Android malware threats could soon increase by a factor of 60
Sep. 15, 2011
According to internet security researchers in Romania, Android malware threats could increase by a factor of 60 by March 2012.
It the threats happen, this could see the number of Android mobile malware samples increasing from 200 now to about 12,000 in six months from now. Many examples of Android malware involve the insertion of malicious code into legitimate apps before they are uploaded to third-party Android marketplaces.
During a demonstration on Sep. 13, BitDefender security researchers demonstrated that it was possible to easily perform such a task with just ten lines of base script code. In most cases, users can avoid becoming victims by reviewing the permissions that an item of software requests before agreeing to install an app.
For example, there is no legitimate reason why a so-called 'torch app' would need the ability to send SMS messages. "The trouble with permissions is that it ultimately falls down to user selection, discretion and interpretation," said Viorel Canja, head of anti-malware and anti-spam labs at BitDefender.
"It's a repeat of the same old issue over and over we've had on the desktop for so many years," added Canja.
"If Google locks down its applications, it risks losing developer interest, something that happened to Symbian before it. Android is not yet the new Windows for malware but it is going that way at the moment," he added. "So Google is a bit stuck between a rock and a hard place right now, but it will soon snap out of it" he said.
BitDefender is developing a mobile security application for Android. The product, currently in beta, includes remote wipe and a filter designed to allow users to easily review application permissions as well as malware detection features.
Under current plans, the software would be released free of charge to mobile uesrs but neither this or the release date for the software are confirmed. The application has been designed to minimise battery impact.
Competing security company G Data agreed with BitDefender's assessment that the rate of growth of mobile malware - which it said grew by an incredible 273 percent in the first half of 2011 alone - is only going to get a lot worse over the immediate future.
“With mobile malware, cyber criminals have discovered new ways to deliver more evil on unsuspecting users," said Eddy Willems, security specialist at G Data. "At the moment, the perpetrators mainly use backdoors, spy programs and expensive SMS services to harm their victims.
"Even though this special underground market segment is still being set up, we currently see an enormous risk potential here for mobile devices and their users. We are therefore expecting another huge spike of growth in the mobile malware sector in the second half of 2011, and with even more of that in the first half of next year."
The sophistication as well as the sheer number of malware strains targeting Android smartphones is increasing very rapidly, and this is really disturbing.
For example, Trusteer warned earlier this week over the appearance of a strain of the SpyEye banking Trojan that infected Android smartphones in order to intercept text messages that many financial institutions use to prevent fraud.
In other internet security news
GlobalSign said earlier this week that it has suspended the issuance of SSL security certificates as a precaution in the wake of unverified statements by a hacker linked to various security attacks on Comodo and DigiNotar.
The hacker used pastebook last March to claim responsibility for various attacks against Comodo that allowed the issuance of fake SSL certificates.
After months of silence, the individual also claimed responsibility this week for the DigiNotar hack and bragged that he was still able to create bogus SSL certificates after compromising systems at 4 other certificate issuance authorities.
He claimed to be an Iranian working alone with no connections to the Iranian government, and then named one of the compromised security certificate issuer as GlobalSign.
But the hacker didn't provide any proof that GlobalSign had been compromised nor did he name the three other supposed companies that were involved in the attacks.
The individual's latest post suggests that his claimed hack against GlobalSign was ultimately thwarted. "GlobalSign was lucky enough-- I already connected to their HSM, got access to their HSM, sent my request but lucky Eddy (StartCom CEO Eddy Nigg) was sitting behind HSM and was doing manual verification at the same time I did that."
GlobalSign has responded to the accusation by suspending the publication of digital certificates while it investigates the said claims and audits the security of its systems. The company then apologized for the inconvenience to its users while giving no immediate indication on when it might be able to restore services.
On September 5th the hacker previously confirmed to have hacked several Comodo resellers, and then claimed responsibility for the recent DigiNotar hack. In his message, he also referred to having access to four further high profile Certificate Authorities, and named GlobalSign as one of the four.
"GlobalSign takes this claim very seriously and is currently investigating. As a responsible certificate authority, we have decided to temporarily suspend the issuance of all SSL certificates until the investigation is complete. We will post updates as frequently as possible," said the company statement on its website.
The company's bold decision contrasts sharply with delays in getting to the root of the problem or going public by DigiNotar after it confirmed its systems had been compromised, to say nothing about the shockingly insecure state of its systems prior to the attack.
Forged certificates created the mechanism to pose as the targeted websites as part of either man-in-the-middle or of various phishing attacks. On Aug. 30, forged Google.com SSL credentials were also used to spy on 300,000 Iranian internet users, according to authentication lookup logs on DigiNotar's systems, and separate evidence from Trend Micro.
The hacker posted portions of what purports to be the offending library from systems run by an Italian Comodo reseller to pastebin in order to substantiate claims he was behind the Comodo forged SSL certificate hack back in March.
Additionally, he also signed a copy of Windows calculator using the private key of a fraudulently-issued Google digital certificate obtained via the Comodo hack.
This is solid evidence and contrasts with the lack of proof supplied for other hacks claimed by the hacker. He then supplied the supposedly admin password of DigiNotar's network in follow-up posts this week, but has yet to supply any evidence that would suggest GlobalSign is compromised.
Security watchers, including Sophos, have praised GlobalSign for forgoing an income stream in order to properly investigate what may turn out to be unsubstantiated claims.
In other internet security news
SpamHaus says it has finally won in a long-running U.S. court case against it by e360 Insight, an email spammer it blacklisted for spamming over five years ago.
In 2006, e360 Insight took a lawsuit against SpamHaus in the United States over the blacklisting of its operations. SpamHaus, which is based in the United Kingdom, argued on the advice of e360's lawyers that it was outside the jurisdiction of U.S. courts.
Judge Charles Kocoras allowed the case against SpamHaus to proceed despite this and awarded a default judgment in favor of e360 Insight for a whopping $11.7 million at the time.
The default judgment was used by e360 Insight in a failed attempt to pressure ICANN into removing SpamHaus' domain records. Judge Kocoras ruled the sanction was too broad and rejected the bid.
The original judgment was then appealed and sent back to another district court for a second hearing, where much reduced damages of $27,000 were awarded on Sep. 1st, two years after e360 Insight filed for bankruptcy, citing the legal cots of fighting the case as one of the reasons for the failure of the business.
The defunct firm was characterized by SpamHaus as a Chicago-based one-man bulk email marketing firm. e360 Insight, which was owned by David Linhardt, allegedly spam vertized bargaindepot.net via junk mail messages that violated the U.S. CAN SPAM Act.
SpamHaus' lawyers appealed for a second time to argue that the damages awarded against the anti-spam organization were still too high. The U.S. Court of Appeals ruled in favor of SpamHaus on Friday, reducing damages to the token value of $3 and ordering e360 Insight to pay SpamHaus' defense costs.
The ruling criticises e360 Insight's conduct throughout the case, particularly for its failure to come up with any evidence for the supposedly astronomical financial losses SpamHaus's actions had caused it to suffer and for repeatedly failing to file legal papers on time.
By failing to comply with its basic discovery obligations, a party can acquire defeat from the jaws of certain victory. All that e360 needed to do was to provide a reasonable estimate of the harm it suffered from SpamHaus's conduct.
Instead, e360 engaged in a pattern of multiple delays that ultimately cost it the testimony of all but one witness with any personal knowledge of its damages. That lone witness lost all credibility when he painted a wildly unrealistic picture of e360's losses.
Having failed at its opportunity to present its case, e360 must content itself with nominal damages on each of its claims, and nothing more. "We VACATE the judgment of the district court and REMAND this matter with instructions to enter judgment for the plaintiffs in the amount of three dollars," said the court decision.
This is of course a strong victory for all IPSs and hosting companies, and a losing day for spammers.
Source: Bit Defender.
You can link to the Internet Security web site as much as you like.