Feeds

Sophos downplays Android malware threat

Doesn't blend. Won't spread

SANS - Survey on application security programs

Updated Android users have little reason to fear an immediate onslaught of malware despite the demonstration of a rootkit-based attack at last week's Defcon conference, according to a leading anti-virus supplier.

Researchers at Spider Labs demonstrated proof-of-concept malware that could access messages and emails on an Android smartphone.

Chester Wisniewski, a senior security advisor at Sophos who attended the presentation, was underwhelmed.

He pointed out that the demo was carried out on an already jailbroken HTC Legend. And, crucially, the researchers at Spider Labs failed to explain how end users might be at risk from malware along the lines of the proof-of-concept tool developed by the Spider Labs team. "They developed a rootkit but there's no way to install it," Wisniewski told The Reg. "No method of propagation was demonstrated."

A spokewoman for Trustwave, parent firm of Spider Labs, explained that it was never the intention to develop a remote hack for the purposes of the demo. Even with a local hack plenty might be achieved as evidenced by the latest iPhone jailbreak exploit.

"The focus of the talk was the implications of a kernel level rootkit on a smart phone," she explained. "They chose Android in their research because it was Open Source and they could get access to many of the phone's kernel source code off the Internet. They did NOT develop a remote exploit for propagation because that was not the focus of the research."

"Exploits that would allow malware or a rootkit to be installed are discovered all the time. Just last week, someone discovered a flaw in iPhone PDF reader that allows a simple "jailbreak". With an exploit, all it would take is a rogue app armed with an exploit and a payload".

Droid bots

Sophos has yet to see any examples of Android malware in the wild. Two or three worms targeting jailbroken iPhone devices appeared last year but the attacks have not reappeared as carriers have learned lessons from the outbreak and applied improved security controls, such as filtering SSH connections.

The likelihood of malware migrating onto new platforms is one of the key themes of a review of the security landscape by Sophos, published on Tuesday.

Microsoft is likely to respond to the success of the iPad with the launch of its own tablet-style device. A tablet-ready version of Windows 7 is already well advanced but the technology is likely to inherit the security problems of its desktop cousins, even if Microsoft takes a "walled garden" approach to application delivery, according to Sophos.

Whether the security problems of full-blown Windows platforms will be sufficiently addressed on the new platform remains to be seen; but with the browser being based on Internet Explorer and Adobe apparently working hard on Flash integration for the new platform, malware problems seem inevitable.

The Sophos report (pdf) goes on to suggest that Linux-targeting mobile attacks are likely to increase as devices running webOS and MeeGo (Nokia’s plan for a new mobile platform) become more commonplace in the market. The point is made in passing, without any substantiation, and sits oddly with the attempts by Sophos to downplay the threat of Android-based malware.

The study also charts general trends in the mainstream (desktop) malware landscape. Sophos’s global network of labs received around 60,000 new malware samples every day in the first half of 2010, an average run rate of one new sample every 1.4 seconds per day every day. In the same period last year the rate was 40,000 samples per day. By that reckoning VXers have increased production by 50 per cent. Adobe came out a close second to Microsoft as hacker targets during the first six months of 2010, according to Sophos.

Booby-trapped websites and email in malware, which has returned as a hacker favourite over recent months, remain security menaces to businesses. Hackers often use vulnerabilities to plant malware or redirections to hacking portals on legitimate websites. These tactics - along with the prevalence of free hosting providers in Europe that offer minimum setup times to business and hackers alike - resulted in France, Italy and the Netherlands all joining the top ten of malware hosting countries since the start of the year.  United States (42.29 per cent) and China (10.75 per cent) remain the top two malware hosting menaces. ®

This story was updated to add comments from Trustwave

High performance access to file storage

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Putin tells Snowden: Russia conducts no US-style mass surveillance
Gov't is too broke for that, Russian prez says
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
Mounties always get their man: Heartbleed 'hacker', 19, CUFFED
Canadian teen accused of raiding tax computers using OpenSSL bug
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Heartbleed exploit, inoculation, both released
File under 'this is going to hurt you more than it hurts me'
Arts and crafts store Michaels says 3 million credit cards exposed in breach
Meanwhile, Target investigators prepare for long process in nabbing hackers
prev story

Whitepapers

SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.