Symantec Identifies Android Trojans That Mutate With Every Download 97
angry tapir writes "Symantec researchers have identified a new premium-rate SMS Android Trojan that modifies its code every time it gets downloaded in order to bypass antivirus detection. This technique is known as server-side polymorphism and has already existed in the world of desktop malware for many years, but mobile malware creators have only now begun to adopt it."
New movie (Score:3, Funny)
X-Men: Androids
Re:New movie (Score:4, Funny)
Teenage Mutant Ninja Androids
Re: (Score:2)
The Toxic Android?
Re: (Score:1)
"mobile malware" = Android malware
Re: (Score:1)
3rd post and its a fanboi. Thank you. http://www.tomsguide.com/us/iOS-Apple-iPad-iPhone-malware,news-13122.html [tomsguide.com]
It exists. Might be less, maybe even much less, but it's there.
Avast runs fine thanks... (Score:4, Funny)
Re: (Score:2)
Re:Avast runs fine thanks... (Score:5, Insightful)
As with all things, only install apps from trusted sources, don't click accept on every pop-up box, and check the permissions requested are consistent with the functionality of the app. The same as with any other application on any other OS.
Re: (Score:2)
Re: (Score:3)
I prefer "If you don't want to catch AIDS why are you sticking your hands in that bag of used syringes?"
Re: (Score:2, Offtopic)
"Apps from trusted sources" = SMALL help (Score:1)
Most infestations still come from compromised websites - research by AVG confirms that much, here:
http://betanews.com/2012/01/25/the-top-10-web-security-threats-you-should-avoid/ [betanews.com]
Pertinent quote/excerpt:
"The compromised website is still the most effective attack vector for hackers to install malware on your computer with 47.6 percent of all malware installs occurring in that manner, says security firm AVG. Another 10.6 percent are tricked into downloading exploit code -- many times, without their knowledge -
Re: (Score:2)
Do I need to run the iOS version?
Re: (Score:2, Insightful)
If your running Anti-virus on a your phone, you've already lost the game...
Re: (Score:2)
Re: (Score:2)
you've already lost the game...
I see what you did there... AC bastard!
Re:Avast runs fine thanks... (Score:4, Informative)
Server-Side Grammar Polymorphism? (Score:5, Funny)
You get what you pay for so think about why your still getting those pop-up porn ad's.
Never mind pop-ups. I want to know which virus it was that yanked out the comma from your first clause, changed "you're" to "your" and turned "ads" into "ad's." These make-me-type-like-a-12-year-old malware infestations have really taken over. Because there's certainly no other explanation.
Re: (Score:2)
Your rite!
Re: (Score:2)
Memetic viruses are the worst.
Re: (Score:1, Troll)
You get what you pay for
That's a lie propagated by marketers to get you to spend three times on a bottle of Alieve what you'd pay for the exact same drug ins a generic bottle. Buy Alieve and you get 1/3 of what you pay for.
I see you still use Windows. Linux is a superior OS in most ways, yet it is entirely free. What are you paying for when you buy a boxed copy of Windows? A pretty box? No, you do NOT always get what you pay for. Often you pay for a lot more than you get.
so think about why your still gettin
Re: (Score:1)
bottle of Alieve
You getting them too?
Re: (Score:2)
I get everything generic. Even the arthritis I take naproxin for is generic!
Re: (Score:3)
Re: (Score:3)
Why, I believe you are right, Ubuntu IS the only Linux distro available now. I thought there were more, that didn't involve Canonical at all, but after absorbing your wisdom, I went and looked, and sure enough, all gone! Red Hat, Mint, Fedora, Arch... Gone!
Re: (Score:2)
Re: (Score:2)
Oh, I understood you just fine, and there is nothing wrong with my reading skills. I run linux just fine, every single day, on 9 different systems. I have no problems with any of them. The fact that you can't seem to get one to do anything but crash, or don't like the add-ons some companies have put forward, doesn't in any way make linux a less viable option. I imagine it's a problem with you, in particular, given the challenges you obviously also face with things like punctuation.
Thanks also for wastin
Re: (Score:2)
Re: (Score:2)
Yes,and I could wallpaper this page with link after link saying it isn't. Once again, the fact that you can't get it to work doesn't mean others can't. Linking to a joke site certainly proves your point though, thank you for that. I'm sure that clears it up for everyone. Oh, and here's another hint for you genius, the same thing holds true for Windows.
The link to theinquirer.net also certainly proves your point. Dell shipping a laptop with non-functioning drivers or software (and really old software at
Re: (Score:2)
Most likely he doesn't want to play hardware roulette or keep a second machine with a different OS for Googling why the first machine crapped itself when some DE dev decided he didn't like the way things were and caused his video to take a crap, or the PukeAudio guys gave him a Goatse.
You don't need a second machine, you can install dual-boot. I'd not wipe the OS that came with the machine unless it was ruined beyond repair; say, you've installed too much new hardware and Windows thinks you're a pirate. Whe
Re: (Score:2)
Norton Mobile, slow you phone down and annoy you, for a cost, to protect yourself against stupidity...
How many viruses can infect my phone if I never download the crapware that they need to do this ...Dancing Bunnies do not interest me
Re: (Score:1)
Dancing Bunnies do not interest me
Famous last words?
If you have one of these smart phones then you've already fallen for some dancing bunnies, because right now these smart phones are full-on 1984. I know its a deductive 1984, but its still 1984.
Me like dancing bunnies! (Score:2)
Re: (Score:2)
... and there a zero apps directly from the community.
Re: (Score:2)
And zero anti-malware products to notice them even if there were malware incidents.
Re: (Score:2, Informative)
While reasonably rare, iPhone viruses and malware do exist in the wild.
http://techfragments.com/news/982/Software/Apple_iPhone_Virus_Spreads_By_SMS_Messages.html [techfragments.com]
http://www.tomshardware.com/news/iphone-virus-botnet-bank-details,9136.html [tomshardware.com]
http://www.mactrast.com/2010/07/iphone-virus-discovered-be-vigilant-and-seek-advice/ [mactrast.com]
https://discussions.apple.com/thread/3573755?start=0&tstart=0 [apple.com]
Re:Avast runs fine thanks... (Score:4, Informative)
http://techfragments.com/news/982/Software/Apple_iPhone_Virus_Spreads_By_SMS_Messages.html
http://www.tomshardware.com/news/iphone-virus-botnet-bank-details,9136.html [tomshardware.com]
http://www.mactrast.com/2010/07/iphone-virus-discovered-be-vigilant-and-seek-advice/ [mactrast.com]
https://discussions.apple.com/thread/3573755?start=0&tstart=0 [apple.com]
1) A vulnerability with a demo. There was never any malware written to exploit it, and as it was long since fixed, there never will be.
2) Only affects jailbroken iPhones.
3) You're the victim of an APRIL FOOL! From 2 years ago!
http://vimeo.com/10587301 [vimeo.com]
4) Is nothing more than a user with a problem and no tech knowledge blaming his problem on a virus. There is no virus.
While reasonably rare, iPhone viruses and malware do exist in the wild.
No they don't. At least not on non-jailbroken iPhones.
Re: (Score:2)
Re: (Score:2)
That's not a virus or malware.
I understand what you're saying. That there have been vulnerabilities, and therefore you'd expect at some stage for some virus or malware to take advantage of one. And of course that possibility does exist for the future.
But it's not happened as yet. So as I say, they're not "rare", they're non-existant.
Re: (Score:1)
Re: (Score:2)
So until something that is already demonstrably possible, clearly worthwhile, and very well understood is spotted in the wild, it's safe to assume they don't exist?
You're in the realm of big foot, the yeti and the loch ness monster there. Sure, they're theoretically possible. But you'd expect someone to have found evidence for them by now.
Malware does some harm, or at the very least spies on people which requires sending information over the network. Either of these things would have been spotted by now.
They've certainly had no problem spotting malware on Android!
Not clearly worthwhile (Score:2)
demonstrably possible, clearly worthwhile, and very well understood
You are wrong on two counts, partially wrong on the one remaining.
Possible? Yes, in one rare incident. Not possible over a longer timeframe, as Apple closes remote vulnerabilities quickly. It's tethered jailbreaks they tend to leave alone much longer and they don't present an infection vector. And because Apple pushes out updates they go out to almost all the devices over a short period of time.
But your other two points are really what i
Re: (Score:2)
The bigfoot argument:
"No one has ever seen one"
- "Well, that doesn't mean they don't exist"
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
I really wonder what's all the crap people download for mobile phones that's infected
People don't need an Anti-Virus they need a Brain (and a secure OS)
Turn it off! (Score:5, Informative)
I had my carrier, Sprint, turn "premium rate" text messaging off completely. My phone is clean, but I don't have to worry about it anyway.
Also, it's worth noting that these guys don't need a virus to charge you for this stuff. About 2-3 times a year, I would get some charge on my bill from a joke line, horoscope line or whatever that I never signed up for through text messaging or any other way. The last time it happened, I explained to the customer service rep that I would never use this type of service and she suggested that I block it. I have not had another charge since.
Re:Turn it off! (Score:5, Interesting)
This is my only complaint about T-Mobile's customer service. The only way to block this is to pay $5/month and then micromanage your lines. -sigh-
I had this problem with my father's line. He somehow got signed up for all kinds of garbage, and we didn't figure it out until later. (Really gotta watch that bill better.) They reversed a few months' charges, but they're only willing to go back so far. (I don't blame them, there.)
But I did expect them to help me prevent the charges in the future, without me paying for the service.
Re: (Score:2)
they shouldn't be able to charge you to block that "feature" from use.. i'd call them out on that..
Re: (Score:2)
It should just a be a flag on the account "this account is not eligible for outside service billing". All outside billing would be rejected to those doing the billing (and then it's up to them to not provide those services for the legitimate services). Whether on or off, it only takes 1 bit.
Re: (Score:2)
and 40 bits/month.
Re: (Score:2)
The only way to block this is to pay $5/month and then micromanage your lines.
Wrong. You also have the option of leaving T-Mobile.
Re: (Score:2, Funny)
You can call and ask for it and they will do it.
Have you ever tried actually *calling* tmobile, dumbass?
I'm sure he called them a lot of things, but it didn't help. :-)
Re: (Score:2)
Yes, I spoke to them on the phone about this.
Re: (Score:2)
Any company setting up a premium number must sign a lot of liability clauses in their contract. No money is transferred to the company right away for any premium number. They get a "payment received" messages, but the money itself is frozen for at least 2 months, either with the carrier or an accredited payment service provider. If reports of abuse come in, this period is extended. If to many complains come in, all transfers to this company are fro
notnews (Score:4, Informative)
So they've discovered polymorphic viruses? You know, like in good old days of DOS where viruses were real viruses and not simple worms.
http://en.wikipedia.org/wiki/Polymorphic_code [wikipedia.org]
Re:notnews (Score:5, Interesting)
it's not as elegant as polymorphic on it's own virus. it's server side generated, the server adds some randomization to the code changes classnames, adds'/removes unneeded code and then builds a new package. meaning the signature changes. Now, it's perfectly possible to build a binary and a new package _on_ device too, it just doesn't seem that any malware does it, polymorphic on device _and_ spread through bluetooth would be newsworthy I'd think(it needs the victim to press yes about 3 times and to open the file though - and the user to keep bt on too.. as it happens, you can't on android keep just the handsfree parts of bluetooth on, if you got bt on then obex is on, but you'll still need to accept the incoming files as said).
Re: (Score:2, Funny)
it needs the victim to press yes about 3 times and to open the file though - and the user to keep bt on too..
No problem; to see cute bunny, press yes 3 times.
Re: (Score:2)
it needs the victim to press yes about 3 times and to open the file though - and the user to keep bt on too..
No problem; to see cute bunny, press yes 3 times.
I was thinking more along the lines of "psst. are you available??? ;)". would work wonders.
Re: (Score:2)
it needs the victim to press yes about 3 times and to open the file though - and the user to keep bt on too..
No problem; to see cute bunny, press yes 3 times.
I was thinking more along the lines of "psst. are you available??? ;)". would work wonders.
The proud people of slashdot would never fall for that. Even if a few might actually think that it would be genuine, those would probably faint from hormonal overload on the spot.
Re: (Score:3)
Does bluetooth transmit processes for running remotely? The way viruses worked in the ol' DOS days is that the front section of an executable file was overwritten and the virus code was appended at the end of the file. Then instead o
Re: (Score:2)
* bluetooth transmit processes for running remotely? * ..not when the bluetooth server is done properly, user interaction is always needed to run things originating from bluetooth.
Pedantic doesn't work for you (Score:2)
WOLF! (Score:2, Funny)
cried Symantec...
Re: (Score:2)
Nothing to see here (Score:3, Informative)
"According to Armstrong, server-side polymorphism is not very widespread on the Android platform at the moment because most users get their apps through official channels and the current structure of the Android Market does not allow for a malware distribution scheme like this one."
Re: (Score:2)
Yeah, that's how I see it. If you're downloading from dodgy websites/torrents,well... you're kinda asking for virus/trojans/who knows what.
Funny how they've announced this as Google announces 'Bouncer' to check market apps.
Brings Back Memories... Mark Ludwig was the BOMB (Score:1)
I didn't actually write any viruses from reading the book, just a fun boot sector program that displayed subliminal messages. It also happened to get installed on a few choice computers.
Here's his 'little black book' book: http://vxheavens.com/lib/vml00.html [vxheavens.com]. Of course his work talked about polymorphism over a decade ago.
Re: (Score:2)
Symantec Desperate for Sales (Score:2, Insightful)
Re: (Score:1)
MSE is not free for anything bigger than SOHO. Check licensing terms again.
Symantec DEVELOPS Android Trojans That Mutate... (Score:2, Funny)
Symantec Identifies Android Trojans That Mutate With Every Download
Symantec DEVELOPS Android Trojans That Mutate With Every Download
There - fixed that for ya'!
Re: (Score:2)
You know, every time an AV story comes up, so does this stupid canard. AV companies have no real need to develop viruses and other malware - there are enough people doing that external to their companies to keep them quite busy enough all of their working hours and to allow them to continue making sales. And do you think these companies would risk the millions of dollars they make each year doing something as idiotic as this?
You may not like their products, but please... Your post (like the others of the sa
Why don't we address the source of the problem (Score:5, Insightful)
Has anyone, anywhere ever intentionally used a "premium" SMS service?
Telecoms obviously need a regulatory smackdown requiring them not to act as payment processors.
Re:Why don't we address the source of the problem (Score:4, Informative)
Quite a lot of people used them to donate to the Haiti Earthquake relief effort.
http://abcnews.go.com/Politics/HaitiEarthquake/haiti-earthquake-donations-haiti-relief-efforts-text-message/story?id=9551199#.TzAdM8XQInE [go.com]
http://www.snopes.com/inboxer/charity/haiti.asp [snopes.com]
Re: (Score:2)
yep.. for using a laundry machine. for ordering a bus ticket. couple of times for checking an address(of a phone number).
usually it would be nicer to pay through other means, but if you don't have cash and they don't take cards.. doesn't happen too often though.
Symantec (Score:2)
Got to have our dose of fear mongering from Symantec. I hate those vultures and I distrust everything they say.
server-side polymorphism? (Score:1)
Not about the Android Market (Score:2)
FTFA "A special mechanism that runs on the distribution server modifies certain parts of the Trojan in order to ensure that every malicious app that gets downloaded is unique. "
So basically we're talking about "some guys website" hosting malware. This is not about Android Market.