Slashdot Mirror

← Back to Stories (view on slashdot.org)

Researchers 'Map' Android Malware Genome

Posted by Soulskill on from the nefarious-base-pairs dept.

yahoi writes "Researchers at NC State are sharing their analysis and classification of Android malware samples under a new project that they hope will help shape a new way of fighting malware, learning from the lessons of the PC generation and its traditional anti-malware products. Xuxian Jiang, the mastermind behind the Android Malware Genome Project, says defenses against this malware today are hampered by the lack of efficient access to samples (PDF), as well as a limited understanding of the various malware families targeting the Android. The goal is to establish a better way of sharing malware samples and analysis, and developing better tools to fight it, he says."

15 of 67 comments (clear)

  1. Funny how things work out by Anonymous Coward · · Score: 5, Insightful

    Remember how Slashdot spent 10+ years mocking Windows for being a malware-laden cesspool of unremovable OEM junkware with an antivirus industry built around it? Embarrassed yet?

    1. Re:Funny how things work out by rampant+mac · · Score: 2

      " help shape a new way of fighting malware, learning from the lessons of the PC generation and its traditional anti-malware products. "

      "Remember how Slashdot spent 10+ years mocking Windows for being a malware-laden cesspool of unremovable OEM junkware with an antivirus industry built around it?"

      Yep, came here to basically say the same thing. I can't believe my phone would need a virus scanner. What's next? Android Security Essentials 2012?

      --
      I like big butts and I cannot lie.
    2. Re:Funny how things work out by __aaltlg1547 · · Score: 2

      Virus scanners like they have on Windows would destroy the platform. Phones don't have unlimited battery to throw at security.

    3. Re:Funny how things work out by ozmanjusri · · Score: 2

      I can't believe my phone would need a virus scanner. What's next?

      Depends how firm a grip you have on reality.

      In the first half of 2011, the lion share of malware was once again written for Windows systems.

      Only one in two hundred and fifty malware programs is not a Windows program file. The proportion of classic Windows program files (Win32) continues to drop. However, .NET programs (MSIL) compensate for this loss of 0.3% and the overall share of Windows malware programs is on the rise.

      1 Win32 1.218.138 97,8 %
      2 MSIL 21.736 1,7 %
      3 WebScripts 3.123 0,3 %
      4 Scripts 832 0,1 %
      5 Mobile 803 0,1 %
      6 Java 313 7 *ix 4 233 8 NSIS 131

      http://www.gdatasoftware.co.uk/uploads/media/G_Data_MalwareReport_H1_2011_EN.pdf

      --
      "I've got more toys than Teruhisa Kitahara."
    4. Re:Funny how things work out by ozmanjusri · · Score: 4, Interesting
      When you strip the anti-malware vendor hype away, the threat's a lot smaller than most people realise.

      Some of the biggest "infections" weren't really malware at all. Kindsight Security Labs Malware Report for Q1 2012 says:

      Without Plankton/Apperhand (no longer classified as malware) included in the infection statistics, mobile device infection has actually leveled off in the first quarter of 2012. We believe that this trend in mobile device infections will not last as the target is too tempting to hackers

      http://www.kindsight.net/sites/default/files/Kindsight_Security_Labs-Q112_Malware_Report-final.pdf

      --
      "I've got more toys than Teruhisa Kitahara."
  2. Lemme guess by Taco+Cowboy · · Score: 3, Funny

    The malware genome points to Java ?

    --
    Muchas Gracias, Señor Edward Snowden !
    1. Re:Lemme guess by binarylarry · · Score: 4, Funny

      I don't see slow in there anywhere...

      --
      Mod me down, my New Earth Global Warmingist friends!
  3. Apple's closed system by grantspassalan · · Score: 4, Insightful

    Why is it that there is no malware for IOS? There are millions of these devices out there, so there certainly is an incentive for malware writers.

    I believe that it has something to do with the fact that only Apple approved and checked software can be installed thereon. This closed system may not appeal to many here on /., but it is certainly as close as we have gotten to a malware proof computing experience we are likely to get anytime soon. Mac users will be able to enjoy this form of security with OS X 10.8 this summer.

    --
    A sufficiently advanced simulation is indistinguishable from reality.
    1. Re:Apple's closed system by Charliemopps · · Score: 4, Interesting

      Apple is using that same control to prevent you from scanning for viruses...

      http://www.forbes.com/sites/timworstall/2012/05/22/apple-wont-let-kaspersky-develop-tools-for-ios/

    2. Re:Apple's closed system by causality · · Score: 4, Insightful

      Why is it that there is no malware for IOS? There are millions of these devices out there, so there certainly is an incentive for malware writers.

      I believe that it has something to do with the fact that only Apple approved and checked software can be installed thereon. This closed system may not appeal to many here on /., but it is certainly as close as we have gotten to a malware proof computing experience we are likely to get anytime soon. Mac users will be able to enjoy this form of security with OS X 10.8 this summer.

      Many people need to play in the approved sandbox or else they'll stumble and hurt themselves. Others know what they're doing and understand the security implications of actions they take so they don't need Big Daddy Apple watching over them (and would in fact find that restrictive/suffocating).

      If you're willing to learn and attain your own understanding you will find that much more information than you would ever need is freely available. Then you achieve independence and freedom. You can then do what you like with equipment that's truly yours. If all of that is "too hard" and you prefer to use a machine for years without ever really grasping the principles behind it, then you are likely to be controlled by somebody: either a relatively benevolent vendor or a malware author. The former wants the money you choose to give to it; the latter will take everything it can.

      There isn't a One True Way. The only real mistake is to wrongly assume you are in a given category when you are not. For Joe Sixpack users who do not enjoy discovering and learning new things, the Apple method has a lot of advantages. If its widespread use makes it harder for criminals to make a profit, that benefits the rest of us as well.

      --
      It is a miracle that curiosity survives formal education. - Einstein
    3. Re:Apple's closed system by Anonymous Coward · · Score: 2, Insightful

      There is absolute malware proof computing already: just don't install anything on your computer, disconnect it from network, in fact, just cut the power completely.

      Oh, and "there's no malware on AppStore" rather depends on your defintion of malware. Sending your contact list to a third party without questions was possible until a recent update. Just junkware and scams? Check. Just google for "pokemon yellow ios", for example.

      Yes, iOS malware can't spam SMS or hang in background, but on the other hand iOS apps can't send SMS or work in background.

      This security has quite a big tradeoff of censorship and dumbing down, so no, but thanks, no. Judging by market trends, general population seems to lean towards "free (as in freedom), but still has risks" side from "let us tell you what you want" side.

    4. Re:Apple's closed system by __aaltlg1547 · · Score: 2, Insightful

      The level of access that an antivirus program needs is the level of access that a virus needs. Apple's not giving that to the would-be malware creators either.

      Besides, an antivirus program for iOS makes no sense because there aren't any such things to protect against. .

    5. Re:Apple's closed system by __aaltlg1547 · · Score: 3, Insightful

      Many people need to play in the approved sandbox or else they'll stumble and hurt themselves. Others know what they're doing and understand the security implications of actions they take so they don't need Big Daddy Apple watching over them (and would in fact find that restrictive/suffocating).

      No, not many. A few. The iPhone is a consumer device. Opening it up for anybody to program and distribute whatever software they want would be of no benefit to the vast majority of users, no benefit to Apple and no benefit to the wireless providers.

      If they opened it up, they'd actually be screwing over their customers and business partners. I can't imagine a compelling argument why they should do so.

  4. Re:Wow, could you imagine... by DarwinSurvivor · · Score: 2

    If you are going to demand a citation, your rebuttal better damn well include one! I'm not saying I dissagree, but your arrogance is definitely showing.

  5. I know this is nitpicking, but.... by Johann+Lau · · Score: 2

    Notice how one makes sense, the other doesn't:

    Researchers Map Android Malware 'Genome'

    Researchers 'Map' Android Malware Genome