More than a million mobile phones in China have been infected with the AVK.Dumx.A Trojan. According to local reports in the Shanghai Daily, the infection is costing users more than two million yuan (just shy of £200,000) in text messaging as it attempts to spread. The disguise the Trojan wears is unclear, though it does appear …
I must be behind the times
I hardly ever click "continue" on anything on my smartphone. Probably means I'm not using it its full potential...
I would add that I feel safer because it is a iP**ne, but that is probably a baseless assumption
If the guy responsible for this lives in China, and the authorities catch him - they will probably execute him...
and this is why sideloading is bad
With a closed model, and code inspection, its pretty hard (not impossible) to get a virus through. One way, make it a sleeper, not activate for a month or so. Still, they're impossible to self propagate, and if identified, the app store can flip a flag and the app uninstalls from every device its on and can no longer be installed to other devices. Bot Net dead. The change of it getting that far is real slim in a good store model, where use of APIs by apps that have no business doing so can be easily limited.
Closed stores have some disadvantages, but most of it boils down to having no programs that are illegal, use stolen IP, or outright violate carrier policies. If you're OK living with legally distributed apps, and actually paying for the services you use (tethering), there's very little you can't find in Apple's store, and most of what you can't, web aps take the place of easily. Want to bypass carrier policies or use apps with questionable code? Jailbreak, and risk virus infections. That's your choice and nothing stops you.
Getting illegal gains from an app store.
I don't think the developer would really be bothered if Apple hit the kill-switch on their viral app, if they can get maybe 250,000 handsets to all dial a premium rate number at the same time for a couple of minutes. Once that's done, the development of the next stealth virus has just been paid for.
I've never heard of this particular bit of nastiness so I looked it up one the various search engines.
On each and every one of them, the top 30 or so entries (i.e. the first page on each engine) were all direct scrapes of this article.
And less than a half gave attribution.
Not the first time...
Are these lurching zombie phones or running zombie phones? If it's the former, I'll be forced to disregard this article as unrealistic.
Security industry will profit
The security industry will love this, its a profit vector.
No doubt. This site allows anyone to get certs for their app to be signed.
Yeah, one of those.
"The best defence against this kind of thing is, of course, a locked-down device with a gatekeeper."
I thought they already had one of those. It's called the Chinese Government.