Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Android Botnet Infects 1 Million Plus Phones

timothy posted about 2 years ago | from the click-here-to-download dept.

Android 92

Trailrunner7 writes "Up to a million Android users in China could be part of a large mobile botnet, according to research unveiled by Kingsoft Security, a Hong Kong-based security company, this week. The botnet has spread across phones running the Android operating system via Android.Troj.mdk, a Trojan that researchers said exists in upwards of 7,000 applications available from non-Google app marketplaces, including the popular Temple Run and Fishing Joy games." Update: 01/19 12:54 GMT by S : Changed summary to reflect that these apps didn't come from Google Play.

cancel ×

92 comments

Sorry! There are no comments related to the filter you selected.

Excellent fact-checking as usual (5, Informative)

Macthorpe (960048) | about 2 years ago | (#42632861)

Re:Excellent fact-checking as usual (3, Insightful)

sjwt (161428) | about 2 years ago | (#42632875)

And excellent wording for FUD... after all "up to 1 million aliens *could* be controlling the worlds governments"

Re:Excellent fact-checking as usual (2)

Anne Thwacks (531696) | about 2 years ago | (#42633003)

Not if the Zombies have a say in it!

Re:Excellent fact-checking as usual (1)

sjwt (161428) | about 2 years ago | (#42633017)

Only if you fail to lead the plant army correctly!

Re:Excellent fact-checking as usual (3, Insightful)

arth1 (260657) | about 2 years ago | (#42633377)

Title: 1 Million+
First line of summary: Up to a million

Yes, standard /. fare lately. Not only is it meaningless (and thus not nerdy - the details are more important than the big picture to a nerd), but the editors contradict themselves and come across as both careless and ignorant.

Re:Excellent fact-checking as usual (2)

alostpacket (1972110) | about 2 years ago | (#42633893)

Re:Excellent fact-checking as usual (0)

Anonymous Coward | about 2 years ago | (#42636009)

Xkcd 870 [xkcd.com] , panel 1.

Re:Excellent fact-checking as usual (2)

Sigg3.net (886486) | about 2 years ago | (#42633659)

Well, I for one, welcome our hypothetical overlords!

Re:Excellent fact-checking as usual (1)

BasilBrush (643681) | about 2 years ago | (#42633709)

Damn it! iPhone is once again not affected. One of these days I'll get the chance to welcome the malware overlords!

Re:Excellent fact-checking as usual (4, Informative)

SternisheFan (2529412) | about 2 years ago | (#42633869)

Damn it! iPhone is once again not affected. One of these days I'll get the chance to welcome the malware overlords!

I wouldn't act so apple-ey smug, if I were you. Apple iPhones have infected apps out there in the wild also, same as Android. If you jailbreak your phone and download apps from outside the apple store, you too will be risking getting malware.

Re:Excellent fact-checking as usual (1)

Anonymous Coward | about 2 years ago | (#42634425)

[Citation Needed]

Due to the destruction of the JB scene, no Apple device made since 2010 that runs iOS 6 can run apps outside the App Store. Maybe an iOS dev could have a beta app out that might do some damage, but people would be knowingly installing it.

With over five years of not even a single malware issue in the wild, iOS has showed that it is the most secure OS in history.

Re:Excellent fact-checking as usual (0)

Anonymous Coward | about 2 years ago | (#42635201)

False, the PS3 has never had any malware, not even a PoC.

Re:Excellent fact-checking as usual (1)

S.O.B. (136083) | about 2 years ago | (#42636495)

Various incarnations of MVS [wikipedia.org] have been running since 1974. No viruses or malware reported. Five years barely even registers on that time scale.

Real men run their operating systems on big iron.

Re:Excellent fact-checking as usual (1)

BasilBrush (643681) | about 2 years ago | (#42636853)

Apple iPhones have infected apps out there in the wild also, same as Android.

No, not the same. A drop of water, long since evaporated is not the same as a bucket of water.

If you jailbreak your phone and download apps from outside the apple store, you too will be risking getting malware.

In further news, condoms are useless if you cut the ends off them. Doh!

Re:Excellent fact-checking as usual (0)

Anonymous Coward | about 2 years ago | (#42641663)

Who gives a crap whats going on in China... When they cross the border then I'll care... We have enough of these problems to deal with within our own borders to worry about putting any sort of concentration into China's Android phone problems... Google Play isn't even in China, nor is YouTube, or anything else that would really matter, these phones maybe running some sort of Android OS but it's not one that is recognized by Google obviously, or the rest of the world.. Remember China has the Largest Apple store in the world, that is not officially an Apple store and deosn't sell "Real" Apple devices or products.. China is in complete digital Anarchy compared the rest of the world..

Re:Excellent fact-checking as usual (5, Insightful)

SternisheFan (2529412) | about 2 years ago | (#42632881)

Thank you! These 7000 plus apps were 3rd party apps that were not downloaded from Google Play.

Re:Excellent fact-checking as usual (0)

Anonymous Coward | about 2 years ago | (#42633053)

Thank you! These 7000 plus apps were 3rd party apps that were not downloaded from Google Play.

Doesn't that imply that if Google-Play/Android was a walled garden like iPhone/iTunes this would not have happened? I suppose that one could also weigh Android down with Windows style malware defences. Irony abounds....

Re:Excellent fact-checking as usual (5, Insightful)

Anonymous Coward | about 2 years ago | (#42633075)

Doesn't that imply that if Google-Play/Android was a walled garden like iPhone/iTunes this would not have happened?

Um, no.

Just because China Mobile's (cr)app store isn't doing its job doesn't mean Google should become as draconian as Apple in this regard. People have a choice, and if they are willing to download from a poorly regulated source, and are willing to endure infections just so they don't have to pay for their apps, that's their business. I certainly hope their data plans are unlimited.

Re:Excellent fact-checking as usual (0)

Anonymous Coward | about 2 years ago | (#42633095)

You did not answer the question about walled gardens. In fact, you gave a hint that the absence of a walled garden *did* exacerbate the problem.

Re:Excellent fact-checking as usual (4, Insightful)

jareth-0205 (525594) | about 2 years ago | (#42633117)

You did not answer the question about walled gardens. In fact, you gave a hint that the absence of a walled garden *did* exacerbate the problem.

Probably does. The price of freedom is that people are free to install malware.

Re:Excellent fact-checking as usual (5, Insightful)

Nerdfest (867930) | about 2 years ago | (#42633523)

The price of Apple's walled garden is that they get to define what is malware. (So far, things like apps to teach children how to program, games that are too 'political', porn, Android magazines, etc). I'll take my chances, thanks.

Re:Excellent fact-checking as usual (1)

Anonymous Coward | about 2 years ago | (#42633821)

Don't forget, APL's already allowed actual malware onto their store with at least a few thousand installs, before Charlie Miller came out and announced to the world that his app was whitehat malware (but malware nonetheless).

Makes you wonder how many applications are malware on the store when there's only "one pair of eyes" that can look at the apps easily. I mean, these apps could easily abuse the same jailbreak bug to install themselves...

Apple Hater, behind the times as usual (1)

SuperKendall (25149) | about a year and a half ago | (#42654635)

So far, things like apps to teach children how to program, games that are too 'political', porn, Android magazines, etc

Perhaps the last two you might have something, but there is a slew of apps to help you actually program on the iPad/iPhone.

And of course you can always jailbreak. So on iOS, only the people who know what the risks are are exposed to them. That seems like a far more sensible layered security model than screwing over one million technologically inept people just because you are too lazy to jailbreak before accessing alternate app sources.

Re:Excellent fact-checking as usual (1)

Anonymous Coward | about 2 years ago | (#42633635)

Probably does. The price of freedom is that people are free to install malware

... which is not what 99% of the population wants.

This malware problem has caused a lot of the shift away from Wintel PCs, and there's no reason the same can't happen to Android.

Re:Excellent fact-checking as usual (0)

Anonymous Coward | about 2 years ago | (#42634143)

This malware problem has caused a lot of the shift away from Wintel PCs

Isn't Windows at 90% desktop share still? I think junk like Win8 and Vista caused a lot more of that shift. Netbooks and laptops are a different story though.

Re:Excellent fact-checking as usual (0)

Anonymous Coward | about 2 years ago | (#42634183)

... which is not what 99% of the population wants.

This malware problem has caused a lot of the shift away from Wintel PCs, and there's no reason the same can't happen to Android.

No, they will just put up with it, even it it means installing Norton for Android and five different background anti-piracy DRM agents. The future is bright for Android!

Re:Excellent fact-checking as usual (1)

ChatHuant (801522) | about 2 years ago | (#42635513)

The price of freedom is that people are free to install malware.

Which makes Windows the freest platform of all by far.

Re:Excellent fact-checking as usual (0)

Anonymous Coward | about 2 years ago | (#42633225)

As long as the walled garden is doing due diligence, it is probably safer.

On the other hand, Google provides some of the tools necessary to judge the trustworthyness of the software regardless of the source. For example: if the app is demands permission to access the network when it shouldn't be necessary, perhaps it's time to ask if it is worth using that particular app. That approach won't protect you from everything, but it sure as hell is better than downloading apps blindly.

Re:Excellent fact-checking as usual (0)

Anonymous Coward | about 2 years ago | (#42633301)

"if the app is demands permission to access the network"

This is idiotic from a usability point-of-view. These tools help only an expert, not a normal user, to jude the trustworthiness. Android shouldn't tell the user that an App is "trying to access the network", it should tell the user what data the app is trying to send where, whether it will do so once or again in the future (or continuously), etc.

And yes, all that is technically possible; you just have to define permissions for high-level operations instead of low-level device access, and have the high-level operations implemented in terms of low-level device access *by a trusted system component*.

Re:Excellent fact-checking as usual (1)

Lussarn (105276) | about 2 years ago | (#42634031)

Or you could read the reviews in the play store before downloading. If the app is full of crap there are 500 persons telling you so. Not really hard...

Re:Excellent fact-checking as usual (0)

Anonymous Coward | about 2 years ago | (#42635281)

Android shouldn't tell the user that an App is "trying to access the network", it should tell the user what data the app is trying to send where, whether it will do so once or again in the future (or continuously), etc.

I was thinking about updating the Android Firewall [github.com] app to do this. Block connections by default, monitor iptables logs and pop up a dialog box allowing temporary/permanent connections to the remote host/any host. Of course, it would be better if it was built into the system and connections could be delayed instead of dropped initially.

Re:Excellent fact-checking as usual (0)

Anonymous Coward | about 2 years ago | (#42634045)

You did not answer the question about walled gardens. In fact, you gave a hint that the absence of a walled garden *did* exacerbate the problem.

The absence of a "walled garden" *can* exacerbate the problem, but doesn't have to (Google's app store is a good example). The onus is on the end user. They are free to choose their platform (in this case Android), their app store (in this case China Mobile), their apps (in this case "free" versions of apps that aren't normally "free"), and their level of risk.

Re:Excellent fact-checking as usual (1)

Clsid (564627) | about 2 years ago | (#42635963)

Well, it's not like you have a choice. Google Play does not work in China, as well as usual stuff you would expect to work like Youtube, Facebook, Twitter, Google Drive and even Gmail. So you have alternative stores that provide apps, but you also have mobile antivirus software in China which is what most sensible people would use.

Then again, with China Mobile alone we are talking about 670 million users compared to 100 million users that AT&T has. It is quite impressive that there aren't any more infections.

Re:Excellent fact-checking as usual (1)

thegarbz (1787294) | about 2 years ago | (#42636279)

The only irony is that the readership of Slashdot is well in the affirmative for freedom of citizens, gun ownership, freedom from censorship and tyranny, yet some how manages to be split on the idea of having some corporate entity decide what can and can't do in the name of malware prevention.

Re:Excellent fact-checking as usual (0)

Anonymous Coward | about 2 years ago | (#42640095)

oh god... WILL someone please put iptables in FRONT of android and get this shit over with already?
Then head over to the SCADA shit, put iptables on.
Then head over to the Nuke Plants, put iptables on.
what was the other one I'm forgetting? oh yeah Electrical Power Distribution. put iptables on.
seems like I am forgetting a few more here... Car Computers or some damn thing.

Re:Excellent fact-checking as usual (1)

tlhIngan (30335) | about 2 years ago | (#42647631)

The only irony is that the readership of Slashdot is well in the affirmative for freedom of citizens, gun ownership, freedom from censorship and tyranny, yet some how manages to be split on the idea of having some corporate entity decide what can and can't do in the name of malware prevention.

I think it's due ot direct exposure. Most of those rights get abused by an irresponsible few (who often ruin it for the responsible many).

Very few /.'ers have experienced the tragedy that strikes from say, irresponsible gun ownership (like loaded storing guns in an oven, or on the coffee table accessible to any kid walking by, nevermind mass shootings), or lived in countries where censorship and tyranny are common (because they won't be able to get /. typically), and such.

However, most /. users HAVE experienced the direct effects of malware - spam, DDoS attacks, etc. And they know most users don't care about computers enough to maintain them or such. Being somewhat pragmatic people, learning all about the ins and outs of a computer is similar to learning the ins and outs of a car and eventually being able to be a shadetree mechanic (which we know isn't true of the vast majority of drivers). Also being pragmatic, said /. users don't really want to travel around to their family member's houses and fix their computers, either, so they wish to have a simple solution to save themselves and do everyone else a favor.

Probably also due to the fact most /.'ers think everyone else is similar to them with similar goals - if you own a gun, you'd take care in storing it and ensuring you're trained and licensed and all that. Or that you'll watch what you say so that it's defensible (also why most have a disdain for those who publish their whole lives online and seeing it bite them in the ass because it gets used as evidence or reason to be denied employment).

Basically the /. profile is that of a reasonably responsible person who has enough common sense to realize when things are dangerous (e.g., loaded guns in the house) and avoid them as much as possible.

Re:Excellent fact-checking as usual (4, Informative)

AmiMoJo (196126) | about 2 years ago | (#42632917)

Since most people are too lazy to RTFA the malware infected apps are actually on China Mobile's own app store, not Google Play.

It looks like another case of a company thinking "everyone has an app store, we should get one!" but not realizing there is a need to actively police it.

Re:Excellent fact-checking as usual (1)

rjr162 (69736) | about 2 years ago | (#42633303)

The original article they linked to iirc was some smaller website that did list Google play

Re:Excellent fact-checking as usual (1)

DerekLyons (302214) | about 2 years ago | (#42633763)

It looks like another case of a company thinking "everyone has an app store, we should get one!" but not realizing there is a need to actively police it.

Yet, in the past, Slashdot has held that's not a bug, but rather is a key *feature* of the Android ecosystem - the ability to leave the walled garden and wander in the wilds.

Re:Excellent fact-checking as usual (1)

Anonymous Coward | about 2 years ago | (#42633835)

And it still is?

Consider there are plenty of application stores like GetJar, Amazon, MiCandy that have never suffered an infection because they're reputable...

It's like you go to a drug dealer cartel and not expect them to have drugs or weapons. Some people can't be trusted to keep you safe.

Re:Excellent fact-checking as usual (1)

Clsid (564627) | about 2 years ago | (#42635997)

In this case, either China Mobile provides the store or they include a third party since Google Play does not work in China. I would actually feel safer to use something from China Mobile given they are the largest carrier, but this incident proves that if you are in China, you are better off using a Windows Phone or an iPhone, even if they are outrageously expensive over there.

Re:Excellent fact-checking as usual (2, Informative)

Anonymous Coward | about 2 years ago | (#42632929)

Everybody knows Chinese people always download from Chinese pirate sites. You can get everything for free. Including infected.

Re:Excellent fact-checking as usual (1)

mysidia (191772) | about 2 years ago | (#42633101)

The virus/malware authors though, might not appreciate you pirating their software, and may sue as a result....

Re:Excellent fact-checking as usual (0)

Anonymous Coward | about 2 years ago | (#42633153)

The more software pirating a society has the more apathy they have towards security. Many Slashdotters would find the idea of running such insecure trojanned warez hair raising but they don't seem to worry about it.

Is M-x tetris pirating? (1)

tepples (727027) | about 2 years ago | (#42633241)

In your correlation between rates of "software pirating" and security, do you consider the development and dissemination of free software workalikes of proprietary video games to be "software pirating"? I can think of a few companies that do. Yes, things like M-x tetris in Emacs are a sort of edge case, but defining the edge of discussion helps participants find common ground from which to start.

Re:Excellent fact-checking as usual (3, Informative)

koxkoxkox (879667) | about 2 years ago | (#42633177)

Chinese users often have no choice, as Google Play is often not present in the phone. Manually installing it is quite complicated.

Re:Excellent fact-checking as usual (0)

Anonymous Coward | about 2 years ago | (#42634195)

Amazon's store works on many devices.

Re:Excellent fact-checking as usual (1)

tepples (727027) | about 2 years ago | (#42634329)

Amazon's store works on many devices.

In which countries? The last time I checked, paid apps on Amazon Appstore were available only to billing addresses in the United States of America.

Re:Excellent fact-checking as usual (0)

Anonymous Coward | about 2 years ago | (#42635377)

Perhaps that used to be true, but as a woman living in the United Kingdom, I can say that Amazon Appstore has always allowed me to buy paid apps (I have only had my first Android phone for about three months though, and Amazon Appstore on it for about two).

Re:Excellent fact-checking as usual (1)

screwdriver (691980) | about 2 years ago | (#42634269)

I love it! I'm sure they made damn sure apps like orbot (tor) are not available, but they could care less if malware gets through.

Re:Excellent fact-checking as usual (1)

Anonymous Coward | about 2 years ago | (#42633723)

Not in Google Play at all.

Not this time.

But there were cases of malware in the official Google store as well.

Re:Excellent fact-checking as usual (2)

Plumpaquatsch (2701653) | about 2 years ago | (#42634523)

Considering those are all Chines phones, that's not really surprising. Most "Android" phones sold in China don't have access to Google Play.

Which is the real problem here: Google has walled them out of their garden and forces them to go to even unsafer places.

Not from Google Play (3, Informative)

Anonymous Coward | about 2 years ago | (#42632879)

Actual BBC story:"Trojan had been found in more than 7,000 apps downloaded from _non-Google-owned_ stores."

It's a bit weird that neither the submitter nor the threatpost author thought it strange that thousands of popular apps on Google Play would include a trojan that has been known about for over a year?

Re:Not from Google Play (1, Insightful)

Savage-Rabbit (308260) | about 2 years ago | (#42633109)

Actual BBC story:"Trojan had been found in more than 7,000 apps downloaded from _non-Google-owned_ stores."

It's a bit weird that neither the submitter nor the threatpost author thought it strange that thousands of popular apps on Google Play would include a trojan that has been known about for over a year?

It's a bit ironic that fAndroids, who have been criticising Apple's walled garden for years, are now criticising other Android users for making full and enthusiastic use of the freedom of the Android platform to download apps from anywhere they damn well please rather than only dealing exclusively with Google owned or Google sanctioned stores. Not to say that walled gardens are a good thing but this discussion is nevertheless quite amusing since it tacitly admits that walled gardens, for all their other faults, are an efficient way to filter out malware. As long as there are other ways to download Android apps than from a walled garden of Google owned or Google sanctioned third party stores things like this will continue to happen.

Re:Not from Google Play (4, Interesting)

berashith (222128) | about 2 years ago | (#42633143)

This is a simple case of "just because you can, doesnt mean you should". I like the OPTION of loading apps from anywhere. I also pay attention to what gets installed and where. I turn off the alternate installation locations unless I am actively installing something. The people who want pay apps for free just pay a price that isnt money, and their stupidity should have no impact on my ability to be allowed to use my device as I want. No need to force your draconian bliss on the rest of the planet.

Re:Not from Google Play (1)

peragrin (659227) | about 2 years ago | (#42633337)

As was shown in the 70's you never know that the source your using is actually trusted.

Just because the source is good doesn't mean the compiler was.

many an infected and ultimately untrustworthy app was been downloaded from google play. Google like apple though monitor them and updates get pushed through so widespread failures are rare.

Draconian bliss can be used for good. The trick is balancing out the Draconian rules with fairness.

Re:Not from Google Play (1)

berashith (222128) | about 2 years ago | (#42633671)

this is true, but there is a big difference in the monitored stores and the bootleg stores that people are getting infected in. The google owned store could have junk inserted from a bad compiler, where the chinese free stores have intentional malware inserted.

Re:Not from Google Play (0)

Anonymous Coward | about 2 years ago | (#42635417)

Freedom for everyone will affect you personally if the botnet is used for DDoS attack. Enforcing security for everyone is not a bad thing even for power users, which will use developer mode/jailbreak/rooting/whatever anyway.

Re:Not from Google Play (1)

Anonymous Coward | about 2 years ago | (#42633197)

fAndroids...are now criticising other Android users for making full and enthusiastic use of the freedom of the Android platform to download apps from anywhere they damn well please

I haven't seen anyone doing that.

Not to say that walled gardens are a good thing but this discussion is nevertheless quite amusing since it tacitly admits that walled gardens, for all their other faults, are an efficient way to filter out malware.

And a sledgehammer is also an amazingly efficient way of cracking a walnut. "All their other faults" is a nice way of glossing over glossing over the fact that the cons of a walled garden outweigh the pros.

Re:Not from Google Play (0)

Anonymous Coward | about 2 years ago | (#42633521)

fAndroids...are now criticising other Android users for making full and enthusiastic use of the freedom of the Android platform to download apps from anywhere they damn well please

I haven't seen anyone doing that.

They you are blind, the OP stated this only happened because the affected Android users did not limit themselves to the Google store. That implies the criticism that if they had remained in the Google fold their phones would not have been affected.

Re:Not from Google Play (2, Insightful)

Anonymous Coward | about 2 years ago | (#42633675)

Can I as the original commenter take part in this second-guessing of my implied message?

I did not say "this only happened because the affected Android users did not limit themselves to the Google store" at all as you claim -- pretty bold of you to just say that when my message is clearly visible above... Also, nothing in my post was meant to "imply the criticism that if they had remained in the Google fold their phones would not have been affected" (in fact I don't even have a clear opinion on whether the open model or the Apple 'closed garden' model is better).

My only criticism was aimed at the shoddy reporting: It included a pretty big factual mistake. Mistakes sometimes happen, but this one made the story so unbelievable that it's hard to understand how both the article author and the submitter failed to apply some common sense and re-check the source.

Re:Not from Google Play (0)

Anonymous Coward | about 2 years ago | (#42633983)

See, in the real world, people tend to trust other people *IF* they've proven that they're trustworthy. If you're too stupid to realize that not everyone will treat you with respect and dignity, then you might as well kill yourself now -- because someone's going to trick you out of your money / life / loved ones really soon.

Android users have the option of staying in Google Play, or branching out to REPUTABLE stores like GetJar, Amazon, ... MiCandy (hey, 80% of the total internet traffic is porn, and I won't judge). They also have the option of risking infection from downloading all over - and Android warns you that if you "go off the reservation, we can't protect you."

Incidentally, the OP didn't say that "if someone stayed in Google". He said: "It's odd that it'd be hanging around for a year if it was found in Google Play." You should get your head out of your ass.

It's also funny that you're roasting Android for off-market installation when EVERY SINGLE desktop OS has this feature. Every single company has at least one product that allows for off-market installs.

Re:Not from Google Play (1)

Cinder6 (894572) | about 2 years ago | (#42633953)

And a sledgehammer is also an amazingly efficient way of cracking a walnut. "All their other faults" is a nice way of glossing over glossing over the fact that the cons of a walled garden outweigh the pros.

That's rather subjective, isn't it? I would imagine that Apple's "walled garden" approach works just fine for most of its users. You do see a lot of complaining, but keep in mind that people are more likely to go to a forum to complain than to say everything's great.

For myself, as an iOS user, I have only been miffed with Apple's policies three times. The first was MyWi, but that is probably due more to the carrier; the second was Swype, but now that Siri's out I pretty much use voice dictation for my phone, and I can type surprisingly fast on my iPad; the third was when they wouldn't give Sparrow the push email privilege.

I did jailbreak my phone at one point. There were some neat things in Cydia, but many of them were surprisingly expensive. I wound up reverting to standard iOS for a couple reasons, but one of them was that those same neato tools (I only installed two or three of them) absolutely killed my battery life.

Re:Not from Google Play (0)

Anonymous Coward | about 2 years ago | (#42633605)

You may notice upon re-reading my post that I did not criticize other android users. Were you perhaps projecting a little?

Re:Not from Google Play (1)

alostpacket (1972110) | about 2 years ago | (#42633817)

There's a difference between curated and walled.

Have some perspective (0)

Anonymous Coward | about 2 years ago | (#42634029)

In the world of open source, you don't have to put your trust in someone else's binary. You can access the source yourself. The problem is that "commodity users" don't care what they install on their machines.

All it takes is one moron with bad intentions and everyone blames the system.

http://techrights.org/2012/12/12/xuxian-jiang-vs-android/

Re:Not from Google Play (0)

Anonymous Coward | about 2 years ago | (#42635927)

No, it's not ironic at all.
Android users don't need to jailbreak their phones to install an app. They use Google Play because they choose to. And it seems that millions do make that choice.

Google Play isn't like Apple's App store at all. They have some malware checks, but that's it. They don't ban apps because they're political, or religious, or simply because someone doesn't "like" them.

Computing Power (2)

MassiveForces (991813) | about 2 years ago | (#42632891)

Imagine if botnets were put to benevolent uses, like distributed computing projects. Seriously forget credit card data - nobody has any money these days. Process some folding at home and collect some Nobels.

Re:Computing Power (0)

Anonymous Coward | about 2 years ago | (#42632991)

Not much computing power, the machines infected with them would have so much other crap on them (such as OEM preinstalled gunk) that the bot would at most be able to tap a percentile of the CPU's power.

Re:Computing Power (1)

Rockoon (1252108) | about 2 years ago | (#42633001)

...the bot would at most be able to tap a percentile of the CPU's power.

10 percent of a million CPU's is still equivalent to 100,000 CPU's.

Re:Computing Power (1)

Anonymous Coward | about 2 years ago | (#42633119)

Or generating massive rainbow tables...

Re:Computing Power (2)

Anne Thwacks (531696) | about 2 years ago | (#42633009)

I thought for a minute you wrote forge Credit cards: The I remembered the Search for Expoitable Transaaction Information project. Yes, botnets really can work for the dark side!

Don't want to BOINC and call 911 on one device (1)

tepples (727027) | about 2 years ago | (#42633269)

Imagine if botnets were put to benevolent uses, like distributed computing projects.

Distributed computing botnets would run up a CPU bill, causing the user to click "What has been using my battery?". That's why, for example, the Distributed.net client didn't get ported to PDAs and the like.

Re:Computing Power (0)

Anonymous Coward | about 2 years ago | (#42633391)

Seriously forget credit card data - nobody has any money these days

But that's exactly why they want _credit_card_ data - because it's not the card customer's money they are stealing, it's the car issuers'.

Re:Computing Power (1)

Plumpaquatsch (2701653) | about 2 years ago | (#42634863)

Imagine if botnets were put to benevolent uses, like distributed computing projects. Seriously forget credit card data - nobody has any money these days. Process some folding at home and collect some Nobels.

Yeah, sure. Drain some million Chinese guys phone battery, so somebody else can get a Nobel Prize.

A million bots! All on dialup! (1)

Let's All Be Chinese (2654985) | about 2 years ago | (#42632899)

Alright, not exactly dialup. But close enough for making the comparison on slashdot.

Should be interesting, trying not to make too much of a mess to avoid running the bots out of traffic allowance and/or running up the punters' bills enough to notice something is amiss.

Actual real problem vs non-existing problem (1)

roman_mir (125474) | about 2 years ago | (#42633015)

This is what a real security problem looks like as opposed to made up problems like Java sandbox security bugs.

Android is a platform that is actually used in half a billion of devices on this planet that people actually use.

Java sandbox in a browser is almost unused, there is a very limited number of users and you have to click through applet installation, so stealth applet installation is not going to happen.

Here is how a real world security threat works: I AM ANOTHER FLASHY GAME, INSTALL ME!

The user installs the flashy game and it takes over his phone.

Here is how java applet works: I AM ANOTHER FLASHY GAME, INSTALL ME!

The user tries to click on the thing, it fails to download the IcedTea plugin or whatever is required and the user gives up.

state (0)

shentino (1139071) | about 2 years ago | (#42633135)

If it was china I wouldn't be surprised if those rootkits were backed by chinese officials.

Walled gardens (1)

mrprogrammerman (2736973) | about 2 years ago | (#42633145)

Maybe walled gardens aren't so bad. They keep you locked in but they also keep the bad guys out.

Re:Walled gardens (0)

Anonymous Coward | about 2 years ago | (#42633201)

depends who you think the bad guys are,
  i think companies like Omniture/Google/Doubleclick/Mobclix/admob/vibrantmedia/appleads etc etc are the bad guys,

million dollar dedicated spying operations with no way to know what that "app" is really doing with my addressbook/gps location/websitehistory/imei
all available in the appstore, paid and free, with millions of apps to choose from, all infected with these spying companies code

NOT AN INFECTION (0)

Anonymous Coward | about 2 years ago | (#42633535)

"Android Botnet Infects 1 Million Plus Phones"

It's NOT AN INFECTION when user willingly installs a malicious application and approves its permissions.

Learn the basics of compooters before you write something that stupid next time.

Re:NOT AN INFECTION (1)

Gaygirlie (1657131) | about 2 years ago | (#42633799)

It's NOT AN INFECTION when user willingly installs a malicious application and approves its permissions.

That's like saying that it's not an infection if you inject yourself with HIV because you knowingly do it -- obvious rubbish. OF COURSE it is an infection still. Especially when the malware - package is HIDDEN inside another one, so that when the user thinks he's installing one thing he's actually getting two things. You might have a point if the user knowingly installed a malware - package, but that's just not the case.

Learn the basics of compooters before you write something that stupid next time.

Indeed, mate, indeed.

Who did NOT see this coming? (-1)

Anonymous Coward | about 2 years ago | (#42633621)

I know it's not from Google's app store but still... One million smartphone part of a botnet is nothing to sneeze at.

Who didn't honestly see that one coming?

You know what: that is just the beginning.

I'm not trolling (I'm using Linux and I'm using Google's GMail / Google Apps for Businees / Google+, YouTube, etc. so I'm pretty much pro-Google): I'm simply part of those who saw this coming. It was just all too clear that it was just a matter of time before smartphones became zombified like countless Windows PCs.

Meanwhile my Nokia 3210 is allowing me to, you know, give and receive phone calls (and even SMS). I know it's shocking but it "Just Works [TM]".

Re:Who did NOT see this coming? (1)

ravenlord_hun (2715033) | about 2 years ago | (#42633743)

Let me know when you get SMS forwarding or time based caller blacklisting working on that phone.

Re:Who did NOT see this coming? (0)

Anonymous Coward | about 2 years ago | (#42633951)

Android is based on Linux the safest operating system that has ever been created. When attackers successfully compromise software on Windows, Mac OS, Unix, Linux or Android, the usual cause is user error, followed by user-mode software bugs. The kernels almost never have anything to do with it. That's why claims by Linux zealots that the Linux kernel somehow 'protects' Linux from malware (or similar comments by Apple zealots about the XNU kernel, although most Apple zealots aren't technically literate enough to know what a kernel is) have always been ridiculous. If Windows zealots made similar comments about the NT kernel 'protecting' Windows from malware, they would be equally ridiculous, but I've never heard/read such claims. NT, XNU and Linux are all good kernels, but they can't magically protect users from malware. What generally matters most for protection from malware is the policies determining which software is allowed to run. Multi-user systems where professional systems administrators determine what is allowed to run tend to be much safer than single-user systems where users decide for themselves. One of Apple's biggest innovations with its App Store has been to act as a sort of systems administrator for iOS users, protecting them from themselves. Since Apple profit from the app sales, they have a strong incentive to spend money to properly vet apps (and so do Microsoft, since they copied the Apple model). In contrast, Google don't profit from app sales, so their incentive is simply to minimise costs. That's probably why Apple seems to do a much better job of vetting apps than Google. Even worse for Android, since it's open source, anyone can create their own app store and allow malware to flourish.

Re: Who did NOT see this coming? (0)

Anonymous Coward | about 2 years ago | (#42634547)

What do you mean Google doesn't profit from the Play store? They take a 30% cut just like apple does.

Hong Kong-based security company? (1)

dgharmon (2564621) | about 2 years ago | (#42635185)

Microsoft VIA Member [kingsoftsecurity.com]

"Kingsoft Internet Security 9 Plus is a complete package with Anti-Virus, Anti-Spyware, and Firewall applications, providing a complete solution to protect your computer system against the latest online threats. link [kingsoftresearch.com]

Re:Hong Kong-based security company? (1)

Clsid (564627) | about 2 years ago | (#42636019)

If you think Kingsoft is a tool, think again. That company is owned by Lei Jun, which is like China's Steve Jobs. That guy is creating a complete hardware/software solution not unlike the iPhone, by heavily modifying Android. They are offering their new cell phones at a very competitive price in continental China and it's been selling like hot cakes.

Here is a good article about the guy http://www.forbes.com/sites/simonmontlake/2012/07/18/xiaomis-lei-jun-chinas-answer-to-steve-jobs/ [forbes.com]

wtf? (0)

Anonymous Coward | about 2 years ago | (#42635427)

I thought China was a botnet

Not in F-Droid either (0)

Anonymous Coward | about 2 years ago | (#42636315)

F-Droid (f-droid.org) is the FOSS repository for freely licensed Android applications and as a rule they weed out things that have anti-features & malware in them since generally those don't ever provide source-code to anyone. Recommended as a non-tracking/info-harvesting alternative to Google's 'service'.

what happened to many eyes looking at source? (0)

Anonymous Coward | about 2 years ago | (#42636989)

Don't worry, Lumia phones are on the way.
Bwahhhhaaahaaahaaaah!!!

Whew... (0)

Anonymous Coward | about 2 years ago | (#42640315)

I guess we are safe then if we aren't using a chinese made cell phone.

We aren't are we?

Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?