backtop


Print 33 comment(s) - last by bety.. on Aug 26 at 7:24 AM


  (Source: Rockstar Games)

Android is the most attack platform currently on the market. There are currently no known malware in the wild that target stock iOS devices.  (Source: McAfee)
In related news, Russian phone is exposed by Russian police as being behind the MacDefender trojan

Apple, Inc. (AAPL) may be losing the smart phone sales race to Google Inc. (GOOG), but it's winning one important front in the war, at least -- malware.

I. Apple is the Winner When it Comes to Smart Phone Security

While many Apple hackers have suggested the iPhone to be quite hackable, and even exposed some major security flaws  [1][2] (subsequently patched), thus far there are no known pieces of malware in the wild which target users of stock iPhones.  There are only four known pieces of malware, according to Intel Corp. (INTC) unit McAfee, all of which exclusively target jailbroken iPhones [1][2].

Meanwhile, Android has seen malware rise by 76 percent over the last year.  There's now 44 known pieces of malware that target standard versions of Android.  Recently the first Android botnets have appeared prompting U.S. carrier AT&T, Inc. (T) to roll out free protection to its subscribers.  Botnets are networks of infected computers typically used to send spam or execute distributed denial of service attacks.

Other common pieces of malware include what McAfee calls "crimeware", malware which disguises itself as seemingly legitimate apps -- often repackaged versions of best-selling apps.  The apps often contain code to send premium-rate text messages.  Recent reports have put the infection rates for this kind of malware at as high as 260,000 phones earlier this year.

Similar attacks have targeted Finnish phonemaker Nokia Oyj.'s (HEL:NOK1V) Symbian platform and Research in Motion's (TSE:RIM) Blackberry's, though McAffee says the number of those malicious apps are smaller.

McAfee claims the second most infected platform is the multi-device Java ME platform, acquired and maintained by Oracle Corp. (ORCL) after its acquisition of Sun Microsystems.

The reason for Apple's superior security is the topic of much heated debate.  While Android's sales volume may make it the most tempting target, the iPhone is still posting a large sales, so you would expect it also to be targeted by criminals.

Possible factors affecting Apple's security include its stricter monitoring of its app store.  While Apple has been much-criticized for being too heavy-handed, Google's laissez-faire approach has lead the OS-maker to struggle to maintain a secure marketplace.  Another possible factor includes the fact that Google still sells many handsets with outdated version of Android, like Android 1.5 or 2.1 -- versions which may be more vulnerable to exploitation.

The full McAfee report can be found here, on Scribd.

II. (MacDefender == Dead)?

In related news, Apple received more pleasant news recently on the security front.  The news concerned MacDefender, a fake antivirus trojan, which infected as many as one in every twenty Mac computers in June.

Following a raid and arrest of suspected Russian spam kingpin Pavel Vrublevsky (who ironically worked for the Russian government as an anti-spam chief), MacDefender variants are drying up in the wild.

For a while Apple was struggling to keep up with the volume of new variants.  Russian police found evidence on the computers of Mr. Vrulevsky's online payment firm Chronopay linking it to paying Russian hackers to create new version of MacDefender.

With Mr. Vrublevsky's imprisonment the virus seems to be on its last legs, suggesting the Russian was a major mastermind behind the wildly successful Mac attack.

Mr. Vrublevsky was originally exposed by Brian Krebs of The Washington Post.  Following our piece on the topic we received the following email from Chronopay:
Dear Brandon,
Let me introduce myself.
My name is Lidia Golikova, I am communications director in Chronopay
company. I am writing You as Ethics representative of DailyTech concerning
the article writing by Jason Mick Russian government is investigating
the incident
http://www.dailytech.com/Russian+AntiSpam+Chief+Caught+Spamming
/article18423.htm?utm_source=twitterfeed&utm_medium=twitter.
We would be very appreciate, if you could remove this article from your
site, because it is doubtful and discredited our company.
Moreover this article was published early - a half a year ago - in another
web site. Here it is link
http://ledgerlink.monster.com/news/articles/1064-russian-anti-spam-chief-caught-spamming.
You could guess why one person writes the similar articles on one
subject in different media.
Speaking about http://ledgerlink.monster - it is small web site for very
short professional audience that is why we did not contact with them. But
DailyTech is respectful leading online magazine for a well-educated
audience. Much people read you and hear your opinion. That is why to our
opinion it is very important that correct information will be publish in
your magazine.
opinion it is very important that correct information will be publish in
your magazine.
I hope for understanding and cooperation,
Best regards,
Lidia Golikova
Apparently we were justified in standing behind the piece.


Comments     Threshold


This article is over a month old, voting and posting comments is disabled

RE: Not suprising
By Solandri on 8/24/2011 4:04:32 PM , Rating: 2
Smarthones are always on, and almost always on the Internet. IPods and ipads are only occasionally on, and even less frequently connected to the Internet. They are worth considerably less to a malware writer than a smartphone. If you're going to open up the comparison to all devices regardless of Internet explosure, the #1 operating system is probably VxWorks (it runs on most non-smartphones, as well as gobs of other embedded devices).

That said, I don't see a problem with Apple's walled garden approach. It is not for me, and I do not own Apple products because of it. But I can see the approach having value to others. For example, if I got a smartphone for my dad (unlikely because he probably would never use most of the functionality, but bear with me), I would probably prefer Apple's walled garden approach for him. In the end, there's more than enough room for both approaches in the market.

As for Android's openness not being apparent to the normal user, that's simply not true. With Android, you just change a single system config (trust unknown sources) and you can download and install apps from any website. You can type in a URL or scan a QR code to download an app onto your Android device. With iOS, you are limited to Apple's App Store, and only the App Store.


"If you can find a PS3 anywhere in North America that's been on shelves for more than five minutes, I'll give you 1,200 bucks for it." -- SCEA President Jack Tretton














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki