01/30/2012

Will 2012 Be the Year of the Cellphone Virus?

I know I'm not the first blogger in the antivirus arena to go on record as saying that I think cell phones and tablet PCs are ripe for the pickin' by the virus and malware writers.

What's clear though is that more folks like us (i.e. people who are *not* employees of the top antivirus manufacturers) are beginning to start beating this drum, too.

PCWorld's Dan Tynan wrote a piece back in November 2011 called, Mobile Malware Epidemic Looms. Now there's a piece in the NYTimes. Build Up Your Phone’s Defenses Against Hackers.

No disrespect to mainstream media, especially the NY Times, which I love, but c'mon... by the time this kind of thing hits The Times, it's arguably already old news. Certainly, it's well beyond the point of being "theory."

The opening sentence of Dan's piece in PCWorld says it all,
I know it’s a tad early for new year predictions but I’m going to beat the rush and make mine now: 2012 will be the year of mobile malware.
At the risk of offending the sensibilities of some of my readers who think they're immune, let me ask a few questions about what you do with your phone.

(N.B. For brevity, I'm lumping smart phones and tablet PCs into one category "phones".) With your phone do you...
  1. Use bluetooth?
  2. Browse the web?
  3. Send or receive email?
  4. Send or receive text messages?
  5. Charge via a USB connection?
  6. Charge at public charging kiosks?
  7. Use QR / "Scan Me" codes?1
If you answered "Yes" to any (and I mean any) of these questions, congratulations, you're at risk.

Now, shift gears for a second and think about not just the ubiquity of the cell phone but the utility. Not only are cell phones everywhere, they're *really* useful, which makes them all the more ubiquitous, which makes them even more useful, and so on.

And, now for the deathblow in the argument against cell phone antivirus software.

Phones are computers. Period.

If there's a microprocessor in it, it's a computer. And, I don't care how much time, money, energy, blood, sweat, and tears a manufacturer has put into their phone. It only takes one oh-so-subtle mistake by a well-intentioned programmer to make the code vulnerable to traditional malware attacks.

Consider this. Just to create the homepage of our site (and just the homepage) takes over three thousand lines.2 And that doesn't even count the code your web browser had to have to understand how to display our site properly for you.

My point: even if you have no clue how many lines of programming it takes to make a cell phone, rest assured it takes millions. Many, many millions. We ourselves are always finding and fixing little errors and typos throughout our site. If we have a hard time finding them in our own back yard, imagine how hard it is for a programmer to think about what problems they're going to encounter when millions of customers start using phones in millions of different ways.

Every mistake, no matter how subtle is a possible virus entry point. Maybe it'll never be discovered. Maybe it will. But in millions of lines of code, there are lots of opportunities for mistakes.

Next is the issue of "social engineering," where you're just out-and-out tricked into running malicious code. Maybe you click, "Yes" accidentally. Maybe you didn't understand what was going on and clicked, "Yes." Regardless, you clicked, "Yes" and installed something evil onto your phone.

What's it going to do?

Who knows? For starters it is a PC. The problem is, it's a whole lot more, too. It's a phone. It's a camera. It's an MP3 player.

Common things (so far) for cell phone malware are things like secretly calling 900 numbers, listening for credit card numbers, stealing contact information, logging keystrokes at your bank, brokerage, and credit card accounts... and the list goes on.

No matter how you look at it, cellphone viruses are here and cellphone antivirus software is a must. Android. iPhone. Blackberry. Windows. Palm. It doesn't matter what platform your phone (or tablet PC) runs, rest assured, it's vulnerable to viruses. Today.

How convinced are we? We're putting our own R & D money on the line: fitting right in line with our regular PC antivirus reviews, we're working on our own cellphone antivirus review site. No launch date just yet, but if what we've already seen in terms of mobile malware is any indication, it had better be soon.
1 QR / "Scan Me" codes are those funny square scan code things that are popping up everywhere offering everything from discount coupons to manufacturer direct purchasing.
2 For some more perspective, we estimate--conservatively--that since 2006 our site has produced well over 1,000,000 lines of code. And that's just the site itself.

08/25/2011

Android Malware, Adobe Exploits, Spam Volume & More in the McAfee Quarterly Threat Report

In their most recent McAfee Threats Report, antivirus & security software vendor McAfee covers a lot of ground in the malware arena.

Here are the highlights:
  1. Android is now the most highly targeted platform for mobile / smartphone malware.
  2. More successful legal actions are being taken against cybercriminals
  3. 22% increase in malware samples over 2010
  4. On pace for 75 million malware samples by the end of 2011
  5. Fake antivirus software continuing to grow
  6. 38% increase in rootkits (stealth malware) over 2010
  7. Adobe outpaced Microsoft for security exploits in their software (Acrobat, Acrobat Reader, etc.)
  8. After a brief up-tick, spam is again declining
  9. Over 7,000 new malicious websites per day
  10. Over 2,700 new phishing websites per day
What are the take aways from it?

  1. Smartphone viruses are here, they're real, and they're growing.
  2. It isn't just a matter of keeping your OS updated. You've got to update all the software on your system regularly. Adobe Acrobat/Reader is proving that.
  3. Antivirus software is a must.

06/15/2011

More Android Smartphone Malware Found, Removed from Marketplace

Kaspersky, makers of Kaspersky Antivirus just posted a lengthy piece on  new Android Malware called the "Plankton Trojan".

Originally discovered by Xuxian Jian (Assistant Professor and his research team at the Department of Computer Science, NC State University), his report on the Android malware disconcertingly begins,
This spyware does not attempt to root Android phones but instead is designed to be stealthy by running the payload under the radar.

"In fact, Plankton is the first one that we are aware of that exploits Dalvik class loading capability to stay stealthy and dynamically extend its own functionality.

"Our investigation indicates that there are at least 10 infected Android apps in the Official Android Market from three different developers.

"Its stealthy design also explains why some earlier variants have been there for more than 2 months....

What does this mean?

For starters, it means that the bad guys have found a way to get onto your Android without requiring "root" access, which means that it's able to evade detection and avoid tripping the warning screens and whatnot that you'd expect to see.

The report details how this application silently hooks into the phone, downloads in the background more things it needs to run, and uploads information about your account to computers the bad guys control.

Kasperksy's analysis revealed,
...the virus does not provide root exploits, but supports a number of bot-related commands.

"One interesting function is that the virus can be used collect information on users’ accounts.
What exactly the bad guys are doing with the botnet either isn't yet clear or isn't yet being revealed by Professor Jiang or Kaspersky. And for that matter what they're doing with the users' data isn't clear/revealed either.

This may be a case where they're just trying to test the waters and see what kind of flags they raise and what kind of information they can glean from users.

Regardless, it's definitely cause for some concern amongst users and antivirus researchers alike, as it will require the AV companies to rethink some of their strategies in protecting phones.

What's Google Doing about it?

According to the piece by Kaspersky,
Google has historically taken a hands-off approach to policing the Android Marketplace.

"It will suspend and remove suspicious or malicious applications when they're reported, but does not vet applications prior to posting them, as Apple does with its AppStore.

"A growing population of Android users and burgeoning Android Marketplace, however, may challenge that approach.

06/10/2011

Android Smartphone Malware Detected by F-Secure

Let me start by saying, "You heard it here first. The bad guys are going to start targeting Smartphones/cell phones in a big way soon--probably within the next 6-12 months."

That said, this one doesn't fall into that category because you do get a warning from the Droid phone telling you what it's going to do.

Thanks to F-Secure for posting the original pic of this malware in action.

So, if you see a warning message like this, and you still click "Install," you can't really fault your phone. It's just doing what you told it to do.

And would smartphone antivirus software have stopped it?

(In the case of F-Secure's "Mobile Security," they claim it does in their piece on the Droid Malware.)

Now let's ask the real question here: if you get this malware on your phone, who's to blame here?

A) The user for installing it or
B) The cell phone manufacturer for allowing any program to do these types of actions.