Malware authors ride exploits of pirates to profits
There have long been reports from malware researchers chronicling the appearance of "botnets" composed of compromised phones running Google Inc.'s (GOOG) Android operating system. A botnet is a network of infected computers that can be remotely controlled by a malicious hacker for profit and mayhem.
Traditionally, botnets are used for two primary purposes: distributed denial of service (DDoS) attacks and sending spam. However, the purposes of the Android botnets remained shadowy.
However, a Microsoft Corp. (MSFT) researcher has dug up clues that Android malware writers are using their botnets for spam, a time honored tradition. Terry Zink, program manager for Microsoft Forefront Online Security, writes that he received a spam message with the following header:
Message-ID: <1341147286.19774.androidMobile@web140302.mail.bf1.yahoo.com>
It also contained a signature in the message body that stated it came from Yahoo! Inc.'s (YHOO) Android app.
He soon found a wealth of other similar messages. The messages could be traced to Chile, Indonesia, Lebanon, Oman, Philippines, Russia, Saudi Arabia, Thailand, Ukraine, and Venezuela -- developing nations.
Android has suffered from prolific piracy, which in turn breeds malware.
[Image Source: Cool USB Toys]
Mr. Zink's belief is that users in developing nations tend to exploit Google's more relaxed stance to device rooting to pirate apps without paying. But he says this approach likely has backfired leading to numerous users unwittingly having their devices exploited as spam machines by Trojan horse apps.
Google has been at times criticized for allowing some knockoff and questionable apps into its Android Market (today known as "Play"), but generally it does a pretty good job blocking blatant malware. Pirate apps, though, are rife with malware masquerading as popular titles.
Currently malware authors can simply decompile popular applications' Java packages (APK files), add malware payloads, and recompile. Google's upcoming Android 4.1 "Jelly Bean" should help fix that by adding APK encryption, making legitimate apps much harder to pirate.
Source: Microsoft
"This week I got an iPhone. This weekend I got four chargers so I can keep it charged everywhere I go and a land line so I can actually make phone calls." -- Facebook CEO Mark Zuckerberg
|
Most Popular ArticlesReport: Microsoft Eyes Return to "Dying" Windows 7 Path After Windows 8 Flop
May 13, 2013, 9:50 AM
Bill Gates Gets Teary-Eyed While Discussing Steve Jobs, Shows Off Life-Saving Tech on 60 Minutes
May 13, 2013, 12:30 PM
Windows 8.1 Will Be Free; Microsoft Holds Onto Struggling ARM Variant
May 14, 2013, 2:57 PM
Google Announces "Pure" Galaxy Nexus S4 for $649, Android Updates
May 15, 2013, 1:42 PM
U.S. Federal Traffic Board Wants to Make Drunk Driving Threshold Far Harsher
May 15, 2013, 11:32 AM
|
