Botnets, networks of compromised end-user computers and servers, are hugely sophisticated engines of computation and messaging these days – just like cloud computing. Botnet creators can now sell their criminal and fraudster clientele capabilities to do a variety of tasks, from trying to crack into banks to creating fake grassroots political campaigns.
The use of botnets for straightforward criminal activity is nothing new, of course. By marshaling the resources of hundreds of thousands of infected computers at any given time, botnet controllers can use sheer brute force to bring down relatively unprotected websites just be directing thousands of traffic requests per second. Or they can use such an event to mask a more surreptitious attack into a bank’s online data.
New details have emerged regarding the purpose behind the DroidDream malware that was found in over 50 applications in the Android Market last week. After a brief investigation, Google opted to use its “remote kill switch” this weekend to wipe the vicious apps off end users’ mobile phones. Google also promised that going forward, it was “adding a number of measures to help prevent malicious applications using similar exploits from being distributed through the Android Market” in the future.
But at the end of the day, DroidDream’s goal was not identity theft – although that could have come later – it was to set up a system for downloading and installing additional applications on the end users’ phone without their knowledge. DroidDream was laying the groundwork for a comprehensive system of remotely-controlled Android phones. A mobile botnet.
I’m surprised they’re not even doing a simple security screening (ok, will it might not be that simple) given the damage these kinds of stories can do to its brand. Apple is clearly still the master of the smartphone marketplace strategy.
The malware works by posing as a media player app. Once the app is installed on the mobile device, the trojan begins to send SMS messages to premium rate numbers without the device owner’s knowledge. Since the trojan’s creators are usually the ones on the other end of those premium numbers, they end up profiting from the scam.
Pretty clever. Fortunately, the app isn’t available in the publuic app store (you have to manually click it off a supporting malicious website) and sports the flag-raising name “Trojan-SMS.AndroidOS.FakePlayer.a”
Interesting to see viruses migrate quite easily to our mobile devices, and makes me think viruses are a natural byproduct of social computing. Let’s hope things don’t get too haywire once we integrate machine parts more pervasively into our bodies.
Just another WordPress site