Deprecated: Function create_function() is deprecated in /home/hidefide/public_html/blog/wp-content/plugins/wr-pagebuilder/core/core.php on line 127
{"id":496,"date":"2017-12-20T15:48:16","date_gmt":"2017-12-20T15:48:16","guid":{"rendered":"https:\/\/icaruspressblog.wordpress.com\/?p=496"},"modified":"2019-04-17T11:39:36","modified_gmt":"2019-04-17T11:39:36","slug":"androids-are-people-too-botnets-not-just-for-pcs-anymore","status":"publish","type":"post","link":"https:\/\/hidefideas.com\/blog\/2017\/12\/20\/androids-are-people-too-botnets-not-just-for-pcs-anymore\/","title":{"rendered":"Androids are People, Too: Botnets not Just for PCs Anymore"},"content":{"rendered":"

$\"androidf6o\"$ We all know that botnets are nasty conflagrations of unsuspecting peers, all ruthlessly controlled by bot herders and their C&C servers. And if there\u2019s any one thing that we\u2019ve learned about botnets, it\u2019s that they\u2019re the gold standard for anyone bent on unleashing mayhem on a world that\u2019s become far too reliant on interconnectivity. But up until now, botnets have generally been understood to be prevalent on Windows machines, with Mac<\/a> and Linux<\/a> pulling up the rear as newbies to the party. And while it\u2019s true that both of the former platforms have presented themselves as candidates<\/a> for a career in botism, the sheer number of Windows PCs out there makes Windows the natural platform of choice. After all, that\u2019s what botnets are all about. Numbers.<\/p>\n

But our world may be changing quicker than we\u2019d like it to, if a new finding by security firm Lookout<\/a> has any modicum of truth (spoiler alert: it does). In a blog post on December 17, Derek Halliday at Lookout blogged<\/a> that there\u2019s a new zombie master at the party, and it doesn\u2019t wear the colors of Windows, Mac OS, or Linux. In fact, it doesn\u2019t even occupy a desktop. As several media outlets are reporting, an Android botnet sporting the open-source colors of the ubiquitous operating system has been discovered gracing phones and tablets everywhere. In fact, the botnet has \u201calready been spotted on all major US carriers and has the potential to make a big impact at the network level if it isn\u2019t dealt with soon,\u201d according to thenextweb.com<\/a>.<\/p>\n

Lookout detected the problem on December 3, while working in conjunction with an unnamed carrier. Dubbed \u201cSpamSoldier,\u201d (how cool is that? Just saying) the botnet is currently limited to propagating through SMS. \u201cSpamSoldier is primarily spread through SMS messages that advertise free versions of popular paid games like Need for Speed<\/em> or Angry Birds Space<\/em>. Once the user clicks on a link from one of these SMS messages, their phone downloads an application that claims to install the game. By opening that \u2018installer\u2019 app, the user is activating the SpamSoldier Trojan.\u201d<\/p>\n

According to thenextweb.com, the infection is delivered in any number of SMS spam messages, and they cite these examples:<\/p>\n

\u201cYou\u2019ve just won a $1000 Target gift card but only the 1st 1000 people that enter code 7777 at hxxp:\/\/holyoffers.com can claim it!<\/em><\/p>\n

or,<\/p>\n

Download Grand Theft Auto 3 & Need for Speed Most Wanted for Android phones for free at hxxp:\/\/trendingoffers.com for next 24hrs only!\u201d<\/em><\/p>\n

Once installed, SpamSoldier removes its icon from the launcher and may even install the game that enticed the user to click, in order to cover its tracks. It goes to work right away, connecting to the Command and Control server to get its orders, going to work by spreading joy throughout the universe in the form of SMS messages. The C&C server gives the zombie a list of 100 numbers to spam and a spam message to deliver. Once it\u2019s done its job, it talks to the C&C again, repeating the process until the application is closed or the C&C server fails to respond. So right away, infected users can expect to incur costs for vast amounts of text messages, an unwelcome surprise, even when it\u2019s not Christmastime and your credit card isn\u2019t maxed out.<\/p>\n

Lookout downplays the impact of this initial finding, but cautions that it could, and probably will, get worse. \u201cIt appears that the distribution of this malware is limited. Overall detections remain low but we\u2019ve observed instances on all major US carriers. The potential impact to mobile networks may be significant if the threat goes undetected for a long period of time. The primary negative impact appears to be the large amount of SMS messages sent and the potential this has to result in charges to the user and\/or a slowdown of the carrier\u2019s network.\u201d<\/p>\n

The discovery of SpamSoldier only tells us what we already knew: Android is a breeding ground for the next wave of spam and security threats. Botnets are a numbers game. The more zombies in the mesh, the broader the possibilities, and recent reports show that Google\u2019s Android is well on its way to turning the world into a Will Smith kind of world, with robots turning against their makers in a revolution that will make the storming of the Bastille look like a day at the amusement park. Okay, that last part is pure fantasy, but here\u2019s what we do know: Android is everywhere<\/a>. That this was an SMS campaign shouldn\u2019t give comfort to IT and networking professionals, when you consider the opportunities that these email-aware devices pose to bot herders.<\/p>\n","protected":false},"excerpt":{"rendered":"