Video Screencast Help
Search Video Help Close Back
to help
New in the Rewards Catalog: Vouchers for "Symantec Technical Specialist" and "Symantec Certified Specialist" exams.

Security Response

Showing posts by Irfan Asrar remove filter
Showing posts in English remove filter
Android.Counterclank Found in Official Android Market
Irfan Asrar | 27 Jan 2012 | 0 comments

Symantec has identified multiple publisher IDs on the Android Market that are being used to push out Android.Counterclank. This is a minor modification of Android.Tonclank, a bot-like threat that can receive commands to carry out certain actions, as well as steal information from the device.

For each of these malicious applications, the malicious code has been grafted on to the main application in a package called “apperhand”. When the package is executed, a service with the same name may be seen running on a compromised device. Another sign of an infection is the presence of the Search icon above on the home screen.

The combined download figures of all the malicious apps indicate that Android....

Read more
The Day After the Year in Mobile Malware?
Irfan Asrar | 10 Jan 2012 | 0 comments

2011 has seen some dramatic changes in the mobile landscape, with the ever-increasing growth rates in consumer adoption of smart phones. This has not gone on without getting the attention of the criminal fraternity, which has turned its attention to mobile malware. But what remains to be seen is if this trend moves beyond the stage of testing the waters to actually making a significant impact, reaching the scales we associate with threats for Windows. If the activities of the past week are any indicator, then 2012 is off to an interesting start. Another scam has come to our attention, this time targeting Android users in France, attempting to exploit the frenzy surrounding Carrier IQ.

From our analysis, Android.Qicsomos is a modified version of an open source project meant to detect Carrier IQ on a device, with additional code to dial a premium SMS number. On installation,...

Read more
Android Trojan Spreads Message of Revolution
Irfan Asrar | 19 Dec 2011 | 0 comments

Hacktisivm, or as one blogger put it “Revolution 2.0”, is something I would describe as an activist agenda where there may be no visible monetary gain by the instigator. Instead the overall goal is to send a message or get a point across. Even though, on occasion, the message may be something many will sympathize with, this doesn’t mean it’s a victimless crime. In many cases, the cost of getting an agenda across may involve using resources (even people without consent).  An example of this emerged over the past weekend. For many across the Arab world, December 18, 2010, marked the birth of what is now come to be commonly known as “The Arab Spring”. Among the many online tools that are being used to coordinate, inform, and get the word out about protests, Symantec has discovered a Trojan mass-mailer/downloader embedded in an Android App.

The Trojan was...

Read more
Will Your Next TV Manual Ask You to Run a Scan Instead of Adjusting the Antenna?
Irfan Asrar | 12 Oct 2011 | 0 comments

Contributors: Shunichi Imano

October 2011 marks the eighth annual “National Cyber Security Awareness Month” to be held in the United States. One highly visible concern that makes this year different from previous years is the triple-digit growth rates that are being reported across the board by every antivirus vendor when it comes to threats discovered that target mobile devices. Although the main points made in these reports remain largely the same, it is clear that mobile malware has not only come of age, but that the growth rate has been unprecedented. An underlying message comes across loud and clear: indisputably, everyone agrees that criminals targeting mobile devices have become a force that is here to stay, becoming as ubiquitous as the devices/platforms themselves.

But just when you think you have seen it all, along comes another twist, demonstrating that there is no shortage of ideas when it comes to social engineering. Because of the so...

Read more
Animal Rights Protesters Use Mobile Means for Their Message
Irfan Asrar | 15 Aug 2011 | 0 comments

After a public outcry and a write-in campaign failed to convince the creators of ‘Dog Wars’ to discontinue work on their app, it appears that protester(s) have now taken to targeting the users of the app directly in order to get their message across. Symantec has discovered that a Trojan code was planted into an older version of ‘Dog Wars’ (Beta 0.981) that can still be found circulating on warez sites. This version has not been found on the official Android Market.

Agreement by the user to grant the permissions requested by the app (which will include SMS permission) will allow for the the app to be installed. Upon installation, the display icon of the legitimate app looks almost identical to that of the app that has been bundled with the Trojan (on devices with a screen size of 3 – 3.5 inches). In fact, they looked so similar, we almost failed to spot this...

Read more
Hardware Fragmentation Thwarts Android Call-Recording Trojan
Irfan Asrar | 03 Aug 2011 | 0 comments

Threats making or transmitting unauthorized audio recordings are not a new concept, though they have largely been limited to proof-of-concept demonstrations and final-year university projects. This is a vector that generates a lot of intrigue from researchers, as it pertains to many facets in security, such as data loss prevention and mobile threats, not to mention the changing face of the threat landscape. It is also something we have blogged about previously. Thus, when we received several inquiries about an Android threat we discovered over a week ago, and its ability to upload recorded voice conversations to a remote sever, I decided to take a second look at the threat Android.Nickispy.

This app was available on...

Read more
Android Threat Trend Shows That Criminals are Thinking Outside the Box
Irfan Asrar | 18 Jul 2011 | 0 comments

A quick online search would reveal a number of articles declaring any one of the last few years as being the “year of mobile malware.” Conversely, these searches also reveal claims that the same years are not going to be the year of mobile malware. These search results go back as far as the early part of the decade. The contradictory nature of these bold predictive headlines could be explained by the fact that the articles are typically written at the beginning of each year—and who knows what the year may hold at the outset?

But, if the criteria to qualify 2011 as the real "year of mobile malware" was to be challenged, then surely the events of the past few weeks alone should be enough to justify the fact that this year truly has seen considerable seismic activity that has shifted the tectonic plates of the mobile threat landscape.
 
...
Read more
Droid Dreams, a Reoccurring Nightmare for Android Users
Irfan Asrar | 05 Jun 2011 | 0 comments

Android.Lightdd (the name is derived from the presence of the additional Trojanized package ending in the word ‘lightdd’) has been dubbed as the follow up to Android.Rootcager AKA Droid Dreams, one of the first threats seen in the wild that attempted to use an exploit to root an Android device. Although the original reports on the discovery of the threat called out five accounts, Symantec has found additional publisher accounts under which apps were repackaged (at the current time all of these account  have been disabled).

The key point to note is that even though the news of the return of ‘Droid Dreams’ has created a bit of a stir with approximate high download rates being quoted...

Read more
Android Threat Set to Trigger On the End of Days, or the Day’s End
Irfan Asrar | 23 May 2011 | 0 comments

Symantec has discovered a Trojanized version of a legitimate application that is part threat, part doomsayer. The threat was embedded in a pirated version of an app called ‘Holy ***king Bible’, which itself has stirred controversy on multiple forums in which the app is in circulation.

Once the threat is installed, it waits for the device to reboot. After the reboot, it starts a service called 'theword'. At regular intervals, it attempts to contact a host service, passing along the device’s phone number and operator code. It then attempts to retrieve a command from a remote location. These same actions are carried out in a loop, in intervals of 33 minutes. In addition to having abilities to respond to commands through the Internet and SMS, the threat also has activities that are designed to trigger on the 21 and 22 of May 2011, respectively.

...

Read more
Android Threat Tackles Piracy Using Austere Justice Measures
Irfan Asrar | 30 Mar 2011 | 0 comments

Android.Walkinwat is the first mobile phone threat discovered in the wild that attempts to discipline users that download files illegally from unauthorized sites.

Figure 1 – Messages displayed by the Trojan

Presented as a non-existent version (V 1.3.7) of Walk and Text, an application that is available on the Android Market, Android.Walkinwat can be found on several renowned file sharing websites throughout North America and Asia. One could make the case that this app was intentionally spread in these regions by the creators of the threat in order to maximize the download prevalence and convey their message to as large an audience as possible, however one could also make the case the creator of Android.Walkinwat is attempting to undermine the publisher of Walk and Text....

Read more

Technical Support

Symantec.com

Store

Community Stats

Total Content Items
Members
258,791