about a year ago | from the protect-ya-neck dept.

Google 223

An anonymous reader writes "A new trojan for Android has been discovered that can help carry out Distributed Denial of Service (DDoS) attacks. The malware is also capable of receiving commands from criminals as well as sending text messages for spamming purposes. The threat, detected as "Android.DDoS.1.origin" by Russian security firm Doctor Web, likely spreads via social engineering tricks. The malware disguises itself as a legitimate app from Google, according to the firm."

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

223 comments

This is why you want a walled-off app store (1, Insightful)

Anonymous Coward | about a year ago | (#42407493)

Because people will download and run apps from that store.

And there's little/no AV protection.

Re:This is why you want a walled-off app store (4, Interesting)

masternerdguy (2468142) | about a year ago | (#42407547)

Actually the android sandbox is quite sophisticated. Jellybean will randomize the location of an application's memory region in order to make buffer overflow attacks harder. Granular permissions allow a user to know exactly what an app wants to do before they even install it (it's written into the API that the app must ask for these permissions). Also Google does automated malware testing on their store in order to weed out undesirables. This thing is spread by installing an APK off of a warez site and ignoring all the scary warnings.

Re:This is why you want a walled-off app store (4, Interesting)

Anonymous Coward | about a year ago | (#42407579)

Not to mention that by default you aren't allowed to install an APK from a source besides the play store, you have to manually disable that restriction.

Re:This is why you want a walled-off app store (4, Insightful)

alostpacket (1972110) | about a year ago | (#42407797)

Yes but this uses an official ICON. Clearly no way to forge that. I've never seen anyone think to use logos or icons for nefarious purposes before. Luckily I am protected here on my Windows 7 machine. I clicked an ad using the Windows 2000 theme that alerted me to major potential threats in my "regisetery"... Had a similar experience on my Macbook Air. Thank goodness for the altruism of all those interwebs ads and sites.

In all seriousness though, this could be a problem for people who root/ROM and install their Google apps from sources other than Google. Granted, when you root/ROM you should be aware of the risks, but it still presents a small danger.

Many Google apps however request permissions that need the app be signed with the same key as the ROM and/or the system key.

See: http://developer.android.com/guide/topics/manifest/permission-element.html#plevel [android.com]

"signature"
A permission that the system grants only if the requesting application is signed with the same certificate as the application that declared the permission. If the certificates match, the system automatically grants the permission without notifying the user or asking for the user's explicit approval.

"signatureOrSystem"
A permission that the system grants only to applications that are in the Android system image or that are signed with the same certificate as the application that declared the permission. Please avoid using this option, as the signature protection level should be sufficient for most needs and works regardless of exactly where applications are installed. The "signatureOrSystem" permission is used for certain special situations where multiple vendors have applications built into a system image and need to share specific features explicitly because they are being built together.

Re:This is why you want a walled-off app store (3, Interesting)

erroneus (253617) | about a year ago | (#42408293)

Cricket.

I was investigating prepaid phone service options because I want to save money and prepaid service seems to be the way to do it. Once shop I visited was "Cricket." The first thing they asked was "what kind of phone do you have?" I said "unlocked GSM." They said, but we have to install our software on it... we have to flash your device before we can put it on our network. I was utterly shocked and then angered. I left before I said anything I might regret, but I will not be doing business with Cricket now or in the future. Bad enough the carriers I buy my phones from want to control my devices. Another carrier wants to modify my property so that I can be their customer.

No. And why would I object so much to that idea?

Because I don't know what they will be putting on my computer and nor will they tell me. And so for the same reason I would not do business with Cricket, I will not generally install software from unknown sources.

Re:This is why you want a walled-off app store (1)

alostpacket (1972110) | about a year ago | (#42408387)

Interesting. Did you get any sense of what they wanted to install? I dont know enough about that specific area but I wonder if there are any legit reasons they might do this. Maybe relating to ESN/MEID/etc, or some type of radio frequency tuning... Still, I would likely have done the same in your shoes.

Re:This is why you want a walled-off app store (1)

bedouin (248624) | about a year ago | (#42409055)

I was with Cricket for a couple years. I bought a new phone from them on one occasion, and when I asked for a data cable, the salesperson asked what I intended to do with it. I answered "sync my addresses" because I knew that was the answer she was looking for . . .

When did Cricket switch from CDMA to GSM?

Re:This is why you want a walled-off app store (-1, Flamebait)

Anonymous Coward | about a year ago | (#42407615)

Why do you hate APK? Is it because he owned you with his superior facts and logic?

Re:This is why you want a walled-off app store (0)

Anonymous Coward | about a year ago | (#42407817)

Why do you hate APK? Is it because he owned you with his superior facts and logic?

APK is the Android application package file format [wikipedia.org]

Re:This is why you want a walled-off app store (0)

Anonymous Coward | about a year ago | (#42408047)

pssssssst...

*Whoooosh*

Re:This is why you want a walled-off app store (1, Informative)

Anonymous Coward | about a year ago | (#42407733)

Actually the android sandbox is quite sophisticated. Jellybean will randomize the location of an application's...

It's too bad that it was released in June 2012, and still, nobody has it [android.com] . So while I'm sure newer versions of Android are much improved, but it doesn't much matter to anyone if the horrible manufacturers won't put an ounce of effort into maintaining the devices.

Re:This is why you want a walled-off app store (4, Informative)

rjr162 (69736) | about a year ago | (#42407847)

....
My Samsung galaxy s3 (gt-i9000) received the 4.1.1 update about 3 or so months ago (from samsung). My neighbors Motorola atrix 2 or whatever received the 4.1.2 update about 2 months or so ago (He has verizon). The Motorola xoom I got my grand father also has received 4.1.1 iirc when I set it up for him after I received it from eBay about 3 weeks ago

Re:This is why you want a walled-off app store (-1)

Anonymous Coward | about a year ago | (#42407911)

AC provided a source and you provided an anecdote. Nice.

Re:This is why you want a walled-off app store (0)

Anonymous Coward | about a year ago | (#42408145)

AC provided a source and you provided an anecdote. Nice.

Actually, you're wrong. That "source" wasn't indicative of anything other than what accessed the play store during a 2 week period.

It could very well be that data represents people getting new devices for the holidays and are then *gasp* upgrading the device. I know I have 1 device that never sees the app store running JBean. While rjr's data may be anecdotal, it also coincides with my everyday observances. 3 of my 4 co-workers are running Jbean on Motorolla or Samsung smartphones, while the other has an Iphone5.

Re:This is why you want a walled-off app store (0)

Anonymous Coward | about a year ago | (#42408513)

You're wrong. Feel free to pull as many other sources as you like.

Also, the data is from before xmas.

Re:This is why you want a walled-off app store (0)

Anonymous Coward | about a year ago | (#42408587)

Including the GP we've confirmed six people on Jelly Bean. Can anyone confirm the other three?

Re:This is why you want a walled-off app store (1)

Anonymous Coward | about a year ago | (#42407959)

It shouldn't have even taken that long though. When Google releases an Android update, it trickles down to the phone manufactures like Samsung who put their tweaks into the code. Samsung in particular seems pretty fast about it (and I'm sure they get access to the pre-release source as well to speed up go-to-market time).

The real bottleneck are the carriers who absolutely drag their feet. AT&T (my carrier) took several months to do what is basically just adding in their bloatware and spyware garbage into Samsung's release of Jellybean - something that should realistically take a couple of weeks at most. That is why I'm running CM10.

AT&T just released 4.1 to the S3 a couple of weeks ago after months of waiting. What sucks about that is 4.2 is already out. 4.1, while still usable and relevant, is already out of date.

While I prefer Android personally on my phone, this is one area in particular where Apple has an edge. iOS updates don't go through this nonsense.

I hope Google can do something to get the carriers to cut out their bullshit, otherwise this is one area that is hurting Android's perception.

Re:This is why you want a walled-off app store (2)

SomePgmr (2021234) | about a year ago | (#42408581)

S2 here. It took them a year to deploy ICS after it came out. Seven months since Jelly Bean came out will actually be a huge improvement, even though it'll already be out-of-date.

While I still prefer Android over iOS, I've learned my costly lesson... don't even consider buying an Android device that isn't a Nexus.

Also, as someone that writes software for Android, I don't like having to target Gingerbread (circa 2010) or give up half the market. Google needs to do something about the savages leeching the platform just to pump out new devices and abandon them.

Re:This is why you want a walled-off app store (0)

Anonymous Coward | about a year ago | (#42408007)

Though I don't disagree with you here, I do wish to point out that the "Granular permissions" you speak of can be as amazingly specific as "requires internet access" and "access your contacts" and on a standard Android phone, you have to accept all of them or none of them.

Re:This is why you want a walled-off app store (1)

BitZtream (692029) | about a year ago | (#42408117)

ASR is cute, but only stops the most trivial of exploit efforts. And this isn't exploiting anything other than the user so ASR is 100% useless.

Granular permissions in the style of Android are practically useless and heres why, a statement from my wife just last night as she played with her Nexus 7:

Does anyone even say no to these permissions since every app wants a bunch of them and you can't use it without click yes?

When every app including crap from Google asks for all sorts of shit, like access to your freaking call log, normal people quickly just click Ok instead of bothering with actually determining the permissions are needed. They've done the same thing as Microsoft. Made the 'security feature' so utterly obnoxious as to be practically useless.

How about letting the app run WITHOUT those permissions? Why do I have to decided if I want an app or not based on the fact that it wants access to my call log at install time rather than saying 'no, you cant see me call log' and still getting the app? Why can I not use the app but tell it to go fuck itself when it wants access to my contacts?

The answer is simple. Google doesn't actually want it to be too secure as that would prevent them from getting all the information they want to target you.

Its really not a great sandbox other than it functions the way it was intended. From a user perspective, its pretty shitty.

Re:This is why you want a walled-off app store (-1)

Anonymous Coward | about a year ago | (#42408151)

Google's automated malware "scan" is completely useless. It catches just 15%.
It's a placebo for gSheeps to feel better and saver.

In facts it's dangerous. Most will tend to rely on Google's botched security, letting their guard down and...gottcha...you've got malware.

Face it GooFans. Android is as save as Windows 95.

Re:This is why you want a walled-off app store (0)

Anonymous Coward | about a year ago | (#42408595)

Android is as suave as Windows 95.

FTFY

Re:This is why you want a walled-off app store (3, Insightful)

erroneus (253617) | about a year ago | (#42408261)

Indeed this is the most significant truth of it all.

In iOS land alone are users "not responsible for their actions." For people to go around installing malware on PCs is a known problem. Save MSIE vulnerabiilities enabling drive-by installations and program execution, people install malware on their own machines.

Now if this story was about a vulnerability in Android devices which permitted this type of system compromise, we might have a much more significant story. But what we have, instead, is reaffirmation that with Android, users have freedom to install the software of their choice just as they have with MacOSX and Microsoft Windows and other Linux distributions. We also have the recognition that users are not invulnerable to attack because they are using something other than MS Windows.

Is this a sign that Android has "matured"? No. iOS is pretty mature and does not exactly suffer from such attacks. (oh wait, yes it does! [forbes.com] ) It is a sign that bad-wetware has recognized that Android is popular enough and free enough to make its users a target. At the end of the day, of course, it is the users which are being targetted and their devices, software and data are the means and the objective of the attack.

This story is useful in that it is important that everyone be aware of the risks of running any software, but especially software from dubious sources. But let's hope the real message is not lost in the hype and flag waving.

Re:This is why you want a walled-off app store (3, Insightful)

Anonymous Coward | about a year ago | (#42407591)

Because people will download and run apps from that store.

And there's little/no AV protection.

There is very little AV protection against users. They are the weakest link, but we can't have successful software companies without end users.

I'm not sure you understand. (4, Insightful)

tuppe666 (904118) | about a year ago | (#42407619)

I know your trying to defend Apples "lets gouge our customers policy" by limiting customer choice (and competition) to Apple on its (not your) phone...but to do do so I think you need to understand that on Android you have to actually go into the settings and *enable* his voluntary, and have to agree to a warning screen...Apple users are do desperate to have this functionality they "Jailbreak" Apples phone, even though Apple have attacked their customers for doing so.

Re:I'm not sure you understand. (-1)

Anonymous Coward | about a year ago | (#42407723)

If I wanted a hobby phone I could kick around I would get an Android. I want a phone that works and apps without ads. I went Apple after finding out the not-so-stellar truth about Android.
 
Maybe it costs a bit more but let's be honest, most of us have spent more on a single meal than what we'd pay more for apps on an iPhone. I speak from experience being an owner of each (and BB and WinPhone and Palm).

Re:I'm not sure you understand. (0)

Anonymous Coward | about a year ago | (#42407771)

I typically spend more on a monthly basis for a single persons meal than a Nexus 4 costs, no way would I buy an iPhone.

Apple bought Quattro :) (1)

tuppe666 (904118) | about a year ago | (#42407857)

If I wanted a hobby phone I could kick around I would get an Android. I want a phone that works and apps without ads. I went Apple after finding out the not-so-stellar truth about Android.

LOL the irony of your post is one of the reason the iPhone is so unsuccessful is its price, and please don't pretend that Apple do not make money from Advertising, they famously made siri useless with advertising. The sad fact is your post is not only off topic but irrelevant...Android outsells Apple 6:1 and sells 1.5million a day...its doing something right, and what Apple is doing wrong, and nothing you or I is going to change that. Personally I would love Apple to create a competitive product.

Re:Apple bought Quattro :) (1)

aaronfaby (741318) | about a year ago | (#42407909)

The iPhone is unsuccessful? Apple has 53.3% of the smartphone market: http://bgr.com/2012/12/21/apple-market-share-u-s-262731/ [bgr.com]

Apple has only 1.6% Market share. (4, Insightful)

tuppe666 (904118) | about a year ago | (#42407941)

The iPhone is unsuccessful? Apple has 53.3% of the smartphone market:

LOL in the US...worldwide it had dropped from 23% to 14.9%. This is original report for your figures http://www.kantarworldpanel.com/global/News/Apple-achieves-its-highest-ever-Smartphone-share-in-US [kantarworldpanel.com] they are on in a pdf but include figures like in Brazil Apple dropping from 3.2% to 1.6% while Android moves from 28.9% to 60.7% of the market.

Re:Apple bought Quattro :) (-1, Troll)

Kenshin (43036) | about a year ago | (#42407949)

Android outsells Apple 6:1 in the "I use a smartphone like a featurephone and don't know what apps are, oh and this phone is only $79 on prepaid" area.

Better Specification than Apple, at less cost :) (1)

tuppe666 (904118) | about a year ago | (#42408023)

Android outsells Apple 6:1 in the "I use a smartphone like a featurephone and don't know what apps are, oh and this phone is only $79 on prepaid" area.

Absolutely not. In China for example the Average price of a smartphone is $250. Lets look at the best selling phones are on Amazon China http://translate.google.com/translate?sl=auto&tl=en&js=n&prev=_t&hl=en&ie=UTF-8&eotf=1&u=www.amazon.cn [google.com] . The top phone is Lenovo with a dual core processor, 2000mAh, Android 4.0, 2nd Phone is and 3rd Phone are both Huawei is both dual and quad cores with larger screens than your beloved iPhone :) (and includes a dual sim interestingly ), The third Phone comes with 2GB of RAM!! ....I hate to say it but these phones seem to have better specifications (and arguably software) than your beloved Apple iPhone, its not surprising really as Apple overcharge their customers so much.

Re:Better Specification than Apple, at less cost : (1)

Kenshin (43036) | about a year ago | (#42408545)

Ya, China's probably not the best market to compare to.

In North America and Europe similarly spec'd phones run in the same price range, which means everyone loves making a healthy profit off their customers.

Re:Apple bought Quattro :) (-1)

Anonymous Coward | about a year ago | (#42408075)

As an Apple fanboi, you write the book on fail.

Re:Apple bought Quattro :) (-1)

Anonymous Coward | about a year ago | (#42408171)

Apple makes 80% of all mobile phone profits.

They do not NEED to make a junk phone aka typical Android shit. (Yes, there some very nice Android phones. But most are e-waste and simply junk.

Even Google makes more money with iOS than with Android.

Android phones are taking a bite out of Apple (1)

tuppe666 (904118) | about a year ago | (#42408255)

Apple makes 80% of all mobile phone profits.

It doesn't and it hasn't for a long time [and never did :)], and there is no such thing as % of profits. It does produce a phone which it sells at a vastly overinflated price to small market share of customers, that strategy has been so successful it had made the largest company by market cap in the world...but that was three months ago, Apple have now lost 30% of its market cap, and its whole strategy is looking weak for the company...it always looked shitty for their customers [its kind of sad you point it as an advantage in absence of better hardware/software/price], Its no wonder their small market share continues to shrink. Perhaps if they had had a long term strategy things would look different now.

Re:Android phones are taking a bite out of Apple (0)

Anonymous Coward | about a year ago | (#42409069)

http://bgr.com/2012/08/06/apple-mobile-industry-profit-share-q2-2012/

Eat it. Then put your foot in your mouth.

Re:I'm not sure you understand. (2)

rjr162 (69736) | about a year ago | (#42407877)

Apps without ads?? Christ I get just as many on the games for the iPad as I do my android phone

Re:I'm not sure you understand. (0)

Anonymous Coward | about a year ago | (#42407969)

Quite a few iOS apps most certainly do have ads. You have no clue what you're talking about.

Re:I'm not sure you understand. (0)

Anonymous Coward | about a year ago | (#42408367)

And yet, you don't know you're from your?

Either way I'm not 'defending' Apple beyond saying the walled garden is a superior model from centralized security standpoint, and no, I own no Apple products.

I see their success or failure determined by 'dumb users' who WILL download what is available and get pwned, complain, and eventually give up and buy the damn iphone despite gouging because of "the stupid viruses". Watch.

Android has over 710Million users :) (1)

tuppe666 (904118) | about a year ago | (#42408425)

I see their success or failure determined by 'dumb users' who WILL download what is available and get pwned, complain, and eventually give up and buy the damn iphone

I guess the proof is the the pudding with Android hitting 710Million users(last quarter) with activations of 1.5Million daily, and is set to become the primary computing platform, taking the crown away from Microsoft Next year. I think when the platform that has the better hardware/software/value unsurprisingly gets the most users by a massive...calling them dumb(sic) might be somewhat inappropriate.

Re:I'm not sure you understand. (0)

Anonymous Coward | about a year ago | (#42408599)

..."Jailbreak" Apples phone, even though Apple have attacked their customers for doing so.

[citation needed]

Linux your next... (-1)

Anonymous Coward | about a year ago | (#42407497)

If you can ever get on the desktop.

Curious to see if linux has better recovery and attack detection though. Any machine anywhere can get a rootkit, or worse (seeing as NVIDIA's GPU's are basically given free reign via kernal level binary drivers....) But I do like NVIDIA's drivers.

Then again no one forces you to use them. There's always the framebuffer. But I bet those NIC's are just as vulnrable, probably moreso.

Re:Linux your next... (2, Informative)

masternerdguy (2468142) | about a year ago | (#42407571)

Linux has EXCELLENT intrusion detection as long as you're running the SELinux tools. That thing is so paranoid out of the box that an application making a file in /tmp will throw a warning. You can set it up so that an application doing anything remotely suspicious is just killed immediately and a notification sent to the admin. If you don't trust SELinux there's more proprietary tools such as AppArmor that can do the same job and are a bit friendlier to configure.

He's points out a common-sense fact though (-1)

Anonymous Coward | about a year ago | (#42407763)

"Most used = MOST ATTACKED" & Android IS THE MOST USED SMARTPHONE OS, even toppling Apple's iPhone marketshare recently iirc (a good thing, kudos to Google on that account, giving credit where it's due).

Android IS a Linux - though I had penguins *try* say "it's not", well... using a Linux kernel, makes it a Linux variant, because it's surely NOT a NTOS core or Apple BSD based one!

(Yes, a Linux since it uses a Linux kernel)

Plus - & how much it gets "hit" for years now? Which is TONS!

(Simply because it presents such a large target to sucker users out of their information, but more importantly, their coins/dead-presidents!)

The hacker/cracker of today?

Not just a 'script kiddie' out to do mischief only... they want your money or to enslave your system to sell in botnet attacks & more (you probably know this though based on judging your comment).

So - What's happening on ANDROID smartphones?

Well, face it:

It is only a potential "portent of things to come" for Linux on the desktop IF it ever gains more marketshare on the end user PC desktop!

(Same happened to Apple, driven doubtless partially by their FUD of "we don't get viruses" well... THAT ceased from them too!)

My 1st statement above THAT illustrates his point!

It's one I've stated here TONS of times over the years now in fact with proofs/examples no less, that the "std. line of 'FUD'" around here for YEARS of "Linux = Secure, Windows != Secure" b.s. that was the 'std. mantra' of Penguins here, until ANDROID & my stating it along with others, as to the 1st line I posted above, started "shutting down" that type of PUREST FUD!

APK

P.S.=> Does SeLinux help? Sure... but large parts of it in its MAC (mandatory access control) is a COPY of what Windows NT-based OS had on them for YEARS BEFOREHAND in ACL/DACL!

So - is it a "perfect defense"... no.

Is it good/does it help? Yes...

However - STILL, Linux does "get hit" & exploited, & yes, it does have virus/trojan/botnets etc.-et al too (and NOT JUST "IN THE LAB/PROOF OF CONCEPT" either)

... apk

Re:He's points out a common-sense fact though (-1)

Anonymous Coward | about a year ago | (#42407955)

Ummm... windows has gotten better, but there are a bunch of dumb design decisions that make it inherently less secure than any other modern OS.

Just a few:

Unix (and all unix-like OSs) have used salted passwords since the 70s. MS had that example, but still chose to store non-salted password hashes. This is why you can crack any windows password hash in miliseconds (using pre-computed rainbow tables) where the identical password would take months or years to crack if it originated on a unix host since precomputed tables are not possible with salt.

Of course, windows also stored passwords as multiple independent pieces, so cracking a 12 character password hash generated on any other OS is hard, on windows, it was just a matter of cracking the 4 character piece which is _very_ easy.

Font decoding (not just rendering) is done in kernel space on windows (why? It is stupid). This allowed simply viewing a font to be a _ROOT_ expoit in windows!

Actually, lots of stuff that should not be in kernel space is in kernel space on windows.

Until recently, windows pretty much required admin rights for ordinary users. It still requires the almost admin user right of "power user" to be able to run a lot of software that touches the registry. This is not completely MS's fault, but also all the crappy software that runs on windows.

etc. etc. etc.

You are more secure running Linux or any *nix for those classes of exploits that do not simply require operator stupidity.

Also, Apache on linux is the most common web platform on the Internet (pretty much _every_ major site; even microsoft.com is fronted by reverse proxies running on linux), but all the mass exploits you hear about are for that minor player IIS on windows / mssql on windows. So, popularity isn't sufficient to make an often exploited platform. There need to be lots of security holes to exploit too.

"Point-by-Point" rebuttal, part #1 of 4... apk (0)

Anonymous Coward | about a year ago | (#42408051)

"Ummm... windows has gotten better, but there are a bunch of dumb design decisions that make it inherently less secure than any other modern OS.

Just a few:

Unix (and all unix-like OSs) have used salted passwords since the 70s. MS had that example, but still chose to store non-salted password hashes. This is why you can crack any windows password hash in miliseconds (using pre-computed rainbow tables) where the identical password would take months or years to crack if it originated on a unix host since precomputed tables are not possible with salt." - by Anonymous Coward on Thursday December 27, @08:14PM (#42407955)

Milliseconds huh - on a 19++ character long password using mixed case, & characters (like mine is & has been for ages)?

Perhaps for NTLM authentication, but I *think* you may be "off" for NTLMv2 (which again, is what I use)... get back to me here though on this IF you have counter-information (I can learn by it too - thanks).

---

"Of course, windows also stored passwords as multiple independent pieces, so cracking a 12 character password hash generated on any other OS is hard, on windows, it was just a matter of cracking the 4 character piece which is _very_ easy. - by Anonymous Coward on Thursday December 27, @08:14PM (#42407955)

YOU SURE ABOUT THAT? See above - your information, unless you can disprove my point about NTLM vs. NTLMv2, may be "STALE"/outta date.

APK

P.S.=> My next reply will address your next point in another post... stick around! Now, above ALL else:

Well - Unless you can provide what I ask for above? I am doing you are favor in these replies, so you don't post potential falsehoods anymore (hence your AC post I suspect, you aren't that sure or if your 'points' truly 'hold true' anymore or if they ever did etc.)...

... apk

Point-by-Point "rebuttal", part #2 of 4... apk (-1)

Anonymous Coward | about a year ago | (#42408095)

"Font decoding (not just rendering) is done in kernel space on windows (why? It is stupid). This allowed simply viewing a font to be a _ROOT_ expoit in windows!" - by Anonymous Coward on Thursday December 27, @08:14PM (#42407955)

PATCHED ALREADY -> http://technet.microsoft.com/en-us/security/bulletin/MS10-063 [microsoft.com]

* "NEXT"

As to your "WHY"??

Well... & it's done doubtless for performance (kernelmode is way, Way, WAY faster than usermode's why).

PLUS, it's relatively EASY to alter permissions to the FONTS folder too:

http://answers.microsoft.com/en-us/windows/forum/windows_7-security/changing-permissions-to-access-font-files-folder/3f4da342-9a7d-4b5d-9b83-5f2b4bedcca5 [microsoft.com]

As to WHO & WHAT can "get to it", & if the network admins' SMART?

He has lesser privelege usergroups/users in place too...

APK

P.S.=> "Stay Tuned" for my next part #3 of 4 rebuttal...

... apk

"Point-by-Point" rebuttal, part #3 of 4... apk (0)

Anonymous Coward | about a year ago | (#42408147)

"Actually, lots of stuff that should not be in kernel space is in kernel space on windows." - by Anonymous Coward on Thursday December 27, @08:14PM (#42407955)

Hmmm, like how MS "took a play" from the *NIX world, like moving http.sys into kernelmode?

Again, like I said in the FONTS reply (already patched though)??

Performance is why!

HOWEVER: CAN YOU BE MORE SPECIFIC THOUGH ON YOUR "LOTS OF STUFF" please?

Thanks!

Then?

I'd like to see EXACTLY what you mean, & then, I'd counter... Albeit, likewise & WITH specifics (if it can be done, of course)

---

"Until recently, windows pretty much required admin rights for ordinary users.." - by Anonymous Coward on Thursday December 27, @08:14PM (#42407955)

WTF? What is 'recently'?? Windows NT-based OS have had GRANULAR usergroups & userpermissions via ACL/DACL for ages & smart users or admins employed them... as far back as 1992 on NT 3.1 iirc, & for SURE on Windows NT 3.5x series in 1993-1994 even!

In fact - Windows had this, LONG BEFORE LINUX & its "MAC" (mandatory access control), via SeLinux (which the NSA "bolted onto" Linux distros in fact later)... long before!

APK

P.S.=> Again - "Stay Tuned" for part #3 of 4 in my rebuttal to your points...

... apk

Point-by-Point rebuttal, part #4 of 4... apk (0)

Anonymous Coward | about a year ago | (#42408187)

This one? The "hardcore 'penguins'" hate - but, you seem reasonable, & of course these ARE documented, verifiable & UNDENABLE facts too, so... here goes:

"You are more secure running Linux or any *nix for those classes of exploits that do not simply require operator stupidity." - by Anonymous Coward on Thursday December 27, @08:14PM (#42407955)

ARE YOU? See this list from 2011-2012:

2012:

New Linux Rootkit Emerges:

https://threatpost.com/en_us/blogs/new-linux-rootkit-emerges-112012 [threatpost.com]

"A new Linux rootkit has emerged and researchers who have analyzed its code and operation say that the malware appears to be a custom-written tool designed to inject iframes into Web sites and drive traffic to malicious sites for drive-by download attacks. The rootkit is designed specifically for 64-bit Linux systems."

---

'FIRST ever' Linux, Mac OS X-only password sniffing virus spotted:

http://www.theregister.co.uk/2012/08/29/linux_mac_trojan/ [theregister.co.uk]

---

Medicaid hack update: 500,000 records and 280,000 SSNs stolen:

http://www.zdnet.com/blog/security/medicaid-hack-update-500000-records-and-280000-ssns-stolen/11444 [zdnet.com]

So, what's dts.utah.gov running everyone?

LINUX (and yes, it got HACKED) -> http://uptime.netcraft.com/up/graph?site=dts.utah.gov [netcraft.com]

What's health.utah.gov running too??

YOU GUESSED IT: LINUX AGAIN -> http://uptime.netcraft.com/up/graph?site=health.utah.gov [netcraft.com]

* Ah, yes - see the YEARS OF /. "BS" FUD is CRUMBLING AROUND THE PENGUINS EARS HERE & 2012's starting out just like 2011 did below!

===

2011:

KERNEL.ORG COMPROMISED - The Cracking of Kernel.org: (that's VERY bad - do you trust it now?)

http://linux.slashdot.org/story/11/08/31/2321232/Kernelorg-Compromised [slashdot.org]

---

Linux.com pwned in fresh round of cyber break-ins:

http://www.theregister.co.uk/2011/09/12/more_linux_sites_down/ [theregister.co.uk]

---

Mysql.com Hacked, Made To Serve Malware:

http://it.slashdot.org/story/11/09/26/2218238/mysqlcom-hacked-made-to-serve-malware [slashdot.org]

What's that site running? You guessed it - Linux -> http://uptime.netcraft.com/up/graph?site=mysql.com [netcraft.com]

---

London Stock Exchange serving malware:

http://slashdot.org/submission/1484548/London-Stock-Exchange-Web-Site-Serving-Malware [slashdot.org]

(I mean hey - NOT ONLY DID LINUX FALL FLAT ON ITS FACE less than a few minutes into the job http://linux.slashdot.org/story/11/02/19/0147232/London-Stock-Exchange-Price-Errors-Emerged-At-Linux-Launch [slashdot.org] , & crash not only ONCE, but TWICE there? You see "Linux 'fine security'" in motion @ the LSE too!)

---

DUQU ROOTKIT/BOTNET BEING SERVED FROM LINUX SERVERS:

http://it.slashdot.org/story/11/11/30/1610228/duqu-attackers-managed-to-wipe-cc-servers [slashdot.org]

---

Linux Foundation, Linux.com Sites Down To Fix Security Breach:

http://linux.slashdot.org/story/11/09/11/1325212/linux-foundation-linuxcom-sites-down-to-fix-security-breach [slashdot.org]

---

Linux's showing in CA's breached recently too? Ok: (very, Very, VERY BAD for ecommerce, online shopping, banking, etc./et al)

http://uptime.netcraft.com/up/graph?site=StartCom.com [netcraft.com]

http://uptime.netcraft.com/up/graph?site=GlobalSign.com [netcraft.com]

http://uptime.netcraft.com/up/graph?site=Comodo.com [netcraft.com]

http://uptime.netcraft.com/up/graph?site=DigiCert.com [netcraft.com]

http://uptime.netcraft.com/up/graph?site=www.gemnet.nl [netcraft.com]

The list of CA Servers BREACHED that RUN LINUX (StartCom, GlobalSign, DigiCert, Comodo, GemNet)... per these articles verifying that:

http://itproafrica.com/technology/security/cas-hacked/ [itproafrica.com]

&

http://threatpost.com/en_us/blogs/site-dutch-ca-gemnet-offline-after-web-server-attack-120811 [threatpost.com]

---

The Stratfor SECURITY hack: (can't blame it on poor setup, this IS a security firm that uses Linux)

http://yro.slashdot.org/story/11/12/28/1743201/data-exposed-in-stratfor-compromise-analyzed [slashdot.org]

What's that domain run? Yes kids - you guessed it: LINUX -> http://uptime.netcraft.com/up/graph?site=www.stratfor.com [netcraft.com]

---

Phishers/Spammers FAVOR attacking LAMP: (Linux, Apache, mySQL, PHP)

http://www.theregister.co.uk/2011/06/10/domains_lamped/ [theregister.co.uk]

PERTINENT QUOTE/EXCERPT:

"Phishers compromise LAMP-based websites for days at a time and hit the same victims over and over again, according to an Anti-Phishing Working Group survey. Sites built on Linux, Apache, MySQL and PHP are the favoured targets of phishing attackers"

---

Toss ANDROID (yes, a Linux since it uses a Linux kernel) in also, since it's being "shredded" on the mobile phone security-front rampantly for years now?

* You get the picture... along with the fact that YES, there ARE BOTNETS, VIRUSES, TROJANS, and more, ON LINUX - as well as it being THE FAVORED TARGET of spammers/phishers, shown just above and here on botnets:

---

Linux webserver botnet pushes malware - Attack of the open source zombies

http://www.theregister.co.uk/2009/09/12/linux_zombies_push_malware/ [theregister.co.uk]

---

Plenty of the "Fortune 100-500" run Windows Servers 24x7 non-stop in "Fabled '5-9's" uptime too!

(Would you like a listing of some of them? Just ask - & "ye shall receive"...)

Linux Security Blunders DOMINATE in 2011-2012, despite all /. "FUD" for years saying "Linux = SECURE" (what "b.s."/FUD that's turning out to be, especially on ANDROID where it can't hide by "security-by-obscurity" anymore & is in the hands of non-tech users galore - & EXPLOITS ARE EXPLODING ON ANDROID, nearly daily)

---

"Also, Apache on linux is the most common web platform on the Internet (pretty much _every_ major site; even microsoft.com is fronted by reverse proxies running on linux), but all the mass exploits you hear about are for that minor player IIS on windows / mssql on windows. So, popularity isn't sufficient to make an often exploited platform. There need to be lots of security holes to exploit too.." - by Anonymous Coward on Thursday December 27, @08:14PM (#42407955)

I re-refer to the list above & "rethink" your position... or @ least, REFINE it!

On that last part?? AGAIN - DO REFER TO THE ARTICLE FROM "El Reg" above (The Register)...

APK

P.S.=> Additionally - OOPS! I have 1 more on a part I skipped, so there WILL be a "part #5"... sorry, has to be done!

... apk

Addendum/Part #5 FINAL... apk (0)

Anonymous Coward | about a year ago | (#42408207)

"It still requires the almost admin user right of "power user" to be able to run a lot of software that touches the registry. This is not completely MS's fault, but also all the crappy software that runs on windows." - by Anonymous Coward on Thursday December 27, @08:14PM (#42407955)

THIS IS FOR PROTECTIVE PURPOSES vs. EXPLOITS &/or DAMAGE... that's all & smart to do!

(HOWEVER - There are MULTIPLE BACKUPS of registry profiles & iirc, the registry itself too as physical files as well, so the 'damage' part isn't bad - & also, NTFS is a JOURNALLING FILESYSTEM vs. corruption too - so blowing out the entire registry is difficult to do or power outages corruption for example, also... a transaction doesn't take? She "Rolls Back"! Good stuff).

* Nice talking to you - oh, by the by: It's NOT just to the registry either (albeit in Win64, all 32-bit malware can do is VIEW that ONLY via the Win32 API, BUT not write it... so you know!).

I haven't seen a PURE 64-bit malware out there (yet, that is, either).

APK

P.S.=> "NEXT"... lol!

... apk

SMALL EDIT (sorry, correcting myself).... apk (0)

Anonymous Coward | about a year ago | (#42408227)

BEFORE "nitpicking trolls" do:

albeit in Win64, all 32-bit malware can do is VIEW that ONLY via the Win32 API, BUT not write it... so you know! - by Anonymous Coward on Thursday December 27, @09:03PM (#42408207)

NOPE, 32 bit ware can WRITE its sections of the registry but not the 64 bit wares sections! This is a protective measure as well - especially vs. 32-bit malwares!

(Sorry about that!)

*DONE!

APK

P.S.=> "Onwards & UPWARDS"...

... apk

Re:He's points out a common-sense fact though (1)

Zontar The Mindless (9002) | about a year ago | (#42408083)

Yes, it has really got to the point where I can read the first line of one his posts, cut straight to "Dear APK, Please die in a fire," and move on.

Going to quote you troll (you prove my points) (0)

Anonymous Coward | about a year ago | (#42408413)

"I don't need multiple personality disorder; I *am* multiple personality disorder!" - by Zontar The Mindless (9002) on Friday September 28, @01:54AM (#41485577)

ABSOLUTELY: a multiple registered 'luser' account user type of troll... just like I outlined in this thread already with facts!

( All per my documented FACTS on that much & how it's done & why by you trolls who *think* you're "clever", here -> http://mobile.slashdot.org/comments.pl?sid=3344205&cid=42407663 [slashdot.org] )

* You little fools ASTOUND me @ times, you really do... why?

Well - first of all, I've been at this art & science for a HELL OF A LOT LONGER than most of you have & done well, on MANY LEVELS IN IT, + I have seen "all the tricks" & the trolls here?

No different... not even ORIGINAL, just "same old, same old" troll tricks!

LMAO! Which, of course, only proves you cannot even *think* for yourselves... hence, also sort of WHY & HOW "Open SORES" (which fosters copying & lack of originality in code @ least) also proves it... lol!

APK

P.S.=> By the by - That quotes direct from you, here -> http://slashdot.org/comments.pl?sid=3143039&cid=41485577 [slashdot.org] so - thanks for helping ME, look GOOD, as-per-usual!

... apk

Re:Going to quote you troll (you prove my points) (1)

Zontar The Mindless (9002) | about a year ago | (#42408739)

*yawn*

"Rinse, Lather, & Repeat", troll... lmao! apk (0)

Anonymous Coward | about a year ago | (#42408803)

http://mobile.slashdot.org/comments.pl?sid=3344205&cid=42408413 [slashdot.org]

* Especially since "that's the best you've got"... & it ain't much!

*yawn*" - by Zontar The Mindless (9002) on Thursday December 27, @11:29PM (#42408739)

GOOD: Glad you yawned, so your trolling mouth's WIDE OPEN as you can INSERT YOUR FOOT better, lol, since you must "wash down the bitter taste of SELF-DEFEAT", again, vs. myself, spiced of course, with your FOOT IN YOUR MOUTH!

QUESTION: How's that all taste? "Inquiring minds, want to know..."

ROTFLMAO!

APK

P.S.=> Lastly - if you *think* you're going to "rope me in" to some flamewar with you? Forget it... I said all I had to above here & of course, in my link reply to you @ the top of this reply to you troll, lol!

... apk

Re:"Rinse, Lather, & Repeat", troll... lmao! a (1)

Zontar The Mindless (9002) | about a year ago | (#42408833)

Dude, if this is supposed to be some sort of a contest... you're the only one competing.

Re:"Rinse, Lather, & Repeat", troll... lmao! a (0)

Anonymous Coward | about a year ago | (#42408969)

You're no competition for him from what I've see. You're beaten easily.

FUNNY, & "you FAIL" again... apk (0)

Anonymous Coward | about a year ago | (#42409019)

http://mobile.slashdot.org/comments.pl?sid=3344205&cid=42409005 [slashdot.org]

* :)

APK

P.S.=> Last quote from that video, albeit here? "Raise Communications Barrier", lol... last reply I give, as I said you aren't going to "rope me into" some 'flamewar' with a trolling dolt, in yourself "Zontar The Mindless" (lol, absolutely on the last 2 words as to you), who is off topic as usual, & YES:

Since it's funny (AND APT/it applies, vs. you & all other trolls)...

... apk

This isn't war: It's PEST CONTROL (lol)... apk (0)

Anonymous Coward | about a year ago | (#42409005)

APK = Dalek, you & all /. trolls = Cybermen - Quoting Dr. Who episode "Doomsday" with video (lol):

http://www.youtube.com/watch?v=ysvNOmDMVvk [youtube.com]

See position 2.50 on the YouTube player control... says it all about you MINDLESS ONE + other trolls like you, especially vs. myself!

(ROTFLMAO!)

Especially since you're "the inferior species known as cybermen" (trolls actually).

APK

P.S.=> Quoting the Daleks regarding YOU & all trolls, vs. myself? Ok:

"You are superior in only 1 respect - YOU ARE BETTER AT DYING", ala -> http://mobile.slashdot.org/comments.pl?sid=3344205&cid=42408413 [slashdot.org]

And of course, from the same video:

"WE WOULD DESTROY THE CYBERMEN (trolls & Pro-*NIX people) WITH ONLY 1 DALEK" (lol, me - as my replies to the 'penguins' here clearly illustrates, point by point)

... apk all trolls, vs. myself? Ok:

Re:Linux your next... (1)

bbelt16ag (744938) | about a year ago | (#42407929)

are there any good tutorials about setting this up? i think my friends need to stay using this in production and i might need to help em out.

Re:Linux your next... (0)

Anonymous Coward | about a year ago | (#42408951)

Obviously you have no clue how SELinux works. It does not detect intrusions. It enforces mandatory access controls. Now if you parse the log files, you might notice something getting denied but that's not exactly proactively monitoring and alerting like you'd expect from an IDS.

LMAO - Oh boy: You SURE you want to post that? (-1)

Anonymous Coward | about a year ago | (#42407663)

Truth or not - since I've been stating it for YEARS here, ala -> http://news.slashdot.org/comments.pl?sid=2247480&cid=36485068 [slashdot.org] and many times before it!

(Only to be 'bum-rushed' by the "furious penguins" in retaliation - trolling @ best, rarely IF EVER, factually based)

Which ends up in them attempting their USUAL b.s. via downmodding my posts out of the default view of others here, illogical off-topic ad hominem attacks (usually by AC posts afterwards), which all of that IS the "last resorts" of FUD spreading penguin trolls in fact I've found (when they can't disprove documented, verifiable & UNDENIABLE facts!).

Then, they troll you by AC...

Want to see an example of it being 'outlined' as to HOW it's done?

(Via the busted & NEEDS ADJUSTMENT (to identify WHO downmodded you, or a statement of WHY post's downmodded @ least on TECHNICAL grounds in computing in those types of debates for example) to the so-called 'moderation system' here)

Couple ways, with evidences (of the 'trolltalk.com' bunch doing it!):

FIRST, EXPLAINING HOW TO AVOID THEIR DOWNMODS BEING REMOVED (when they do what I stated above):

---

"...posting AC undoes mods...

Not if you're logged out... You guys need to pump up the volume a bit.." - by countertrolling (1585477) on Sunday June 19 2011, @11:56AM (#36491652)

FROM -> http://slashdot.org/comments.pl?sid=2245866&cid=36491652 [slashdot.org]

---

That's how they "cheat the system" & you can BET that a lot of these CONSTANTLY "modded up to +5 posters" do it too (Jeremiah Cornelius, erroneus, & others).

THEY USE MULTIPLE "REGISTERED 'luser'" ACCOUNTS ALSO (I suspect 'countertrolling' is yet another alias of the 2 trolls I point out below in fact):

Case-In-Point Example - I have LITERALLY CAUGHT people using multiple "registered 'luser'" accounts here!

They use them for:

---

1.) Modding themselves up, gaming/cheating on the STUPID & BROKEN moderation system here

( & yes, I will state who below in fact, literally - and of course, for downmodding their opponents who "get the better of them" in technical debates also).

2.) Another is that you're TRACKABLE FOR TROLLING + those unjust downmods I noted above also!

---

( & don't *think* that doesn't go on here (trust me, I KNOW it does, it happens to me quite regularly))

TomHudson/Barbara, not Barbie - same person, & her accounts used the SAME EMAIL ADDRESS (which is what did her in, I pointed it out, she changed it... albeit, she left afterwards, thank the Lord - was a MASSIVE troll!).

Her "pal" webmistressrachel below? Check THIS out:

"Screw you, apk, and the horse you rode in on. If I ever see you post here again, I'll bomb you as AC from Tor, meaning I'll NEVER run out of posts because I can change endpoint..." - by webmistressrachel (903577) on Sunday July 03 2011, @02:03PM (#36647614)

FROM -> http://slashdot.org/comments.pl?sid=2292298&cid=36647614 [slashdot.org]

(Real "NICE" & HONEST/FAIR PEOPLE, eh? Not...)

... apk

Re:LMAO - Oh boy: You SURE you want to post that? (1)

Anonymous Coward | about a year ago | (#42407709)

MY RAVEN WAS EQUIPPED WITH THE FOLLOWING

HIGH
06 x Cruise Missile Launcher I
01 x SMALL TRACTOR BEAM 1
01 x SALVAGER I

MEDIUM
04 x LARGE SHIELD EXTENDERS
01 x 'HYPHNOS' ECM
01 x MEDIUM SHIELD BOOSTER

LOW
01 x EMERGENCY DAMAGE CONTROL
01 x ARMOR KINETIC HARDENER I
01 x ARMOR THREMIC HARDENER I
02 x WARP CORE STABILIZER I

DRONES
02 x WARRIOR I DRONES
03 x HAMMERHEAD I DRONES

UPGRADES
01 x ROCKET FUEL CACHE PARTINTION I
01 x BAY LOADING ACCELERATOR I

Re:LMAO - Oh boy: You SURE you want to post that? (0)

Anonymous Coward | about a year ago | (#42408259)

You get modded down because you troll, plain and simple, but you know that.

Quit telling fables ac troll... apk (0)

Anonymous Coward | about a year ago | (#42408323)

"You get modded down because you troll, plain and simple, but you know that." -

No, I am SURE I just "tell it how it REALLY is" with facts... just like those that are documented proofs via quotes & more, right here http://mobile.slashdot.org/comments.pl?sid=3344205&cid=42407663 [slashdot.org]

You just don't like it, truth, is all!

* :)

(So, you can "Chew on That" troll... lol, & rest assured, you're not going to 'rope me in' to some flamewar so you can 'bury' my other posts here to hide their facts - since I said it all with PROOFS above no one can deny!).

This & my other post? All I need really, to dust you, easily!

APK

P.S.=>

"You get modded down because you troll, plain and simple, but you know that." - by Anonymous Coward on Thursday December 27, @09:12PM (#42408259)

Per my subject-line above, & my post? Well... "says the AC troll" I am replying to, with his illogical + off-topic with the "std. ad hominem attack: that FAIL as-per-your-trolling USUAL, vs. myself & facts I use (that you CANNOT stand, or combat... period, lol)...

Now next? Call this a prediction (albeit one based on experience with you puny /. trolls)

Well... lol, you'll do the ONLY THING YOU KNOW HOW TO DO per what I outlined above (downmod my post), lmao, to *try* to "hide it" via downmods so it get buried @ this threads aging goes.

No biggie. Plenty of folks will see it beforehand, as well as those browsing beneath the std. bogus moderation threshold (another "puny ploy" by the nerds that run this place, "not men" that they are, lol!).

So - Next I am ALMOST certain you'll do what I showed there, & downmod my post since you're already TROLLING AS AC, via 1 of your MANY "registered 'luser'" accounts too (since there's NO DISPUTING facts I used - & I'd almost BET it's a fact you are one of the many 'registered lusers' I've dusted here over time too in technical debates in computing as well - hence, your AC post, because you KNOW I'd toss your numerous defeats @ my hands on that account RIGHT BACK AT YA, to laugh in your face, again, about them & how EASY it was for me to do)...

... apk

Re:Linux your next... (1)

Gaygirlie (1657131) | about a year ago | (#42408459)

Any machine anywhere can get a rootkit, or worse

Rootkits aren't the problem, you don't need root privileges to do DDOS-attacks, to spy on users, to delete their files and so on -- it all can be done as a regular user just fine. Often you don't even have to hide the malware package in any way or form, just fool the user into thinking it's useful! That said, in general I agree with you: there is no OS that can protect against gullible users, not even Linux can do that. There are ways of increasing security by leaps and bounds, but those ways would really require a whole new OS.

Rootkits on Windows? NO PROBLEM & why (0)

Anonymous Coward | about a year ago | (#42408769)

Courtesy of "yours truly" & this technique I outlined vs. "the indestructible rootkit", long ago here on /., using tools you most likely ALREADY OWN or are FREE, from MS (here goes & yes, vs. malware they can haul in that works in Windows while you are logged on also, per your statements):

http://it.slashdot.org/comments.pl?sid=2395654&cid=37204632 [slashdot.org]

* It works vs. ANY rootkit (driver driven, via RC listsvc, & disable commands, OR FixMBR vs. MBR based ones, nowadays? They use BOTH...) + the malware they haul in to do JUST what YOU said (via processexplorer.exe)...

APK

P.S.=> You can also use THIS tool too:

---

APK Hosts File Engine 5.0++ 32/64-bit:

http://start64.com/index.php?option=com_content&view=article&id=5851:apk-hosts-file-engine-64bit-version&catid=26:64bit-security-software&Itemid=74 [start64.com]

---

(Which is FREE, & I created in both 32-bit &/or 64-bit form (in the file it comes in))

To BLOCKOUT communication back to their C&C servers, as far as malware in ring3/rpl3/usermode once logged into Windows!

It's especially since MOST use host-domain names vs. IP addresses, since they spent monies on them & they use them 99% of the time (trust me - I've been fighting them for decades)

Those domain names?

They are an "investment in time" for them, they often use/recycle - the "RBN" was NOTORIOUS for it by using 'unscrupulous' hosting providers! Hence part of WHY they reuse them, since they PAID for them!

IP addresses, by FAR the less used? Usually ONLY for 'fallback' purposes in the 'better designed' malware??

Spot them talking back with TcpView or netstat -ano/-an

(AND, they will BLOCK that or mess with netstat I wager though, why? Well... so, be wary of that, rootkits DO intercept API calls to stuff they know about to make bad data come back to it so YOU cannot "spot them" in the act & catch 'em "red handed").

(Because you're correct - it would be done from there once users are logged in, hence WHY the malware maker of today does it, hauling in MORE malware above the ring 0/rpl 0/kernelmode rootkit which vs. my technique above? NON-SEQUITUR & BLOWN AWAY, easily - 3 minutes time, tops... lol, with free tools in recovery console (vs. the rootkit drivers OR mbr based ones) & processexplorer (to 'mop up' the usermode malwares no matter WHERE OR HOW they 'hide', like beneath services), + ones you most likely OWN already (hopefully))...

... apk

Android.DDoS.1.origin (1)

Anonymous Coward | about a year ago | (#42407503)

nice disguise

Stupid disguise (1)

tuppe666 (904118) | about a year ago | (#42407651)

nice disguise

I thought the opposite. The first think someone is going to do when they see a two stores on their phone...is look up why? It even has a different name, they would have been better hiding it behind a simple RSS feed or torch app

The firm lies. (-1)

Kenja (541830) | about a year ago | (#42407531)

Legitimate apps come from the Google Market/Play. So this app in no way "disguises itself as a legitimate app". Not that I'm for such a closed environment, but it exists for this reason.

Re:The firm lies. (1)

Zontar The Mindless (9002) | about a year ago | (#42407555)

If people are fooled into thinking it's a legitimate app, then it has successfully disguised itself as a legitimate app, I'd say--your failed attempt at pedantry notwithstanding.

Re:The firm lies. (1)

p0p0 (1841106) | about a year ago | (#42407563)

How do you figure? The app takes on the icon/text of the play store app and launches itself and the legitimate play app when activated. Where have you been confused?

Re:The firm lies. (-1)

Anonymous Coward | about a year ago | (#42407609)

Hurr durr, someone insulted Android, better defend it!

Re:The firm lies. (0)

Anonymous Coward | about a year ago | (#42407647)

Defend and deflect at all costs!

Jigga wha? (-1)

Anonymous Coward | about a year ago | (#42407575)

But but but I thought the zealots assured us the Linux was immune to exploits? Or did they LIE????

Seriously? (1)

tuppe666 (904118) | about a year ago | (#42407713)

But but but I thought the zealots assured us the Linux was immune to exploits? Or did they LIE????

This is about Android...and Ya its pretty secure :) Linux is pretty good too. I'm not sure calling people zealots(maybe you don't know what one is) because they have chosen platforms with better balance of security/flexibility than your own (clearly your upset), makes your own secure. In fact its a really strange comment to make at all, about either OS, as what is true about both is they put an inordinate amount of effort into ensuring their platforms are secure. That is why both have incredibly good track records.

Re:Seriously? (1)

BitZtream (692029) | about a year ago | (#42408069)

Android is just as much Linux as Debian, Ubuntu and Redhat. Its just another distribution. Its just the only one that happens to be popular, and as such ... guess what ... just like Windows its becoming a malware target. and just like Windows you don't have to 'hack' the OS, just the user.

Does it affect the kernel :) (1)

tuppe666 (904118) | about a year ago | (#42408085)

Android is just as much Linux as Debian, Ubuntu and Redhat. Its just another distribution. Its just the only one that happens to be popular, and as such ... guess what ... just like Windows its becoming a malware target. and just like Windows you don't have to 'hack' the OS, just the user.

I understand the argument...and have even made it myself "in context" except this attack won't work on "Debian, Ubuntu and Redhat"...and no its nothing like windows :).

Used to be "std. 'FUD' mantra 4 'penguins'" (0)

Anonymous Coward | about a year ago | (#42407893)

Not anymore though (thanks to ANDROID) -> http://mobile.slashdot.org/comments.pl?sid=3344205&cid=42407763 [slashdot.org]

And do they LIE?

BIG TIME & cheat the moderation system here too, via these means -> http://mobile.slashdot.org/comments.pl?sid=3344205&cid=42407663 [slashdot.org]

* Amazing the lengths they will go to in fact!

APK

P.S.=> Take a read, be VERY "enlightened"... or not: Why do I state THAT? Well... lol, LOOK WHAT "TYPE" FOUNDED THIS PLACE! Nerds - who act more like WOMEN than women do @ time, lol... makes sense though - when you are "that kind", you have NO BALLS, & got beaten DOWN because you had no sense to workout & knock the chocolate outta bullies (might not win, but I GUARANTEE once a nerd does that? 9/10 times, bullies, stop - I know, been there, done that in my time too (nerd @ heart here is why, but was also 'jock' too & learned that from having to hang around with those dolts (not ALL were, but many were).

... apk

Doctor Who? (0)

Jonah Hex (651948) | about a year ago | (#42407605)

OK, sorry I got enough of this in the X-Mas special, seriously. I think it infected me. - HEX

Re:Doctor Who? (0)

Anonymous Coward | about a year ago | (#42407761)

Thomas Schofield - is that you?

The app does not spread... (2, Informative)

mythosaz (572040) | about a year ago | (#42407757)

Users SPREAD the app. The app itself does not spread. It's an important distinction.

Re:The app does not spread... (0)

BitZtream (692029) | about a year ago | (#42408073)

They didn't call it a virus, the summary in fact states likely spread by users. Guess what, its malware.

Did you have a point and what the fuck is it/how the fuck are you modded +5?

Hello Friend, this Linus Torvalds (0, Funny)

Anonymous Coward | about a year ago | (#42407777)

I have created this custom kernel package just for you.

Please compile and install it today, I am sure you will be pleased with the custom improvements I have implemented for you.

You would think (-1)

Anonymous Coward | about a year ago | (#42407895)

You would think that Slashdot could render the page the same way twice when using the same browser on the same PC. This is getting old.

More bullshit with Fuckle Assdroid (-1)

Anonymous Coward | about a year ago | (#42408405)

Fuckle Assdroid is continually proving to be the M$ Windoze of the mobile world.This is just the icing on the cake when it comes to why Fuckle Assdoid cannot be trusted. Glad I went with iOS rather than the steaming pile of shit called Fuckle Assdroid.

Typical Apple User (1)

tuppe666 (904118) | about a year ago | (#42408511)

Fuckle Assdroid is continually proving to be the M$ Windoze of the mobile world.This is just the icing on the cake when it comes to why Fuckle Assdoid cannot be trusted. Glad I went with iOS rather than the steaming pile of shit called Fuckle Assdroid.

I always admire the enthusiasm of Apple Users, and another well thought out post that was. You raise several important points. I can't help questioning your point that Android is the new Microsoft Windows. It isn't and never will be...that privilege is Windows Phone which is currently 6th most popular OS; Popularity alone is not a measure of similarity. The reality is right now Microsoft is pushing for an "ecosystem" read its Desktop monopoly on your phone...and nobody is buying what they are selling [Literally of Figuratively], but undeniably there is a move towards a unification of Mobile/Tablet/Desktop OS's through a shared store/look and feel/API, what is most interesting is Google who make no money directly from Android is pretty OS Agnostic, but has unified services...even on the iPhone, and as yet had not made Chrome a desirable!? platform.

I have yet to read .. (1)

twistofsin (718250) | about a year ago | (#42408691)

I have yet to read an article on an Android virus that isn't a trojan. No drive by's, API or OS exploits.

Trojan's will always exist. They are wolves in sheep's clothing.

For those posting that this won't happen in Apple (0)

Anonymous Coward | about a year ago | (#42408845)

For those posting that this won't happen in Apple or in a walled garden, check out this apparently fraudulent Minecraft app in the iTunes store:

https://itunes.apple.com/au/app/minecraft-mobile-a/id559649056?mt=8 [apple.com]

Despite the name and the logo, it appears to have no endorsement from the official creators. Reviews say the screenshots and description are misleading, and it looks like there's quite a few sockpuppet positive reviews.

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...