how-to block ads
|
|
Uniqs:
526 |
Share Topic
 |
 |
|
|
|
 Noah VailSon made my AvatarPremium
join:2004-12-10
Lorton, VA
kudos:1
 ·Bright House
 ·Sprint Mobile Br..
| Symantec sounds the klaxon about Massive Android Botnet A ZDNet blogger is resounding w/ Symantec's dire warnings that 1,000,000 - 5,000,000 Android handsets are currently infected with the Andorid.Counterclank botnet malware.
The ZDNet blogger mentions that 13 games in the marketplace are responsible for the 1mil-5mil Android infections.
He winds the article up reminding us how he-told-us-all-so last December that the Android Marketplace is destined to explode in the face of each and every Android user.
whew. Well, where to begin?
First, we recall that Symantec is still stinging from a major PR disaster. Bullhorning about someone else's security crisis might help take the limelight off Symantec's own security blunders.
Except, is Symantec's report accurate as (re)delivered?
Let's hear what an Android Security firm has to say on the matter.
said by PCW :Researchers from Lookout Security disagreed with rival Symantec that 13 apps on the Android Market were malicious, instead saying that they showed the same behaviors as other ad-supported apps.
Symantec's Kevin Haley, a director with the company's security response team, said Friday that 13 apps, some available in Google's official download store for at least a month, were created to distribute "Android.Counterclank," a Trojan that, among other things, modifies the browser's home page and bookmarks, and inserts a search icon that some users have said is impossible to delete. So according to ZDNet+Symantec, this botnet is characterized by a home-page-change in the browser, an added bookmark and really irritating search icon.
Got it.
said by PCW :Symantec estimated the number of downloads of the 13 apps at between 1 and 5 millions, prompting it to call the campaign the largest Android malware outbreak ever.
Lookout researchers disagreed.
"This is pretty clearly an ad[vertising] network that's similar to other ad networks," said Tim Wyatt, a principal engineer with Lookout, which markets a popular Android-specific security app.
Wyatt declined to identify the network he said was being used by the 13 apps -- which originate from three different publishers -- and that requests the permissions and exhibits the behavior Symantec dubbed malicious.
"This ad network does have the capability to enter bookmarks in your browser, which is different from other ad networks," Wyatt continued. "But a lot of its functionality is being embedded in other apps. Part of the business model of the company that owns the ad network is to add search conducted from apps."
"I can tell you that this code [seen in the 13 apps] is not the only code for doing things like this," said Wyatt. "There are 10-plus ad networks that we track that have the same functionality."
Wyatt said that Symantec had "significantly overblown" the story by labeling the apps as Trojan-infected, and added that its rival had been "a bit premature" in coming to its conclusions.
Symantec did not respond to a request for comment on Lookout's assertions. There's a bit more, but you get the idea.
I'll conclude with something I noticed at the bottom of the ZDNet blogger page.
A list of Android related articles, composed by this blogger.
Why do I get the feeling he sports an iPhone?
--
Adopting other people's animosity is The New Stupid. | |
 BlackbirdBuilt for SpeedPremium
join:2005-01-14
Fort Wayne, IN
kudos:2
 ·Frontier Communi..
| Wikipedia: "A Trojan horse, or Trojan, is software that is intended to perform, simultaneously, a desirable (expected) effect and a covert (unexpected) effect. Trojan horses can make copies of themselves, steal information, or harm the computer system."
From Millions caught up in Android botnet: quote:
...According to Symantec researcher Irfan Asrar, Counterclank is capable of carrying out commands received from a remote server and is capable of both stealing information from, and displaying ads on, infected Android handsets. ...
From Symantec, Android.Counterclank: quote:
...
Android.Counterclank is a Trojan horse for Android devices that steals information.
...
Damage
Damage Level: Medium
Payload: May steal information from the device.
Releases Confidential Info: May steal information from the device.
...
While Symantec or anyone else seems yet to demonstrate examples of a truly malicious employment of this particular code, the potential for such use remains if Symantec's assertions about its technical capability are accurate, as it does with any code that auto-exercises external communication, local file-access, and platform-altering capability (such as a "legitimate" program default-set to auto-update, etc). A pivotal issue revolves around what a user understands about the software and what his expectations are/were about what it actually does on/to his system. User ignorance of technical behavior (or even presence) does not prove deception of the user... just as claiming the code is merely part of an ad network does not exonerate it.
I suspect we'll see a lot more of this sort of thing (both code functionality and security reactions) as interactive technology and advertiser boldness both advance, especially with hand-helds.
One should always remember, in the modern Internet world, the 'user' is seen by both the leading "legit" players and the black hats as raw material to be harvested in one way or another - and both will employ whatever they can get away with to make money off that harvest. To paraphrase an old adage, "Let the user beware"... and the user ignores this at his own peril.
--
"Is life so dear, or peace so sweet, as to be purchased at the price of chains and slavery? Forbid it, Almighty God!" -- P.Henry, 1775 | | |
|
 TrelGood EveningPremium
join:2002-10-08
Hillsborough, NJ | reply to Noah Vail
I'm not sure I believe this for the following.
-Symantec just had major negative publicity from the issue with PCAnywhere.
-Suddenly come out with inflammatory news
-Another security company said it's not the case
Looks like Symantec is trying to regain some publicity to me.
--
/chown -R us:us /yourbase | |
Noah VailSon made my AvatarPremium
join:2004-12-10
Lorton, VA
kudos:1 Reviews:
·Bright House
·Sprint Mobile Br..
| reply to Noah Vail
Department of Defense adopts Android for SIPRNet The DoD+NIST is nearly done prepping the standards that would allow the Android platform to operate on it's Secret Internet Protocol Router Network.
said by DefSys :The Defense Department and National Institute of Standards and Technology are close to approving security standards that will allow service members, DOD personnel and other government users to use Android mobile devices on classified networks.
“There were going to be no information assurance [standards issued] until 2014, but with the groundswell of interest and needs, the agencies responsible for certification are giving this a higher priority,” McCarthy said. “The key is that it allows users from DOD and other agencies to access databases that in the past they couldn’t get to using a smart phone.”
Those databases include mission-command tools such as the Tactical Ground Reporting system used for critical situational awareness in combat, as well as law enforcement databases such as the National Crime Information Center, he said. I haven't heard any news about entrusting this level of clearance to the iPhone or Phone7.
--
Adopting other people's animosity is The New Stupid. | |
| Yes, there is a trojan. It usually involves a warez type app where people are trying to get the latest game or Xtype app for free.
Since Symantic is trying total scare tactics, - Eset also has an AV for phones. I'd get it from them. So does Kapersky. | |
 jvmorrisI Am The Man Who Was Not There.Premium,MVM
join:2001-04-03
Reston, VA | There are more security products/suites available for Android devices than I can count. Just like in the PC/Mac world, the efficacy and functionality of the various products varies tremendously.
I'm going to be interested in seeing just how DoD goes about the whole question of User Access Control and managing what apps can legitimately be installed on these devices. Promises to be an interesting exercise, for sure.
I've not yet seen what I would consider a really good, comprehensive review of the products currently available.
--
Regards,
Joseph V. Morris | |
 Smokey Bearveritas odium paritPremium
join:2008-03-15
Annie's Pub
kudos:4 | said by jvmorris:
I've not yet seen what I would consider a really good, comprehensive review of the products currently available.
AV-Test: Are free Android virus scanners any good? »www.av-test.org/en/home/
AV-Comparatives: Mobile Security Suites Android/Windows Mobile »www.av-comparatives.org/comparat···security
--
~ Every disadvantage has its advantage ~ | |
jvmorrisI Am The Man Who Was Not There.Premium,MVM
join:2001-04-03
Reston, VA | Thanks for that -- gives me something to read while waiting for the Six Nations rugby. 
Regarding the first article, I've never even heard of, much less used, any of the free products listed.
The second article looks a lot more interesting and I look forward to more like it.
As noted, the upgrades to all these products are appearing at such an incredible rate that most reviews are likely to be out of date by the time they appear in print.
Very early on, I went to paid apps, typically with a monthly subscription fee.
I'm not inclined to judge any of these apps yet; I'm still playing with them, discarding some and moving on to others over time.
--
Regards,
Joseph V. Morris | |
|
