Slashdot Mirror

← Back to Stories (view on slashdot.org)

Symantec Identifies Android Trojans That Mutate With Every Download

Posted by samzenpus on from the learning-at-a-geometric-rate dept.

angry tapir writes "Symantec researchers have identified a new premium-rate SMS Android Trojan that modifies its code every time it gets downloaded in order to bypass antivirus detection. This technique is known as server-side polymorphism and has already existed in the world of desktop malware for many years, but mobile malware creators have only now begun to adopt it."

97 comments

  1. New movie by X.25 · · Score: 3, Funny

    X-Men: Androids

    1. Re:New movie by SJHillman · · Score: 3, Funny

      Teenage Mutant Ninja Androids

    2. Re:New movie by Ihmhi · · Score: 1

      The Toxic Android?

      --
      Random Thoughts From A Diseased Mind (Not For Dummies)
    3. Re:New movie by bonch · · Score: 0

      This technique is known as server-side polymorphism and has already existed in the world of desktop malware for many years, but mobile malware creators have only now begun to adopt it.

      "mobile malware" = Android malware

    4. Re:New movie by Tyrannosaur · · Score: 0

      3rd post and its a fanboi. Thank you. http://www.tomsguide.com/us/iOS-Apple-iPad-iPhone-malware,news-13122.html

      It exists. Might be less, maybe even much less, but it's there.

    5. Re:New movie by Anonymous Coward · · Score: 0

      No, you don't understand. He's implying that, as all Apple-related stuff is always more advanced, iOS malware creators innovated server-side polymorphism (aka cloud polymorphism) before, and the "mobile malware creators" referenced in TFA are just Andorids copycatting from glorious Apple.

    6. Re:New movie by Anonymous Coward · · Score: 0

      Don't forget his buddies Lard Android and Sgt. Kabukiandroid NYPD!

  2. Avast runs fine thanks... by ewanm89 · · Score: 4, Funny

    I do not need Norton Mobile, Avast is cheaper and just as good, so Symantec, stop using your fear tactics for advertising.

    1. Re:Avast runs fine thanks... by Anonymous Coward · · Score: 0

      Anti-virus for a phone? That is so fucking stupid it's untrue. Guess that's why they call them smart phones.

    2. Re:Avast runs fine thanks... by Anonymous Coward · · Score: 2, Insightful

      If your running Anti-virus on a your phone, you've already lost the game...

    3. Re:Avast runs fine thanks... by Anonymous Coward · · Score: 0

      You get what you pay for so think about why your still getting those pop-up porn ad's.

    4. Re:Avast runs fine thanks... by ewanm89 · · Score: 1

      https://market.android.com/search?q=antivirus&c=apps -- 1000+ results says otherwise. I think all the major antivirus vendors have an android version now. Finally usually it's not just antivirus but antitheft and firewall too.

    5. Re:Avast runs fine thanks... by ewanm89 · · Score: 1

      Avast and Norton Mobile aren't just antivirus, but firewall and anti-theft (if simcard changed it sends of GPS coordinates and stuff, doesn't protect if someone knows how to factory flash, but how many people who nick phones understand how to use fastboot or odin).

    6. Re:Avast runs fine thanks... by ewanm89 · · Score: 3, Informative

      Considering I don't get popups to start with. And lets look at every study done on desktop antivirus solutions and you'll find Avast and AVG tend to come pretty high up the list in hit rate and lack of false positive rate (I also think at last check avast had the fastest on access scanning).

    7. Re:Avast runs fine thanks... by JasterBobaMereel · · Score: 1

      Norton Mobile, slow you phone down and annoy you, for a cost, to protect yourself against stupidity...

      How many viruses can infect my phone if I never download the crapware that they need to do this ...Dancing Bunnies do not interest me

      --
      Puteulanus fenestra mortis
    8. Re:Avast runs fine thanks... by Anonymous Coward · · Score: 0

      I use iOS, where there have been zero malware incidents.

    9. Re:Avast runs fine thanks... by Anonymous Coward · · Score: 0

      and I bet it runs constantly and drains your battery life in a matter of hours.

    10. Re:Avast runs fine thanks... by Skapare · · Score: 1

      ... and there a zero apps directly from the community.

      --
      now we need to go OSS in diesel cars
    11. Re:Avast runs fine thanks... by L4t3r4lu5 · · Score: 4, Insightful

      And independent testing proves they're mostly pretty useless.

      As with all things, only install apps from trusted sources, don't click accept on every pop-up box, and check the permissions requested are consistent with the functionality of the app. The same as with any other application on any other OS.

      --
      Finally had enough. Come see us over at https://soylentnews.org/
    12. Re:Avast runs fine thanks... by mwvdlee · · Score: 1

      And zero anti-malware products to notice them even if there were malware incidents.

      --
      Slashdot social media options: AIM, ICQ, Yahoo, Jabber and Mobile Text. Why no MySpace?
    13. Re:Avast runs fine thanks... by ewanm89 · · Score: 1

      Do that to, and about as useless as their desktop versions finally Avast and AVG are new since those tests have been done. Just cause your girl is on birth control no harm in still using a condom.

    14. Re:Avast runs fine thanks... by cgenman · · Score: 1, Informative

      While reasonably rare, iPhone viruses and malware do exist in the wild.

      http://techfragments.com/news/982/Software/Apple_iPhone_Virus_Spreads_By_SMS_Messages.html
      http://www.tomshardware.com/news/iphone-virus-botnet-bank-details,9136.html
      http://www.mactrast.com/2010/07/iphone-virus-discovered-be-vigilant-and-seek-advice/
      https://discussions.apple.com/thread/3573755?start=0&tstart=0

      --
      The ______ Agenda
    15. Re:Avast runs fine thanks... by Rockoon · · Score: 1

      Dancing Bunnies do not interest me

      Famous last words?

      If you have one of these smart phones then you've already fallen for some dancing bunnies, because right now these smart phones are full-on 1984. I know its a deductive 1984, but its still 1984.

      --
      "His name was James Damore."
    16. Re:Avast runs fine thanks... by Anonymous Coward · · Score: 0

      What's your point? Just because those apps exist does not mean they are useful

    17. Re:Avast runs fine thanks... by mcgrew · · Score: 1, Troll

      You get what you pay for

      That's a lie propagated by marketers to get you to spend three times on a bottle of Alieve what you'd pay for the exact same drug ins a generic bottle. Buy Alieve and you get 1/3 of what you pay for.

      I see you still use Windows. Linux is a superior OS in most ways, yet it is entirely free. What are you paying for when you buy a boxed copy of Windows? A pretty box? No, you do NOT always get what you pay for. Often you pay for a lot more than you get.

      so think about why your still getting those pop-up porn ad's.

      Well, I see why you're getting them.

      --
      Free Martian Whores!
    18. Re:Avast runs fine thanks... by Canazza · · Score: 2

      I prefer "If you don't want to catch AIDS why are you sticking your hands in that bag of used syringes?"

      --
      It pays to be obvious, especially if you have a reputation for being subtle.
    19. Re:Avast runs fine thanks... by tripleevenfall · · Score: 1

      Do I need to run the iOS version?

    20. Re:Avast runs fine thanks... by ewanm89 · · Score: 1

      Obviously you don't know how jailbreak.me worked...

    21. Re:Avast runs fine thanks... by BasilBrush · · Score: 3, Informative

      http://techfragments.com/news/982/Software/Apple_iPhone_Virus_Spreads_By_SMS_Messages.html
      http://www.tomshardware.com/news/iphone-virus-botnet-bank-details,9136.html
      http://www.mactrast.com/2010/07/iphone-virus-discovered-be-vigilant-and-seek-advice/
      https://discussions.apple.com/thread/3573755?start=0&tstart=0

      1) A vulnerability with a demo. There was never any malware written to exploit it, and as it was long since fixed, there never will be.

      2) Only affects jailbroken iPhones.

      3) You're the victim of an APRIL FOOL! From 2 years ago!
      http://vimeo.com/10587301

      4) Is nothing more than a user with a problem and no tech knowledge blaming his problem on a virus. There is no virus.

      While reasonably rare, iPhone viruses and malware do exist in the wild.

      No they don't. At least not on non-jailbroken iPhones.

    22. Re:Avast runs fine thanks... by dave420 · · Score: 1

      It used to be possible to jailbreak an iPhone/iPod using a single website, so I guess your "No they don't" is not as certain as you might imagine.

    23. Re:Avast runs fine thanks... by hairyfeet · · Score: 1, Offtopic

      Except if anybody actually followed your advice we wouldn't have desktop viruses either now would we? We've been handing out that same fucking advice for 30 damned years and it STILL DON'T WORK because all the malware writer has to do is wave the right cookie in front of their faces true story:

      For the first time ever I had to throw someone out of my shop and threaten to call the cops if he didn't GTFO, all because a machine I had sold him was infected not 24 hours later and he was demanding i replace it for free. So did I hand him a machine with no updates? No AV protection? Nope he wanted when he was looking at the machines for me to install "the new limewire" and I told him "Look man, that program hasn't existed in a couple of years, the feds shut it down and that whole network is nothing but viruses and pornbugs now. If you'd like me to install a Bittorrent client there are several to choose from and I'll download you a tutorial video so you can learn how to use it" but he passed. So what did he do? The SECOND he got home he Googled "the new limewire" and when the AV wouldn't let him install it first he disabled it then when he couldn't disable it enough to let the malware run he uninstalled the AV. His last words when I threw his dumbass out of my shop were "Its says new limewire right there, you make it work!" stupid fuck. His "new limewire" was a trojan downloader that not only turned it into a spambot but landed over 150 viruses and malware which were doing everything from fighting with each other to infect every file on his system to clickjacking.

      And THAT is why your idea won't work friend, because it requires common sense that sadly is so rare nowadays it might as well be a damned superpower. They could have placed the .exe for "the new limewire' in the middle of a life size picture of Goatse with "here it is LOL dumbass" written right above it and it wouldn't have mattered, he wanted limewire and no feds or common sense was gonna keep him away from having it dammit! All you have to do is replace limewire with porn codec, cool screensaver,letter from a Nigerian price, chance to win an iPad/iPod, and voila! You will have a HUGE section of the population that will happily ignore your common sense and will in fact be quite hostile to it.

      --
      ACs don't waste your time replying, your posts are never seen by me.
    24. Re:Avast runs fine thanks... by BasilBrush · · Score: 1

      That's not a virus or malware.

      I understand what you're saying. That there have been vulnerabilities, and therefore you'd expect at some stage for some virus or malware to take advantage of one. And of course that possibility does exist for the future.

      But it's not happened as yet. So as I say, they're not "rare", they're non-existant.

    25. Re:Avast runs fine thanks... by Flaming+Troll+Shill · · Score: 1

      bottle of Alieve

      You getting them too?

    26. Re:Avast runs fine thanks... by hairyfeet · · Score: 2

      Most likely he doesn't want to play hardware roulette or keep a second machine with a different OS for Googling why the first machine crapped itself when some DE dev decided he didn't like the way things were and caused his video to take a crap, or the PukeAudio guys gave him a Goatse. There was a time, around 06-07, when i would have supported you on that McGrew but Canonical has done infected the ecosystem with "Lets throw everything out and add more bling! Blingapaloza baby yeah!" and now if anything Linux is more unstable than a bog standard Windows. Oh and before anybody says Debian, that's a workstation OS and about as designed for home users as an HPC server makes a good phone OS. Its support for the stuff you buy in walmart is non existent and its plug and play sucks. you had better REALLY know what you are doing before you make Debian stable your main OS or be ready for pain.

      Now as for AV I agree completely, in fact with a few simple tools I am able to make a modern Windows machine pretty much dumbass proof. How? Simple replace IE with Comodo Dragon with ABP, that gives them a low rights mode browser that blocks the nastier ads which is the biggest source of drivebys, add Avast Free or Comodo CIS, both free and which have default sandboxing and scan before load for all webpages and new code. I've been using avast for home users and Comodo for businesses but i'm starting to use Comodo for home again because they have made it less "chatty" on initial setup which used to scare new users, and finally if I want it so nothing other than hardware failure is gonna break that sucker Comodo Time Machine set to do a daily snapshot. With CTM if their kid gets on and manages to pwn a machine so bad it can't even boot all they do is click the home key on start and voila! takes less than 15 minutes to get them back before the trouble. you can even tell it to pay extra attention to certain folders like my pics so they don't have to worry about losing that pic of grandma if they go back.

      Now how much time does that take me to setup Mcgrew? Thanks to Almeza Multiset which i got free from Giveawayoftheday.com it takes less than 20 minutes and a grand total of 2 clicks, one to launch the automated installer, the other to click the "yes you can reboot now' button. Compared to the 4 and a half hours i spend on the forums trying to figure out why the last upgrade took a giant dump on my sound and left me nothing but static there really is NO comparison. Quick, where is the list that will tell me EXACTLY which devices sold in walmart are supported under distro X? Most of the lists are badly out of date IF you can find them, and if you DO find a device all you get is a cryptic "Distro S, version number, kernel foo" which might as well be in Chinese for home users. With Windows all they do is look for the Winflag as every device comes with support for XP/Vista/7 by default and frankly most don't even need a disc now, Windows Update will install the drivers when you plug it in.

      So while it is pointless to pay for AV it is NOT pointless to pay for Windows. Linux is ONLY for those with the skills to do a systematic step by step troubleshooting diagnosis on error, thanks to Torvalds thinking his shit don't stink and that he is smarter than every other OS developer on the planet the driver situation has gotten so bad users will honestly tell you "Just do a clean wipe and reinstall' which is something they made fun of Windows for back in 05. which wouldn't be bad if we were talking once a decade but the max support is five years IF you plan your installs and sales around LTS, but who the fuck can do that other than enterprise buyers? I have machines in the field going on 9 years with ZERO need for reinstall or even tweaking, that's two service packs, countless updates and ZERO broken drivers. Linux is still too unstable and everything from DE to sound to kernel has been going through rapid and major changes the past 5 years. And in Linux you have the choice: Bleeding edge or no support for modern hardware unless you can c

      --
      ACs don't waste your time replying, your posts are never seen by me.
    27. Re:Avast runs fine thanks... by CharlyFoxtrot · · Score: 1

      The bigfoot argument:
      "No one has ever seen one"
      - "Well, that doesn't mean they don't exist"

      --
      If all else fails, immortality can always be assured by spectacular error.
    28. Re:Avast runs fine thanks... by dave420 · · Score: 0

      So until something that is already demonstrably possible, clearly worthwhile, and very well understood is spotted in the wild, it's safe to assume they don't exist? That's not really how security works...

    29. Re:Avast runs fine thanks... by madmark1 · · Score: 2

      Why, I believe you are right, Ubuntu IS the only Linux distro available now. I thought there were more, that didn't involve Canonical at all, but after absorbing your wisdom, I went and looked, and sure enough, all gone! Red Hat, Mint, Fedora, Arch... Gone!

    30. Re:Avast runs fine thanks... by BasilBrush · · Score: 1

      So until something that is already demonstrably possible, clearly worthwhile, and very well understood is spotted in the wild, it's safe to assume they don't exist?

      You're in the realm of big foot, the yeti and the loch ness monster there. Sure, they're theoretically possible. But you'd expect someone to have found evidence for them by now.

      Malware does some harm, or at the very least spies on people which requires sending information over the network. Either of these things would have been spotted by now.

      They've certainly had no problem spotting malware on Android!

    31. Re:Avast runs fine thanks... by dave420 · · Score: 1

      No, it's one basic aspect of the pragmatic approach to security.

    32. Re:Avast runs fine thanks... by JamesP · · Score: 1

      I really wonder what's all the crap people download for mobile phones that's infected

      People don't need an Anti-Virus they need a Brain (and a secure OS)

      --
      how long until /. fixes commenting on Chrome?
    33. Re:Avast runs fine thanks... by pclminion · · Score: 1

      you've already lost the game...

      I see what you did there... AC bastard!

    34. Re:Avast runs fine thanks... by Anonymous Coward · · Score: 0

      You've already been fooled if you think Android avast / norton mobile does firewalls.

      No application can intercept another's Internet traffic without being rooting. There's no permission for that.

    35. Re:Avast runs fine thanks... by hairyfeet · · Score: 1

      The fallacy you are trying to invoke has a name and its called Use Distro X and if you are gonna use BS that is so old it has its own meme, please use meme repo to invoke it, thanks. Use distro X is a fallacy because there is really only 3, with different levels of crap thrown on top, they are Slax, Debian, and Red hat, that's it. Everything else is based on those and to date i've tried over 14 "user friendly" distros and found use distro x is as much bullshit as telling someone who is looking at a black screen of death in linux to reboot. it does nothing, its pointless, thanks for wasting our time with your pointless flag waving. hell you don't even have the guts to name which distro x, just some mythical one that works. yep, bullshitter.

      --
      ACs don't waste your time replying, your posts are never seen by me.
    36. Re:Avast runs fine thanks... by Anonymous Coward · · Score: 0

      I dunno if you're using "Slax" as an abbreviation for slackware, or you're talking about the slackware-derived distro of that name. If the former (as I expect), be aware of the latter, and maybe avoid that abbreviation in the future to avoid confusion. If the latter, there's still slackware itself, and the majority of distros based on it are not Slax derivatives (in fact, there's slightly more Slackware->SuSE->x than Slackware->Slax->x).

      Then there's Gentoo, Arch, and some less popular ones, which are independent of the big three. They're also *singularly* bad choices for saying Use Distro X, as anyone with the skills to succeed with them (a) already knows about them and (b) can also succeed with whatever distro they use work, but they do exist.

      Anyway, I disagree with your suggestion GP is actually saying Use Distro X, he's responding to your claim that "Canonical infested the ecosystem" by completely misunderstanding you as "Canonical infested Ubuntu", and suggesting Ubuntu's not the only game in town (which of course you knew -- do these fools really think they're the only one who's heard of non-Ubuntu systems?!). Where (to me) it's clear you mean that every distro attempting to be user-friendly is taking cues from Ubuntu, thus deteriorating in the same way. So it's just pitifully bad reading skills (which, you gotta admit, is a time-honored tradition on /.), not trotting out the tired claim* that "my distro" will fix everything.

      Don't ask me which is worse... ;)

      *Note: I will rarely (twice to date) tell someone Use Distro X -- where X = "Arch, or slackware, but I recommend Arch". I've only done this for people who I know have the requisite skills (as proved by their success bending SuSE and Ubuntu, respectively, to their wills), but they don't realize they've learned that much, and are still holding to a "user-friendly" distro even though it's now just getting in their way.

    37. Re:Avast runs fine thanks... by madmark1 · · Score: 1

      Oh, I understood you just fine, and there is nothing wrong with my reading skills. I run linux just fine, every single day, on 9 different systems. I have no problems with any of them. The fact that you can't seem to get one to do anything but crash, or don't like the add-ons some companies have put forward, doesn't in any way make linux a less viable option. I imagine it's a problem with you, in particular, given the challenges you obviously also face with things like punctuation.

      Thanks also for wasting our time with your bullshit anecdotes about how nothing in linux works, and all distros are crap.

    38. Re:Avast runs fine thanks... by hairyfeet · · Score: 1

      Tell me which mean were you intending to invoke, was it works for me or works for me at home it does really because it really would help if you would just point to which meme you are gonna sling. Personally i think they ought to just number them, then you can say 'i'm gonna call a number 4, followed by a 6 and a 19" and call it a day.

      You want something besides anecdotes? be careful what you wish for because you just might get it friend. BTW if your OS wasn't broken why did ASUS abandon it? could it be the the insane return rate from people buying your shit and finding it be broke? how do you answer the fact that dell has to run their own repo, even though they only offer Linux on a teeny tiny amount, because otherwise the deathmarch upgrades shit all over the drivers?

      The simple answer is you can't, you can't and you won't because that would mean stopping all the koolaid guzzling and admitting the dirty little secret of FOSS, and that is the driver model is shit. Its shit because Linus Torvalds doesn't care if its shit and has said there will NEVER be an ABI, even though Solaris, BSD, OSX, Windows and every other OS that is NOT Linux has one. Do you HONESTLY believe Linus is smarter than every single OS designer in the world? arrogant much? Oh and please post that bit from one of the kernel devs against ABIs because i don't have that cultist rant bookmarked yet, thanks. When the guy goes so far as to say 'I hope anybody who uses non free drivers has their devices break often!" he has ceased being a developer and became a FOSSie, which like Moonies only accept "the one true way" all bow before the smelly feet of RMS.

      But if you'd like more examples, please just ask, 5 minutes in google and i can wallpaper this page with link after link saying the same thing I am, your shit be broke yo.

      --
      ACs don't waste your time replying, your posts are never seen by me.
    39. Re:Avast runs fine thanks... by mcgrew · · Score: 1

      I get everything generic. Even the arthritis I take naproxin for is generic!

      --
      Free Martian Whores!
    40. Re:Avast runs fine thanks... by madmark1 · · Score: 1

      Yes,and I could wallpaper this page with link after link saying it isn't. Once again, the fact that you can't get it to work doesn't mean others can't. Linking to a joke site certainly proves your point though, thank you for that. I'm sure that clears it up for everyone. Oh, and here's another hint for you genius, the same thing holds true for Windows.

      The link to theinquirer.net also certainly proves your point. Dell shipping a laptop with non-functioning drivers or software (and really old software at that) is certainly Linus's fault, cause everyone knows Dell would never even be ABLE to do that with Windows, right? Like here or here or, say, here.

      As for Asus, the first article you linked explains exactly why they 'abandoned' Linux. To help you out, since reading that much text must really be hard, I'll repeat it here: “People bought the original seven- and eight-inch Eee PCs for a computer to give to the kids,” Kerr said seriously.

      The last article is even funnier. Did you even read it? Did it say anything about linux being broken? Bad drivers? Things not working? Nope, none of those. Why are return rates so high? Again, let me paste it in, since reading is so challenging for you:

      “Unclear selling is happening, typically online. The customer will get their netbook sent to their home and they imagine to find something like a Microsoft desktop, but they see a brown Ubuntu version. They are unwilling to learn it and they were expecting to have Windows.” Carr stressed that, in these cases, it doesn’t even matter how good or bad the Linux OS is. These customers just don’t want to try something new.

      So it turns out, the return rate is so high because folks like you are too lazy or stupid to even give something a try. Go figure.

      In the future, if you want to prove how the driver model is broken, or it crashes constantly, or the entire thing is 'shit', you might want to actually find some supporting articles that say that, and not something else. It's how people do this whole 'debate' thing. Argue their side, provide supporting evidence...

      Just for the record though, no, I don't think Linus is 'smarter than every single OS designer in the world'. I do think he's a pretty brilliant guy (when did you write your last OS?), and I think the other THOUSANDS of people who work on, and contribute to, the Linux kernel are also by and large pretty bright guys. Brighter than you, certainly. Just the fact that you think Linus is the only person controlling kernel development proves that.

    41. Re:Avast runs fine thanks... by mcgrew · · Score: 1

      Most likely he doesn't want to play hardware roulette or keep a second machine with a different OS for Googling why the first machine crapped itself when some DE dev decided he didn't like the way things were and caused his video to take a crap, or the PukeAudio guys gave him a Goatse.

      You don't need a second machine, you can install dual-boot. I'd not wipe the OS that came with the machine unless it was ruined beyond repair; say, you've installed too much new hardware and Windows thinks you're a pirate. When I slap Linux on the Acer, Windows will still be there.

      if anything Linux is more unstable than a bog standard Windows.

      Windows has gotten pretty stable, but I don't understand why you're having instability problems with Linux. What's crapping out on you?

      Thanks for the tip on Comoto, there are a few follks I know that sorely need it. The Windows box is running AVG Free, I haven't tried Avast. Which one bogs the machine down more? AVG Free is pretty acceptable.

      So while it is pointless to pay for AV it is NOT pointless to pay for Windows.

      Windows comes with the computer, but you would actually shell out that hundred bucks for a boxed copy to upgrade? Especially when newer versions of Windows won't run well or at all without a new machine?

      Linux is ONLY for those with the skills to do a systematic step by step troubleshooting diagnosis on error

      In my experience, that's Windows (at least up to XP, haven't had any problems with 7 except its lack of useability). Back around 2004 or so when the Sony XCP rootkit hit, my daughter installed the damned rootkit never believing that a company like Sony would deliberately vandalize a computer. Win 98 was getting long in the tooth, I'd lost the driver disks in a move, and I couldn't get better than 640x480 video and no audio. So I shelled out $125 at Best Buy for XP, since the Linux video drivers for my video card wouldn't display on the TV with the S-Video (it's working fine now, using the same card in a different machine, someone must have fixed the drivers).

      But the audio still wouldn't work in XP. I broke down and spent another hundred bucks on a USB Sound Blaster box (which wouldn't work in Linux) and wiped Linux.

      I set it all up, reinstalled all the software, and set it for automatic updates. But there was a problem -- Windows refused to run the CD burning software that had come with my burner, saying it made the system unstable. Odd, I'd used that program for years with no instability. But it refused to let me uninstall it and on every boot (which was as I was installing software) I'd get that annoying balloon telling me that it had disabled the software. I was set to wiipe the drive again and re-reinstall XP.

      The next morning I had no internet access. The tech at the cable company thought my LAN chip must have gone out because he could see the card but I couldn't see the network. I tried a new cable thinking maybe that's it... nope. I was ready to wipe the drive to excise the program that windows would neither run nor remove any way, so I thought I'd redo the machine before buying a LAN card (hell, that's only ten or fifteen bucks).

      When I reinstalled Windows, I had network access again!

      The next morning the internet no longer worked. Again. It turned out the Windows had replaced a perfectly good LAN driver with one that didn't work at all!

      If you're installing dual-boot on a wiped drive, you must always install Windows first. Windows doesn't work or play well with other (deliberately, I believe). And don't just install Linux blindly -- these days, every distro I've seen's install CD lets you try it out before you install, running from the CD, so you can see beforehand if there will be problems.

      I'm working on an old Dell for a friend, it has the Windows XP and driver disks, but I can NOT get the sound to work on that sucker. Getting networking to work was a PIA as well, but I was finally able to get that driver from the internet. No luck finding

      --
      Free Martian Whores!
  3. Turn it off! by ArcherB · · Score: 5, Informative

    I had my carrier, Sprint, turn "premium rate" text messaging off completely. My phone is clean, but I don't have to worry about it anyway.

    Also, it's worth noting that these guys don't need a virus to charge you for this stuff. About 2-3 times a year, I would get some charge on my bill from a joke line, horoscope line or whatever that I never signed up for through text messaging or any other way. The last time it happened, I explained to the customer service rep that I would never use this type of service and she suggested that I block it. I have not had another charge since.

    --
    There is no "I disagree" mod for a reason. Flamebait, Troll, and Overrated are not substitutes.
    1. Re:Turn it off! by Aladrin · · Score: 4, Interesting

      This is my only complaint about T-Mobile's customer service. The only way to block this is to pay $5/month and then micromanage your lines. -sigh-

      I had this problem with my father's line. He somehow got signed up for all kinds of garbage, and we didn't figure it out until later. (Really gotta watch that bill better.) They reversed a few months' charges, but they're only willing to go back so far. (I don't blame them, there.)

      But I did expect them to help me prevent the charges in the future, without me paying for the service.

      --
      "If you make people think they're thinking, they'll love you; But if you really make them think, they'll hate you." - DM
    2. Re:Turn it off! by Amouth · · Score: 1

      they shouldn't be able to charge you to block that "feature" from use.. i'd call them out on that..

      --
      '...if only "Jumping to a Conclusion" was an event in the Olympics.'
    3. Re:Turn it off! by azalin · · Score: 1

      Simple solution? Go for the money and this will disappear.
      Any company setting up a premium number must sign a lot of liability clauses in their contract. No money is transferred to the company right away for any premium number. They get a "payment received" messages, but the money itself is frozen for at least 2 months, either with the carrier or an accredited payment service provider. If reports of abuse come in, this period is extended. If to many complains come in, all transfers to this company are frozen and an investigation is launched.
      Most of these schemes work, by grabbing as much as they can before they are noticed. Then it's run with as much as you can.
      The idea could probably use some more work, before actually being useful, but I think the basic concept should be fine. The bad news is, that telco carriers probably won't do this without a push from new legislation/regulation.

    4. Re:Turn it off! by Skapare · · Score: 1

      It should just a be a flag on the account "this account is not eligible for outside service billing". All outside billing would be rejected to those doing the billing (and then it's up to them to not provide those services for the legitimate services). Whether on or off, it only takes 1 bit.

      --
      now we need to go OSS in diesel cars
    5. Re:Turn it off! by L4t3r4lu5 · · Score: 1

      The only way to block this is to pay $5/month and then micromanage your lines.

      Wrong. You also have the option of leaving T-Mobile.

      --
      Finally had enough. Come see us over at https://soylentnews.org/
    6. Re:Turn it off! by jbeaupre · · Score: 1

      and 40 bits/month.

      --
      The world is made by those who show up for the job.
    7. Re:Turn it off! by Anonymous Coward · · Score: 0

      You can call and ask for it and they will do it.

      Have you ever tried actually *calling* tmobile, dumbass?

    8. Re:Turn it off! by Anonymous Coward · · Score: 2, Funny

      You can call and ask for it and they will do it.

      Have you ever tried actually *calling* tmobile, dumbass?

      I'm sure he called them a lot of things, but it didn't help. :-)

    9. Re:Turn it off! by Aladrin · · Score: 1

      Yes, I spoke to them on the phone about this.

      --
      "If you make people think they're thinking, they'll love you; But if you really make them think, they'll hate you." - DM
    10. Re:Turn it off! by Anonymous Coward · · Score: 0

      Thank you for subscribing to Cat-Facts...

  4. notnews by Cyberax · · Score: 4, Informative

    So they've discovered polymorphic viruses? You know, like in good old days of DOS where viruses were real viruses and not simple worms.

    http://en.wikipedia.org/wiki/Polymorphic_code

    1. Re:notnews by gl4ss · · Score: 4, Interesting

      it's not as elegant as polymorphic on it's own virus. it's server side generated, the server adds some randomization to the code changes classnames, adds'/removes unneeded code and then builds a new package. meaning the signature changes. Now, it's perfectly possible to build a binary and a new package _on_ device too, it just doesn't seem that any malware does it, polymorphic on device _and_ spread through bluetooth would be newsworthy I'd think(it needs the victim to press yes about 3 times and to open the file though - and the user to keep bt on too.. as it happens, you can't on android keep just the handsfree parts of bluetooth on, if you got bt on then obex is on, but you'll still need to accept the incoming files as said).

      --
      world was created 5 seconds before this post as it is.
    2. Re:notnews by Anonymous Coward · · Score: 2, Funny

      it needs the victim to press yes about 3 times and to open the file though - and the user to keep bt on too..

      No problem; to see cute bunny, press yes 3 times.

    3. Re:notnews by gl4ss · · Score: 1

      it needs the victim to press yes about 3 times and to open the file though - and the user to keep bt on too..

      No problem; to see cute bunny, press yes 3 times.

      I was thinking more along the lines of "psst. are you available??? ;)". would work wonders.

      --
      world was created 5 seconds before this post as it is.
    4. Re:notnews by azalin · · Score: 1

      it needs the victim to press yes about 3 times and to open the file though - and the user to keep bt on too..

      No problem; to see cute bunny, press yes 3 times.

      I was thinking more along the lines of "psst. are you available??? ;)". would work wonders.

      The proud people of slashdot would never fall for that. Even if a few might actually think that it would be genuine, those would probably faint from hormonal overload on the spot.

    5. Re:notnews by martin-boundary · · Score: 2
      Sounds complicated and fairly limited. They'd be better off encrypting the package, and using a salt that changes with each download. That'd work really well for dumb filters that match binary signatures.

      polymorphic on device _and_ spread through bluetooth would be newsworthy

      Does bluetooth transmit processes for running remotely? The way viruses worked in the ol' DOS days is that the front section of an executable file was overwritten and the virus code was appended at the end of the file. Then instead of the OS loading the program straightaway, the virus code was loaded, which then loaded the program seamlessly.

      That kind of thing wouldn't really be possible with data sent over the network, unless it was directly executable code on the target machine. With current client/server specializations (consumer device == always client, company hardware == always server), a virus couldn't spread far unless it could inject executable code both ways, from client to server and from server to client.

      I guess server to client is the easiest, it could be injected javascript in an infected web page. But client to server would require an exploit, and then figuring out where to put the malicious code so that it shows up on the next client's web browser.

    6. Re:notnews by gl4ss · · Score: 1

      * bluetooth transmit processes for running remotely? * ..not when the bluetooth server is done properly, user interaction is always needed to run things originating from bluetooth.

      --
      world was created 5 seconds before this post as it is.
    7. Re:notnews by Anonymous Coward · · Score: 0

      yyy

    8. Re:notnews by Anonymous Coward · · Score: 0

      If you actually read the Sym blog, the files they highlight as changed are:

      META-INF/MANIFEST.MF
      META-INF/ALARM.SF
      META-INF/ALARM.RSA
      res/raw/data.db
      META-INF/CERT.RSA
      META-INF/CERT.SF ...

      There is no code changes. The only thing that has changed is the manifest file (i.e. permissions and whatnot, there's no executable code), the SF/RSA are developer-specific certificates (no executable code), and "data.db" is clearly an SQL database (they even say so: " ... contains a database of network operators with a list of premium numbers and messages that are to be sent ... ".

      So the trick to identifying the malware? You're looking for the same executable code. This isn't even polymorphism. This is changing some rows in a database somewhere. Any good software scanner will primarily focus on the executable parts because that's where the damage is done.

      I use to be a fan of Symantec. I am now uninstalling their products with these two stunts. Fuck you.

      Sigh

    9. Re:notnews by Anonymous Coward · · Score: 0

      Yeah, it still wouldn't be a virus, it'd be a worm, but many phones will let you receive an app over OBEX, click ok 4 times or so, and have it install. It will be completely obvious it's installing an app, and anyone with tech knowledge will know it's a Trojan at that point for sure, and cancel the install if they're quick, or uninstall it (hope it didn't have any exploits to get root and install the payload outside the package!), but then again that same knowledge will protect you from the existing server-based malware.

  5. WOLF! by Anonymous Coward · · Score: 2, Funny

    cried Symantec...

    1. Re:WOLF! by Reverand+Dave · · Score: 1

      They didn't cry wolf, they just recorded every time norton mobile was downloaded since it is more of a virus than a protector.

      --
      I got here through a series of tubes
  6. Nothing to see here by Anonymous Coward · · Score: 3, Informative

    "According to Armstrong, server-side polymorphism is not very widespread on the Android platform at the moment because most users get their apps through official channels and the current structure of the Android Market does not allow for a malware distribution scheme like this one."

    1. Re:Nothing to see here by MrDoh! · · Score: 1

      Yeah, that's how I see it. If you're downloading from dodgy websites/torrents,well... you're kinda asking for virus/trojans/who knows what.

      Funny how they've announced this as Google announces 'Bouncer' to check market apps.

      --
      Waiting for an amusing sig.
  7. Server-Side Grammar Polymorphism? by ScentCone · · Score: 4, Funny

    You get what you pay for so think about why your still getting those pop-up porn ad's.

    Never mind pop-ups. I want to know which virus it was that yanked out the comma from your first clause, changed "you're" to "your" and turned "ads" into "ad's." These make-me-type-like-a-12-year-old malware infestations have really taken over. Because there's certainly no other explanation.

    --
    Don't disappoint your bird dog. Go to the range.
    1. Re:Server-Side Grammar Polymorphism? by Gilmoure · · Score: 1

      Your rite!

      --
      I drank what? -- Socrates
    2. Re:Server-Side Grammar Polymorphism? by Tyrannosaur · · Score: 1

      Memetic viruses are the worst.

  8. Brings Back Memories... Mark Ludwig was the BOMB by chrisphotonic · · Score: 1

    Brings back memories of when I was in high school... I bought Mark Ludwig's book, 'The big black book of computer viruses'.



    I didn't actually write any viruses from reading the book, just a fun boot sector program that displayed subliminal messages. It also happened to get installed on a few choice computers.

    Here's his 'little black book' book: http://vxheavens.com/lib/vml00.html. Of course his work talked about polymorphism over a decade ago.

  9. Symantec Desperate for Sales by na1led · · Score: 1, Insightful

    Sounds like Symantec's usual tactics of - create a terrible virus, tell everyone how bad it is, and only their products can protect you. This has been done before to try and sell AV. With Microsoft now having it's free Security Essentials, AV companies are getting desperate!

    --
    -- By all means let's be open-minded, but not so open-minded that our brains drop out.
    1. Re:Symantec Desperate for Sales by tokul · · Score: 1

      With Microsoft now having it's free Security Essentials

      MSE is not free for anything bigger than SOHO. Check licensing terms again.

  10. Symantec DEVELOPS Android Trojans That Mutate... by xxxJonBoyxxx · · Score: 1, Funny

    Symantec Identifies Android Trojans That Mutate With Every Download

    Symantec DEVELOPS Android Trojans That Mutate With Every Download

    There - fixed that for ya'!

  11. Me like dancing bunnies! by Zero__Kelvin · · Score: 1

    They interest me! (NSFW)

    --
    Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
  12. "Apps from trusted sources" = SMALL help by Anonymous Coward · · Score: 1

    Most infestations still come from compromised websites - research by AVG confirms that much, here:

    http://betanews.com/2012/01/25/the-top-10-web-security-threats-you-should-avoid/

    Pertinent quote/excerpt:

    "The compromised website is still the most effective attack vector for hackers to install malware on your computer with 47.6 percent of all malware installs occurring in that manner, says security firm AVG. Another 10.6 percent are tricked into downloading exploit code -- many times, without their knowledge -- by clicking on links on pages to sites hosting malware... It also found that faked pharmacy sites are a popular attack method, seen in about 10.4 percent of all attacks. Fake antivirus scanners remain a popular malware injection method at 8.4 percent. "

    ---

    * Fact is, what I noted, in compromised sites, comprises 77% of malware installations - not what users download & install themselves (ala shareware/freeware sites like download.com etc./et al)...

    PC's &/or SmartPhones are NOT ALL THAT DIFFERENT EITHER really (smartphones are just smaller handheld personal computers nowadays in essence really).

    APK

    P.S.=> So, "all that said & aside" - Is an "appstore/walled garden" a BETTER/SAFER BET? Perhaps, & I'm not saying it's not a good idea to do that, but it's far from a 'permanent cure' vs. malware exploitations online (as long as there are fools making more malwares & bushwhacking users via compromised sites' code, that is)...

    ... apk

  13. Pedantic doesn't work for you by Zero__Kelvin · · Score: 1

    Viruses were never worms, and neither are trojans, which is what these are properly called.

    --
    Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
  14. Re:Brings Back Memories... Mark Ludwig was the BOM by Zero__Kelvin · · Score: 1

    So that's why people treat C++ like some kind of virus! It's the damn polymorphism!

    --
    Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
  15. Why don't we address the source of the problem by Rix · · Score: 4, Insightful

    Has anyone, anywhere ever intentionally used a "premium" SMS service?

    Telecoms obviously need a regulatory smackdown requiring them not to act as payment processors.

    1. Re:Why don't we address the source of the problem by KhabaLox · · Score: 3, Informative

      Quite a lot of people used them to donate to the Haiti Earthquake relief effort.

      http://abcnews.go.com/Politics/HaitiEarthquake/haiti-earthquake-donations-haiti-relief-efforts-text-message/story?id=9551199#.TzAdM8XQInE

      http://www.snopes.com/inboxer/charity/haiti.asp

      --
      Ceci n'est pas un sig.
    2. Re:Why don't we address the source of the problem by gl4ss · · Score: 1

      yep.. for using a laundry machine. for ordering a bus ticket. couple of times for checking an address(of a phone number).

      usually it would be nicer to pay through other means, but if you don't have cash and they don't take cards.. doesn't happen too often though.

      --
      world was created 5 seconds before this post as it is.
  16. Re:Symantec DEVELOPS Android Trojans That Mutate.. by frank_adrian314159 · · Score: 1

    You know, every time an AV story comes up, so does this stupid canard. AV companies have no real need to develop viruses and other malware - there are enough people doing that external to their companies to keep them quite busy enough all of their working hours and to allow them to continue making sales. And do you think these companies would risk the millions of dollars they make each year doing something as idiotic as this?

    You may not like their products, but please... Your post (like the others of the same ilk that can be found on this thread) is just stupid.

    --
    That is all.
  17. Symantec by TheRealGrogan · · Score: 1

    Got to have our dose of fear mongering from Symantec. I hate those vultures and I distrust everything they say.

  18. Its a Symantec mobile trojan warrior by annieblog · · Score: 0

    Norton Mobile, slow you phone down and annoy you, for a cost, to protect yourself against stupidity... How many viruses can infect my phone if I never download the crapware that they need to do this ...Dancing Bunnies do not interest me and for more bollywood movies go to pro.howublog.com

  19. Not clearly worthwhile by SuperKendall · · Score: 1

    demonstrably possible, clearly worthwhile, and very well understood

    You are wrong on two counts, partially wrong on the one remaining.

    Possible? Yes, in one rare incident. Not possible over a longer timeframe, as Apple closes remote vulnerabilities quickly. It's tethered jailbreaks they tend to leave alone much longer and they don't present an infection vector. And because Apple pushes out updates they go out to almost all the devices over a short period of time.

    But your other two points are really what is wrong:

    "well understood" - actually most of the jail breakers are not that forthcoming with exact techniques. There is for example currently no "well understood" remote vulnerability on iOS.

    "clearly worthwhile" - this is where you went really wrong.

    Unlike Android where having malware run on a device can get you some financially positive results (like SMS while you are not looking, or replacing the system keyboard to capture banking passwords) none of that is possible if you trick a user into downloading a trojan or malware iOS app. You cannot send out an SMS without user intervention. It cannot even run in the background reporting things to a remote website.

    Simply put, it's actually much more clear that there is no value in producing iOS malware, which is why none has been written to date. I'm sure if there were sufficient cause to do so we would have seen something by now but the security model has too many layers for malware writers to bother currently.

    --
    "There is more worth loving than we have strength to love." - Brian Jay Stanley
    1. Re:Not clearly worthwhile by Anonymous Coward · · Score: 0

      http://www.google.ca/url?sa=t&rct=j&q=developer+banned+stock+app&source=web&cd=4&ved=0CE4QFjAD&url=http%3A%2F%2Fwww.networkworld.com%2Fnews%2F2011%2F110811-miller-ios-bug-252886.html&ei=V4YxT_DpCObn0gHvppGCCA&usg=AFQjCNEbtcb8UOGPNMpFrVg5zA3GgQsplQ&sig2=1ofAhxkADTsOAWdU0vRyGA&cad=rja

      The app was in the market for weeks / months, garnering 10,000+ downloads, and the only reason he was caught was because HE WENT PUBLIC WITH IT (as he was a security researcher)?

      All your arguments get thrown out the window simply because of this case. If the only reason this "malware" was caught was because he publicly announced it (just like the flashlight tether app a while ago), how do you know one of the other 400,000 applications don't contain something similar?. One little command, and he could have remote wiped every one of those devices.

  20. This means the app didn't come from the market by Anonymous Coward · · Score: 0

    You can't apply this technique to the android market as you have to upload your apk to their website, there it gets scanned and it appears in the market a few hours later. Relatively small threat, then.

  21. server-side polymorphism? by dgharmon · · Score: 1

    How does 'server-side polymorphism` apply to a read-only bootable Ubuntu USB distro, which is the one I use here?

    --
    AccountKiller
  22. Not about the Android Market by sl4shd0rk · · Score: 1

    FTFA "A special mechanism that runs on the distribution server modifies certain parts of the Trojan in order to ensure that every malicious app that gets downloaded is unique. "

    So basically we're talking about "some guys website" hosting malware. This is not about Android Market.

    --
    Join the Slashcott! Feb 10 thru Feb 17!