×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Google: BadNews Malware Wasn't Really Bad, After All

Unknown Lamer posted about 10 months ago | from the mundane-bad-news dept.

Security 24

chicksdaddy writes "When reports surfaced about 'BadNews,' a new family of mobile malware that affected Google Android devices the news sounded — well — bad. BadNews was described by Lookout Mobile Security as a new kind of mobile malware for the Android platform-one that harness mobile ad networks to push out malicious links, harvest information on compromised devices and more. Now, six weeks later, a senior member of Google's Android security team claims that BadNews wasn't really all that bad, after all. Speaking at an event in Washington D.C. sponsored by the Federal Trade Commission, Google employee and Android team member Adrian Ludwig threw cold water on reports linking BadNews to sites that installed malicious programs. The search giant, he said, had not found any evidence linking BadNews to so-called SMS 'toll fraud' malware."

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

24 comments

And what else did you expect? (2, Interesting)

Anonymous Coward | about 10 months ago | (#43967523)

This just in: Vendor claims malware isn't as bad as people say. Film at 11.

Did anyone really expect them to say different?

Re:And what else did you expect? (0)

Anonymous Coward | about 10 months ago | (#43967591)

Now, come on. All Google is saying is that it isn't all BadNews ;-)

All malware is bad. Sure, it could be catastrophic, but it could also just serve as a trojan for other pieces of malware. This one doesn't turn out to be as bad as the press makes it sound (big surprise), and Google claims it isn't anything much to worry about (another big surprise). So we know that the truth lies somewhere in the middle.

Re:And what else did you expect? (0)

Anonymous Coward | about 10 months ago | (#43967739)

i farted

Re:And what else did you expect? (2)

OhSoLaMeow (2536022) | about 10 months ago | (#43967889)

Now, come on. All Google is saying is that it isn't all BadNews ;-)

All malware is bad. Sure, it could be catastrophic, but it could also just serve as a trojan for other pieces of malware. This one doesn't turn out to be as bad as the press makes it sound (big surprise), and Google claims it isn't anything much to worry about (another big surprise). So we know that the truth lies somewhere in the middle.

Maybe if we told you the "bad" news in a "good" way...

Re:And what else did you expect? (1)

AliasMarlowe (1042386) | about 10 months ago | (#43971773)

All Google is saying is that it isn't all BadNews

Or merely that it would be WorseNews if BadNews were VeryBadNews.

Re:And what else did you expect? (0)

Anonymous Coward | about 10 months ago | (#43967663)

On the other hand: anti-malware vendor claims new malware worst ever. Fox News at Ten (not to be confused with Fox News Channel).

Re:And what else did you expect? (4, Insightful)

stephanruby (542433) | about 10 months ago | (#43967961)

Did anyone really expect them to say different?

I didn't.

The application asked for permission to send sms (and potentially cost you money).

It's not malware if it tells you exactly what it's going to do, and then does it with your explicit permission (not that it even did that since it was only a proof-of-concept app). It's only a malware app if someone else has temporary possession of your phone, plus its pin number, and then installs the application just to cause you harm without you knowing.

And this is actually nothing new to Android users.

Re:And what else did you expect? (1)

Anonymous Coward | about 10 months ago | (#43969469)

This is the biggest reason why I won't be moving to Android anytime soon. On iOS, it'll ask for permission when it needs to send something, and I can stop it. There are plenty of apps that require permissions that I only want to give access to occasionally. If an app wants access to my pictures, I tell it what pictures it can access. Same with contact information. Giving apps blanket access at install time is brain dead.

Re:And what else did you expect? (1)

DrXym (126579) | about 10 months ago | (#43970493)

The up front permissions is better than nothing but it's not good enough.

Android really needs to ask the user to grant / deny a permission each time it is accessed, with a checkbox to remember the decision. Some apps can be incredibly annoying, such as Facebook which is constantly turning on GPS which saps battery power. I should be able to disable that permission and force it to use a less precise location system or none at all. Another app might have a genuine need to launch the dialler, to call someone in its contacts list, but I want to be asked each time just so it doesn't surreptitiously dial a premium number in Ghana during the night. Perhaps for numbers, it's the number which is added to a whitelist when I say remember the decision. And so on.

Apps might also have installed broadcast receivers / services which might hit permissions. They could be suspended until I grant / deny the permission they require. Perhaps I can completely disable these receivers / services from running at all except when their app is in the foreground.

Re:And what else did you expect? (0)

Anonymous Coward | about 10 months ago | (#43968663)

In this case "the vendor" is a big fan of data mining and probably just doesn't give a damn.

Re:And what else did you expect? (1)

tangent3 (449222) | about 10 months ago | (#43970445)

This just in: Anti-malware vendor claims malware is worse than it actually is. Film at 11.

Did anyone really expect them to say different?

but but but... (3, Funny)

ADRA (37398) | about 10 months ago | (#43967557)

How can we flame you if there's no story!! Wahh!

Re:but but but... (1)

Anonymous Coward | about 10 months ago | (#43967595)

Since when did reason ever get in the way of a good flame war?

Re:but but but... (1)

icebike (68054) | about 10 months ago | (#43967697)

How can we flame you if there's no story!! Wahh!

You can flame someone for jumping the gun perhaps?
With not a shred of evidence it appears that Lookout actually precipitated this stampede, and Google followed suit.

Re:but but but... (0)

Anonymous Coward | about 10 months ago | (#43967783)

What's wrong with the usual baseless way?

Always a potential vector. (1)

Darkness404 (1287218) | about 10 months ago | (#43967731)

Ad networks will always be a potential vector of infection and since many, if not most, apps on Google Play (and iOS) that are free will have ads from a major ad network, it means that any application can potentially give you malware with no fault of the application developers themselves.

Yo Dawg I Heard You Like Data Mining (-1)

Anonymous Coward | about 10 months ago | (#43967857)

Yo Dawg we heard you liked data mining so we put data mining malware on your data mining operating system!

Do they all hire the same marketing people? (1)

Anonymous Coward | about 10 months ago | (#43968021)

Often when there is a major security issue in a software product, there is a marketing that follows in the next few weeks saying it wasn't really as big a deal as the researchers originally claimed. Normally they state how the issues raised don't really apply in the real world. Often the phrase 'Threw cold water' is used. This is done as a distraction and PR exercise to deflect from the fact that the company does not wish to invest the time and effort into fixing the issue.

The IT press normally picks up the phrase 'Threw cold water' from the press release and report that in the headline.

Some examples:

http://www.allbusiness.com/technology/16740572-1.html

http://www.zdnet.com/blog/security/microsoft-pours-cold-water-on-wmp-flaw-warning/2336

BadNews a ruse to sell more AV product? (1)

dgharmon (2564621) | about 10 months ago | (#43968997)

`Speaking at an event in Washington D.C. sponsored by the Federal Trade Commission, Google employee and Android team member Adrian Ludwig threw cold water on reports linking BadNews to sites that installed malicious programs. The search giant, he said, had not found any evidence linking BadNews to so-called SMS 'toll fraud' malware."'

So it was just a ruse by the AV companies to sell more AV product ...

Re:BadNews a ruse to sell more AV product? (1)

lxs (131946) | about 10 months ago | (#43970633)

Yup. Also Google isn't sharing your email with NSA spies and their datacenters are patrolled by fairies on unicorns in search of rogue rainbows.

You know... they're right. (1)

UltraZelda64 (2309504) | about 10 months ago | (#43969333)

I actually agree with them on this one. This malware wasn't as bad as the recent disclosure of Google's involvement in a top-secret U.S. Government mass surveillance program that has been going on for several years now.

Or what this may also mean (0)

Anonymous Coward | about 10 months ago | (#43971253)

It's government made, so it's not harmful.

Check for New Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...