Slashdot Mirror
FBI Issues Android Virus Warning
Dupple writes "The IC3 has been made aware of various malware attacking Android operating systems for mobile devices. Some of the latest known versions of this type of malware are Loozfon and FinFisher. Loozfon is an information-stealing piece of malware. Criminals use different variants to lure the victims. One version is a work-at-home opportunity that promises a profitable payday just for sending out email. A link within these advertisements leads to a website that is designed to push Loozfon on the user's device. The malicious application steals contact details from the user's address book and the infected device's phone number."
Clearly, Android isn't fragmented enough yet. The industry needs to work to further fragment the platform until this type of attack isn't viable.
Places and things people should not be clicking on in the first place.
No information about attack vectors (such as compromised apps), how to tell if you're infected, what to do if you think you're infected, etc. Par for the course.
"Tell me doctor, with all of your defenses, are there any provisions for an attack by killer bees?"
10 years of smartphone generations for the government to realize there's the potential for viruses, spyware, and malware on these things as they are in all sense of the word a computer. I'm willing to bet google is now going to regulate the android market a little better, it still depends heavily on the user as to the risk posed to the device, just like with PCs.
I've also got to respectfully disagree with the article on rooting your device, it opens up the potential to load some pretty nifty security tools that help keep you safe in the first place.
http://www.slashgear.com/apple-quietly-turns-on-ios-6-iphone-advert-tracking-12251611/
In a closed environment, how are students supposed to learn to program?
Which version(s) of Android are vulnerable and which browsers? How does the attack work? Do I need to download and run a file? Just click on the file? Just visit the web page?
Is this even a real threat? It sounds like a vague alert that anti-virus companies send out to get you to buy their product.
Yeah, removing user/customer freedoms to increase safety is totally the way to go.
Didn't some famous guy say something about that?
Mod me down, my New Earth Global Warmingist friends!
And considering how much the government is fucking you? I think Apple is still a damn sight better. If you're that up in arms about Apple you must go absolutely apeshit over the one party system.
Not sure what your link is meant to say. There is no personal identification info in the IFA system, and it can be turned off if you particularly object to customised advertisements. You will still get advertisements, but now they'll be random.
Yet another? I thought that was the ONLY "non-evil" reason they could come up with obviously, it's also helpful to their bottom line.
I'm a big fan of iOS and Mac OS and I kind of like Apple as a whole but these "yet another" posts do get a bit tiresome after a while.
Windows is completely free of viruses. Oh wait.
Android is secure enough as it is. My HTC will check with me and double check before it installs any apk. As long as there are people who can be suckered into installing unknown software, we will always have viruses.
That's awesome bro
Mod me down, my New Earth Global Warmingist friends!
That's because you don't use VISUAL STUDIO (tm) nearly enough.
It's better than bad, it's VISUAL STUDIO (tm)!
By downloading the SDK.
Apples and oranges. In fact, you could argue that Linux is virus free because it has many people viewing every line of code (the many eyes makes all bugs (or in this case, malware/bugs) shallow philosophy). Just as one device driver doesn't work across distros, or even kernals, one exploit offset or one piece of self propagating malware will often not work across all. And even if it worked on many, or even one, the constant code review will catch it quickly.
Apple is very similar in part of that. It has common harware and software, but it has a rigid review process, even a review process that could be emulated by the FOSS community to forever eliminate security threats - ensuring that only code that has been reviewed and confirmed safe is a GOOD THING! Similar to the the FDA,m which double, triple and only God knows how many checks go into medical equipment and procedures. This is how you build a safe ecosystem.
Micro$soft built quickly to appeal to the masses and, either intentionally or not, also appealed to the masses of malware coders. This is where Android lives today, on the precipice of going down the M$ route only with the worst part of Linus (incompatible distros, a myriad of vendor only add ons, etc).
Really, Apple did the best of both worlds. A consistent user experience combines with a strong review practice to ensure a consistently pleasant, and consistently safe, user experience.
That's awesome bro
If you think so, you should see some of my other trolls. They're pretty good if you just check my post history.
...as a million iPhone users snicker as the FBI classifies Android as a virus.
The real Sig captains the Northwestern. This one captains
That's a fallacious argument. The "famous guy's" saying isn't comparable to protecting the average consumer's expectation of having a consumer device that won't leak all of his private info by clicking an "update" or link that is actually a phishing lure. I don't even own or like Android or iOS devices, but I have kids and a wife who do and it's irritating to know that they are vulnerable and it's why I am moving them to iOS ASAP.
www.chihuahuarescue.com- Help to end dog abuse, abandonment and cruelty
This is not a virus.
Seven puppies were harmed during the making of this post.
Well there's a solid contribution to the conversation at hand..
I went to eat some animal crackers and the box said, "Do not eat if seal is broken." I opened the box and sure enough..
I was thinking [an operating system's job] was to facilitate the function of the device
For one thing, different people have different ideas of what "the function of the device" is. One "function of [a] device" is to allow the user to create additional "function[s] of the device". This is a function that Apple has tended to explicitly reject on an iPad or iPhone. (On the one hand, Codea, but on the other hand, C64 games that got pulled from the store because the user could reboot the virtual C64 to BASIC.)
for the consumer
Are you trying to imply something special by the word "consumer" as opposed to "user"?
So I have to click on a strange email and then follow an unknown link where I will be asked to download an .apk? Then I will have to go into settings and click on the option to allow me to install something that isn't in the Play Store, click through the warning that tells me that sideloading an app can lead to viruses and malware, and then install the .apk which then asks me if I'm cool with it accessing my contacts, internet and everything else?
If you do all that, you're pretty determined to have problems.
I imagine that those who know how to side load apps on their phone are smart enough to not randomly install apps from questionable sources. Or at least they should be smart enough to know that they have no one to blame but themselves if they fall for it.
I like how you don't bring up the jailbreakme website or acknowledge it exists.
-]Phreak Out[-
>One version is a work-at-home opportunity that promises a profitable payday just for sending out email.
How about a name and shame app showing idiots who fall for this?
by TheSpoom (715771) Uncaring Linux user here. I have nothing to add to this but please continue. *munches popcorn*
Apps leaking private info? Gee, good thing that would never happen in a curated Apple's appstore. Wait, what? Don't tell me they only cared about apps not crashing and being in line with Apple's policies on design and content.
Maybe you're too young to remember it but Apple was logging everybody's GPS coordinates for quite a while there. It took a massive outcry before they reversed their policy on unwanted silent tracking without consent. They argued the logs weren't personal info back then.
$
If you care about security, get a BlackBerry.
There is no other option,
Required reading for internet skeptics
Nobody Seems To Notice and Nobody Seems To Care - Government & Stealth Malware
In Response To Slashdot Article: Former Pentagon Analyst: China Has Backdoors To 80% of Telecoms 87
How many rootkits does the US[2] use officially or unofficially?
How much of the free but proprietary software in the US spies on you?
Which software would that be?
Visit any of the top freeware sites in the US, count the number of thousands or millions of downloads of free but proprietary software, much of it works, again on a proprietary Operating System, with files stored or in transit.
How many free but proprietary programs have you downloaded and scanned entire hard drives, flash drives, and other media? Do you realize you are giving these types of proprietary programs complete access to all of your computerâ(TM)s files on the basis of faith alone?
If you are an atheist, the comparison is that you believe in code you cannot see to detect and contain malware on the basis of faith! So you do believe in something invisible to you, donâ(TM)t you?
Iâ(TM)m now going to touch on a subject most anti-malware, commercial or free, developers will DELETE on most of their forums or mailing lists:
APT malware infecting and remaining in BIOS, on PCI and AGP devices, in firmware, your router (many routers are forced to place backdoors in their firmware for their government) your NIC, and many other devices.
Where are the commercial or free anti-malware organizations and individualâ(TM)s products which hash and compare in the cloud and scan for malware for these vectors? If you post on mailing lists or forums of most anti-malware organizations about this threat, one of the following actions will apply: your post will be deleted and/or moved to a hard to find or âdeleted/junk postsâ(TM) forum section, someone or a team of individuals will mock you in various forms âtin foil hatâ(TM), âconspiracy nutâ(TM), and my favorite, âwhere is the proof of these infections?â(TM) One only needs to search Google for these threats and they will open your malware world view to a much larger arena of malware on devices not scanned/supported by the scanners from these freeware sites. This point assumed youâ(TM)re using the proprietary Microsoft Windows OS. Now, letâ(TM)s move on to Linux.
The rootkit scanners for Linux are few and poor. If youâ(TM)re lucky, youâ(TM)ll know how to use chkrootkit (but you can use strings and other tools for analysis) and show the strings of binaries on your installation, but the results are dependent on your capability of deciphering the output and performing further analysis with various tools or in an environment such as Remnux Linux. None of these free scanners scan the earlier mentioned areas of your PC, either! Nor do they detect many of the hundreds of trojans and rootkits easily available on popular websites and the dark/deep web.
Compromised defenders of Linux will look down their nose at you (unless they are into reverse engineering malware/bad binaries, Google for this and Linux and begin a valuable education!) and respond with a similar tone, if they donâ(TM)t call you a noob or point to verifying/downloading packages in a signed repo/original/secure source or checking hashes, they will jump to conspiracy type labels, ignore you, lock and/or shuffle the thread, or otherwise lead you astray from learning how to examine bad binaries. The world of Linux is funny in this way, and Iâ(TM)ve been a part of it for many years. The majority of Linux users, like the Windows users, will go out of their way to lead you and say anything other than pointing you to information readily available on detailed binary file analysis.
Donâ(TM)t let them get you down, the information is plenty and out there, some from some well known publishers of Linux/Unix books. Search, learn, and share the information on detecting and picking through bad binaries. But this still will not touch
Get a good HOSTS file. Then you're golden.
Jesus was all right but his disciples were thick and ordinary. -John Lennon
And you probably don't remember that the logs only existed on the phones, but were available by looking at the backup file. They were never transmitted. Google was found to be actually transmitting the current coordinates back to Google for warehousing. Apple removed the file, Google lobbied to allow them to keep doing it.
Remember that? Or are you just lying to spread more Apple hatred which makes the Android community look like a bunch of children.
Don't forget these chart topping hits!
Magic Lantern
"Magic Lantern is keystroke logging software developed by the United States' Federal Bureau of Investigation."
https://en.wikipedia.org/wiki/Magic_Lantern_(software)
(CIPAV)
"The Computer and Internet Protocol Address Verifier (CIPAV) is an illegal data gathering tool that the Federal Bureau of Investigation (FBI) uses to track and gather location data on suspects under electronic surveillance."
https://en.wikipedia.org/wiki/Computer_and_Internet_Protocol_Address_Verifier
ECHELON
https://en.wikipedia.org/wiki/ECHELON
oh wait nvrmind
FinFisher spyware made by U.K.-based Gamma Group can take control of a range of mobile devices, including Apple Inc. (AAPL)’s iPhone and Research in Motion Ltd. (RIM)’s BlackBerry, an analysis of presumed samples of the software shows...“When FinSpy Mobile is installed on a mobile phone it can be remotely controlled and monitored no matter where in the world the Target is located,” a FinSpy brochure published by WikiLeaks says. Systems that can be targeted include Microsoft Corp. (MSFT)’s Windows Mobile, the Apple iPhone’s iOS and BlackBerry and Google Inc. (GOOG)’s Android, according to the company’s literature. Today’s report says the malware can also infect phones running Symbian, an operating system made by Nokia Oyj (NOK1V), and that it appears the program targeting iOS will run on iPad tablets.
source
android issues a warning the fbi is a virus ...oh right....
waves to anonymous
After doing research on this it seems both apps have to be installed using the installer, and so you have to download the app to your phone by clicking the link and then authorize it to install by agreeing to give it access to your sensitive information when you download it... So this seems very over sensationalized.
This is not a virus this is malware which you must explicitly authorize to access your information. FinFisher is also written for all mobile phone versions including the iPhone, so it seems to me they should have had a warning for the iPhone as well. The main difference I guess is that non-jailbroken iPhones can only install apps from the marketplace unless you're a developer; whereas Android allows you to authorize it to install apps not from the marketplace. So now when the cadre of people who rely on you for tech information come up and ask you about the new "Android virus" you can thank sensationalist reporters and then stupid people that promote them without doing research...
Malware isn't a virus and require the end user to download and run the malware ..
AccountKiller
most people know smart phones are capable of receiving a virus, you don't have to be a geek to know this, they just might not realize how common it is. they are perceiving the threat more than what it is. The problem is how people use their phones today, its like an attachment to their arms. If private information isn't stored on the phone in the first place, there is no value in a virus except disruption of software.
want some .......so dont buy apple
ive got some windows virrii
so dont buy windows
ive got some linux and bsd virii so dont use those...
gee how awful ......[ends transmission]
I wish all /. headlines could be this succinct. As soon as I saw "FBI Issues Android Virus Warning" I knew I wouldn't have to waste my time rtfa or even rtfs.
OH and not like windows never had viruses either and you can only buy it in a store too right....
I will install a normal application, like I have done many time before.
Loading application that are outside of the walled garden is one of the main reasons for using Android. A bunch of my technical friends advocated this as the main reason for buying this phone in the first place.
Sideloading an app, as my technical friends showed me, involves a few steps.
I'm going to get paid to email people, so the company will need to make sure that I'm actually doing it. In fact, the instructions that they provided actually specified that I'd need to do this.
Really? With RIM letting repressive governments (but not ours of course) get access to SMS and email? Blackberry would be my LAST option.
"Prediction: within 10 years, Windows will be a Linux distribution." Me, 7-6-2016
The problem with apple products is they just work.... until one day when they just don't.
And, when it stops working, you either have a VERY expensive repair to deal with, or a very frustrating time trying to google for helpful info.
"Prediction: within 10 years, Windows will be a Linux distribution." Me, 7-6-2016
Funny, there's no mention of the FBI in the article. Did someone get over-excited when they wrote the headline?
systemd is Roko's Basilisk.
Well, if you were even a little bit informed you'd know that that only affects some BIS users. It's *impossible* for RIM to "hand over the keys" for BES users because they don't have them.
That also ignores the fact that governments don't need special cooperation to spy on communications from Android and iOS users -- those don't even offer you the illusion of security.
So, yes, BlackBerry is the ONLY option if security is a concern. If they're your last option, I hope you're not responsible for making security related decisions!
But don't let facts stop you from continuing to spread misinformation, even though this particular bit of nonsense has been corrected multiple times in EVERY thread on the subject since the first article appeared on Slashdot.
Required reading for internet skeptics
So all I have to do to keep from getting it is to avoid tapping on ads or obviously fake "system update" texts? Wow, that sounds nigh impossible.
That's a fallacious argument. The "famous guy's" saying isn't comparable to protecting the average consumer's expectation of having a consumer device that won't leak all of his private info by clicking an "update" or link that is actually a phishing lure.
I don't even own or like Android or iOS devices, but I have kids and a wife who do and it's irritating to know that they are vulnerable and it's why I am moving them to iOS ASAP.
I will gladly offer you the service of taking all those buggy, insecure android devices off your hands and dispose of them properly, for a nominal $50 e-recycling fee. I know it sounds like a steal, but I just like knowing mobile users are secure in the big scary world out there. So go ahead and send me those phones, and don't forget to include the check for $50. I am sure you will forget all about them once your new iOS devices arrive. Oh, and you're welcome!
Further, they weren't actually YOUR coordinates, but the coordinates of cell towers that your phone saw.
To further invalidate the argument Google's targeting in Android can also be disabled. There's no advantage or disadvantage between iOS and Android as far as ad targeting is concerned.
Also, your sig, I have that beautiful little piece of Bash printed out and posted in my cubicle. It provides some great entertainment when some poor soul actually decides to run it. It's also fantastic for weeding out poorly informed techs.
Still stinging from getting so many beatings from the hostfileguy, gmhowell?
Come on.
Anyone who does that much work/effort to get malware on their device (as opposed to browser bugs, random click-throughs, etc) deserves to get pwn3d.
Android Virüs Program Açklama NQ Mobile Security & Antivirus ile telefonunuzu koruyunWest Coast Labs sertifikal NQ Mobile Security & Antivirus ile telefonunuzu koruyun - Malware, Spyware & Virüsler çkarn ve Telefon Hacking Stay Away from. imdi ÜCRETSZ indirin! Virüs, malware, spyware, trojan ve telefon hack NQ Mobile Security & Antivirus ile android telefon ve tablet koruyun. Telefon Koruma Download NQ Mobile Security, dahil olmak üzere özellikleri: antivirüs, anti-taciz, gizlilik koruma, telefon arama, veri yedekleme, Samsung Galaxy S III için güvenli tarama ve trafik izleme, Samsung Galaxy Nexus, HTC bir X, HTC Bir S, LG Optimus, Motorola Droid Razr Maxx, Huawei vb ÜCRETSZ Özellikler: YEN Malware Scanner Uygulama Denetim Uzaktan Geolocation ÜCRETL Özellikler, sadece $ 9.95/yllk: YEN Malware Scanner Uygulama Denetim Web Security Anti-Theft YEN - uzaktan, bulmak, kilitlemek veya aygt silin - etrafnda neler olup bittiini duyun - SMS yoluyla komutlarn gönderme - SIM deiiklii uyarlar - ifre korumal ayarlar Yeni Özellikler: 1. Arama & SMS Engelleyici (YEN ÖZELLK): Blok istenmeyen SMS ve taciz aramalar . - istenmeyen aramalar ve metinleri kar kendinizi koruyun . blacklisted numara (lar) veya kaytlarnza deil herkes filtrelemek için telefonunuzu blok liste ayarlayn - - aramalar ve Yakalayan metinler her blok tarihinin izlenebilir. - sadece beyaz listede kiilerden gelen aramalar ve metin almak için Seçenek. 2. Intruder Alert (YEN PREMIUM HIRSIZLIK ÖZELLK): davetsiz fotoraflarn çekin ve kaytl e-posta gönderebilirsiniz. - Intruder Alert Gizli bilgi ve özel veri ile eksik telefon bulmanza yardmc olur. Uzaktan kayp telefon kilitleme ile Anti-hrszlk özellii etkinletirebilirsiniz, ve otomatik olarak yanl bir parola ile telefonunuzun kilidini çallyor herkes bir fotoraf çekmek olacaktr. (Gerekli Ön bakan kamera.) -saldrgan fotorafn sonra NQ hesap için kaytl e-posta adresinize gönderilecektir. etiket: Ücretsiz Android Virüs Program, Ücretsiz Virüs Program, Bedava Android Virüs Program, Ücretsiz Android Virüs Programlar, Android Virüs Program, Android Virüs Programlar, Android Virüs Program Kurma, Android Virüs Program Nasl Kurulur, Android Virüs Program Ayarlar http://www.teknolojirehberi.org/Mobil-Ucretsiz-Android-Virus-Programi-398.html etiket: Ücretsiz Android Virüs Program, Ücretsiz Virüs Program, Bedava Android Virüs Program, Ücretsiz Android Virüs Programlar, Android Virüs Program, Android Virüs Programlar, Android Virüs Program Kurma, Android Virüs Program Nasl Kurulur, Android Virüs Program Ayarlar http://www.teknolojirehberi.org/Mobil
http://www.tr-teknoloji.com http://www.teknolojirehberi.org/