pyehouse
15Sep/110

Android Malware, Life Outside the Walled Garden

 

Android figure with malware critter embedded

Android malware is on the rise

There's a new instance of Android malware on the loose, targeting your SMS messages, intercepting them and attempting to use them for profit. It isn't the first instance of malware on the Android platform; there have been a number of apps posing as other innocuous, even useful, tools that harvested your data for less than honorable purposes. In fact, this latest incarnation of Android malware, named SpyEye, follows on the footsteps of Zeus, an Android version of desktop malware. TheRegister reports that Android malware exploits are set to rise precipitously over the next six months. In that same article, it is surmised that Google dare not "lock down" its applications for fear of developer reprisal, intimating that the problem won't be rectified with a "walled garden".

One Android Malware To Go Please

In contrast with Apple's "walled garden", Google has adopted what could be termed an "untamed jungle" approach. While there are multiple app stores with varying levels of vetting by the operator, there are ample methods for Android owners to download apps from any location fully on their own recognizance to determine the genuineness and safety of the app in question. This has several positive effects. First, the barrier to entry for developers is lowered as they can offer applications directly from their website without having to register and receive approval from a third party operator. Second, the user has a potentially larger pool of applications to draw from since apps that otherwise might have been rejected are now available (I'm looking at you PhoneStory).

There are downsides, too, though, as Android owners are finding out. When an app store operator vets an app, there is a much lower chance that it will be approved if it will adversely affect a user's device. There are quality checks made which wouldn't be outside of an app store environment. Of course, it helps if the app store operator has reasonable standards and a habit of enforcing them but any app store operator worth their salt is going to make the effort in order to preserve their reputation, else customers will bring their money to another app store that serves them better. Outside of these app stores though, anything goes. Without a formal vetting process in place, the bar is lowered for malware authors to infect users' devices.

Of course, not even Apple requires you to enter through their gates for all of their devices. End users can just as easily install apps from a developer's website on their iMac as any Windows user could on their PC. There is an App Store for OS X users, but it isn't required. It offers a degree of comfort, of safety, but isn't the only way. Users are left to fend for themselves. But the argument that Google would necessarily lose developers if they chose to lock down Android is without merit. Apple took some heat for what was perceived to be a strong handed approach in terms of what apps were allowed to do but seems to be doing quite well in spite of this. Even when Android first arrived and all of the comparisons of openness vs not-so-openness were cropping up, Apple has still done very well. Developers did not leave the platform in droves. Apple's world did not end. So it's not the openness, per se, that Google fears. Rather it's that they have hyped it so much they can't back down now. They've worked to convince everyone that they champion openness, and the free distribution of Android apps outside of an app store is a major part of that campaign, that any backing down now would seem like a retreat of sorts. And that, Google can't have.

30Aug/110

Malware .. Plague of the Internet

So you think you may have become infected with malware (that is, a virus, a trojan, a keylogger, a rootkit or any other number of bits of malevolent software). First off, realize that many types of malware can be cleanly removed. The counterpoint to that is that not only are other types extremely hard to get rid of, they can even confound anti-malware kits you might have installed or are considering installing to clean things up. Sometimes the safest approach might even be to physically remove your infected hard drive and connect it as a passive drive on another clean machine with cleanup tools which can then work with the infected drive without actually fighting against the malware installed on it.

Here are some sites with some apps that can help:

http://www.gmer.net - this site contains three tools:

  • GMER itself does very thorough scans and can attempt to clean some types of malware (they recommend that you rename it to something random before running so as to disallow malware on your system from trying to halt its execution)
  • catchme, which tries to detect whether you have a rootkit running
  • mbr, which tries to detect whether you have a MBR (Master Boot Record) infection, one of the thorniest types of malware to clean because you can’t (normally) clean it while booted up from the infected drive

http://support.kaspersky.com/viruses/solutions?qid=208280684 - this site links to Kaspersky’s TDSSKiller application which can disinfect certain rootkits

http://www.bleepingcomputer.com/download/anti-virus/combofix - this site links to ComboFix, an application that is updated regularly to find and eliminate a variety of malware infections. The warnings indicate you should only run it when you are told to do so by the helpers at bleepingcomputer.com so take it with a grain of salt

http://www.malwarebytes.org/ - this site links to MalwareBytes’ Anti-Malware (aka MBAM) which with the free version can do after-the-infection cleanup in some cases, but they also have a paid version ($25/yr) which tries to actively prevent infections.

http://download.bleepingcomputer.com/grinler/unhide.exe - this application is used to unhide your start menu and folders after certain applications hide them in an attempt to make you think your machine was damaged and that the malware can fix it if you provide a credit card number.

This list is by no means exhaustive. There are other tools available as well. More importantly these tools are explicitly NOT antivirus tools along the lines of Symantec, Security Essentials, Sophos, Avast and others. With the exception of MBAM, they don’t have a resident mode to monitor your machine to try to prevent outbreaks or instantly clean up infections in real time. They are mostly intended to clean things up when requested. And nothing replaces contacting an actual computer support technician to have a look. Additionally these tools are typically updated frequently to respond to the most recent outbreaks. This means you shouldn’t just download a copy and expect it to be equally effective six months down the road.