4

As a platform, Android is naturally very attractive to the criminal fraternity in terms of potential profitability. After all, it has the market share and that nearly always means it has large numbers of users for whom the word security may as well be written in the Cyrillic alphabet. My analogy assumes, of course, that those are users not familiar with this particular script and I used it for good reason: new worms coming out of Russia are posing a threat to Android users.

Denis Maslennikov, a security analyst with AdaptiveMobile, has discovered a previously unknown worm called Selfmite. This comes hot on the heels of another Android worm called Samsapo which uses the old monetization chestnut of premium rate SMS message sending.

The Selfmite loader spreads using SMS as a transport mechanism, and once the malicious app is installed the worm itself propagates by sending a text message to users in the address book of the phone that has been infected rather than by doing the premium rate thing as you might expect. So how does Selfmite realise a profit?

Well, the messages it sends encourage users to install a legitimate app by way of an advertising platform which pays the worm author a small commission for every app installation. According to Maslennikov the worm is out in the wild, and unlike Samsapo which was largely targeted at Russian users, it has already been seen to be active on North American operator networks.

"SMS worms for Android smartphones have previously been rare, but this and the recent Samsapo worm in Russia may indicate that cybercriminals are now starting to broaden their attacks on mobile phones to use different techniques that users may not be aware of" Maslennikov warns.

AdaptiveMobile has contacted Google and the malicious URL has been disabled, but that doesn't mean more will not surface or are not already out there of course.

As Editorial Director and Managing Analyst with IT Security Thing I am putting more than two decades of consulting experience into providing opinionated insight regarding the security threat landscape for IT security professionals. As an Editorial Fellow with Dennis Publishing, I bring more than two decades of writing experience across the technology industry into publications such as Alphr, IT Pro and (in good old fashioned print) PC Pro. I also write for SC Magazine UK and Infosecurity, as well as The Times and Sunday Times newspapers. Along the way I have been honoured with a Technology Journalist of the Year award, and three Information Security Journalist of the Year awards. Most humbling, though, was the Enigma Award for 'lifetime contribution to IT security journalism' bestowed on me in 2011.

5
Contributors
7
Replies
41
Views
3 Years
Discussion Span
Last Post by expertmagician
1

At the very least, it's not due to any security flaws. It propigates through the usual social engineering tacticts.

Human ignorance is probably one of the more worrying things in computer security.

1

Absolutely. If you don't know who the weak link is in the IT security chain, it's probably you. Back in the day, twenty years or so ago, we used to get a lot of help with with our 'unathorised network exploration activity' courtesy of searching skips and bins outside businesses for documents containing login data and the like; not much has really changed, apart from not needing to get your hands dirty in the dumpster of course.

1

It also has to do with users, not just TI (ok, true, if someone in IT doesn't know what there doing, and there is a lack of audits, then that IS indeed MORE scary).

Even if you have a sales rep for example who isn't as familiar with technology, their the one's I'm generally scared about. They might get a simple email that "looks" like it's form the administrator asking to run something and BAM. Public-key crypto virus encrypts a bunch of valuable files, and asks the company for ransom. Even if the company pays, there isn't even a guerentee that the attackers bothered to keep the private key. That's just one example out of hundreds..

I thought that most companies would have meetings or something to make sure everyone understands where you can and where you shouldn't type your password as well as well as what you should and what you shouldn't run on your computer. NOPE. I've seen a couple of places in the Canadian government, as well as a few private companies where employees are not aware of it entirely.

You could have the best and most expensive software in the world, as well as a team of the best security professionals. But if your employees are ignorant, then that pretty much negates all of the efforts right there.

1

I agree with the fact that we need to distribute security awareness to the population, also security policies and greater law enforcement would help to avoid some digital crimes. I have started an extense research on Crowd Sourced Data, Security and Android Devices and I learnt a lot on how people are unaware of the unecessary security privileges that applications are granted, and how most people just click on the next buttom to install apps and also how the Mobile Developments have helped and modernized security, etc.

Edited by istteffy

0

Interesting....while Apple iPhone is not immune, I "emotionally" feel that the iPhone platform is more secure. Call me nieve, as I said, it is just a gut feel. I guess Apple marketing convinced me :-)

I am sure other people will disagree with me, which is fine because my feel is based in emotion and not fact :-)

0

Interesting I would say this might be the reason why its always said again and again that iOS offers way more secured environment than Google's Android.

0

Personally, I am also nervous about jailbreaking my iPhone.
I plan on upgrading to an iPhone 6 ONLY if the come out with a 5.5" to 6" phone.

IF I upgrade, then I can jailbreak my old iPhone and run some cool apps which only work on a jailbroken phone. Since my old iPhone may be open to malware, I will not care since it will be a junk phone anyway :-)

Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.