Feeds

back to article China's Android users warned of giant botnet

Security researchers in China are warning Android users to be on their guard after claiming to have discovered a million-strong botnet lurking on the platform. The Android.Troj.mdk Trojan, first spotted by security firm Kingsoft Duba back in early 2011, is thought to be hidden in over 7,000 apps today, including many popular …

COMMENTS

This topic is closed for new posts.
Anonymous Coward

This is the Achilles Heel of Android.

2
11
Anonymous Coward

No. It's the Achilles Heel of installing dodgy software from nefarious sources on your devices [although granted, Android does make this easier to do than oher phone OSes]

12
0
Silver badge
FAIL

This is why

Android should let users block any apps they want from network access.

I hear you say: "yes but poor developers need ads revenue to survive and apps need network access to fetch ads". Fine. Provide an API which allows apps to fetch ads in a [i]controlled[/i] manner.

I mean, this is not paranoia. There [i]are[/i] people out to get you. It is now standard on non-mobile machines to get a warning whenever a program accesses the web for the first time, giving you the choice to block it. I see no reason why it should not be the case for phones.

6
0
Silver badge
Meh

Not more malware on Android phones!

Got to be a Daily Mail news flash, or a troll by a fanbois.

1
2

Re: This is why

> There [i]are[/i] people out to get you. It is now standard on non-mobile machines to get a warning whenever a program accesses the web for the first time, giving you the choice to block it

Oh sure, asking users to click yes to get the free stuff they want has really proven to be an effective security model. Numerous studies have shown that unless the box says "this app is going to steal your stuff" most users will just click yes because they think it is needed to play the game/app. The spread of the first Symbian worm required the user to click yes to:

* Do you wish to accept a bluetooth connection from an unknown device

* Do you wish to accept a file from <<device>

* Do you wish to execute file from <device>

No user in their right mind would click yes to any of one of those, but there were still some who clicked yes to all three. The average user does not have sufficient knowledge to make informed consent, so this method doesn't work.

3
0
Anonymous Coward

Re: This is why

The average user does not have sufficient knowledge brains to make informed consent.

There, FTFY

1
2
Silver badge
Facepalm

re: Got to be a Daily Mail news flash, or a troll by a fanbois.

Of course! What other possible logical explanation could there be?

0
0

Re: This is why

>>The average user does not have sufficient knowledge brains to make informed consent.

Maybe so, but I think that your average user will only download stuff from the app store...

2
0
PM.

Re: This is why

But Chinese operators put _theirs_ appstores as default , instead of Google Play.

And the problem is that those appstores are riddled with malware , and average user is not even conscious of that.

2
1
Anonymous Coward

"This is the Achilles Heel of Android."

More ibullshit!

0
0

And that is why

you should install a security suite like LBE Privagy Guard.

0
0
Silver badge

Re: And that is why

Yes but, they require a phone to be rooted, which is beyond the ability of the vast majority of owners.

0
0

Re: And that is why

there are plenty of security apps that don't require you to root the device eg Avast Mobile Security

(root for that is only needed if you want to use some of the anti-theft features, but not for the av/malware scanning)

0
0
Bronze badge

Re: And that is why

I (happily) use Avast, but another of its most valuable features (the firewall) also requires root.

All that means is that people should buy a phone that's easy to root; perhaps the existence of botnets, trojans, etc. will make that more likely the next time contracts run out.

0
0
Megaphone

Re: And that is why

We need proper technical education in schools, not simply messing about with office to make documents "interesting and exciting" by the use of da-glo orange comic book fonts or whatever.

0
0
Bronze badge

Re: And that is why

> We need proper technical education in schools

I don't think that would help, at least in this respect (be good though for a whole range of other areas), kids are probably more aware than your average non tech adult. My 3 year old daughter knows more about my wifes phone than her.

0
0

Google Market Place?

Ever heard of it? ... get your apps from there ...

2
0
Silver badge
Thumb Up

Re: Google Market Place?

Good idea, I'll just nip back to last year and get some apps....

1
1
PM.

Re: Google Market Place?

Are you sure Chinese users have access to that , or at least have access by default ? Think twice....

1
0
Anonymous Coward

Re: Google Market Place?

"Good idea, I'll just nip back to last year and get some apps...."

Eh, WTF?

Mind you could nip back to the last decade and use the "app store".

1
1
Silver badge

Re: Google Market Place?

It's called Google Play now. They renamed it last year. So to download from the Google Market Place I'd need to go back in time.

And you're called Obviously. That's ironic....

0
0

A question or two

Why no giant botnets or other malware on iOS with its larger market share?

Why do Android users need to know about permissions and what App store is safe? Surly they deserve a device that is simple to use, secure, safe and malware free.

0
1

Re: A question or two

>Why no giant botnets or other malware on iOS with its larger market share?

There *IS* malware on iOS. The thing is that you need to jailbreak your device to load apps from anything other than the Apple app store. With Android, you just need to go to settings and enable sideloading to load apps from the SD card.

However, you still do need to explictly go and enable that setting, and when you do it pops up a big warning message saying something like: "ATTENTION: Your phone and personal data are more vulnerable to be attacked by applications from unknown sources blah blah blah".

1
0
Anonymous Coward

Re: A question or two

"Why do Android users need to know about permissions and what App store is safe? Surly they deserve a device that is simple to use, secure, safe and malware free."

Yeah, if you need your nappy changed by apple!

1
0
Silver badge

Re: A question or two

"Why no giant botnets or other malware on iOS with its larger market share?"

Because it doesn't have larger market share. Not anywhere near it (even if we included tablets, I'd imagine). Nor did it ever have largest market share.

2
0
Silver badge
Facepalm

Re: Yeah, if you need your nappy changed by apple!

Too right! Real Men have Malware! All you pussy's with your "easy to use, does what you want" devices.

There are NO ADVANTAGES to something that is easy to use. Your gran is just a dick.

1
0
Bronze badge
Boffin

Remarkable...

Not a peep out of the normal suspects (read "jihadists") who are first to jump on the "... because it's Microsoft" band wagon when it's Microsoft in the firing line.

Yes, I acknowledge that Microsoft may not have done a very good job of security with a lot of their stuff. But like I've said before - the bigger your market share, the bigger target you present, and there's no such thing as a secure system.

1
2
Anonymous Coward

"a worrying lack of user awareness around the dangers of downloading apps from unofficial third party stores."

If you install from untrusted sources, then you deserve to be ripped! People really are dumb asses.

Nothing to do with android as a platform, but with witless users.

1
1
Gold badge
Facepalm

What is it with people in the IT industry who will insist that anyone who's not an expert in their field is a dumb ass?

Get a sense of perspective man! Most people know bugger-all about my area of expertise, because it's a specialised area. Yet everyone in the industrialised world uses the products I sell (drinking water kit), and if I screw up a design people might start dropping dead. People aren't idiots because they can't design and operate the water infrastructure for the building they live in, just like they're not idiots for not understanding the fundamentals of other technology they use.

Sure, it would be great if everyone understood everything, but until we can train people hypnotically in their sleep - or until we live for 1,000 years - there's simply not time enough to learn everything.

That little rant also applies to the anonymous coward above, who made the same arrogant and unrealistic point.

2
1

Spartacus, this isn't about people not experts in a certain industry being idiots because something they use has something to do with that industry. This is about idiots not seeing the potential consequences of their actions, and then doing something that will ultimately affect other people (who may or may not be idiots themselves).

People drive vehicles everyday. Most of these people aren't experts at driving. You can tell by the emergency vehicles blocking access to a vehicle accident, the idiot not looking before merging, the other idiot blowing through a stop sign or a red traffic signal, and countless other driving offenses committed by countless other idiots. Some idiots are punished by the state, or are otherwise inconvenienced. Others are not.

And yet, they still have a license or other document, given to them by whatever state they live in, telling other people that they are allowed to drive a vehicle on the roads. More often than not, this license has an expiration date, and must be renewed periodically, often for a small fee.

It's the same thing with being allowed to access the internet. People ARE idiots.

0
0

Android Power Elite

Why do Android tech heads despise normal Android users so much?

If Joe public knew what the Android Power Elite thought about them they would save up the extra cash and get an iPhone.

2
1
Silver badge
Thumb Up

re: People ARE idiots

NukEvil, you are a person and have just proved your own argument. Well done!

0
0
Gold badge

Spartacus, this isn't about people not experts in a certain industry being idiots because something they use has something to do with that industry. This is about idiots not seeing the potential consequences of their actions, and then doing something that will ultimately affect other people (who may or may not be idiots themselves).

NukEvil,

How are people supposed to see the consequences of their actions, if they don't understand that the technology is flawed? Do Google run adverts saying that there's a risk of getting nasty malware on your Android phone, so you should check the permissions when you download from the Play store? Do Google check all the apps before they go in the Play store for rogue behaviour? Nope. They don't. They (and the manufacturers) tell their users how great the phones are, and how you can download all these lovely apps. I suspect many people don't realise that Android phones are basically computers, and not everyone has got their head round how easy it is to get their computers taken over.

Should we say those users are stupid? Or should we say the manufacturers and the software industry are stupid for producing stuff that's insecure?

I'd argue neither. My point was that it's more complicated than that.

Not all issues are black-and-white. Not all users care about their tech. Which in some ways is a bad thing and shows a lack of care (if not a certain amount of stupid-arsery). But on the other hand, why should they? They pay good money for stuff, and want it to just work.

When my Mum says to me that a pop-up came on her computer saying she'd won a prize, and then she clicked yes a couple of times "was that alright?" - that's laziness/stupidity, and I get annoyed with her. She knows she just clicked OK when she shouldn't, to get on with what she did care about, otherwise she wouldn't mention it to me a week (and a virus) later. But it's Dell's fault that they put an out-of-date version of Flash/Java/PDF on her PC, and Adobe/Oracle's fault that they don't auto-update and are about as secure as Charlie Sheen's grasp on reality. I don't think she should be expected to know that the PC was vulnerable to drive-by nasties out-of-the-box, without her doing anything but end up at the wrong website.

As usual the car analogy is rubbish. There ought to be a law (like Godwin's) talking about the prevalence of car analogies on tech discussions. People are trained how to drive. People know the consequences of crashing. There are laws, and publicity campaigns to make them aware, or punish bad behaviour. Some people are still lazy and stupid. But it's not stupidity not to understand how your engine works - you don't need to know the theory. And if there was a widespread fault with engine management systems that caused crashes people wouldn't blame 'stupid drivers', they'd blame crap car makers for: a) Causing the issue, and; b) Not fixing it.

It's your industry, or your hobby. So you've some level of expertise in IT. That doesn't make you special. I'd be surprised if you know how to deal with the risk of contracting Legionnaires Disease from your shower, how high that risk actually is, and what steps your plumbing design already goes to, in order to minimise it. Even though that's more likely to kill you than a computer virus. People can only know a certain number of things. Lack of knowledge of any subject is not the same as stupidity.

2
1
This topic is closed for new posts.