back to article China's Android users warned of giant botnet

Security researchers in China are warning Android users to be on their guard after claiming to have discovered a million-strong botnet lurking on the platform. The Android.Troj.mdk Trojan, first spotted by security firm Kingsoft Duba back in early 2011, is thought to be hidden in over 7,000 apps today, including many popular …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Anonymous Coward

    This is the Achilles Heel of Android.

    1. Anonymous Coward
      Anonymous Coward

      No. It's the Achilles Heel of installing dodgy software from nefarious sources on your devices [although granted, Android does make this easier to do than oher phone OSes]

      1. ratfox
        FAIL

        This is why

        Android should let users block any apps they want from network access.

        I hear you say: "yes but poor developers need ads revenue to survive and apps need network access to fetch ads". Fine. Provide an API which allows apps to fetch ads in a [i]controlled[/i] manner.

        I mean, this is not paranoia. There [i]are[/i] people out to get you. It is now standard on non-mobile machines to get a warning whenever a program accesses the web for the first time, giving you the choice to block it. I see no reason why it should not be the case for phones.

        1. Anonymous Coward
          Anonymous Coward

          Re: This is why

          > There [i]are[/i] people out to get you. It is now standard on non-mobile machines to get a warning whenever a program accesses the web for the first time, giving you the choice to block it

          Oh sure, asking users to click yes to get the free stuff they want has really proven to be an effective security model. Numerous studies have shown that unless the box says "this app is going to steal your stuff" most users will just click yes because they think it is needed to play the game/app. The spread of the first Symbian worm required the user to click yes to:

          * Do you wish to accept a bluetooth connection from an unknown device

          * Do you wish to accept a file from <<device>

          * Do you wish to execute file from <device>

          No user in their right mind would click yes to any of one of those, but there were still some who clicked yes to all three. The average user does not have sufficient knowledge to make informed consent, so this method doesn't work.

          1. Anonymous Coward
            Anonymous Coward

            Re: This is why

            The average user does not have sufficient knowledge brains to make informed consent.

            There, FTFY

            1. ContentsMayVary

              Re: This is why

              >>The average user does not have sufficient knowledge brains to make informed consent.

              Maybe so, but I think that your average user will only download stuff from the app store...

              1. PM.

                Re: This is why

                But Chinese operators put _theirs_ appstores as default , instead of Google Play.

                And the problem is that those appstores are riddled with malware , and average user is not even conscious of that.

    2. LarsG
      Meh

      Not more malware on Android phones!

      Got to be a Daily Mail news flash, or a troll by a fanbois.

      1. sabroni Silver badge
        Facepalm

        re: Got to be a Daily Mail news flash, or a troll by a fanbois.

        Of course! What other possible logical explanation could there be?

    3. Anonymous Coward
      Anonymous Coward

      "This is the Achilles Heel of Android."

      More ibullshit!

  2. Anonymous Coward
    Anonymous Coward

    And that is why

    you should install a security suite like LBE Privagy Guard.

    1. frank ly

      Re: And that is why

      Yes but, they require a phone to be rooted, which is beyond the ability of the vast majority of owners.

      1. MikeS

        Re: And that is why

        there are plenty of security apps that don't require you to root the device eg Avast Mobile Security

        (root for that is only needed if you want to use some of the anti-theft features, but not for the av/malware scanning)

        1. S4qFBxkFFg

          Re: And that is why

          I (happily) use Avast, but another of its most valuable features (the firewall) also requires root.

          All that means is that people should buy a phone that's easy to root; perhaps the existence of botnets, trojans, etc. will make that more likely the next time contracts run out.

          1. M. Poolman
            Megaphone

            Re: And that is why

            We need proper technical education in schools, not simply messing about with office to make documents "interesting and exciting" by the use of da-glo orange comic book fonts or whatever.

            1. vic 4

              Re: And that is why

              > We need proper technical education in schools

              I don't think that would help, at least in this respect (be good though for a whole range of other areas), kids are probably more aware than your average non tech adult. My 3 year old daughter knows more about my wifes phone than her.

  3. Ebeneser

    Google Market Place?

    Ever heard of it? ... get your apps from there ...

    1. sabroni Silver badge
      Thumb Up

      Re: Google Market Place?

      Good idea, I'll just nip back to last year and get some apps....

      1. Anonymous Coward
        Anonymous Coward

        Re: Google Market Place?

        "Good idea, I'll just nip back to last year and get some apps...."

        Eh, WTF?

        Mind you could nip back to the last decade and use the "app store".

        1. sabroni Silver badge

          Re: Google Market Place?

          It's called Google Play now. They renamed it last year. So to download from the Google Market Place I'd need to go back in time.

          And you're called Obviously. That's ironic....

    2. PM.

      Re: Google Market Place?

      Are you sure Chinese users have access to that , or at least have access by default ? Think twice....

  4. Maliciously Crafted Packet

    A question or two

    Why no giant botnets or other malware on iOS with its larger market share?

    Why do Android users need to know about permissions and what App store is safe? Surly they deserve a device that is simple to use, secure, safe and malware free.

    1. ContentsMayVary

      Re: A question or two

      >Why no giant botnets or other malware on iOS with its larger market share?

      There *IS* malware on iOS. The thing is that you need to jailbreak your device to load apps from anything other than the Apple app store. With Android, you just need to go to settings and enable sideloading to load apps from the SD card.

      However, you still do need to explictly go and enable that setting, and when you do it pops up a big warning message saying something like: "ATTENTION: Your phone and personal data are more vulnerable to be attacked by applications from unknown sources blah blah blah".

    2. Anonymous Coward
      Anonymous Coward

      Re: A question or two

      "Why do Android users need to know about permissions and what App store is safe? Surly they deserve a device that is simple to use, secure, safe and malware free."

      Yeah, if you need your nappy changed by apple!

      1. sabroni Silver badge
        Facepalm

        Re: Yeah, if you need your nappy changed by apple!

        Too right! Real Men have Malware! All you pussy's with your "easy to use, does what you want" devices.

        There are NO ADVANTAGES to something that is easy to use. Your gran is just a dick.

    3. Mark .

      Re: A question or two

      "Why no giant botnets or other malware on iOS with its larger market share?"

      Because it doesn't have larger market share. Not anywhere near it (even if we included tablets, I'd imagine). Nor did it ever have largest market share.

  5. RyokuMas
    Boffin

    Remarkable...

    Not a peep out of the normal suspects (read "jihadists") who are first to jump on the "... because it's Microsoft" band wagon when it's Microsoft in the firing line.

    Yes, I acknowledge that Microsoft may not have done a very good job of security with a lot of their stuff. But like I've said before - the bigger your market share, the bigger target you present, and there's no such thing as a secure system.

  6. Anonymous Coward
    Anonymous Coward

    "a worrying lack of user awareness around the dangers of downloading apps from unofficial third party stores."

    If you install from untrusted sources, then you deserve to be ripped! People really are dumb asses.

    Nothing to do with android as a platform, but with witless users.

    1. I ain't Spartacus Gold badge
      Facepalm

      What is it with people in the IT industry who will insist that anyone who's not an expert in their field is a dumb ass?

      Get a sense of perspective man! Most people know bugger-all about my area of expertise, because it's a specialised area. Yet everyone in the industrialised world uses the products I sell (drinking water kit), and if I screw up a design people might start dropping dead. People aren't idiots because they can't design and operate the water infrastructure for the building they live in, just like they're not idiots for not understanding the fundamentals of other technology they use.

      Sure, it would be great if everyone understood everything, but until we can train people hypnotically in their sleep - or until we live for 1,000 years - there's simply not time enough to learn everything.

      That little rant also applies to the anonymous coward above, who made the same arrogant and unrealistic point.

      1. NukEvil

        Spartacus, this isn't about people not experts in a certain industry being idiots because something they use has something to do with that industry. This is about idiots not seeing the potential consequences of their actions, and then doing something that will ultimately affect other people (who may or may not be idiots themselves).

        People drive vehicles everyday. Most of these people aren't experts at driving. You can tell by the emergency vehicles blocking access to a vehicle accident, the idiot not looking before merging, the other idiot blowing through a stop sign or a red traffic signal, and countless other driving offenses committed by countless other idiots. Some idiots are punished by the state, or are otherwise inconvenienced. Others are not.

        And yet, they still have a license or other document, given to them by whatever state they live in, telling other people that they are allowed to drive a vehicle on the roads. More often than not, this license has an expiration date, and must be renewed periodically, often for a small fee.

        It's the same thing with being allowed to access the internet. People ARE idiots.

        1. sabroni Silver badge
          Thumb Up

          re: People ARE idiots

          NukEvil, you are a person and have just proved your own argument. Well done!

        2. I ain't Spartacus Gold badge

          Spartacus, this isn't about people not experts in a certain industry being idiots because something they use has something to do with that industry. This is about idiots not seeing the potential consequences of their actions, and then doing something that will ultimately affect other people (who may or may not be idiots themselves).

          NukEvil,

          How are people supposed to see the consequences of their actions, if they don't understand that the technology is flawed? Do Google run adverts saying that there's a risk of getting nasty malware on your Android phone, so you should check the permissions when you download from the Play store? Do Google check all the apps before they go in the Play store for rogue behaviour? Nope. They don't. They (and the manufacturers) tell their users how great the phones are, and how you can download all these lovely apps. I suspect many people don't realise that Android phones are basically computers, and not everyone has got their head round how easy it is to get their computers taken over.

          Should we say those users are stupid? Or should we say the manufacturers and the software industry are stupid for producing stuff that's insecure?

          I'd argue neither. My point was that it's more complicated than that.

          Not all issues are black-and-white. Not all users care about their tech. Which in some ways is a bad thing and shows a lack of care (if not a certain amount of stupid-arsery). But on the other hand, why should they? They pay good money for stuff, and want it to just work.

          When my Mum says to me that a pop-up came on her computer saying she'd won a prize, and then she clicked yes a couple of times "was that alright?" - that's laziness/stupidity, and I get annoyed with her. She knows she just clicked OK when she shouldn't, to get on with what she did care about, otherwise she wouldn't mention it to me a week (and a virus) later. But it's Dell's fault that they put an out-of-date version of Flash/Java/PDF on her PC, and Adobe/Oracle's fault that they don't auto-update and are about as secure as Charlie Sheen's grasp on reality. I don't think she should be expected to know that the PC was vulnerable to drive-by nasties out-of-the-box, without her doing anything but end up at the wrong website.

          As usual the car analogy is rubbish. There ought to be a law (like Godwin's) talking about the prevalence of car analogies on tech discussions. People are trained how to drive. People know the consequences of crashing. There are laws, and publicity campaigns to make them aware, or punish bad behaviour. Some people are still lazy and stupid. But it's not stupidity not to understand how your engine works - you don't need to know the theory. And if there was a widespread fault with engine management systems that caused crashes people wouldn't blame 'stupid drivers', they'd blame crap car makers for: a) Causing the issue, and; b) Not fixing it.

          It's your industry, or your hobby. So you've some level of expertise in IT. That doesn't make you special. I'd be surprised if you know how to deal with the risk of contracting Legionnaires Disease from your shower, how high that risk actually is, and what steps your plumbing design already goes to, in order to minimise it. Even though that's more likely to kill you than a computer virus. People can only know a certain number of things. Lack of knowledge of any subject is not the same as stupidity.

    2. Maliciously Crafted Packet

      Android Power Elite

      Why do Android tech heads despise normal Android users so much?

      If Joe public knew what the Android Power Elite thought about them they would save up the extra cash and get an iPhone.

This topic is closed for new posts.

Other stories you might like