×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

"Bill Shocker" Malware Controls 620,000 Android Phones In China

timothy posted about a year ago | from the it's-ok-they're-calling-the-premier dept.

Android 138

Orome1 writes "A new discovered malware is potentially one of the most costly viruses yet discovered. Uncovered by NQ Mobile, the 'Bill Shocker' (a.expense.Extension.a) virus has already impacted 620,000 users in China and poses a threat to unprotected Android devices worldwide. Bill Shocker downloads in the background, without arousing the mobile device owner's suspicion. The infection can then take remote control of the device, including the contact list, Internet connections and dialing and texting functions. Once the malware has turned the phone into a "zombie," the infection uses the device to send text message to the profit of advertisers. In many cases, the threat will overrun the user's bundling quota, which subjects the user to additional charges."

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

138 comments

Follow the money (0)

Anonymous Coward | about a year ago | (#42750263)

It overruns the text bundle and causes extra charges... Sounds like an enterprising feature for a phone company to deploy.

Nope (2)

The MAZZTer (911996) | about a year ago | (#42750285)

There are phone numbers you can dial that result in an addition to your bill and money being paid to the guy you dialed... 1-900 numbers or whatever in the US.

The idea of making malware to forcibly call these numbers to the profit of the number owner is not new.

Re:Nope (1)

Joce640k (829181) | about a year ago | (#42750357)

The idea of making malware to forcibly call these numbers to the profit of the number owner is not new.

It used to happen back in the days when we had modems in our PCs.

Re:Nope (0)

Anonymous Coward | about a year ago | (#42750603)

"It used to happen back in the days when we had modems in our PCs."

These _are_ computers with built-in modems.

On "Smart" Phones (1)

arogier (1250960) | about a year ago | (#42750641)

I think of them more as Modems that happen to have computing and voice messaging capability...

Re:Nope (1)

Joce640k (829181) | about a year ago | (#42750787)

I don't really think of them as a "PC" though. I'm sure most other people don't either.

(Yes, I know what the literal meaning of the acronym "PC" is...)

Re:Nope (1)

noh8rz10 (2716597) | about a year ago | (#42750941)

The problem is the platform is so vulnerable. We're applying a PC mentality to phone operating systems.
The theme of this discussion is "it could happen to anybody" or "it's the users fault". But the fact of the matter is this only happens on sndroid, and the biggest mistake the users made was using an insecure os.

Re:Nope (1)

macs4all (973270) | about a year ago | (#42751113)

The problem is the platform is so vulnerable.

That is A problem; but not THE problem.

The REAL problem are the entities (Banks, Telcos and Governments) that are all standing under this money fountain, being WILLFULLY BLIND to all these transactions.

Not to shamelessly self-promote; but I covered this in a comment [slashdot.org] further below.

Re:Nope (1)

mabhatter654 (561290) | about a year ago | (#42753965)

Actually THAT was one of the biggest shifts that Apple pushed on the telcos. In the pre-iPhone days ALL SALES went through the phone company at exorbitant up charges.

When Apple introduced iPhone everybody made their online purchase with a separate iTunes account, not with their phone bill. Combine with the "all in one" plans that eliminated most common overages such scams mostly went away for normal, careful folk.

Re:Nope (1)

Mister Whirly (964219) | about a year ago | (#42751177)

Anytime you think of an operating system as your security, you have already lost the battle. Security is a process and procedures, not a product, not software, and not an operating system. Android can be locked down securely as well as iOS. Just don't uncheck the box allowing third party software to be installed and you thwart this type of attack.

Re:Nope (1)

Ol Olsoc (1175323) | about a year ago | (#42752883)

Just don't uncheck the box allowing third party software to be installed and you thwart this type of attack.

You do realize that is a big selling feature for the Android phones don't you? It "opens up a whole new world" for the user. The when the user gets owened, we can all blame it on the user.

Really, it's so much like the Windows world that I'm so happy to have abandoned. It's always someone elses fault. Always the customer's mistakes. The OS is secure, except when it isn't.

Not even wrong (1)

Anonymous Coward | about a year ago | (#42753293)

Noooo, having the option of flipping the switch that says "WARNING: You're making me insecure" right there and then allows owner to do whatever he wants - even if it's not good for him - is extremely baaaaaaad thing.

Don't forget that Larry, Sergei and Eric stand behind your shoulder and basically push you to do it, because otherwise your Android device is useless, useless, I say.

We don't need choice, it's bad for security and requires us to - what gall! - to think and be responsible for our actions. Also, microwaves should only allow verified things to get cooked and cars should only drive no faster than 5 mph.

Re:Not even wrong (0)

Anonymous Coward | about a year ago | (#42754321)

otherwise your Android device is useless, useless, I say.

So you mean exactly like an iPhone? That is what we are talking about here - locking down app installs from only one source. So if Android is useless without that feature, what does that make an iPhone? Even less than useless because you can't change this.

Re:Not even wrong (1)

node 3 (115640) | about a year ago | (#42754379)

Your sarcasm doesn't change the fact that iOS is more secure specifically due in large part that it does the very thing you are mocking.

To rephrase, you are saying that Android isn't less secure, and then say how good it is that the user has the option to make it less secure...?

Yes, Android provides a bit more freedom. But that freedom comes with a cost, and you can't just mock that cost away.

Re:Nope (0)

Anonymous Coward | about a year ago | (#42753933)

Yeah it is so difficult to want to install a third-party app and then secure your phone again. I would have to uncheck the box allowing me to install the app, install the app, and then re-check the box again to be secure. Boy I don't know if I can handle the pressure.

Re:Nope (1)

Mister Whirly (964219) | about a year ago | (#42754019)

So say I sell you a house with a door with locks. The door locks by default when you shut it, but you decide to change it, and leave your door unlocked all the time, and as a result, get robbed. Obviously this is my fault for selling you a house with a "known security defect", the manufacturer of the door for allowing it to be unlocked, the lock manufacturer, and anybody in the else in the world you can think of but yourself. Sorry, but at some point the user has to take some responsibility for his own actions. Even with it's walled garden an iPhone user could still leave his phone on the bus. Is that Apple fault for making a phone you can put down? Hardly. Any Android user who gets owned by a third-party app has allowed that to happen by playing with the default security. If you don't know what you are doing, you have no business changing the security settings in the first place.

Re:Nope (1)

node 3 (115640) | about a year ago | (#42754331)

Anytime you think of an operating system as your security, you have already lost the battle. Security is a process and procedures, not a product, not software, and not an operating system. Android can be locked down securely as well as iOS. Just don't uncheck the box allowing third party software to be installed and you thwart this type of attack.

That's a nice theory, but why doesn't it match reality?

iOS has never had anything like this on non-jailbroken iPhones, while Android has, even on non-rooted phones that disallow apps from outside the Play Store/Android Market.

Re:Nope (3, Insightful)

poetmatt (793785) | about a year ago | (#42750837)

the also unsurprising factor is that this is happening in China, where the same responses for how to prevent this have been sent every week:

download things from official trusted sources only.

Re:Nope (0)

Anonymous Coward | about a year ago | (#42750939)

Can you name one that is available and reliable in China?

sources that aren't available and reliable:
amazon
google

Re:Nope (1)

Runaway1956 (1322357) | about a year ago | (#42751125)

Pasted below is the same advice from TFA. Question is - who the hell do you trust? Unfortunately, Android opened the doors to all sorts of idiots developing crap, and there are no "trusted repositories". I guess it's safer to trust the phone company than some random developer from some random site. But, I'm not one to trust a phone company!

To avoid becoming a victim, please follow common-sense guidelines for smartphone security:

1. Only download applications from trusted sources, reputable application stores, and markets, and be sure to check reviews, ratings and developer information before downloading.

2. Never accept application requests from unknown sources. Closely monitor permissions requested by any application; an application should not request permission to do more than what it offers in its official list of features.

3. Be alert for unusual behavior on the part of mobile phones and be sure to download a trusted security application that can scan the applications being downloaded onto your mobile device. NQ Mobile Security users are already fully protected from the Bill Shocker threat.

Re:Nope (2)

milkmage (795746) | about a year ago | (#42751973)

...or google could just section off the store - devs can submit, or submit for review and approval. wild west over here.. anything goes. these have been reviewed. they're safe.

i don't see a downside. the relative lack of app dollars going to google (vs. Apple) has to be at least partially because some people don't feel "safe"

if you get too many warnings from this.. http://www.androidpolice.com/2012/10/11/apk-teardown-the-play-store-is-getting-a-built-in-malware-scanner-theres-more-wish-list-progress-and-more/ [androidpolice.com] - some people will stop using the store. makes no sense.. scan apps on the way IN.. not on the way out.

Installation has been blocked

why would you ever show that to the user. reject the app until those messages aren't even triggered.

Re:Nope (1)

node 3 (115640) | about a year ago | (#42754397)

the also unsurprising factor is that this is happening in China, where the same responses for how to prevent this have been sent every week:

download things from official trusted sources only.

"Android is better than iOS because it has a 'Freedom' button. Oh, also, never press that 'Freedom' button. kthxbye!"

Re:Nope (0)

Anonymous Coward | about a year ago | (#42750901)

I think you just agreed with him: "an enterprising feature for a phone company."

Re:Follow the money (1)

GiantMolecularCloud (2825541) | about a year ago | (#42750307)

They have so many other ways to screw people, would they really resort to this?

Nevermind, I know the answer.

Re:Follow the money (1)

grub (11606) | about a year ago | (#42750341)


They have so many other ways to screw people, would they really resort to this?

The scale of the scam is what makes it so lucrative.

It's OK though (0)

Anonymous Coward | about a year ago | (#42750501)

A "Researcher" wrote this code and when the cell maker didn't fix their phones, he released it in the interest of complete disclosure and information transparency.

We are all better off now...especially if you are in China and have one of these infected phones.

Re:It's OK though (-1)

Anonymous Coward | about a year ago | (#42750713)

What utter bollocks. You google apologists will bend over backwards to put this sort of thing in a positive light. You're hilarious.

Thanks for the laff.

That researcher is an antivirus company using proprietary software

http://www.prnewswire.com/news-releases/nq-mobiletm-threat-alert-bill-shocker-mobile-malware-takes-remote-control-of-more-than-600000-users-phones-to-send-costly-messages-188991261.html [prnewswire.com]

Re:It's OK though (1)

drc003 (738548) | about a year ago | (#42751079)

Recognizing sarcasm isn't really your thing I suppose.

Re:It's OK though (0)

Anonymous Coward | about a year ago | (#42751133)

Having read this sort of thing said in all seriousness, it's hardly surprising the poor bastard didn't see the sarcasm. No shortage of people who think google can do no wrong

Re:It's OK though (-1)

Anonymous Coward | about a year ago | (#42751957)

Pardon me but HOW THE FUCK can you miss the sarcasm in this part:

We are all better off now...especially if you are in China and have one of these infected phones.

I guess some things really can be too obvious.

Re:Follow the money (2)

fermion (181285) | about a year ago | (#42750697)

Back in the day of 900 number, it was clear that the phone companies were using them as a profit center. The average phone user did not want the feature, yet it was turned on by default. If you do not think about turning off the 900 number, and wait too long, the phone company can charge for the service.

Of course the high profit venture has gone from 900 numbers to texting. The phone companies are once again in a position to help, but they won't.

Re:Follow the money (0)

Anonymous Coward | about a year ago | (#42751169)

When I worked for Sprint, I wrote the office of the CEO regarding how ashamed I was that "premium messaging" was on by default, even when we knew the phone to be a child's phone. It's quite the scam, text a 6-digit number and be billed $9.99/mo or even some were $0.99 or $1.99 per day. A not insignificant portion of a Tier-1 tech's shift was explaining and reversing these charges, but despite paying that person to do it, there were enough subscribers that either didn't notice inside the 90-day window (after 90 days the reply was something like "too bad, so sad) or just blamed the kids who's phone had the charges and the company made bank.

I got a BS form reply (no surprise) but considering how scathing my examples were, I am in retrospect surprised that they did not decide to be complete douches and fire me. I am glad to not be there any more.

Re:Follow the money (1)

mabhatter654 (561290) | about a year ago | (#42754057)

It's simple. $2-$3 of that $9.99 went to the boss... And that INCLUDED charge backs.. So the phone company was dipping in both sides ... It was free money either way.

If State Attorney Generals forced phone companies to be half as honest as they forced Apple to be we wouldn't have these little chats.

Re: Follow the money (0)

noh8rz10 (2716597) | about a year ago | (#42750921)

The problem is the platform is so vulnerable. We're applying a PC mentality to phone operating systems. The theme of this discussion is "it could happen to anybody" or "it's the users fault". But the fact of the matter is this only happens on sndroid, and the biggest mistake the users made was using an insecure os.

Re: Follow the money (0)

Anonymous Coward | about a year ago | (#42751237)

How many times do you plan on posting this ignorant and blatantly wrong post? Once is too many, more than once is ludicrous.

Re:Follow the money (1)

interkin3tic (1469267) | about a year ago | (#42751951)

Why don't they follow where the money for these advertisers is supposed to go? I'm guessing it's not trivial. Is it safe to assume that money from morons who get the ads and want to buy goes to a shady bank in a country with lax laws, and if domestic law enforcement calls said bank for who owns the bank account, they'll be told to fuck off?

No smartphone for me (0)

Anonymous Coward | about a year ago | (#42750283)

I'll stick with my dumbphone

Re:No smartphone for me (1)

Joce640k (829181) | about a year ago | (#42750405)

Or just don't install every single app that promises you free bikini-clad-screencursors.

Re:No smartphone for me (0)

Anonymous Coward | about a year ago | (#42750723)

That only come on Android.

Re:No smartphone for me (0)

Anonymous Coward | about a year ago | (#42752091)

So? The point was, "don't install it". Go away you braindead monkeywanker.

Re:No smartphone for me (1)

Ol Olsoc (1175323) | about a year ago | (#42753179)

So? The point was, "don't install it". Go away you braindead monkeywanker.

Might be a monkeywanker, but there is a bit of truth to it. THe problem is that not everyone is a technical and OS security genius like you or me.

So yes, they do allow third party downloads - many of them have heard about them from the very salesmen who sold them their Android phone. I know I have. Free Software! ZOMG! Wait til I tell all my BFF"S! I had a salesman use the third party repositories as a selling point over iPhone because Apple wouldn't allow it.

I've spent a of of time cleaning up computers where the ignorant have downloaded and installed all kinds of nasty stuff. And of course the stuff they didn't know about, but picked up on their surfing. But the point is, those people didn't go away, nor did they learn much. I had repeat customers and they or their kids managed to bollix up their computers all over again. And again.

So now they've moved on to smartphones. But their habits haven't changed, so they will download and install those awesome free programs. And they will bitch up their smartphones.

But shouldn't we be able to move on from this? It's all so easy to just call the users idiots and assholes, but it also takes a bit of asshole to make smartphones that all it takes is unchecking a box and suddenly you can get all the bad stuff you want. That's vulnerablilty. An attractive nuisance.

Karma (0)

Anonymous Coward | about a year ago | (#42750363)

It says there's malware and you should only download apps from trusted source, then promptly offers an app to download to fix it!

Ha ha,

China forked Android and stuck their own Baidu and apps on it, and their own store. They've made minimal attempt to catch hackers, they reap what they sow.

Re:Karma (0)

Anonymous Coward | about a year ago | (#42750471)

This isn't a forked version of Android that's being infected. In china you can't always get to the playstore and not all apps are listed if you do get there, so the chinese have to use a different store

Re:Karma (0)

Anonymous Coward | about a year ago | (#42750805)

Welcome to open.

You must take the good with the bad.

Where ANYone can:
sudo apt-get install git-core wget && mkdir -p ~/bin && export PATH=$PATH:~/bin \
      && wget http://android.git.kernel.org/repo [kernel.org] && chmod a+x ./repo \
      && mv ./repo ~/bin && mkdir android && cd android \
      && repo init -u git://android.git.kernel.org/platform/manifest.git \
      ; repo sync ; make

Re:Karma (0)

Anonymous Coward | about a year ago | (#42751035)

AOSP isn't what's loaded on these phones though.

Re:Karma (0)

Anonymous Coward | about a year ago | (#42751221)

That's the point.

They can get the source code, modify it any way they like.

And then you get this situation.

All worried until... (5, Insightful)

Kagato (116051) | about a year ago | (#42750373)

Upon further reading the infection vector is infected pirated Android apps sold/distributed in black market Android marketplaces. Cry me a river folks.

Re:All worried until... (2)

tepples (727027) | about a year ago | (#42750439)

So if someone lives in a country where most devices come without Google Play Store, a country where even the manufacturers and carriers preload "black market Android marketplaces", where should he get apps instead?

Re:All worried until... (1)

Guppy06 (410832) | about a year ago | (#42750517)

So if someone lives in a country where most devices come without Google Play Store... where should he get apps instead?

Amazon.

Re:All worried until... (1)

Kagato (116051) | about a year ago | (#42750893)

It's the largest Android customer base in the world. They have legal marketplaces provided by the carriers. My understanding is most phones are pre-loaded with MM (Mobile Market). Now if you're an English speaker you've got some problems with the market place, but you could root the phone and download a legit market app from Samsung or other reputable player.

Re:All worried until... (0)

Anonymous Coward | about a year ago | (#42751015)

Yeah, that seems reasonable for the average user...or not.

App market is insecure!
Root your phone and install custom app market!
It's sure to be more secure!
Just make sure you don't get a fake secure app market!
It's your own stupid fault for not doing all this research!
Wait, there are no secure official app markets in China?
Why don't you just move, you idiot!

Re:All worried until... (0)

Anonymous Coward | about a year ago | (#42750555)

Are Amazon, SlideME, Opera, GetJar and others banned there?

Re:All worried until... (1)

Joce640k (829181) | about a year ago | (#42750829)

where should he get apps instead?

I wasn't aware that "apps" were mandatory. I guess I must be doing it wrong (again...)

Re:All worried until... (1)

tepples (727027) | about a year ago | (#42751833)

I wasn't aware that "apps" were mandatory.

If you didn't want apps, you would have bought a dumbphone instead of a phone that comes with Android.

Re:All worried until... (2)

ZiakII (829432) | about a year ago | (#42750931)

So if someone lives in a country where most devices come without Google Play Store, a country where even the manufacturers and carriers preload "black market Android marketplaces", where should he get apps instead?

He should install the Google Play Store .apk?

Re:All worried until... (1)

Anonymous Coward | about a year ago | (#42751173)

Doesn't work, at least not on the last 3 Android phones I have had. I've been in China for 3 years now. I assume it might work on a rooted phone. Besides that, i can't even get the google play website to load half the time.

Re:All worried until... (0)

Anonymous Coward | about a year ago | (#42751019)

Dude, if they had the option they'd STILL not pay. It happens in all non-first-world countries that do have Google Play. So stop being so naive.

Then don't buy it. (0)

Anonymous Coward | about a year ago | (#42751407)

He shouldn't. If the device is not supported in his country, it wouldn't make sense to buy it. Or things like this occur.

Re:All worried until... (1)

wmac1 (2478314) | about a year ago | (#42751129)

You may install a free software from that market and still get infected.

Android market is not available in every country. Two months ago I traveled to a specific country and Google Play would not allow login to me. When I asked why people said it has never been working in the country.

Re:All worried until... (-1, Flamebait)

robbo (4388) | about a year ago | (#42751351)

Isn't it a point of pride for l33t slashdotters to jailbreak their phones and side load apps? The fact that on threat family has 600k victims suggests that millions, probably tens of millions of users are using rogue app stores.

Not true (5, Informative)

Joce640k (829181) | about a year ago | (#42750389)

"Bill Shocker downloads in the background"

Not really true. You have to install an infected app to get it started.

Re:Not true (0)

Anonymous Coward | about a year ago | (#42750899)

Do they also have to click on the Install button with the "SERVICES THAT COST YOU MONEY" / Send SMS Messages?

Malware... (0)

Anonymous Coward | about a year ago | (#42750451)

Uncovered by NQ Mobile, the 'Bill Shocker' (a.expense.Extension.a) virus ...

Let's call the next one Bill O'Reilly...

what they should do on this (1)

RobertLTux (260313) | about a year ago | (#42750477)

since the PHONE COMPANY gets a cut then the PHONE COMPANY should be on the hook for the profits.

it should be LAW that you must get Positive Confirmation for any charges either above 3(money units) or that are multiple charge type things.

Re:what they should do on this (0)

Anonymous Coward | about a year ago | (#42750747)

This whole thing could also be circumvented if for every call initiated by an app, there would be a non-circumventable confirmation dialog shown, telling you which app wants to make the call, which number it wants to call (bonus points it it automatically warns about high-cost numbers), and what it tries to do (initiate voice call, send a message). For messages, you also should have the option to view the content of the message.

Re:what they should do on this (1)

Runaway1956 (1322357) | about a year ago | (#42751279)

Wait, wait, wait. Let me get this straight.

We gots us a malware thingy. The thingy acquires permissions to install itself. It's not quite clear that it is using "root" permissions, but it does have elevated permissions. Elevated enough to install software, at any rate. We've already bypassed everything on the phone, except possibly root, and probably BIOS.

Kindly explain WTF this "non-circumventable confirmation dialog" thingy might be. And, explain HOWTF it works. There's a special chip in the phone, that is anaccessible to root and/or user, that is going to always and forever question you regarding expensive calls?

Dude - the frigging app will dismiss the damned query before it ever registers on screen. Geeez, Louise. You just turned on your first ever computer last night, right?

Which Android releases? (0)

Anonymous Coward | about a year ago | (#42750515)

Newer Android releases include app scanners and do not allow (by default) app installation from unauthorized sources.

Re:Which Android releases? (0)

Anonymous Coward | about a year ago | (#42751289)

Those aren't sold in China.

So what are they supposed to do?

Buy and suffer the consequences or buy something else.

There's a reason Android phones are so cheap in China...

Trojans? In my Chinese pirate app store? (4, Funny)

0xdeadbeef (28836) | about a year ago | (#42750543)

It's more likely than you think!

the infection uses the device to send text message to the profit of advertisers

So it's just like this article, then?

Re:Trojans? In my Chinese pirate app store? (0)

Anonymous Coward | about a year ago | (#42751003)

Testing!

And the infection vector? (3, Insightful)

bickerdyke (670000) | about a year ago | (#42750573)

Let me guess... you have to manually install an apk from an untrusted source?

Re:And the infection vector? (2)

h4rr4r (612664) | about a year ago | (#42750647)

Yup.
Could just as easily infect a jailbroken iPhone this way.

This sort of infection vector is nothing to get excited about.

Re:And the infection vector? (2)

Savage-Rabbit (308260) | about a year ago | (#42751091)

Yup.
Could just as easily infect a jailbroken iPhone this way.

This sort of infection vector is nothing to get excited about.

Last time I looked (a few months ago) some 38% of Chinese iOS users had jailbroken their phones and the trend was declining. China must be a small market for Apple since globally, only 10% of iOS users had bothered to jailbreak.

Re:And the infection vector? (1)

smash (1351) | about a year ago | (#42752829)

Apple has only been officially selling in China for a very small period of time as I understand it - like the last year or so?

Re:And the infection vector? (1)

NatasRevol (731260) | about a year ago | (#42750821)

Can you name a reliable, trusted source for an Android phone in China?

Sites that are out, as they're not reliable or completely unavailable:
Google
Amazon

Android attacks are indicators (0)

Anonymous Coward | about a year ago | (#42750707)

Of what'd happen to Linux if a "Linux's year of the desktop" occurred's all since Android is a Linux variant.

Re:Android attacks are indicators (2, Interesting)

Runaway1956 (1322357) | about a year ago | (#42751357)

Android is not a "Linux variant". Android uses a Linux kernel, but it's not a Linux distro. It most certainly is not an established, trusted distro, such as Debian, Suse, or Redhat.

Various dope smoking fools, working for various companies have rolled their own flavors of Android, seldom consulting with real Linux enthusiasts. Each and every manufacturer rolls his own dope-soaked version of Android, then alters that dopey version to suit the whims of the telcos that are actually purchasing them.

If Android is a Linux distro, then BlackXP, available via torrent, is a valid Windows release.

(Note that I've actually used BlackXP inside of VM's - it's actually pretty solid, but it's damned sure not Microsoft!)

Re:Android attacks are indicators (2)

smash (1351) | about a year ago | (#42752863)

I'd actually argue that Android has had more thought put into application security than the typical linux distro has.

Especially after it's been fucked up by idiots doing this sort of thing [rwxrwxrwx.net]

As Much As I'd Like To Poke Fun At Android... (2)

macs4all (973270) | about a year ago | (#42750709)

I think there is a LARGE measure of culpability (yes, I know that's the CRIMINAL term) for this on the part of the "Money Launderers" (the Banks, Telcos, and Governments involved in the "chain of custody" of these funds). Once alerted to this, the Police/"Justice Departments", not to mention the Telcos and Banks, in the country(ies) where the money is "landing" should be seizing bank accounts, taking down internet access, and generally making life a living Hell for whoever is PULLING THE DEPOSITS.

This CANNOT be legal under ANY Country's "fraud" laws. So why aren't these people being sued/prosecuted out of existence?

Qui Bono ("Who Profits?"). If the Banks, Telcos, and to some extent (through "fees" and "taxes") the "host Country(ies)" would actually go on an MPAA-style Jihad with these TRUE Racketeers, instead of actually AIDING AND ABETTING this Criminal Enterprise, perhaps there wouldn't be so much of it, regardless of the fact that the Android "mindset" makes this kind of thing ALL too easy, and Google is totally incapable of stopping it (without resorting to the "Walled Garden" approach that a small minority of Android users (but a vocal subset of /.ers) seem to value so highly).

Yes, I understand that "The price of "freedom" (in quotes) is vigilance"; but ya gotta admit, if the Governments and Police in the Country(ies) where this money was ENDING UP spent as much effort on this as they do "watching for terrists" or "stopping piracy", not many (true) Criminals would even ATTEMPT something like this.

I mean, every single frickin' penny of this money can be tracked; so why is it SO hard to stop??? Something's fishy here.

RICO prosecutions (2)

swb (14022) | about a year ago | (#42751797)

RICO prosecutions would help. It's what should have been done with Spam in the early days when it started to become profitable.

Drag in the banks, the ISPs, and the other supposedly reputable service providers into the RICO prosecutions. Once a couple of well-known institutions get caught like this it would cut off the air supply of the illegal action and make it much, much more difficult.

By not doing this, we only encourage our supposedly legitimate institution to keep providing services to people who actually committing crimes.

Not a virus; virus self-replicate (2)

enriquevagu (1026480) | about a year ago | (#42750799)

This is NOT a virus; viruses infect a system, typically by modifying other existan executable files, and then self-replicate themselves. These are malware applications which have been installed by the users. In this case he notice, not covered in the summary, is that these applications are not designed to be malware, but rather they employ a free (as in gratis) SDK, which converts the phone in a zombie.

However, note that simply removing the applications should remove the "infection". The Android security model does not allow an application to "infect" the OS, unless the user has rooted the phone and runs the application as root (in this case, it's your fault).

Re:Not a virus; virus self-replicate (1)

tlhIngan (30335) | about a year ago | (#42751845)

However, note that simply removing the applications should remove the "infection". The Android security model does not allow an application to "infect" the OS, unless the user has rooted the phone and runs the application as root (in this case, it's your fault).

Well, it's also entirely possible that the malware roots the phone for the user (it has happened before). Plus there are many apps in the Play Store that require root - enough so that 4.2 includes sudo now and a way to manage it (it's called "device administrators") so users don't have to root their phones themselves, and can allow/deny individual apps access to the capability.

Happy to have a Windows Phone (-1)

DogDude (805747) | about a year ago | (#42750949)

At times like these, I'm happy to have a Windows Phone. I don't know if it's because the security is better, or because it's a tighter "walled garden", or it's such a tiny market segment, I don't care. I'm just happy that I don't have to worry about phone viruses.

The whole point to using a phone instead of a computer is because of simplicity. If Android or Android users can't figure out how to keep it *simple* to use a cellphone, users are going to flee to Apple or Microsoft or (Blackberry?).

Re:Happy to have a Windows Phone (3, Interesting)

LodCrappo (705968) | about a year ago | (#42751073)

"At times like these, I'm happy to have a Windows Phone."

Ok... but what about all the rest of the time? I was given an HTC 8x at work and asked to research the platform.. trying to use it as a daily driver and its just so frustrating coming from Android. You never realize how important a thriving app ecosystem is until you try to live with WP. I can deal with the wonky notifications and the limited "live tiles" vs widgets.. I guess. But looking through the app store is just depressing.

Re:Happy to have a Windows Phone (1)

smash (1351) | about a year ago | (#42752779)

Yeah that's a fair assessment, and why i have avoided android this far and stuck with the "walled garden" of iOS.

It is an appliance, like a toaster or a fridge. We've gone through decades of malware on PCs, and it doesn't need to be that way.

I'll gladly trade the ability to pay a nominal development kit fee for a security cert and tools in order to have a more secure locked down device. Whether that means iOS, Windows Mobile, or whatever new platform provides a nice slick UI, good performance and an decent application library.

In practice, open vs closed is not that relevant to my interests.

Can someone explain how is it... (1)

mark-t (151149) | about a year ago | (#42751081)

... that a program can evidently send a text message to someone else without that text showing up in the message history?

Re:Can someone explain how is it... (0)

Anonymous Coward | about a year ago | (#42751363)

They are called system level SMS.

SMS messages are used for all types of things and you never now about them.

Re:Can someone explain how is it... (1)

mark-t (151149) | about a year ago | (#42752375)

Like what? And is there ever any reason for a user to legitimately *NOT* know about it?

Re:Can someone explain how is it... (1)

smash (1351) | about a year ago | (#42752687)

Diagnostics by the mobile operator maybe. And by using your device on their network you have no doubt agreed to terms of service which allow them to do this sort of thing.

Re:Can someone explain how is it... (0)

Anonymous Coward | about a year ago | (#42753811)

It's also used for carrier services like Sprint's Total Protection app, or 3rd party apps like WheresMyDroid, where a server sends your phone an SMS to activate the phone location / ringer to help you find it. The message itself is masked by the app. There's nothing nefarious about those services, I'm just providing examples.

I guess it's a bit too hard for some people ... (0)

Anonymous Coward | about a year ago | (#42751993)

http://i.stack.imgur.com/yuJnum.jpg

This is stock Android (I'm sure there's a chinese version of this, though nobody's taken a screenshot of it)

Just to balance out convenience with functionality, it doesn't notify on every message.

I don't know what idiot would want to constantly click on "ok, send" for EVERY automated message - legit or no. I suppose they might own another platform that like YES/NO authorization popups interrupting their experience (for new wifi networks found, for adding FB integration from the Settings on pad, etc.).

I guess it's too hard to read plain language...

Flamebait for Linux Fan boys (1)

Ravaldy (2621787) | about a year ago | (#42752197)

This is once again proof that an OS is only as good as it's implementation, configuration and install software.

Ta30 (-1)

Anonymous Coward | about a year ago | (#42752301)

I thought it was my TOWEL UNDER THE MORNsING. NOW I HAVE core team. They users', BigAzz, than this BSD box, of playing your Many of us are it was fun. If I'm at death's door

woot (1)

smash (1351) | about a year ago | (#42752665)

Running unsigned code from anywhere is awesome!

30+ years of this shit on desktop computers, and so it repeats on mobile.

Another reason to avoid all Fuckle Assdroid (0)

Anonymous Coward | about a year ago | (#42752741)

devices and go with iOS devices instead.

Wvery new malware that is released for Fuckle Assdroid just proves that Fuckle is the new M$ and Fuckle Assdroid is the Windoze of the mobile world. Apple iOS is far more secure than Windoze phone and Fuckle Assdroid could ever be. Don't think it can't happen in the US? Think again. With this the data usage will be causing users to be throttled due to hitting their data caps. Naturally this will get modded down because Slashdot is filled with Fuckle Assdroid Fanbois that love to get fucked in the ass, hence the term Fuckle Assdroid [urbandictionary.com] . So go ahead, flame on you Fuckle Assdroid loving, fudgepacking, twinkie sucking fucktarded shills of Fuckle.

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...