08/01/2011

YAAV (Yet Another Android Virus)

If anyone is under the impression that phones (or Macs for that matter) are immune from viruses, worms, trojans, and other malware, let's get one thing straight: you're wrong.

CA Security Researcher Dinesh Venkatesan spotted a new Android Trojan and gives the lowdown on how it works.

In this particular case, according to a NetworkWorld.com summary of this same Android Trojan it,
...records the actual phone conversations in AMR format and stores the recordings on the device's SD card.

"The malware also 'drops a `configuration` file that contains key information about the remote server and the parameters....
OK, so it records the phone call. Big deal.

Oh, really.

There are a couple of outcomes to this, not the least of which is your phone's storage getting mysteriously chewed up.

Among other things, we have to look at these early cell phone malware and think of them as a new, budding, nascent industry, just like malware was in the '90s.

The bad guys are just starting to explore how to get into phones and what to do when they're there.

Recording calls is, if nothing else, research for them.

Just what do people talk about on their phones? And what can they learn listening to even a few dozen calls?

Is it possible to get usage patterns so stealing more valuable data could be possible?

What about stealing people's credit card numbers (oops, that has already shown up in Android malware) or breaking into their brokerage accounts, (oops, that has, too.)

The point being, it's a nacent industry, and if there's one thing the malware writers have shown it's creativity.

Once they really begin to understand what's there, they'll figure out a way to make money from it. Big money.

And, as for the built-in safeguards from Android like those shown here in this screencap from the CA Dinesh Venkatesan blog, yes, they're there, but there are a couple of important points about these warnings.

Screenshot of Android Trojan: [Credit Dinesh Venkatesan, CA Security]


Just because they're there doesn't mean:
  1. They're being heeded.
  2. They're not accidentally authorized.
  3. They're not going to be complete circumvented tomorrow.
The bottom line: android malware is here, it's real, it's no good, and it's only going to get worse.

And, yes, we're keeping a close eye on things. You can count on us to have some reviews soon.

We've seen some early previews of the new VIPRE Mobile, it looks great, and we'll be putting it--and other Android antivirus software--through the paces shortly.

In the mean time, if you're interested you can get your paws on the beta of VIPRE Android Antivirus now.

08/17/2009

Antivirus Software: What's Real? What's Fake?

One of the growing concerns for many security and antivirus professionals is the dramatic growth of fake antivirus software.

The idea behind fake A/V software is to trick unsuspecting consumers into downloading and installing their fake software in an effort to get trojans, viruses, spyware, and other malware installed onto PCs in the process.

There's nothing real about the fake software, except the threat it poses.

The process works like this:

  1. Trick consumer with a real looking, real sounding ad on an (often unsuspecting) legitimate website
  2. Get consumer to install the phony (but very real looking) antivirus application
  3. Stuff any number of trojans, keyloggers, spyware, and other evil applications into the fake antivirus program
  4. Use the newly infected computer to do their bidding, including (among other things):
    1. identity theft
    2. credit card fraud
    3. bank theft
    4. infecting other computers
    5. spamming

Solution to the Fake Antivirus Software Problem

Word is filtering out today about a way to tell fake antivirus software from legitimate ones.

A new site from security and SSL vendor Comodo of a project they're backing called, "Common Computing Security Standards Forum," aims to help consumers figure out what's real and what's not.

In their list of all known legitimate antivirus software vendors, they hope to help put an end to the dummy antivirus programs out there and to help consumers stay clear of the crap.

In addition to thanking them for their efforts, here is a complete list of current antivirus vendors known to Comodo to be the real deal:

Legitimate Antivirus Software Vendors
  • AhnLab
  • Aladdin
  • ALWIL
  • Antiy
  • Authentium
  • AVG Technologies
  • Avira GmBH
  • BitDefender (BitDefender Antivirus & Internet Security)
  • BullGuard
  • CA Inc (CA Anti-Virus)
  • Checkpoint
  • Cisco
  • ClamAV
  • Comodo
  • CSIS Security Group
  • Drive Sentry
  • Dr.Web
  • Emsi software
  • ESET
  • F-Secure
  • Fortinet
  • Frisk Software
  • G Data Software
  • GFI/Sunbelt Software (VIPRE Antivirus & Internet Security)
  • Ikarus Software
  • Intego
  • iolo
  • IObit.com
  • Kaspersky Lab (Kaspersky Anti-Virus & Internet Security)
  • Kingsoft
  • Malwarebytes
  • McAfee McAfee VirusScan Plus & Internet Security)
  • Norman
  • Panda (Panda Antivirus Pro & Internet Security)
  • PC Tools
  • Prevx
  • Rising
  • Sophos
  • SuperAntispyware
  • Symantec (Norton AntiVirus & Internet Security)
  • Trend Micro (Trend Micro AntiVirus & Internet Security)


  • You'll note, every one of the programs (reviews linked above) are included in our antivirus reviews since day one of our site are included on the list.

    If you know of other legitimate A/V software not on the list, please contact us so that we can share your insight with the folks at Comodo.