Feeds

back to article Android Trojan taints US mobes, spews 500,000 texts A DAY

A Trojan that infects Android devices is behind an increase in text message spam in the US. SpamSoldier infects smartphones and spews out thousands of SMS messages without the user's permission. The mobile irritant is primarily spreading through texts that offer free versions of popular paid-for games such as Need for Speed: …

COMMENTS

This topic is closed for new posts.

Page:

Anonymous Coward

Will make a nice change

from the countless 'You are entitled to thouands of pounds in light of your recent accident' or 'you are entitled to thousands of pounds due to the loans you have taken out over the past 20 years' and other stories that seem to be the content of most of the Text messages I seem to be getting at the moment.

1
1
Anonymous Coward

Android virus the cry of self denial.....

Android malware?, no this cannot be, can never happen, not with an open source OS, never in a million years, impossible, obviously from the Daily Mail, the media love to make up stories, rubbish, I must have gone over my data allowance, maybe I made too many calls..........

The cry of self denial from the ranks of Fandroids ...

While I sit back with a smug smile on my face holding my iphone in one hand and wipe away tears of joy with the other.

9
33
Silver badge
Gimp

Re: Android virus the cry of self denial.....

While I sit back with a smug smile on my face holding my iphone in one hand and wipe away tears of joy with the other.

Well, I've heard it called a lot of things, but "wiping away the tears of joy" is a new one. Still, tissue at the ready..............

30
1
Anonymous Coward

After

After years of being made aware of malware and viruses the American brain still believes there is a great deal to be had with a free game and free installer.

In more developed countries (UK) we are a little more suspicious when an external link and installer are concerned. Maybe it's the Duff Beer they drink....

9
2
Anonymous Coward

Re: Will make a nice change

Q.Q

1
0
JDX
Gold badge
Trollface

Re: Android virus the cry of self denial.....

It's OK, blame evil Google for the vulnerabilities and normalcy is restored in the Linux/FOSS camp.

2
1
Silver badge

Re: Android virus the cry of self denial.....

So don't enable "install form untrusted sources" unless you are testing your own kernel builds

It's up there with: never fight a land war in Asia, neverplay Poker with anybody whose middle name is "the" and don't take your trousers off and bend down in a confessional

14
0
Silver badge

Re: Android virus the cry of self denial.....

You can't get porn on an iPhone.

Well you can - but they can't have any rounded corners

2
2
Anonymous Coward

Re: Android virus the cry of self denial.....

I've never heard it called an iPhone either.

0
0
Anonymous Coward

Re: After @AC

Yes we in the UK learned our lesson during the second world war when the septic tanks came over offering chewing gum and nylons. We've had sore arses ever since and wised up to strangers offering gifts.

3
0
Silver badge

Re: After

"In more developed countries (UK) we are a little more suspicious..."

Ahh, that must be why you don't have any SMS spam over there. I'd been wondering about that.

0
1
Anonymous Coward

Re: Android virus the cry of self denial.....

"While I sit back with a smug smile on my face holding my iphone in one hand and wipe away tears of joy with the other."

Can't be that smug with an iPhone in your hand!

How can you feel smug when your held by the hand by your OS.

Grow a pair you yellow belly coward.

1
5
JDX
Gold badge

Re: Android virus the cry of self denial.....

You're complaining about software that makes things easier for the user? This is why FOSS software is so badly designed then - you have to prove your worth?

1
1
Bronze badge
Mushroom

Re: Android virus the cry of self denial.....

Your iPhone with over 300 known security vulnerabilities in IOS you mean?

Get a Windows Phone - only 1 Denial of Sevice vulnerability across all versions....

1
4
Bronze badge
Windows

Re: Android virus the cry of self denial.....

Get a Windows Phone - only 1 Denial of Sevice vulnerability across all versions....

Not sure how accurate that statement is BUT definitely wayyyyy less than android or iOS.

The "spamdroid" title definitely fits the bill when it comes to this article!!

0
2
Bronze badge
Unhappy

Worrying that they can only guess at the attack vector.

0
0
Facepalm

Did you read the blog post, Mr Register?

From the article..

"SpamSoldier infects smartphones and spews out thousands of SMS messages without the user's permission."

From the blog http://blog.cloudmark.com/2012/12/16/android-trojan-used-to-create-simple-sms-spam-botnet/

"Then you have to grant permission to the app to do all sorts of things that no Angry Bird should ever need to do, like surfing the web and sending SMS messages"

5
1
Anonymous Coward

Re: Did you read the blog post, Mr Register?

Granting permissions implies that the person using the app is experienced enough to know what all of that means.

Here's an idea, automatically deny all privileges and then when things need to access a resource it asks for permission.

People tend to click though all the screens on install as it is usually stupid legal mumbo jumbo.

6
1
Thumb Up

Re: Did you read the blog post, Mr Register?

It doesn't help that many well-known apps have access to things they never should - Facebook doesn't need to send SMS messages, games don't need access to my email, and why does a a file browser need access to my GPS? I've seen some explanations that make sense - a program needs permission to take pictures before it can turn on the camera flash, for instance - but many apps request full access to everything, without a single explanation of why.

That said, I love the idea of "always off" privileges. If the app never actually tries to send an SMS, fine; if it does, I can see it, and kill it first. I'd be able to use the Facebook app again, assuming it doesn't force close when I tell it to get stuffed...

5
0
Thumb Up

Re: Did you read the blog post, Mr Register?

@AC 18:37

"Granting permissions implies that the person using the app is experienced enough to know what all of that means."

If they're not, they're probably not experienced enough to to enable the installation of 3rd party applications that's also required.

I agree with your point about denying permissions by default though.

1
0
Bronze badge

would be nice idea, but...

So you're saying that a user needs my math PhD to be able to make all the necessary calculations when they install an app. Isn't it pretty straightforward and transparent unlike a black box you get on Windows and rely on AV instead of simple logic?

The way Google handles untrusted apps (by the definition, since g. play is no repo) is pretty nice. Every app runs in a sandbox with its own uid and joins major groups that are manifested during the install. This transparency is a relative novelty. If MS would have come with it, the world would have been very different.

The post you're answering to just meant that John Leyden had seriously misinterpreted the facts. Not sure if can be excused for it by "lack of experience" either.

0
0
Anonymous Coward

Re: would be nice idea, but...

Just run that past me again: Windows is bad, because the vast majority of malware has to be OKed by the user for install, but Android is good because the vast majority (all?) malware has to be OKed by the user for install?

Exactly how can a general purpose Operating System be expected to ask the installing user which permissions are appropriate for it to have? You'd be there all day. Under both Windows and Linux, you have to have an appropriate privilege to install something, beit administrator/root or a lesser, more tailored ID.

1
0
Bronze badge

@AC

Windows is bad in this regards, because it had neither if the two

1) secure repositories

2) no mechanism akin to Android where the permissions are specifically stated prior to install.

A windows application as well as a regular GNU/Linux is a balck box. You can't figure out what it does when installing a binary file. The list of the permissions declared in the Android install is very short for a user to understand their meaning. So you saying that if a user installs a game and it has a permission to send SMS, a user can't figure it out? If he/she can't, why would she/he care some big bills for SMS?

If you think that an AV is better than simple logic than you don't believe in education at all. Why should boys and girls get lecture about pregnancy prevention. It is so complicated they will most probably not get it...

0
0
Anonymous Coward

Re: would be nice idea, but...

Android = fail. You expect more from your phone containing all your critical data and simple access to all your contacts AND a method to send them.

0
3
Bronze badge
Mushroom

Re: Did you read the blog post, Mr Register?

Maybe that would fix all the virus issues on desktop OSs like OS-X and Windows? - say we make them prompt the user before it does anything that needs elevated rights? - oh wait a minute....

0
2
Bronze badge
Mushroom

Re: @AC

Wrong on both - Windows has secure repositories (Windows Store and Windows Update for instance)

Windows Phone also can state and request permission for specific functions - e.g. track your location.

0
1
Bronze badge

Re: @AC

Windows has: 2) no mechanism akin to Android where the permissions are specifically stated prior to install.

on Windows Phone it specifically tells you that it needs access to whatever services that it needs to use when you install and if it needs to run in the background.

Also, you need to download apps from the windows store to install AND funnily enough those have already been vetted by Microsoft. I think I can remember maybe one instance of something bad slipping through the cracks of the windows phone store since it launched and they immediately removed it.

Android just by nature is a lot more open therefore a lot more susceptible to virus/malware/spam and an every day user who thinks they know what they are installing will simply just hit ok so they can load up their free angry birds or whatever it may be that they are trying to install instead of understanding what they are doing.

0
2
Bronze badge
Mushroom

Re: @AC

Wrong - Windows Phone DOES already specifically ask for and state permissions prior to install (and / or on first execution) just like Android does for sensitive activities:

http://allaboutwindowsphone.com/images/flow/misc/apppermission01.jpg

I agree - open = a lot more malware given the same market share (i.e. motivation for hackers to bother attacking it). This is why Linux servers on the internet are much more likely (even taking into account market share) to be compromised than ones running Windows....

0
3
Anonymous Coward

Android is the new Windows XP, flawed in design and more interested in providing lots of features and power than security.

7
11
Silver badge
Pint

Ahh

"Android is the new Windows XP, flawed in design and more interested in providing lots of features and power than security."

Have you forgotten that all the problems with the XP was just because it was so popular.

1
0

Re: Ahh

"Have you forgotten that all the problems with the XP was just because it was so popular."

Nice one, I remember that joke too.

2
0
Anonymous Coward

Really,does this have to be explained on every Android malware article? The user is downloading an app that showed up in an SMS from a completely untrusted site, enabling unknown sources to install it, ignoring both that warning message and the permissions warning that says their free copy of a $5 game wants to send SMSs and are then shocked when said game does send SMSs.

This has nothing to do with Android security, every platform that let's the user decide which applications to install is vulnerable to user stupidity.

4
0
Rob
Bronze badge

What AC 08:16 said

There's just as many stupid Android users out there as there are iPhone users.

0
0
Bronze badge
Mushroom

Re: Ahh

Windows XP has less than a 3rd of the vulnerabilities of OS-X....

0
3
Trollface

But at least you don't have a walled garden!

1
3
Anonymous Coward

better than gardening in a warzone, eh?

all jokes aside, it's worth pointing out that this still affects iphone users since they'll still have to receive all that sms spam.

1
0
Anonymous Coward

@AC18:56

Wrong, iPhones are very socially aware and don't mix with the lower classes. We have a better class of spam to deal with.

3
2
Happy

There is my proof, Android users have NO sense of humor.

2
4
Joke

@Dana W

"There is my proof, Android users have NO sense of humor."

Haven't you seen the Dom Joly impersonaters with their Galaxy Notes?

3
2
Anonymous Coward

It does not affect iPhones - you might receive the SMS but could not install the malware

1
0
Anonymous Coward

"It does not affect iPhones - you might receive the SMS but could not install the malware"

He said "iphone users", not iPhones, because the users "still have to receive all that sms spam" from the infect Android users.

If I receive any of these spam SMSs from my friends, they'll be getting a simple one word reply that reads "idiot".

0
0
Facepalm

Free game did you say?

Where is the link? Sign me up! I love free stuff :-)

1
0
Bronze badge

The nanny state has its advantage.

Obviously apps are in a permanent boot camp with Apple so less likely there.

With freedom comes responsibility so you need to train those Android kids and Android grannies.

1
1
Bronze badge
Trollface

Re: The nanny state has its advantage.

train them to buy something else!!!

0
0
Bronze badge
Thumb Down

@ John Leyden: FUD or Vulnerability

Marks are encouraged to click on a web link in a message that supposedly leads to a game installer. In reality users who open the "installer app" only succeed in infecting their handset with the SpamSoldier Trojan.

Are you really suggesting that you get "infected" by clicking on a link with no further user's interaction, or that you're offered to install a game app that straightforwardly says it can send SMS from your phone (and maybe something else), plus if should be allowed to install from the outside of googleplay in the first place? If it is the former, you just discovered a serious Android vulnerability, if it is the latter you're spreading an FUD in a pretty bad manner. It seems to be an FUD according to your own links though.

4
0
Anonymous Coward

Seems the old adage of "Thick as a yank" still holds true.

2
0
IR
Thumb Up

Gotta love those "trojans" I can avoid by

not clicking on a link in a dodgy message

not downloading an unknown app

not ignoring the strange permissions it requests

3
0
Anonymous Coward

not running an insecure OS and apps from an insecure app store

buying an iPhone

1
10

This has nothing to do with insecurities in the OS (because the user gets to see what permissions the app is requesting *before* installing - there's no evil hackery going on) and it's nothing to do with an insecure app-store, because the infected apps are obtained by visiting FreeCrapz.ru.cn or similar.

3
1
Anonymous Coward

As long as you don't jailbreak..

1. You have to change the default setting to be able to install from outside the Play store

2. This is an install from a spam text (RTFA).

So this would be the iphone equivalent perhaps (except this allows access to any iPhone data)

http://abeontech.com/343-security-jailbreak-my-bank-account

0
0

Page:

This topic is closed for new posts.