Zeus Trojan Hits Blackberry Devices

← Back to Stories (view on slashdot.org)

Zeus Trojan Hits Blackberry Devices

Posted by Soulskill on Wednesday August 8, 2012 @06:30AM from the kick-'em-when-they're-down dept.

wiredmikey writes "Despite its significant user base within enterprises, BlackBerry devices have managed to stay off the radar for malware writers. That may be ending, as four new Zeus-in-the-mobile (Zitmo) samples targeting BlackBerry users in Germany, Spain, and Italy have been found. Zitmo, which hit Android devices back in July 2011, refers to a version of the Zeus malware that specifically targets mobile devices. Denis Maslennikov, a security researcher at Kaspersky Lab, also identified a new Zitmo variant for Android using the same command and control (C&C) numbers as the BlackBerry versions. While previous Android variants have been primitive, the latest .apk dropper, which shows up as an app 'Zertifikat,' looks 'more similar to "classic" Zitmo,' he said. When executed, it displays a message in German that the installation was successful, along with an activation code. The Android sample also included a self-issued certificate that indicates it was developed less than a month ago."

37 comments

Min score:

Reason:

Sort:

bad headline by Anonymous Coward · 2012-08-08 06:31 · Score: 5, Funny

better headline: "Zeus SMITES Blackberry Devices"
1. Re:bad headline by Anonymous Coward · 2012-08-08 06:34 · Score: 0
  
  Well done, AC... I laughed. And frist prost too?
HAHAI THOGUT MACS DONT GET VIRIIIII LAWL by Anonymous Coward · 2012-08-08 06:33 · Score: 0, Funny

oh wait this has nothing to do with apple.
1. Re:HAHAI THOGUT MACS DONT GET VIRIIIII LAWL by Anonymous Coward · 2012-08-08 06:57 · Score: 0
  
  No, but it's similar.
  For a long time, people kept saying, that, because Rim or Apple and others have such a small share of the market, it's not worth it for the malware developers to target them.
  It's funny though, that 1% from back then, doesn't even compare to todays 1%.
2. Re:HAHAI THOGUT MACS DONT GET VIRIIIII LAWL by Anonymous Coward · 2012-08-08 07:08 · Score: 0
  
  And RIM is more likely to be used by "the 1%"
3. Re:HAHAI THOGUT MACS DONT GET VIRIIIII LAWL by Fjandr · 2012-08-08 13:21 · Score: 1
  
  That might have been true had RIM not had the largest share of the smartphone market for most of the time the smartphone market has existed.
  Let's not let actual facts get in the way of a meritless argument that sounds good though.
What is that sound? by Anonymous Coward · 2012-08-08 06:35 · Score: 0

It's the sound of another nail in RIMM's coffin.
Movie title idea by benjfowler · 2012-08-08 06:40 · Score: 5, Funny

'The RIM Job'
1. Re:Movie title idea by Anonymous Coward · 2012-08-08 07:00 · Score: 0
  
  'The RIM Job'
  I expect that is a franchise well into high numbered sequels and that the fans would be quite upset over the radical departure from the existing story line. Strangely their anger would produce less violent shaking of their fists.
2. Re:Movie title idea by Anonymous Coward · 2012-08-08 07:39 · Score: 0
  
  I had a dog named Odd Job.
Palm was visionary by Anonymous Coward · 2012-08-08 06:40 · Score: 0

One more reason to try WebOS, it's not too late!
1. Re:Palm was visionary by Anonymous Coward · 2012-08-08 10:06 · Score: 0
  
  One more reason to try WebOS
  (No it's not)
  
  , it's not too late!
  (Yes it is)
Proof RIMM falls behind by Anonymous Coward · 2012-08-08 06:45 · Score: 0

This just proofs RIMM falls behind all the competition. Even a Virus like ZEUS Trojan attacks iPhone or Android first. Blackberry comes last, poor RIMM
Not Possible by captaindomon · 2012-08-08 06:54 · Score: 2, Funny

Not possible. Blackberries are the most secure mobile devices on the planet. The reason people don't appreciate them is because they are only for highly secure corporations and governments. Right? Riiiiiiiight?

--
Just because I can hook a shark from a boat, I do no offer to wrestle it in the water.
1. Re:Not Possible by afidel · 2012-08-08 07:03 · Score: 4, Informative
  
  Uh, this software isn't going to get onto a blackberry device with BES lockdown policies, only onto unlocked devices where the user takes some action to install it (most likely bundled with some free game as I doubt drive by downloading is worth the effort for the low penetration numbers unless it's a spearfishing attack).
  
  --
  There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
2. Re:Not Possible by Anonymous Coward · 2012-08-08 07:37 · Score: 0
  
  Not possible. Blackberries are the most secure mobile devices on the planet. The reason people don't appreciate them is because they are only for highly secure corporations and governments. Right? Riiiiiiiight?
  Blackberries allow the owner to install applications from any source. Blackberries also allow the owner to UNinstall applications.
  A few years back, the government-owned phone company in the United Arab Emirates notified blackberry users that a new firmware was available. Many users downloaded & installed the new firmware.
  Well, it wasn't firmware, it was spyware:
  http://www.engadget.com/2009/07/21/etisalat-blackberry-update-was-indeed-spyware-rim-provides-a-so/
  http://news.bbc.co.uk/2/hi/technology/8161190.stm
  http://www.arabianbusiness.com/etisalat-accused-in-surveillance-patch-fiasco-15698.html?tab=Article
  Fixing the issue was very easy - just uninstall the spyware program.
  And if you had your blackberry permissions set correctly, you would have been asked if you want to allow the new application to access your email, and connect to the internet (which is very suspicious).
3. Re:Not Possible by Anonymous Coward · 2012-08-08 19:17 · Score: 0
  
  As a fan of both BB and BES, I feel compelled to point out that relatively few enterprises can enforce such strict BES policies these days, given the move toward BYOD.
Just stop. by thePowerOfGrayskull · 2012-08-08 07:18 · Score: 4, Insightful

It's probably worth noting that these need to be manually downloaded and installed external to BB's app world - unlike the examples that have turned up for iOS in the appstore and in the market for android. If this was seen in the wild, that means users had to go out of their way to install it, and approve the permissions it requested.
Most importantly: Under BES you can lock down the devices to completely prevent installation of external/unapproved apps.
1. Re:Just stop. by Anonymous Coward · 2012-08-08 07:46 · Score: 0
  
  Exactly. It's a non-threat. The fine-grained security model makes it extremely difficult for sneaky apps like this to do anything harmful, unlike other platforms.
2. Re:Just stop. by Anonymous Coward · 2012-08-08 10:58 · Score: 0
  
  Most importantly: Under BES you can lock down the devices to completely prevent installation of external/unapproved apps.
  More than that, a BES can globally deny access to specific app permissions (like "internet access", or "address book") for all but specifically approved apps.
  So, go ahead, install the malware - it isn't going anywhere, and it can't do anything.
Malware hits BlackBerry devices? by dgharmon · 2012-08-08 07:21 · Score: 1

What steps do the end users have to take for this malware to end up on their BlackBerrys. Do they have to visit a malicious website, open a malicious email attachment, enter an admin password? If so, isn't this the case of end users downloading and installing software from dubious sources. As such there is no known cure for end-user-stupidity ...

--
AccountKiller
1. Re:Malware hits BlackBerry devices? by Anonymous Coward · 2012-08-08 07:29 · Score: 0
  
  If so, isn't this the case of end users downloading and installing software from dubious sources.
  Yes.
  As such there is no known cure for end-user-stupidity ..
  Well, there is a cure for end-user stupidity.
  With a blackberry enterprise server, a company can block users from installing unapproved apps.
  With a blackberry enterprise server, a company could allow unapproved apps, but prevent unapproved apps from accessing company data on the blackberry.
  With a blackberry enterprise server, a company could allow unapproved apps, but prevent unapproved apps from making network connections.
2. Re:Malware hits BlackBerry devices? by Krneki · 2012-08-08 07:30 · Score: 1, Insightful
  
  Can't be arsed to check the article but I guess it would be through web browsing or installing the application.
  Anyway, we are safe, the web browser on BB suck so much no one is using and the app are so shitty not one is worth your time to installl it for free, let alone pay for it.
  Still, I didn't trade my free BB for a free android (comes with the job), since android devices would need a clean format before I'd dare to use it. oh, and wouldn't touch Apple with a pole, cuz I just hate corporate policy to lock the user.
  
  --
  Love many, trust a few, do harm to none.
3. Re:Malware hits BlackBerry devices? by Anonymous Coward · 2012-08-08 08:22 · Score: 0
  
  So, a $50,000 solution will fix end-user stupidity. Good to know.
4. Re:Malware hits BlackBerry devices? by Anonymous Coward · 2012-08-08 08:32 · Score: 0
  
  You'l use a Blackberry but won't use an Apple device...because of user locking policy.
  Mind asploded.
5. Re:Malware hits BlackBerry devices? by Anonymous Coward · 2012-08-08 08:48 · Score: 0
  
  Lol, that "shitty" browser is one of the best on the market. It's not 2006 any more. Try to keep up.
6. Re:Malware hits BlackBerry devices? by acoustix · 2012-08-08 09:21 · Score: 1
  
  BES express is free. And I'm pretty sure that your $50,000 scenario is only valid for large BB customers with over 1,000 handsets. Which, in that scenario makes $50,000 rather cheap.
  
  --
  "A plan fiendishly clever in its intricacies"- Homer Simpson
7. Re:Malware hits BlackBerry devices? by Lehk228 · 2012-08-08 10:51 · Score: 1
  
  they must manually install it. blackberry can install an app from the web as a link, so manually installing would be easier than doing so on android or ios, but it requires user permission and will have to get permissions approved to access anything and will show up in applications list to be removed at any time by the user.
  
  --
  Snowden and Manning are heroes.
8. Re:Malware hits BlackBerry devices? by Anonymous Coward · 2012-08-08 14:34 · Score: 0
  
  So... The user has to install the app from a shady source, give it access to user data, then give it access to the internet. Oh, and the phone can't be on a minimally secured BES server.
  Fuck, they'd have better luck just asking users to email them their banking information!
9. Re:Malware hits BlackBerry devices? by Lehk228 · 2012-08-10 12:57 · Score: 1
  
  technically 2 and 3 can be combined as a request for "trusted application status" but yea.
  
  --
  Snowden and Manning are heroes.
Good news for RIM by maccodemonkey · 2012-08-08 08:10 · Score: 4, Funny

I bet RIM is ecstatic. Someone is still writing Blackberry software!
Zeus Trojan Hits Blackberry Devices by chinton · 2012-08-08 09:31 · Score: 1

Tens of users affected. Film at eleven.
Cool! by slick7 · 2012-08-08 10:47 · Score: 1

Just think, condoms from the gods for my PDA.

--
The mind conceives, the body achieves, the spirit manifests.
Ready for the next step by manu0601 · 2012-08-08 14:16 · Score: 1

We are now ready for the next step I have been awaiting for years: cross-platform worms that can jump bacck and forth between Windows PC and mobiles, using WiFi and bluetooth. That will be delightful.