First-ever smart phone botnet indicates mobile crimeware is coming of age

By | July 05, 2012

Posted in: Network Security Trends

The discovery of an apparent botnet comprising Android devices opens up yet another chapter in the developing march of mayhem in the smart phone world. More and more, we are seeing cyber criminals taking advantage of profit opportunities on mobile devices.

The first-ever mobile device botnet, reported more or less simultaneously by Microsoft’s Jerry Zink and Graham Cluley of Sophos is the apparent work of malicious Droid applications downloaded from unauthorized sites. Android, which has been somewhat notorious for the high number of malicious apps spawned on its platform, has been working diligently to track down and boot these bad actors from the Android Market in past months with initiatives such as “Bouncer,” which scans the Market for nasty applications. So the Android Market, while not quite as safe as the Apple Store, is a lot more reliable.

But there are unauthorized sites throughout the world that Android has no control over. If the site owner isn’t diligent, or doesn’t care about being diligent about what apps are uploaded, it is truly caveat emptor. Why do people go to these sites? For the most part, it’s for the same reason they go to file-sharing sites to download music, games and films — they prefer not to pay for them. Some people take the idea of a free Internet too literally and believe everything you can get on it should be free as well. So they will download knock-offs and almost as good apps rather than shell out the few bucks.

These sites are also popular in countries outside the English-speaking world, where folks are looking for variety of applications in their native languages. Hence it is not surprising that the Droid bots come from places like Chile, Indonesia, Lebanon, Oman, Philippines, Russia, Saudi Arabia, Thailand, Ukraine and Venezuela.

Increasingly, they are getting more than they bargained for in the form of malware. Zink and Cluley report that this particular botnet opens the victim Android’s free Yahoo Mail account and fires off spam. It’s typical pump-and-dump stuff, Zink notes, but the exploitation of a mobile devices on scale to launch the first botnet of its kind is what makes it interesting. This indicates that the sheer numbers of smart phones, which outstripped PCs in the world a while back, the popularity of the Android platform and the ability to upload and propagate malicious apps have all pointed to this development. Smart phone-based spambots won’t replace PC bots any time soon, but spammers have evidently concluded that there’s enough critical mass to recruit Droid-bots.

There have been other interesting developments in mobile crimeware this year. For example, in February, Symantec reported the appearance of polymorphic Android malware in malicious apps hosted on Russian  websites. Polymorphism is a popular technique used to evade antivirus detection. Server-side polymorphic techniques create a new version of the malware each time it is downloaded. The malware numbers are up, albeit far fewer than on PCs, for which millions of unique specimens are appearing annually, and mobile security is a high concern among enterprises, particularly from an access control and data protection perspective, as BYOD is fast becoming the norm in the workplace (“alas, poor BlackBerry”).



You May Also Be Interested In: