Slashdot Mirror
"Bill Shocker" Malware Controls 620,000 Android Phones In China
Orome1 writes "A new discovered malware is potentially one of the most costly viruses yet discovered. Uncovered by NQ Mobile, the 'Bill Shocker' (a.expense.Extension.a) virus has already impacted 620,000 users in China and poses a threat to unprotected Android devices worldwide. Bill Shocker downloads in the background, without arousing the mobile device owner's suspicion. The infection can then take remote control of the device, including the contact list, Internet connections and dialing and texting functions. Once the malware has turned the phone into a "zombie," the infection uses the device to send text message to the profit of advertisers. In many cases, the threat will overrun the user's bundling quota, which subjects the user to additional charges."
There are phone numbers you can dial that result in an addition to your bill and money being paid to the guy you dialed... 1-900 numbers or whatever in the US.
The idea of making malware to forcibly call these numbers to the profit of the number owner is not new.
They have so many other ways to screw people, would they really resort to this?
Nevermind, I know the answer.
Upon further reading the infection vector is infected pirated Android apps sold/distributed in black market Android marketplaces. Cry me a river folks.
"Bill Shocker downloads in the background"
Not really true. You have to install an infected app to get it started.
No sig today...
Or just don't install every single app that promises you free bikini-clad-screencursors.
No sig today...
since the PHONE COMPANY gets a cut then the PHONE COMPANY should be on the hook for the profits.
it should be LAW that you must get Positive Confirmation for any charges either above 3(money units) or that are multiple charge type things.
Any person using FTFY or editing my postings agrees to a US$50.00 charge
It's more likely than you think!
So it's just like this article, then?
Let me guess... you have to manually install an apk from an untrusted source?
bickerdyke
I think of them more as Modems that happen to have computing and voice messaging capability...
http://www.aaronrogier.net
Amazon Appstore for Android debuted in the United States, and a United States address was required to buy apps. It added five countries in Europe at the end of August of last year, and Japan appears to have since been added to the list of supported countries. When will China be added?
Of course the high profit venture has gone from 900 numbers to texting. The phone companies are once again in a position to help, but they won't.
"She's a scientist and a lesbian. She's not going to let it slide." Orphan Black
I think there is a LARGE measure of culpability (yes, I know that's the CRIMINAL term) for this on the part of the "Money Launderers" (the Banks, Telcos, and Governments involved in the "chain of custody" of these funds). Once alerted to this, the Police/"Justice Departments", not to mention the Telcos and Banks, in the country(ies) where the money is "landing" should be seizing bank accounts, taking down internet access, and generally making life a living Hell for whoever is PULLING THE DEPOSITS.
/.ers) seem to value so highly).
This CANNOT be legal under ANY Country's "fraud" laws. So why aren't these people being sued/prosecuted out of existence?
Qui Bono ("Who Profits?"). If the Banks, Telcos, and to some extent (through "fees" and "taxes") the "host Country(ies)" would actually go on an MPAA-style Jihad with these TRUE Racketeers, instead of actually AIDING AND ABETTING this Criminal Enterprise, perhaps there wouldn't be so much of it, regardless of the fact that the Android "mindset" makes this kind of thing ALL too easy, and Google is totally incapable of stopping it (without resorting to the "Walled Garden" approach that a small minority of Android users (but a vocal subset of
Yes, I understand that "The price of "freedom" (in quotes) is vigilance"; but ya gotta admit, if the Governments and Police in the Country(ies) where this money was ENDING UP spent as much effort on this as they do "watching for terrists" or "stopping piracy", not many (true) Criminals would even ATTEMPT something like this.
I mean, every single frickin' penny of this money can be tracked; so why is it SO hard to stop??? Something's fishy here.
This is NOT a virus; viruses infect a system, typically by modifying other existan executable files, and then self-replicate themselves. These are malware applications which have been installed by the users. In this case he notice, not covered in the summary, is that these applications are not designed to be malware, but rather they employ a free (as in gratis) SDK, which converts the phone in a zombie.
However, note that simply removing the applications should remove the "infection". The Android security model does not allow an application to "infect" the OS, unless the user has rooted the phone and runs the application as root (in this case, it's your fault).
If this occurs in China, not sure it is malware.
"At times like these, I'm happy to have a Windows Phone."
Ok... but what about all the rest of the time? I was given an HTC 8x at work and asked to research the platform.. trying to use it as a daily driver and its just so frustrating coming from Android. You never realize how important a thriving app ecosystem is until you try to live with WP. I can deal with the wonky notifications and the limited "live tiles" vs widgets.. I guess. But looking through the app store is just depressing.
-Lod
Recognizing sarcasm isn't really your thing I suppose.
... that a program can evidently send a text message to someone else without that text showing up in the message history?
File under 'M' for 'Manic ranting'
Android is not a "Linux variant". Android uses a Linux kernel, but it's not a Linux distro. It most certainly is not an established, trusted distro, such as Debian, Suse, or Redhat.
Various dope smoking fools, working for various companies have rolled their own flavors of Android, seldom consulting with real Linux enthusiasts. Each and every manufacturer rolls his own dope-soaked version of Android, then alters that dopey version to suit the whims of the telcos that are actually purchasing them.
If Android is a Linux distro, then BlackXP, available via torrent, is a valid Windows release.
(Note that I've actually used BlackXP inside of VM's - it's actually pretty solid, but it's damned sure not Microsoft!)
"Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it." - Charlie Br
RICO prosecutions would help. It's what should have been done with Spam in the early days when it started to become profitable.
Drag in the banks, the ISPs, and the other supposedly reputable service providers into the RICO prosecutions. Once a couple of well-known institutions get caught like this it would cut off the air supply of the illegal action and make it much, much more difficult.
By not doing this, we only encourage our supposedly legitimate institution to keep providing services to people who actually committing crimes.
Why don't they follow where the money for these advertisers is supposed to go? I'm guessing it's not trivial. Is it safe to assume that money from morons who get the ads and want to buy goes to a shady bank in a country with lax laws, and if domestic law enforcement calls said bank for who owns the bank account, they'll be told to fuck off?
This is once again proof that an OS is only as good as it's implementation, configuration and install software.
Running unsigned code from anywhere is awesome!
30+ years of this shit on desktop computers, and so it repeats on mobile.
I run: Windows, OS X, Linux, FreeBSD. Just because you have a hammer, doesn't mean everything is a nail.
Yeah that's a fair assessment, and why i have avoided android this far and stuck with the "walled garden" of iOS.
It is an appliance, like a toaster or a fridge. We've gone through decades of malware on PCs, and it doesn't need to be that way.
I'll gladly trade the ability to pay a nominal development kit fee for a security cert and tools in order to have a more secure locked down device. Whether that means iOS, Windows Mobile, or whatever new platform provides a nice slick UI, good performance and an decent application library.
In practice, open vs closed is not that relevant to my interests.
I run: Windows, OS X, Linux, FreeBSD. Just because you have a hammer, doesn't mean everything is a nail.
I'd actually argue that Android has had more thought put into application security than the typical linux distro has.
Especially after it's been fucked up by idiots doing this sort of thing
I run: Windows, OS X, Linux, FreeBSD. Just because you have a hammer, doesn't mean everything is a nail.
So? The point was, "don't install it". Go away you braindead monkeywanker.
Might be a monkeywanker, but there is a bit of truth to it. THe problem is that not everyone is a technical and OS security genius like you or me.
So yes, they do allow third party downloads - many of them have heard about them from the very salesmen who sold them their Android phone. I know I have. Free Software! ZOMG! Wait til I tell all my BFF"S! I had a salesman use the third party repositories as a selling point over iPhone because Apple wouldn't allow it.
I've spent a of of time cleaning up computers where the ignorant have downloaded and installed all kinds of nasty stuff. And of course the stuff they didn't know about, but picked up on their surfing. But the point is, those people didn't go away, nor did they learn much. I had repeat customers and they or their kids managed to bollix up their computers all over again. And again.
So now they've moved on to smartphones. But their habits haven't changed, so they will download and install those awesome free programs. And they will bitch up their smartphones.
But shouldn't we be able to move on from this? It's all so easy to just call the users idiots and assholes, but it also takes a bit of asshole to make smartphones that all it takes is unchecking a box and suddenly you can get all the bad stuff you want. That's vulnerablilty. An attractive nuisance.
The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
Noooo, having the option of flipping the switch that says "WARNING: You're making me insecure" right there and then allows owner to do whatever he wants - even if it's not good for him - is extremely baaaaaaad thing.
Don't forget that Larry, Sergei and Eric stand behind your shoulder and basically push you to do it, because otherwise your Android device is useless, useless, I say.
We don't need choice, it's bad for security and requires us to - what gall! - to think and be responsible for our actions. Also, microwaves should only allow verified things to get cooked and cars should only drive no faster than 5 mph.
I would say "Whoosh!"
But in this case, I think it actually took his head clean off.
When Fascism comes to America, it will call itself Anti-Fascism, and tell you to give up your guns.
It's simple. $2-$3 of that $9.99 went to the boss... And that INCLUDED charge backs.. So the phone company was dipping in both sides ... It was free money either way.
If State Attorney Generals forced phone companies to be half as honest as they forced Apple to be we wouldn't have these little chats.
Or just don't install every single app that promises you free bikini-clad-screencursors.
"Apple is bad because they don't allow porn. Google is better because they do. Oh, btw, don't install porn apps."???
"Android is better because it's free. Any use of that freedom doesn't count."???
If Android is a Linux distro, then BlackXP, available via torrent, is a valid Windows release.
Only MS, and those they have agreements with, are allowed to modify and distribute customized versions of Windows. Android (and Linux) are licensed such that everyone is allowed to modify and distribute it.
You can't go around calling something has more freedom, then bitch when that freedom is exercised!
What "apps" do you need that you can't get through Windows? I haven't run into anything that I needed that I couldn't get. I grabbed MS's PDF reader, Facebook, Spotify, Netflix, and Twitter. The phone does everything else out of the box (also HTC 8X).
I don't respond to AC's.
The hacking, the spying, the amoral corporations/pseudo-governments, the omnipresent smog. China is looking more and more like neo-Shanghai.
William Gibson was right!
I'm not certain whether to call Android a linux distro or not. It clearly could be. And even were it one, there is NOTHING about linux that would prevent this same thing from happening. We aren't talking about a virus here, or a worm, we're talking about an application that the user installs. And no linux distro that I'm aware of prevents you from installing applications from untrusted sources. I frequently install software from a relatively unknown source. (Less so now that Sourceforge and GitHub have come into existence, admittedly...but how thoroughly do *they* vet the applications that they host?) The fact that I need to compile an application doesn't make it safe.
So, there's nothing about this story, except popularity, that wouldn't apply to ANY linux variant.
I think we've pushed this "anyone can grow up to be president" thing too far.
Didn't the Librarian just pass a ruling, that cellphones are NOT free? Suddenly, it's against the law to "jailbreak" or "unlock" a cellphone. Android has more in common with Apple than with Linux, in the "freedom" arena.
"Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it." - Charlie Br
Considering that the apps involved aren't in the Android Market you get the same benefit from just buying from the Android Market - it is just a lot less walled. Having the freedom to install anything you want doesn't mean that you should just run any exe file Aunt Tilly sends you.
Let me start by fully admitting I am new to the device and may just not be finding things that do exist.
Things I used to do daily on my Android phone and haven't found an app for:
SSH client that works on WP8
RDP client that works on WP8
Google Talk client that actually works (found gchat but it disconnects a lot and never manages to bring in chat history so you just lose whatever messages happened while its d/c)
IRC client that stays connected while using other apps.. It seems they *all* lose connection the minute you switch away.
WiFi analyzer/basic networking troubleshooting tools
Google Voice client, or any reasonable alternative client+service
Audio book player (not just a music player, but a player that is designed for audiobooks.. Bookmarking, intelligent back/forward controls, speed adjustment etc)
Several amateur radio related apps, psk31 rtty sstv websdr etc.. These are sort of a niche I guess but Android has lots of great tools for hams.
Games in the style of kairosoft.. Building/strategy type. Basically haven't found a good time waster.
Maybe I am just looking in the wrong places.. Maybe these things will come. There are many things I do like about wp8 so I hope so.
-Lod
"Bill Shocker" Malware Controls 620,000 Android Phones In China
And if you didn't want malware, you'd have bought an iPhone rather than an Android.
I thought the iPhone wasn't officially out in China yet. That won't happen until later this year.
Oh wow. You DO use your phone like a small computer. I run a medium sized business with mine, but I have a large collection of both desktops and laptops always near me, so I use those for everything else. I use almost all of the built-in features in the phone, and that really covers my needs (added the free MS PDF reader and a flashlight, and that's all I need).
In your particular case, I think that those apps will be coming soon for the Windows Phone. MS just cut off the Windows Phone 7 platform just recently (6 months ago), so lots of app developers obviously didn't bother doing anything else for it for a while. I think that now it's pretty obvious that MS is committed to Windows Phone 8, and maintaining compatibility from here on out for at least a good bit, so I think the app developers will continue to jump on board onto Windows Phone 8 in the near future. While I don't have the need for technical apps that you do on my phone, personally, I'm pretty confident that a similarly robust "app" environment for Windows Phone 8 is probably right around the corner, since MS has invested so much money into the new Windows Phones, and because quite honestly, I'm seeing people start to get really interested in the Windows Phone. Every time I pull mine out, I get lots of "ooohs" and "aaahs" from people who've seen the marketing, but have never seen one in action. They're pretty slick.
I don't respond to AC's.
So if I am only installing from a market, what's the advantage again? Other than me fact that the android market has had a heap more malware found on it?
I run: Windows, OS X, Linux, FreeBSD. Just because you have a hammer, doesn't mean everything is a nail.
So if I am only installing from a market, what's the advantage again?
The advantage of what? Buying a phone that is easier to use, more useful, less expensive, better designed, and more attractive? Or the advantage of being able to run whatever you want on it? Or were you just referring to the advantage of owning the phone that you paid for?