Android Botnet Exploits Gingerbread Root Access - Ben Kerr Love Lucy Clover - 優仕網部落格

優仕網部落格優質部落格精選文章
红叶子,美也。
行事曆
S M T W T F S
          12
3456789
10111213141516
17181920212223
24252627282930
31           
Battery replacement
Find laptop batteries and adapters for all major laptop computer brands online shop. This website specialize in wholesale and retail replacement batteries, chargers, adapters for laptops. http://laptopbattery4.us http://www.lenovo-batteries.net

 

laptop battery, lenovo batteries, digital camera batteries, laptop batteries
站長

Benne
♂ 31 南投縣
部落格分類
最新回應
Updates occur every 60 minutes.
瀏覽統計
字體大小:  
Android Botnet Exploits Gingerbread Root Access

Android Botnet Exploits Gingerbread Root Access

By Mathew J. Schwartz, VIA:informationweek.com.

Malware grabs rootkit exploit code to obtain temporary access privileges, poses a "serious threat," says researcher.

The mobile malware state of the art continues to improve, as demonstrated by the emergence of a new Android threat that's been dubbed RootSmart.

According to Symantec, the malware interfaces with a bonet that it's dubbed "Android.Bmaster." That botnet appears to have active connections with about 11,000 Android devices, and is likely generating daily revenue between $1,600 and $9,000 for its controller, or botmaster.

RootSmart is designed to escape detection by being named "com.google.android.smart," which the same name as a settings app included by default with Android operating systems. The malware can gain root access to phones running versions of Android Gingerbread before 2.3.4, or Android 3.0, as well as "phone home" to a command-and-control (C&C) server for instructions. More than half of all Android smartphones are now running some version of Gingerbread.

[ Google's effort to stop bad apps is a step in the right direction. However, Google Bouncer Won't Block All Android Malware. ]

When first installed, RootSmart lies dormant, waiting for some type of trigger, such as an outgoing phone call. Once triggered, however, "RootSmart will connect to its C&C server with various information collected from the phone," said Xuxian Jiang, a computer science professor at North Carolina State University, in a blog post. "Our analysis shows that the collected information includes the Android OS version number, the device IMEI number, as well as the package name." To make it more difficult for security vendors to block the software, it also obfuscates the URL of the C&C server that it contacts.

After RootSmart phones home, it then downloads exploit code known as GingerBreak from the server, and uses it "to obtain root privilege on infected phones," said Jiang. Next, RootSmart attempts to download additional malicious applications--including malware known as DroidLive--which it installs in the device's system partition. "It's worth mentioning that if RootSmart fails to obtain the root privilege, it will still attempt to install the downloaded apps," said Jiang. "However in this case, it cannot install the apps silently. Instead, a pop-up window will be shown for [the] user's approval."

"Due to the fact that RootSmart utilizes the GingerBreak root exploit and can be remotely controlled, we believe it poses serious threats to mobile users," said Jiang.

What's RootSmart's purpose? Like so many types of malware, it's designed to earn money for its botmaster. According to Symantec, it pursues that goal by primarily targeting users of two Chinese mobile phone carriers. "For example, an infected device can be configured to send messages to a particular premium SMS number at a specific rate (three a day, for instance) for a certain number of days," said Cathal Mullaney, a security response engineer at Symantec, in a blog post. "Devices connecting to premium video or telephony services can also be configured for how long they should connect to a premium phone number or pay-per-view website." The malware can be set to block incoming emails containing specified keywords, which attackers could use to try and prevent mobile subscribers from receiving "unusual activity" alerts from their carrier.

How might RootSmart end up on an Android device? The software comes bundled "with a legitimate application for configuring phone settings," said Mullaney. "Trojanized applications are a well known infection vector for Android malware, as they allow malware to be distributed while retaining the appearance of a legitimate application."

Thankfully, however, the N.C. State researchers found the malware not in the official Android Market, but rather on third-party download sites. Accordingly, Jiang recommended avoiding such download sites whenever possible. But in some countries, including China, access to the official Google Android Market is blocked. Thus it's no surprise that, according to Symantec's study of RootSmart, "the vast majority of infected devices belonged to Chinese customers."

In terms of mitigation strategies, Jiang also recommended keeping a close eye on the permissions being requested by apps, as well as any unusual device behavior, and finally, running mobile security tools to keep devices safe.

VIN Viper CEO Unable to Attend NADA 2012 Due to "Space Madness!"

VIN Viper, leading automotive industry mobile software development, is proud to announce the release of a plethora of mobile app and software upgrades for all VIN Viper's platforms for the Android, iPhone, Windows Mobile and its web based utilities available at www.vinviper.com .

Most notable in the Android update (v1.0.6) is the release of a new VIN bar code scanner that VIN Viper built from the ground up. VIN Viper spent over 12 months developing the new barcode scanning module and now proudly touts their new VIN barcode scanner as the fastest scanner in the industry and has been benchmarked at least 10x faster than the closest competitor. Additionally, VIN Viper's iPhone and Android apps now have a new user-interface (UI) that allows dealers to book deals faster and access critical data metrics on one page, thereby eliminating the need to page flip and saving appraisal time.

In addition to the mobile app upgrades and enhancements, users will also find more features and added functionality in the desktop web portal located at www.vinviper.com that allows users to view and manage all mobile app appraisals, create new ones, export/import vehicles into other software platforms, manage all settings, take multiple photos, make appraisal notes, e-mail appraisals within the app and push vehicles to Facebook as News feeds.

"There are numerous user interface upgrades, a new scanning platform, the removal of device restrictions and even a new pricing model that has turned the automotive industry upside down," said Jason Seligman, President of VIN Viper. Seligman lamented, "We recently had a competitor call and complain that our prices were 'too low' and that it was 'unfair,'" which Seligman replied, "Unfair to you, or unfair to your customers because we offer a better product at a fraction of the cost?" "VIN Viper has initiated a new marketing plan and business model that now offers the most advanced features, functionality and accessibility not previously offered in the industry. For only $25 a month, VIN Viper is offering a suite of products and features not only unavailable elsewhere, but at a 400% annual savings for comparable products offered by VIN Viper's direct competitors."

VIN Viper's President continued, "VIN Viper is a technology development shop first and foremost, and with internal brilliant resources at our disposal our core belief and values are to continually enhance our products, listen to the market, release the upgrades for free and even offer our paid services so inexpensive that no competitor can compete long term due to our continual adjustment in economies of scale." Seligman concluded, "We will push to continually expand that gap and the result will be more features for the automotive community, a more standardized and accepted platform and a reset on what the industry thinks is 'fair' pricing for value added resources that are quickly becoming the standard."

While VIN Viper takes its mobile application development position as an industry leader very seriously, VIN Viper also enjoys having fun with its marketing campaigns and designing marketing collateral that allows VIN Viper to let their hair down every now and then. VIN Viper's latest campaign, based on a 1960's Sci-Fi TV show, announced VIN Viper had cut their price by 50%, spoofing what most baby boomer dealers are sure to remember as the TV show, "Lost in Space," was entitled, "VIN Viper CEO suffers Space Madness!"

 

Other Electronics News:

Lenovo Battery ,

Lenovo T400S 2815 Battery , Lenovo T400S 2823 Battery , Lenovo T400S 2824 Battery , Lenovo T400S 2825 Battery , Lenovo R32 Battery , Lenovo R40 Battery , etc.

瀏覽次數:322|回應簽到列印

分享:


0
回 應
共有 0 則回應
你是否想要回應?
註冊以獲得一個免費帳戶,或登入(如果你已經是會員)