Every year around the holiday season, the malware writers and botnet operators get busy, attempting to infect new machines and recruit more unsuspecting user machines.
This year, so far there have been two interesting events:
– Mobile security company, Lookout discovered a malware namely Geinimi, that gets downloaded to your Android smartphone if you use an unofficial marketplace (currently Chinese app marketplaces) to download games such as Monkey Jump 2, Sex Positions, President vs. Aliens, City Defense and Baseball Superstars 2010. This malware or trojan then attempts to connect to several domain names such as http://www.widifu.com, http://www.udaore.com, http://www.frijd.com, http://www.islpast.com and http://www.piajesj.com to upload users’ private information including fine-grained location, device identifiers, etc.
While no one has seen the affected Android devices receiving commands from the Command-and-Control server yet, however, I strongly suspect that within the near future, we will begin seeing the first Android phone botnet. With smartphone based advertisements and location based advertising becoming ever popular, the first goal could be a new form of click fraud, where these Android devices get recruited to click on adverts. More details at Lookout’s blog.
– Storm botnet’s version 3.0 is out. It is spreading via e-mails like the earlier versions of Storm. Affected users are then prompted to download a fake flash player at which point malware gets installed on their machines. Thereafter, these new bot machines connect to domain names whose hosting IP-address is constantly being changed via IP fast-flux. Nothing new here, as we have seen all the common exploit mechanisms. But users must be careful not to be tempted to click on any suspicious emails and most importantly, be tricked in to installing fake flash players. More details at Shadowserver’s blog.
Stay safe, and enjoy the holidays!