the mobile malware problem - ecp · • new devices on the network eg. netbooks, mobile devices,...
TRANSCRIPT
The Mobile Malware Problem
Eddy WillemsSecurity Evangelist – G Data Security Labs
Director Security Industry Relationships - EICAR
• Security Evangelist at G Data:
Privately owned - Established 1985 in Germany (Bochum) – First Atari AV software
Security solutions for end users and companies
• Personally Involved in the industry since 1989
Introduction
• Worked as Senior Consultant/Anti-Virus Expert for several CERT-organisations
and commercial enterprises like Kaspersky Lab, Westcon(Noxs), etc
• Co-founder of EICAR
• Press officer at AMTSO
Some History:
The old days !
Some years ago
Virus
Spam
Worm
Trojan
Current threats...
The Number Game
About 70.000 new threats per day => +70.000.000 Threats/Malware
Under the Radar = Money is involved
Today’s Networks Lack
Boundaries
ContractorsContractorsContractorsContractors
TelecommutersTelecommutersTelecommutersTelecommuters• Internal/External network
• Individual Users connect from multiple
locations
• Managed/Unmanaged devices
Internet
ContractorsContractorsContractorsContractors
Mobile Mobile Mobile Mobile
UsersUsersUsersUsers
Network
WirelessWirelessWirelessWireless
UsersUsersUsersUsers
• Managed/Unmanaged devices
• Individual devices operate both inside the
network, and on public networks
• New Devices on the Network eg.
Netbooks, Mobile devices, etc
• Question: Who has an Android phone?
iPhone? Symbian? BlackBerry? Other?
• The first incidents:
• Liberty Horse Trojan Sept 2000
• Telefonica SMS Mailer Dec 2000
• 911 DoS SMS Mailer in Japan April 2001
• Flooder sending not wanted SMS Aug 2001
Mobile threats...
Going back to the roots
• Flooder sending not wanted SMS Aug 2001
• Phage destroys files on Palm Sept 2001
• Vapor Trojan Horse hides applications Oct 2001
• GPRS hack into 2.5G US network devices Nov 2002
• Nokia 6210 V-card Exploit Feb 25, 2003
• Siemens “%String” Exploit March 2, 2003
• AT&T SMS Trojan May 5, 2003
• First Symbian based Trojan Sept 2003
Cabir Phone worm
(2003)
• Only works on Series 60 mobile devices,
– Eg. Nokia 3650, 6600, N-Gage.
– Siemens, Samsung, Sendo en Panasonic
• UsesBluetooth too spread each 15-20 seconds
• You must accept the transmission
• You must accept the installation …
• Long term: battery drain
• Total: 27 families (f), 170 modificaties (m)
• Symbian: Flexispy, Comwarrior,…
• Windows Mobile: Brador and Duts
• Java 2 Micro Edition: RedBrowser
Some known malware (2006)
• Java 2 Micro Edition: RedBrowser
• => Not many mobile malware…
Spyware the other wave
eg. Flexispy
Huike 3D anti-terrorist
Story
40%
50%
60%
70%
SymbianiPhoneBlackberry
Global Market Share of Mobile OSpercentage for smartphones - 2007 to 2012 (e = expected)
Source: Gartner
0%
10%
20%
30%
2007 2008 2009 2010 2011e 2012e
BlackberryWin MobileAndroid
Fakeplayer
• Beginning of 2010
• SMS Trojan
• „Pornplayer“
• SMS are send 3x (mostly)
• 8+ variants• 8+ variants
– Different names/icon
– Different premium numbers
http://skamv.wordpress.com/2010/11/02/kiss/
• Android trojan
• Infected hundreds of thousands of
„Geimini“ Attack in
China
• Infected hundreds of thousands ofchinese Android smartphones
• Sended mobile data to servers
• Remote controlled as a botnet forcalls and text messages
DroidDream
• Steals information
• Drops more malware
• Download code from the internet • Download code from the internet
• Misuses 2 vulnerabilities in the Android OS ( patched already)
• Download updates
• Apps released under the names “Kingmall2010″,
“we20090202″ and “Myournet” with DroidDream attached >
Removed from the official Android Market, More than 50
Apps affected…
DroidDream Google’s
removal tool
Which is the real
tool?
ZITMO
Zeus In The Mobile
– Steals mTANs
– Target = Spanish (online) banks
– Replication via PC by Zeus botnet– Replication via PC by Zeus botnet
The Update Problem
Mobile MalwareSituation ...
End of the year ... > 800% increase = Android Malware
• The higher the marketshare the more interesting it becomes for the cybercriminal > money
• How easier the distribution of the malware the more interesting it becomes for the cybercriminal > via several channels, not only via official online Apps Markets/Shops
• Uncontrolled=better/attractive …. Android=Windows?
The Real Problem with Android
• Uncontrolled=better/attractive …. Android=Windows?
• The Permission problem
• Use of exploits are easy because updates of Android are not always easy to install…
• More possibilities in the future: more entrance/backdoor possibilities to spread other malware into businesses and corporates
THE FUTURETHE FUTURE
• Exponential rise of Malicious Apps => Mobile Malware• Mobile malware targetting Social Media / Mobile Payments(NFC) / Banking• Targetted attacks via Mobile Malware • Under the radar of the public ...
Another Secure Solution …:-)
Thank you! Questions?
Twitter: @EddyWillems