Botnets, networks of compromised end-user computers and servers, are hugely sophisticated engines of computation and messaging these days – just like cloud computing. Botnet creators can now sell their criminal and fraudster clientele capabilities to do a variety of tasks, from trying to crack into banks to creating fake grassroots political campaigns.
The use of botnets for straightforward criminal activity is nothing new, of course. By marshaling the resources of hundreds of thousands of infected computers at any given time, botnet controllers can use sheer brute force to bring down relatively unprotected websites just be directing thousands of traffic requests per second. Or they can use such an event to mask a more surreptitious attack into a bank’s online data.
New details have emerged regarding the purpose behind the DroidDream malware that was found in over 50 applications in the Android Market last week. After a brief investigation, Google opted to use its “remote kill switch” this weekend to wipe the vicious apps off end users’ mobile phones. Google also promised that going forward, it was “adding a number of measures to help prevent malicious applications using similar exploits from being distributed through the Android Market” in the future.
But at the end of the day, DroidDream’s goal was not identity theft – although that could have come later – it was to set up a system for downloading and installing additional applications on the end users’ phone without their knowledge. DroidDream was laying the groundwork for a comprehensive system of remotely-controlled Android phones. A mobile botnet.
I’m surprised they’re not even doing a simple security screening (ok, will it might not be that simple) given the damage these kinds of stories can do to its brand. Apple is clearly still the master of the smartphone marketplace strategy.
Just another WordPress site