Next Great App for Android, iPhone –> Rootkit
Rootkit, SMS text messages used to build a botnet of smartphones
The “hot” tech items to own these days are the (not inexpensive) iPhone and Android “smart phone” devices. (If you doubt that, ask yourself why does the news infotainment departments send reporters and camera crews to film lines of people standing outside the Apple Store when a new model comes out?)
These phones are really not phones anymore, but mini-computers – which happen to make cellular phones calls. They are Internet-connected, so they can send/receive e-mail, text and ‘chat’, and download files.. such as movies. They contain address books of your friends and family… In short, they have everything a cyber-criminal wants to target.
In the interest of making the world a better place, “a researcher at ShmooCon DC this weekend will demonstrate a smartphone botnet spewing spam, and unleash proof-of-concept code that builds a botnet out of Android and iPhone smartphones.”
Yes, that’s right. A “researcher” will show us all how it’s done, and provide the code.
Georgia Weidman, an independent researcher, says her botnet attack evolved out of work she did on making an Android application send SMS text messages transparently such that the user didn’t even know it was happening from his or her smartphone. “As I did more research, I [realized] if I did this in the base operating system instead of in ‘userspace’ where most apps are, it would be a better way to do it,” she says. “If I can remotely control someone’s phone, it can be part of a botnet.”
While there has been plenty of smartphone research that pits one smartphone against another in an attack, she says, a more likely attack scenario would be a user unknowingly downloading an app that contains malicious code. “I think the majority of malware installations will come from a user downloading infected apps,” which can easily be rigged with rootkits given the lack of sufficient vetting of most smartphone apps, she says.
Well.. now that all someone has to do is copy>paste the code, yeah, she’s right. Invisible viruses that turn your smart phone into relay stations for spammers — sending us come on’s for V1@gra and C1al1s, and virus-laden links and attachments are only, I estimate, weeks away.
… and before you get too angry at this particular person, there is a whole industry of people doing this “research”, and several conventions have been going on for years. I believe that (some of) these people actually believe they are doing a good thing.
And maybe they would be.. if they only released the code to the affected device (or software) manufacturers and developers. But you don’t get rich or famous for that. (Maybe you heard about the “teen hacker” who got hired after writing viruses that attacked Twitter? There’s a lot of that kind of idiocy in tech..)
Here is the entire Dark Reading article, Researcher To Release Smartphone Botnet Proof-Of-Concept Code. I suggest you read it. Particularly if you own a smart phone.
In case you don’t know what a “botnet” is, http://en.wikipedia.org/wiki/Botnet…
Or why a “rootkit” is the worst kind of virus, http://en.wikipedia.org/wiki/Rootkit
Does your smart phone have an antivirus? A firewall? Maybe you want those things?
Maybe it’s important to know that the apps at the app store are not checked (aka “vetted”) for malware? Doesn’t that *smell*?
IMHO, there is something wrong with this whole deal. Top to bottom.
Related:
* iPhone Users Are About to Be Screwed Over. The addition of the NFC chip to the iPhone isn’t for easy credit card purchases, but so the phone companies can control your financial transactions. Be warned. ~ By John C. Dvorak
“There has been a lot of talk about the addition of an NFC (near field communication) chip to the next-gen iPhone. This will allow the phone to be used as a swipe-it-yourself credit card. I consider this technology to be the most onerous ever.”
* CNet’s roundup of security apps for Android.
Copyright 2007-2011 © “Tech Paul” (Paul Eckstrom). All Rights Reserved.
>> Folks, don’t miss an article! To get Tech – for Everyone articles delivered to your e-mail Inbox, click here, or to subscribe in your RSS reader, click here. <<
An Update is causing BSOD, what do I do?
Q: An recent Windows Update is causing my computer to blue screen, what do I do to fix this?
A: From time to time a Microsoft security Update will not be compatible with the software and/or device drivers on your machine and the instability will trigger the Blue Screen Of Death (for more on BSOD’s and what to do, see “When good computers go bad“). Usually, Microsoft will repair this and issue a new Update … eventually.
In the meantime, remove the Update (If you’re not sure which Update is the perp, remove the most recent ones) by going to Add/Remove Programs in your Control Panel. (Start >Settings >Control Panel >Add/Remove Programs) Now look to the top area and place a check (select) in the “Show updates” checkbox. Now you will be able to see the list of installed Updates.
Click on the Update you want to remove, and then click on the “Remove” button. (You may need to reboot your PC afterwards.)
Today’s free link:(s) I do NOT recommend uninstalling security updates unless they cause your machine to become inoperable. I am a big fan of security updates and want all my vulnerabilities patched. If you’re like me in that aspect, Secunia’s Personal Software Inspector is for you.
* Microsoft Releases Internet Explorer 8 Today
Copyright 2007-9 © Tech Paul. All rights reserved. post to jaanix
| Share this post : |  |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
XP users: Service Pack 3 released (finally)
Loyal Friends and True of this series know that I am a big fan of the Service Pack, and so I am pleased to report that SP3 for Windows XP is now available through Microsoft Update.
I look forward to the release of “Service Packs”. (Here is how Microsoft describes a Service Pack: “Service packs are the means by which product updates are distributed. Service packs may contain updates for system reliability, program compatibility, security, and more. All of these updates are conveniently bundled for easy downloading.”) I look forward to SP’s not only because they roll several Updates into one download, but Service Packs also (sometimes) include new products/features — such as, XP SP2 added the Security Center and a firewall.
And besides… I’m a “security guy.” I am all for getting patches (aka “Updates” ) and have written many advice articles urging folks to thwart hacker vulnerability exploits and to keep their software updated; most recently, Learn to love the pop-up. If there’s a patch, I say “get it!”
XP Service Pack 3 is a fairly typical ‘pack’; it has “rolled into one” all of the critical security updates (aka “patches”) into one, as well as some of the optional ones (this is a real time saver if you ever have to re-install XP.. there have been hundreds of Updates released since SP2).
It also adds some new (to XP) “features”, but these are mostly (network) security-related and invisible to the user. While not exactly exciting, thrilling, or “cool”, you do want them.
As a bonus, you’ll find some performance gains as well.
[Note: IE 6– if you’re still using XP, and you’re also still using IE 6, XP SP3 will not force the upgrade to IE 7… though my personal feeling is it should. I will say it once again: IE 6 is the most hacked piece of software ever written, won’t you please, please (with sugar on top) stop using it? IE 8 is already here (in beta)..]
XP Service Pack 3 is also available for download here.
Microsoft’s Knowledge Base on system requirements, steps to take before you install, and troubleshooting the installation can be read here.
[Update 6/12/08: If you are having technical difficulties installing SP3, Microsoft is offering free support at 1-866-234-6020. Click here for more details/options]
[update: Please note that Norton has advised that if you are running a Norton Product, you should turn it off before installing SP3. For details, click here (and scroll down a little bit).]
Today’s free link(s): Kongregate is a Flash-based game portal featuring 4,407 different free games (scroll down to look at the different categories). Over four thousand! Check it out, and try a few.
Also– please read my friend Bill Mullins’ article on infected websites and false Search results. This is a “must read” if you use the Internet.. and, it concisely spells out what you can do about protecting yourself. Loyal Friends and True know that Mr. Mullins and I agree on a lot of things; click here to read the article and find out why.
Copyright 2007-8 © Tech Paul. All rights reserved.
post to jaanix
| Share this post : |  |
 |
|
|
|
|
|
 |
|
|
|
 |
• About Tech Paul
I am a Retired computer & network technician. I used to think the machines were pretty cool. Now I don’t.
They’re anything but.
I regularly posted how-to’s and tricks & tips and general computing advice here starting in 2007. (Use the Search tool to find answers. But be aware, many are rather dated.) Sometimes I answered (your) specific questions in an article if I believed the answer was generally helpful to “everyone”. All the writing you see was my own, typos and all. There always is/was an implied “IMHO” in what you see here.
Note: You are responsible for using this blog and its content. I am in no way liable for any losses caused by user error, viruses and/or other malware, hardware or software failure, or any other conceivable reason.
-
Say "thank you!" Buy Tech Paul a cup of coffee (and keep T4E ad free).
-
-
McAfee® Cybersafety Resource Portal, an online help center designed to assist victims of computer crime and provide information on how to avoid becoming a victim.
-
Subscribe to Tech--for Everyone by EmailRecent Comments
-
-
-
-
Also:
-
-
Tech - for Everyone 