Holiday Trojans and Botnets to be aware of: Storm 3.0 and First Android Botnet


Every year around the holiday season, the malware writers and botnet operators get busy, attempting to infect new machines and recruit more unsuspecting user machines.

This year, so far there have been two interesting events:

– Mobile security company, Lookout discovered a malware namely Geinimi, that gets downloaded to your Android smartphone if you use an unofficial marketplace (currently Chinese app marketplaces) to download games such as Monkey Jump 2, Sex Positions, President vs. Aliens, City Defense and Baseball Superstars 2010. This malware or trojan then attempts to connect to several domain names such as http://www.widifu.com, http://www.udaore.com, http://www.frijd.com, http://www.islpast.com and http://www.piajesj.com to upload users’ private information including fine-grained location, device identifiers, etc.

While no one has seen the affected Android devices receiving commands from the Command-and-Control server yet, however, I strongly suspect that within the near future, we will begin seeing the first Android phone botnet. With smartphone based advertisements and location based advertising becoming ever popular, the first goal could be a new form of click fraud, where these Android devices get recruited to click on adverts. More details at Lookout’s blog.

– Storm botnet’s version 3.0 is out. It is spreading via e-mails like the earlier versions of Storm. Affected users are then prompted to download a fake flash player at which point malware gets installed on their machines. Thereafter, these new bot machines connect to domain names whose hosting IP-address is constantly being changed via IP fast-flux. Nothing new here, as we have seen all the common exploit mechanisms. But users must be careful not to be tempted to click on any suspicious emails and most importantly, be tricked in to installing fake flash players. More details at Shadowserver’s blog.

Stay safe, and enjoy the holidays!

Advertisements

About hattipper

Collector of factoids. Love capturing images forever on my Canon SLR. On this site, you will learn factoids you didn't know about in a delightful manner.
This entry was posted in botnets, Uncategorized. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s