back to article Sneaky new Android Trojan is WORST yet discovered

Security researchers at Kaspersky Lab report that a recently discovered Android Trojan is the most sophisticated such mobile malware yet to be identified. In a post to Kaspersky Lab's Securelist blog, security expert Roman Unuchek describes the malicious program, dubbed Backdoor.AndroidOS.Obad.a or "Obad" for short, as being …

COMMENTS

This topic is closed for new posts.
  1. dshan
    Unhappy

    What Security?

    So Google will soon issue a fix for the vulns that allow this malware to infect Android devices, and in about two years about 50% of Android users will be on a release that includes the fix. Excellent.

    1. Paul Crawford Silver badge

      Re: What Security?

      That is a valid point, and not just about Android.

      It is high time that all devices with embedded software had a legal requirement to provide timely fixes for all notified security exploits for at least 5 years after purchase, along with proper financial penalties for the companies selling such devices that fail to do so.

      Think of all of those phones, printers, routers and numerous other semi-smart devices that have a network connection and no one looking after them.

    2. Anonymous Coward
      Anonymous Coward

      Re: What Security?

      No need to worry, just a couple of weeks ago Google said security vulnerabilities should be addressed within seven days.

      "Seven days is an aggressive timeline and may be too short for some vendors to update their products, but it should be enough time to publish advice about possible mitigations, such as temporarily disabling a service, restricting access, or contacting the vendor for more information. As a result, after 7 days have elapsed without a patch or advisory, we will support researchers making details available so that users can take steps to protect themselves. By holding ourselves to the same standard, we hope to improve both the state of web security and the coordination of vulnerability management. "

      1. FrankBarnes
        Childcatcher

        Re: What Security?

        Well, that's good news, but what about people who have older phones that the individual phone manufacturers don't issue updates? Is a Samsung Galaxy I still vulnerable? How about a Droid?

        While Google is making a good effort to patch issues like this, relatively quickly, the manufacturers, and sometimes carriers, still, and very often, have final say in an OS update.

        On the Apple side of the house, more effort is placed into platform standardization. Right now, the only phone/s and devices that can't recieve the latest OS include the iPhone 1, and the iPhone 3G. These devices never had the horsepower to support multitasking that every other generation of iPhone had.

        It would be adventagous to all Android customers and users if they could apply an update, directly from Google for a trojan like this. A trojan that has all this functionality can be a menace, and in a corporate environment would create some serious IT security issues.

    3. Anonymous Coward
      Anonymous Coward

      This cannot be?

      What, and Android virus, malware on my Android phone!

      I am incensed, this all is Apple propaganda, all lies, how dare they say this, it must be a Daily Mail story, someone is always ready to knock Android, these evil doers, nasty people who keep spreading such malicious lies and rumours .........

      Interestingly in PC Advisor August 2013 page 14, the headline 'Laptop makers drop Windows 8 for Android'.

      Well what a rip roaring fatally flawed platform you will be getting on your laptop. Yippee-ki-yay.

    4. LarsG
      Meh

      Dig deeper

      Dig deeper and you will find, 'Made by US Gov, Trademark 'Prism' copyright US Gov' stamped on it somewhere.

    5. Anonymous Coward
      Megaphone

      Re: What Security?

      Ever get the feeling you've been cheated?

      Kaspersky want to sell you a malware solution for a problem that doesn't really exist

      The Register profit from this sensationalist nonsense because people come here to read it.

      You my friend just aren't playing the game...

      1. Anonymous Coward
        Mushroom

        Re: Kaspersky want to sell you a solution

        And so many of these Register virus/trojan/malware articles are just regurgitated press releases.

        Come on, El Reg, what about some independent journalism on these subjects?

      2. AlbertH
        Linux

        Re: What Security?

        Kaspersky want to SELL you a malware solution for a problem that CANNOT exist. There is no means of any software installed with user priveledge gaining root access without manual user intervention.

        These are desperate times for the anti-this and anti-that manufacturers. Even the latest iterations of Windoze are getting more secure, and MS's own, free anti-malware programs do the job better than these bogus third-party efforts. McAfee, Kaspersky and all the other snake-oil salesmen are rapidly going out of business, and these specious claims andmalicious lies are their final efforts to keep their businesses alive.

        1. Ian McNee
          Boffin

          @AlbertH

          Actually, unlike Linux, Android is not vastly more secure than the alternatives for three obvious reasons:

          (i) all software has vulnerabilities and the more complex, the more vulnerabilities;

          (ii) Android is very popular and by definition very connected and therefore very valuable to criminal malware coders;

          (iii) as stated above in detail, device manaufaturers are essentially negligent in their provision of timely updates to fix known Android vulnerabilities.

          As for the idea that malware could not possibly gain root access without manual user intervention, that's just plain not true. One of the main ways of rooting a good number of Android devices involved exploiting a vulnerability in the OS. All the user would notice if this were malware would probably be the device rebooting unexpectedly - hardly an unknown occurrence with quite a lot of mobile devices.

          Don't get me wrong - I love Android, it rocks compared to everything else widely available at the moment, but let's get real. And likewise I have no remit for the AV companies, especially when they make such obvious "BUY ME!" releases like this one from Kaspersky.

          1. Anonymous Coward
            Anonymous Coward

            Re: @AlbertH

            "unlike Linux, Android is not vastly more secure than the alternatives"

            Actually Linux has one of the worst the worst security architectures and vulnerability counts of any current OS.

            Look at exploit statistics for a market where Linux is actually used like Webservers, and you will see that you are far more likely to be exploited running Linux than say Windows Server or BSD...

        2. Irongut

          Re: What Security? (AlbertH)

          MS' free av is not as good a decent 3rd party av. Just look at any independant tests and you'll see that it is fairly useless. You're much better off with ESET, Kaspersky, AVG, Avira or Avast. Some of which are also free.

          1. GeekinOrpington

            Re: What Security? (AlbertH)

            That's funny!

            In the real world I support PCs in homes and small businesses and I have only one recollection af a PC with Microsoft Security Essentials becoming infected, but I an continually dealing with PCs with McAfee, Norton, AVG and Avast that have become infected.

            It's not an INDEPENDANT test just my experience.

        3. Wize

          Re: What Security?

          "Kaspersky want to SELL you a malware solution for a problem that CANNOT exist. There is no means of any software installed with user priveledge gaining root access without manual user intervention."

          And if a typical thick user stumbles across a website telling them they can have a pink pony dancing around on their lock screen by following a few steps, some will do it. Even if those steps are to give the app root control.

    6. eulampios
      Facepalm

      Re: What Security?

      1) You need to install it in the first place (with all the permissions to donate all your bases to the app)

      2) You need to specifically grant it the administrative privileges when it asks from you

      So if you both you totally deserve it.

      To have a resemblance with the windows malware one might want no work done on the behalf of the user, so that the trojan,/virus install on the machine by itself.

    7. Anonymous Coward
      Anonymous Coward

      Re: What Security?

      "So Google will soon issue a fix for the vulns that allow this malware to infect Android devices"

      The only short term fix would be an upgrade to a secure OS with a chain of trust model like Windows Phone. Android is insecure and broken in so many ways due to it's Linux heritage that a simple fix is not possible....

  2. Khaptain Silver badge

    Couple of questions

    There is no mention of how the malware gets into the system, from the article it appears that the virus must be "installed".

    The article also doesn't mention how the virus gains "Device Administrator privilèges":

    How did Kaspersky manage to find this well hidden, disguised virus.

    How do they know it can connect to URLs, ping etc and yet not know the addresses that it pings, connects to.

    ).

    1. Ole Juul

      Re: Couple of questions

      Questions indeed. Without some answers I'll just assume that someone is selling something here.

      1. Anonymous Coward
        Anonymous Coward

        Re: Couple of questions

        To be honest just about any article about how a "security" company have "found" a really nasty virus/trojan etc. is completely lacking in any real detail about just how these things get onto your computer / phone / nuclear reactor controller.

        I'm getting more and more suspicious that a lot of it is total and utter bullshit and why tech sites do not challenge the companies over the real details rather than just regurgitating their press release I do not know.

        1. Chet Mannly

          Re: Couple of questions

          "I'm getting more and more suspicious that a lot of it is total and utter bullshit "

          +1 - Especially when they don't mention anything (like the name of the app) that might prevent people downloading the trojan in the first place, just "buy my program now".

          Also why didn't they report the name of the app to Google so they can remove it from the Play Store? That would stop 99% of people getting infected.

          Much better for sales to say its a vulnerability, so anyone who hasn't updated their OS recently will buy AV...

          1. Anonymous Coward
            Anonymous Coward

            Re: Couple of questions

            Who says it was an app? Maybe it can be spread from an infected PC on the same network, or spread from an infected phone to other phones using the same AP, maybe you just have to visit the wrong website, or maybe visit the right website that unfortunately has a contract with the wrong ad provider.

            There are a lot of ways for malware to spread beyond downloading dodgy apps. It's just that that's been such an easy path so far that malware writers haven't really had to try as hard. Sort of like how PC malware used to be spread by infected floppies and .exe attachments, and because that was so easy there was no reason to write something as complex as Stuxnet.

            1. eulampios

              Re: Couple of questions

              There are a lot of ways for malware to spread beyond downloading dodgy apps.

              These ways are good for MS Windows mostly. With the allegedly huge amounts of Android malware (that very few people have ever seen) none gets on a device by automatically and without user explicitly installing it.

            2. Chemist

              Re: Couple of questions

              "Who says it was an app?"

              As the link in the article states :-

              "Recently, an Android application came to us for analysis"

    2. heenow

      Re: Couple of questions

      The article has a screen shot of how the Trojan gets administrator privilege.

    3. tony2heads
      Facepalm

      Re: Couple of questions

      how it gains device administrator privilege -see

      http://www.securelist.com/en/blog/8106/The_most_sophisticated_Android_Trojan

      "

      Obtaining privileges

      Immediately after it starts, the application attempts to obtain Device Administrator privileges"

      So it just ASKS for them

  3. Andrew Jones 2
    Mushroom

    And.... it's a big non problem because:

    1) you have to download and install the malware - which means you have to agree to the permissions it needs to run.

    2) you have to enable Device Administrator support for it to be able to do anything bad to your device

    3) You need to be rooted for it to be most effective.

    The chances of 1 are admittedly higher for the "I will download everything I possibly can" crowd

    The chances of 2 are pretty slim as the sort of people caught by step 1 - are not the sort of people who know about device administrator

    and the chances are 3 are 0% because the sort of people who are rooted are not the sort of people who go out and download everything under the sun believing that everything will be sunshine and roses.

    Finally - it does not use "previously unknown" vulnerabilities - it uses well known vulnerabilities.

    The team that discovered this trojan also admit that because the code remains largely encrypted until it first makes contact with the C&C server - it makes it very difficult to analyse what it does and how it does it - in any great detail - which frankly - I find ludicrous to suggest - either stick it on a fresh device with a PAYG sim card or stick it on an emulator.

    1. Anonymous Coward
      Anonymous Coward

      Not a non problem

      Yep, what you say has truth in it, but the fatal flaw is that 90% of Android users download stuff without even thinking about it.

      1. Otto is a bear.

        Re: Not a non problem

        I don't think that's a problem restricted to Android users, you should see the S$5t the family yoof download onto just about every device they own and then ask me to fix when it all goes horribly wrong. They really get upset when I wipe the device and reload from scratch and ask for the backup, tease that I am.

      2. Chet Mannly

        Re: Not a non problem

        "90% of Android users download stuff without even thinking about it."

        So you didn't read points 2&3 at all then?

        You need to do more than just download an app - you have to enable other things as well.

    2. Tufty Squirrel

      Non-problem? Hardly.

      >> you have to download and install the malware - which means you have to agree to the permissions it needs to run.

      Quite, but how many people actually take any notice of, or understand, the permissions warning screen? After all, if you've downloaded <x>, it's because you already /want/ to run it - Android doesn't give you any option of "stop this application doing this, but it might compromise functionality", it's all or nothing, "install it or don't". Everyone I know, *myself included*, hits "install it". So all you need is something that people *want* to run, and you're on a load of devices.

      Your issues 2 and 3 are largely moot because, once you have code running on a machine, you effectively have physical access. Privilege escalations are hardly unknown, after all, and Linux kernel + Android runtime provides a pretty large attack surface, especially given the likelihood of anything having been patched since the device left the factory.

      1. John H Woods Silver badge

        Re: Non-problem? Hardly.

        The privileges are not granular enough. You don't have the option of installing an app with some privileges, so you either accept full access to SD card, or you do without the app -- No option to chroot an app to subfolder on the SD card, You either accept access to the camera or you do without the app -- no option for "ask me each time". This would also be useful with "services that cost money"

        There is also, afaik, no log of which app invoked which privilege and when, so there is no auditing. So, in my experience, although I don't like it, the accept permissions step of most apps I'm interested in is pretty much just one more click you have to make.

        1. Vince

          Re: Non-problem? Hardly.

          The lack of control over permissions on Android does increasingly irritate me.

          Especially when I'm using my Blackberry Z10 where I can say "actually this app can't use location services" but I'm ok with it reading stuff from my contact book" if I so want.

          Why the hell android does not allow ME to control that I have no idea.

          1. Tim Bates

            Re: Non-problem? Hardly.

            "Why the hell android does not allow ME to control that I have no idea."

            Well it could be worse... You could be using iOS - where not only do apps not inform you what they could do, but the OS doesn't either.

            1. Anonymous Coward
              Anonymous Coward

              Re: Non-problem? Hardly.

              No iOS does ask you if you want to allow apps to access your data.

          2. aj87
            WTF?

            Re: Non-problem? Hardly.

            Not related to this trojan but since you are saying BB10 permissions are better

            Have RIM fixed that little permission where you can't use the GPS hardware in the device without using location services and therefore agreeing to give them all your location data/wifi hotspots/gsm cells? That genuinely annoyed me when I got an Z10, its my hardware why can't I use GPS on its own.

            1. Anonymous Coward
              Anonymous Coward

              Re: its my hardware why can't I use GPS on its own.

              That's what I always used to think on my stock android. I couldn't switch on the GPS without sending data to Google. No, not because it was using wifi to locate, that was disabled, I couldn't activate the GPS module on the phone without first agreeing to send "anonymous" data to google. (yeah, because a lat and lon with no other information would be so useful!)

              So not a blackberry specific problem, one that occurs for users of Android handsets as well...

          3. Down not across

            Re: Non-problem? Hardly.

            +1

            Rather annoying that to get that kind of control, you have to root the phone and install additional software.

          4. sorry, what?
            FAIL

            Re: Non-problem? Hardly.

            The broken permissions model really does irk. And it's not like it is a new grumble against Android either.

            As I once said in a comment on a previous article (http://forums.theregister.co.uk/forum/1/2012/03/05/more_android_privacy_fail/): "Symbian anyone?"

    3. Robert Carnegie Silver badge

      It's a TROJAN

      You think you're installing something you want, like "Microsoft Office". And instead (or as well!), you get this.

  4. YARR
    Facepalm

    Isn't it high time Android moved to a model of rolling updates from a central (Google) server just like any other internet connected OS? The device customisation by manufacturers needs to be restricted to only self-contained device drivers, pre-installed apps and some UI appearance settings. It's crazy that you can still buy new devices that are stuck on OS versions from 1-2 years ago, given that the software is free. The latest generation of devices ought to have sufficient memory and storage available to handle a slow growing OS footprint.

    I'd also like to know if any of the vulnerabilities are in the Linux kernel upon which Android is based.

    1. Cliff

      Manufacturer & Mobile operator

      Yes, that would be ideal for me, but alas the manufacturer and network pre - installed stuff is the main way HTC differentiate themselves from LG from Sony from Samsung. They all want to add their branding and app stores to thehandsets to get a bite of the recurring revenue not just the low margin hardware market or data carrier market

      1. Anonymous Coward
        Anonymous Coward

        Re: Manufacturer & Mobile operator

        ". They all want to add their branding and app stores to thehandsets to get a bite of the recurring revenue"

        And then they wonder why they don't actually get any income. Who the f*** buys anything from the Samsung or HTC crapp stores? Who uses their mobile operators content portal? A tiny, tiny minority, because everybody uses iTunes or Play, or Amazon.

        If the hardware makers want more money, then they should make their devices work better so that people will pay a bit more for them. DLNA is slow and sluggish in most implementations, involving deep menu dives on both devices. Tablets often struggle with simple tasks like printing. TV's are craply integrated with other media devices. Where's Jobs when you need him? He'd have made it work, and then everybody else could have learned how to do it.

        Although even there, Apple showed how to manage a phone OS, and Google managed to ignore the important bit about central control and avoidance of fragmentation.

        1. Anonymous Coward
          Anonymous Coward

          Re: Manufacturer & Mobile operator

          Android is open source, how exactly is Google supposed to force updates on Android phones? If they had code to do that, it would be among the first things Samsung removed in the process of building their own version to install on a GS4.

          As for why Samsung doesn't do it, they've got a ton of different models, with more coming out every month. Even the models that use the same version of Android probably have different bits of customization in them, simply to patch existing versions to fix a security issue is probably a big job. Let alone taking a newer generic Android version from Google, adding back the customizations for their dozens of models, and then testing it to make sure their customizations didn't break anything when matched against the newer Android code. No wonder it is mostly only the high end Samsung models that get updates, and even then not in a particularly timely fashion.

          1. Anonymous Coward
            Holmes

            Re: Manufacturer & Mobile operator

            "Android is open source, how exactly is Google supposed to force updates on Android phones?"

            Maybe that's the problem, don't you think?

        2. Mark .

          Re: Manufacturer & Mobile operator

          So making an Android device to put your own storefront on it is doomed to failure, then you cite everyone buying from Amazon *cough*Kindle Fire*cough*?

          "Where's Jobs when you need him? He'd have made it work, and then everybody else could have learned how to do it."

          Funny how he failed to make these things work. I love how Apple fanatics now argue by simply *making up what Apple might do*, even though they haven't done it. Let me try it to: an Apple solution would only work with Apple devices. It would cost twice as much, lack basic functionality, sell less than the competition, but have a light up glow in dark logo and by hyped by the media before it even existed. Just like you are doing now.

          The examples you list are precisely the things that Jobs and Apple don't do well. Just look at the mess we've got outselves into where so many audio devices only work with the minority of Apple phones or outdated ipods - my TV actually makes a far better audio sharing device, because it supports DLNA and USB, working with any hardware or platform.

        3. Captain DaFt

          Re: Manufacturer & Mobile operator : @Ledswinger

          Jobs' brilliance was due to his focus on esthetics and user interface, leaving the *how* to the grunts.

          There are many stories of something being submitted to him, He'd play with it, then deamand, "Why doesn't it do this? Why can't I do that?"

          When they'd tell him, "It doesn't work that way." or "that's not secure." , he'd throw it at them and demand that they bring it back when it "worked right".

          Guess what? They brought it back meeting his demanding criteria, and still kept it mostly secure.

          Jobs wasn't a computer genius, he was a people genius, in that he knew what the average joe on the street expected from a device.

    2. Mark .

      It's Open Source, so manufacturers can and do what they like - and with Samsung selling 10s of millions a month, they're not going to change anytime soon.

      I do agree though I wish there were more Nexus-like devices - perhaps we'll start to see this now (as with the new S4 announced running standard Android).

      "The latest generation of devices ought to have sufficient memory and storage available to handle a slow growing OS footprint."

      Possibly they don't though? My Galaxy Nexus is starting to be sluggish in areas, and it's still way better than the low end of new devices.

  5. h3

    It is probably part of Facebook Home (Or does about the same amount of damage to the device). Remember Google tried to stop them doing their own updates I think this is a test from them.

  6. Richard Boyce
    Big Brother

    Not the only thing hidden, apparently

    So how do we remove PRISM from our devices using Google software ... and Apple software ... and so on?

    1. Florida1920
      Joke

      Re: Not the only thing hidden, apparently

      "So how do we remove PRISM from our devices"

      http://images2.wikia.nocookie.net/__cb20110429175847/clocktower/images/9/9a/Sledgehammer.png

    2. Anonymous Coward
      Anonymous Coward

      Re: Not the only thing hidden, apparently

      Since PRISM isn't on our devices the answer is fairly simple. Don't use anything that runs through American servers. i.e. route your connection over a VPN to some anti-American country and do not use any services provided by infringing companies (or any US companies).

      While that country may be doing the same thing, at least they don't have the jurisdiction to arrest you on some fancy charge. Just make sure they don't have an extradition treaty, not that it'd be in their favour anyway.

      1. Don Jefe
        Happy

        Re: Not the only thing hidden, apparently

        You might slip by if you VPN through a non US country, maybe. I do not believe doing that through an anti-American country would be very smart though...

  7. Michael Thibault
    Mushroom

    Mmmm...

    I be smellin' me some popcorn.

  8. Captain DaFt

    Déjà vu

    Remember Windows 98?

    Popular, ran all the software, and about as secure as a two hundred thousand dollar mortage given to a crack addict.

    I hate to say it, but Android's beginning to look the same.

    1. The Axe
      Facepalm

      Re: Déjà vu

      Sounds like you are on the drugs. Seriously, you think that a very small number of infections by a dangerous trojan and a few other virus is the same as Win98's thousands upon thousands of infections. And Android at least has some notifications of what applications will do, Win98 had nothing. Android is not even beginning to look the same as Win98.

      1. Matthew 25

        Re: Déjà vu

        Yes, I think that is a valid comparison. In 98 most of this stuff was new. We are now 15 years down the line with an OS created in an environment where infection is much more understood. The Chocolate Factory should be doing more to prevent this sort of thing.

        1. Anonymous Coward
          Anonymous Coward

          Re: Déjà vu

          « In 98 most of this stuff was new. »

          If by "this" stuff you mean things like access control and other security details designed to minimise the risk of Bad Things Happening, either maliciously or by inadvertence... I could swear all that was already a fairly well-known problem with which manufacturers of multi-user operating systems were familiar (which group at the time already included Microsoft, through its kind of unloved Unix ventures).

      2. Captain DaFt

        Re: Déjà vu

        "Seriously, you think that a very small number of infections by a dangerous trojan and a few other virus is the same as Win98's thousands upon thousands of infections"

        And you're forgetting that Win 98 only had a few, small infections at first as well.

        It took several years for it to get to the point that there were thousands and thousands of infections. We're still in the early days of Android.

        And as for Android's defenses? It alerts you to what permissions an app is asking for, and the only control you have at present is "yes or no" to all.

        Android really needs a fine grained permissions control for apps, which it will at best only get a partial version, because Google needs its data.

        1. M Gale

          Re: Déjà vu

          I still want to know how many devices were infected that weren't rooted. I'm guessing the answer would be 0? The only thing I'm surprised at is that there aren't more infected smartphones (of any platform) that are basically allowing random apps to run as root (which was half the problem with Windows up until UAC).

          Thing here is, the droid builds for rooted phones tend to let you perform post-install permission denial, either built in or by using an app like Permissions Denied. So, it can obviously be done. The only thing that prevents me from rooting my own devices is because I'd like to install Cyanogenmod or whatever distro, then re-lock the device under my own key.

          Add the ability to root, mod, then re-lock, and I bet you'll slash the already small amount of Android virii out there.

          Of course, if someone decides to enable downloads from unofficial sources (and let's see that code swapped to allow different 'official' app stores eh?), root the device, leave it open then go on a download binge from cracked-apk-downloads.com, you can't really blame the device or the system for that.

  9. Anonymous Coward
    Anonymous Coward

    I'm confused

    I'm sure Eadon told me only Windows gets malware due to its underlying security flaws.

    On a more serious note, any recommended AV applications for an Android tablet?

    1. Rimpel

      Re: I'm confused

      I use avast, mainly because I use it on the win laptop too and it integrates with it nicely. From there I can see the phone status, and also control it remotely if lost or stolen - to get it to report it's location, take a pic, get the new phone number if the sim is changed or do a full wipe etc.

    2. M Gale

      Re: I'm confused

      On a more serious note, any recommended AV applications for an Android tablet?

      I use the don't-run-rooted method of virus avoidance and it works pretty well. If you're worried about random apps nobbling your SMS messages or somesuch, the usual firms (such as Kaspersky, hoho) will sell you a security suite.

    3. eulampios

      Re: I'm confused

      On a more serious note, any recommended AV applications for an Android tablet?

      With all seriousness, AC, I recommend to use your brain application!

      1. Anonymous Coward
        Anonymous Coward

        Re: I'm confused

        @eulampios

        It's not my tablet I need to protect.

        1. eulampios

          Re: I'm confused

          I still am very sure that it is much easier to teach a user to avoid non-google sources and apps with excessive permissions than to find a really smart scanner . Like that game that will have an access to your text messages, emails, can place phone calls and can cost you money,

    4. Anonymous Coward
      Anonymous Coward

      Re: Eadon told me only Windows gets malware

      He's conspicuous by his absence whenever there's a story about Linux malware.

  10. Anonymous Coward
    Anonymous Coward

    does tend to prove the point

    Advocates of Windows have long since argued that it is more prone to viruses because

    (a) it has a bigger user base, so is a more attractive target

    (b) it has a higher proportion of average (i.e. clueless) users who're more likely not to exercise proper caution

    Android's woes on the security front do tend to support this argument. A Linux kernel probably isn't any safer if put in the hands of an idiot user than Windows. But the fragmented Android system for distributing security fixes is going to be the big killer.

    1. MacroRodent
      Happy

      Re: does tend to prove the point

      >Advocates of Windows have long since argued that it is more prone to viruses because

      >(a) it has a bigger user base, so is a more attractive target

      So, perversely, Windows Phone is currently the most secure mobile OS, being the underdog...

      1. Anonymous Coward
        Anonymous Coward

        Probably true maybe blackberry though now :)

      2. Anonymous Coward
        Anonymous Coward

        Re: does tend to prove the point

        Look at Linux based webservers - they have a good market share - and consequently are by far the least secure platform to use:

        http://www.zone-h.org/news/id/4737

    2. Captain DaFt

      Re: does tend to prove the point

      "A Linux kernel probably isn't any safer if put in the hands of an idiot user than Windows"

      People tend to forget, or don't know, that the NT kernel for windows actually has very robust security built in.

      NT, Linux, BSD, whatever, the security of the kernel doesn't mean a hill of beans if what's layered on top of it ignores or circiumvents that security.

      1. Destroy All Monsters Silver badge
        Trollface

        Re: does tend to prove the point

        "People tend to forget, or don't know, that the NT kernel for windows actually has very robust security built in."

        Recently I have heard of something rooting the NT kernel by using a bug in some kernel code that computes Bézier curves...

        1. AlbertH
          Linux

          Re: does tend to prove the point

          Breaking into and abusing any Windoze kernel is trivially easy (due to the stupid anti-security decisions made by William Gates back before he needed to shave). The faults in Windows persist right up to today.

          Conversely, the Linux kernel has remained largely secure despite its massive installed base. It's the predominent internet OS - for servers of all kinds, routers and switches. Even Microsoft use it where Windows won't scale! Android is just a shiny desktop, and does nothing to compromise the basic kernel.

          Kaspersky are just like all the others of their ilk - selling non-existent solutions for non-existent problems. (None of their "solutions" actually do anything useful)

        2. Anonymous Coward
          Anonymous Coward

          Re: does tend to prove the point

          The NT kernel has a few dozen known security bugs. The Linux kernel is now on well over 900....

          1. M Gale

            Re: does tend to prove the point

            I have to wonder how many of the NT kernel's security flaws would be known if any old Joe could take a look at the code?

            There would certainly be a bigger chance of getting them fixed, rather than festering away in some dark corner of a hacker's 0day catalogue.

  11. Alan Denman

    malware in the IOS app store is far sneakier....

    Even Kaspersky cant find it cause Kaspersky are banned.

    How sneaky is that?

  12. Anonymous Coward
    Anonymous Coward

    Hehehe

    They should have gotten an iPhone!

  13. Pie
    Joke

    No such problems on my windows 8 phone

    Mainly because there are only 5 users in the world so it's not worth targeting...

    1. Anonymous Coward
      Anonymous Coward

      Re: No such problems on my windows 8 phone

      Windows Phone now has 8.4% of the UK market and 5.6% of the US market as per Kantar figures for April....

  14. IGnatius T Foobar
    Black Helicopters

    Conspiracy theory

    Kaspersky, a company whose sole source of revenue is band-aids for shoddy Microsoft products, has been paid by Microsoft to distribute fearmongering about a platform that is rapidly eating into Microsoft's market share.

    They may have even been paid by Microsoft to develop and distribute the trojan itself.

    1. Anonymous Coward
      Anonymous Coward

      Re: Conspiracy theory

      No, they see a second source of revenue if Android users start buying AV software.

    2. serendipity
      FAIL

      Re: Conspiracy theory

      Wrong and wrong again: Microsoft don't have any market share in the mobile space to eat into. And with the patent royalties they receive on Android sales, they probably make more money from Android than Google does! So why would they pay someone to develop an anti Android trojan?

      But anyhow. how come Android has exploitable security bugs? How many times have I read that open source software is inherently more secure because of the 'many eye balls on the code' factor - looks like some of those eye balls belong to the bad guys!

      1. eulampios

        Re: Conspiracy theory

        But anyhow. how come Android has exploitable security bugs?

        Which are they, please name them along with exploits.

        1. Anonymous Coward
          Anonymous Coward

          Re: Conspiracy theory

          Please. Are you claiming Android has no known exploits? Everywhere knows it has security holes, just about all software of any significance does. The article even mentions that the malware uses several previously unknown exploits to do its dirty work.

          Obviously Google will fix the ones they know about when they make a new release, but that really only helps the people on devices running stock Android who can and will update right after it is released. If Microsoft was able to make Windows 8.1 100% secure at release, there would still be Windows exploits out in the wild 10 years from now, because there will be a lot of people running something older than 8.1. And even Windows 8.1 machines would have security issues, because of all the third party software they might be running (Adobe, Java, etc.)

          1. eulampios

            @DougS

            Are you claiming Android has no known exploits?

            Does you question relate to all versions of Android throughout the whole time it is developed? Then -- no, even though Android hasn't yet given a single remote code execution vulnerability.

            I am claiming that Android managed to avoid the issues of the MS Windows where sometimes (much more often in the past) you don't have to install a malware yourself. A user-friendly system, an ingenious OS feature or a vulnerability would do it for you when you

            -- open an email

            -- click on a link

            -- visit a webpage

            -- insert a media

            -- open a document

            It would often get spiced up by the fact that quite a few people had to run the system as administrator since so many apps wanted them to. In the meantime, Microsoft and all army of AV vendors urge you to never stop running antivirus software.

      2. Anonymous Coward
        Anonymous Coward

        Re: Conspiracy theory

        "Microsoft don't have any market share in the mobile space to eat into"

        Microsoft are on target to go over 10% of the mobile phone market this year, and already were up to 7.5% of the tablet market back in Q1....

  15. The_Regulator

    Sideloading an unknown app while giving it admin privileges anyone who gets this type of Trojan deserves it for their own stupidity.

    1. Anonymous Coward
      Anonymous Coward

      I feel dirty, like upvoting TheVogon.

      S'right though.

  16. Anonymous Coward
    Anonymous Coward

    Had a really nasty piece of malware on my windows pc, it too was sophisticated code that stayed hidden but could wreak havoc - then I uninstalled Kaspersy Anti-Virus Software...

    1. Anonymous Coward
      Anonymous Coward

      Sad, but kind of true. Our computer network performance strategy was to run KAV Remover and install Avira. Wow, this huge chunk of disk space appeared and the computers ran faster without the periodic bogging and near loss of internet access while the KAV updater ran.

  17. Anonymous Coward
    Anonymous Coward

    More information

    The Register should have asked Kaspersky Lab for more information about their findings. (a) Did they sample random Android phones (b) Specific brands? (c) Specific versions?

  18. Dana W
    Trollface

    But at least its not a walled garden!

  19. darklordsid
    Pirate

    Privacy and security -wise all malware seems a joke compared to mainstream OS, web search and social media "features"

  20. Anonymous Coward
    Anonymous Coward

    Lack of info on vector is disturbing.

    Kaspersky does try to stay ahead of things by proactively seeking potentially dangerous code, but it would be nice to know if there were any infecting apps discovered in app stores.

    As for requiring security fixes for 5 years, all that would do is shift innovation to China as reputable, regulated manufacturers would slow development, investment, and number of available products while gray products would flourish.

    Every wonder why cars, and in particular German cars, are so expensive? The requirement that every component be available for an absurd number of years is a good part of that. What happens when CE manufacturers are told they have to support code for devices well beyond their planned lifespan? The price has to go up to pay for all those bodies.

  21. Anonymous Coward
    FAIL

    Eadon?

    Where are you?

    LINUX MALWARE FAIL (to paraphrase)

    1. eulampios

      Re: Eadon?

      WTF?? You still have to install yourself even the most sophisticated Linux trojan and explicitly grant the admin privileges???

      LINUX FAIL

  22. Senior Ugli
    IT Angle

    This comment has just scanned your system for viruses and malware

    Results - 42 virsues and 53430 instances of malware. Not to mention your browsing habits are awful and possibly illegal.

    Please report to the local government office or buy our Super Virus and Malware descannerizingutron software comes a free Malware free copy of Angry Birds! it only spams your email and scans your retinas every 30 seconds*

    *Unpatched webcam required. Please leave computer on 24/7.

    Secured by the National bank of Uganda and Cousin Benson

  23. Animoid

    Worst Android Trojan?

    Or best?

This topic is closed for new posts.

Other stories you might like