Slashdot Mirror

← Back to Stories (view on slashdot.org)

Zeus Trojan Hits Blackberry Devices

Posted by Soulskill on from the kick-'em-when-they're-down dept.

wiredmikey writes "Despite its significant user base within enterprises, BlackBerry devices have managed to stay off the radar for malware writers. That may be ending, as four new Zeus-in-the-mobile (Zitmo) samples targeting BlackBerry users in Germany, Spain, and Italy have been found. Zitmo, which hit Android devices back in July 2011, refers to a version of the Zeus malware that specifically targets mobile devices. Denis Maslennikov, a security researcher at Kaspersky Lab, also identified a new Zitmo variant for Android using the same command and control (C&C) numbers as the BlackBerry versions. While previous Android variants have been primitive, the latest .apk dropper, which shows up as an app 'Zertifikat,' looks 'more similar to "classic" Zitmo,' he said. When executed, it displays a message in German that the installation was successful, along with an activation code. The Android sample also included a self-issued certificate that indicates it was developed less than a month ago."

15 of 37 comments (clear)

  1. bad headline by Anonymous Coward · · Score: 5, Funny

    better headline: "Zeus SMITES Blackberry Devices"

  2. Movie title idea by benjfowler · · Score: 5, Funny

    'The RIM Job'

  3. Not Possible by captaindomon · · Score: 2, Funny

    Not possible. Blackberries are the most secure mobile devices on the planet. The reason people don't appreciate them is because they are only for highly secure corporations and governments. Right? Riiiiiiiight?

    --
    Just because I can hook a shark from a boat, I do no offer to wrestle it in the water.
    1. Re:Not Possible by afidel · · Score: 4, Informative

      Uh, this software isn't going to get onto a blackberry device with BES lockdown policies, only onto unlocked devices where the user takes some action to install it (most likely bundled with some free game as I doubt drive by downloading is worth the effort for the low penetration numbers unless it's a spearfishing attack).

      --
      There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
  4. Just stop. by thePowerOfGrayskull · · Score: 4, Insightful

    It's probably worth noting that these need to be manually downloaded and installed external to BB's app world - unlike the examples that have turned up for iOS in the appstore and in the market for android. If this was seen in the wild, that means users had to go out of their way to install it, and approve the permissions it requested.

    Most importantly: Under BES you can lock down the devices to completely prevent installation of external/unapproved apps.

  5. Malware hits BlackBerry devices? by dgharmon · · Score: 1

    What steps do the end users have to take for this malware to end up on their BlackBerrys. Do they have to visit a malicious website, open a malicious email attachment, enter an admin password? If so, isn't this the case of end users downloading and installing software from dubious sources. As such there is no known cure for end-user-stupidity ...

    --
    AccountKiller
    1. Re:Malware hits BlackBerry devices? by Krneki · · Score: 1, Insightful
      Can't be arsed to check the article but I guess it would be through web browsing or installing the application.

      Anyway, we are safe, the web browser on BB suck so much no one is using and the app are so shitty not one is worth your time to installl it for free, let alone pay for it.

      Still, I didn't trade my free BB for a free android (comes with the job), since android devices would need a clean format before I'd dare to use it. oh, and wouldn't touch Apple with a pole, cuz I just hate corporate policy to lock the user.

      --
      Love many, trust a few, do harm to none.
    2. Re:Malware hits BlackBerry devices? by acoustix · · Score: 1

      BES express is free. And I'm pretty sure that your $50,000 scenario is only valid for large BB customers with over 1,000 handsets. Which, in that scenario makes $50,000 rather cheap.

      --
      "A plan fiendishly clever in its intricacies"- Homer Simpson
    3. Re:Malware hits BlackBerry devices? by Lehk228 · · Score: 1

      they must manually install it. blackberry can install an app from the web as a link, so manually installing would be easier than doing so on android or ios, but it requires user permission and will have to get permissions approved to access anything and will show up in applications list to be removed at any time by the user.

      --
      Snowden and Manning are heroes.
    4. Re:Malware hits BlackBerry devices? by Lehk228 · · Score: 1

      technically 2 and 3 can be combined as a request for "trusted application status" but yea.

      --
      Snowden and Manning are heroes.
  6. Good news for RIM by maccodemonkey · · Score: 4, Funny

    I bet RIM is ecstatic. Someone is still writing Blackberry software!

  7. Zeus Trojan Hits Blackberry Devices by chinton · · Score: 1

    Tens of users affected. Film at eleven.

  8. Cool! by slick7 · · Score: 1

    Just think, condoms from the gods for my PDA.

    --
    The mind conceives, the body achieves, the spirit manifests.
  9. Re:HAHAI THOGUT MACS DONT GET VIRIIIII LAWL by Fjandr · · Score: 1

    That might have been true had RIM not had the largest share of the smartphone market for most of the time the smartphone market has existed.

    Let's not let actual facts get in the way of a meritless argument that sounds good though.

  10. Ready for the next step by manu0601 · · Score: 1

    We are now ready for the next step I have been awaiting for years: cross-platform worms that can jump bacck and forth between Windows PC and mobiles, using WiFi and bluetooth. That will be delightful.