Trending this month

August 12, 2011

State of Mobile Malware: 5 Ways To Deal with it

Malware specific to Android devices in particular has been making headlines as of late. In March, Google removed 21 apps from the Android Market after the blog Android Police alerted the company that the apps contained malware and were being used to collect user data. Google also invoked a kill switch, which automatically deleted the malicious apps from users’ phones, without any action necessary from the users.

  Source Bullguard
According to InformationWeek  A new Trojan horse app has emerged to target Android devices, and this one's particularly creepy. The app records a user's phone calls and then uploads them to a remote server. The app was revealed on the Security Advisor Research Blog, published by CA Technologies, now known as Total Defense.

Android users are now 2 1/2 times more likely to encounter malware than a mere six months ago and that Web-based threats affect 30% of them each year. Furthermore, the survey shows the number of malware-infected apps increasing fivefold, to 400, in the first half of this year.

Some of the of the social engineering and obfuscation techniques used to distribute mobile malware is even more sobering. Since iOS has a strictly curated distribution model, i.e. unless you jailbreak the device you can't install an app on the iPhone or iPad without going through the App Store, Apple devices aren't susceptible to malware-infected apps (although, as the JailbreakMe exploit proved, hackers can still do a lot via the Safari browser). Thus, the scary stuff is happening in the Android ecosystem, where the freewheeling, community-policed Android Market is easily booby trapped.

Notable mobile viruses

  • Cabir: Infects mobile phones running on Symbian OS. When a phone is infected, the message 'Caribe' is displayed on the phone's display and is displayed every time the phone is turned on. The worm then attempts to spread to other phones in the area using wireless Bluetooth signals.

  • Duts: A parasitic file infector virus and is the first known virus for the PocketPC platform. It attempts to infect all EXE files in the current directory (infects files that are bigger than 4096 bytes).

  • Skulls: A trojan horse piece of code. Once downloaded, the virus, called Skulls, replaces all phone desktop icons with images of a skull. It also will render all phone applications, including SMSes and MMSes useless.

  • Commwarrior: First worm to use MMS messages in order to spread to other devices. Can spread through Bluetooth as well. It infects devices running under OS Symbian Series 60. The executable worm file, once launched, hunts for accessible Bluetooth devices and sends the infected files under a random name to various devices.