MOBILE VIRUSES
SMART PHONE VIRUSES
We are all aware that the android phone is a permanent point through which one can have access to the internet.What I mean is that every now and then you are on the internet with your smart phone making a research or doing something different with it.So as they( smart phones) are mostly on the internet, they can easily be compromised with a malware.
A malware is a program on the computer that has the tendency or the capacity of harming the system in which it dwells. Some examples of malware are viruses, worms and Trojans.
A virus is defined as a malicious software which is been designed to spread to other computers by putting itself in to running programs.
A Trojan is a program that is on the smart phone and allows external users to connect discreetly.
A Worm is a program that multiplies on multiple computers across a network.
Recent studies have shown that malware in smart phones have increased in the last few years posing as a threat to analysis and detection.
 |
| Smart Phone Virus Alert |
Malware Attacks
There are three processes of malware attacks:
- Infection; This is a means by which a malware can use to penetrate inside a smart phone as infection.There are four forms of malware infection according to the user interaction degree.
b)Implied permission;The implied permission is when the user is fond of downloading and installing soft wares such as games and other important applications. The Trojan will do all its best in to luring you to install these attractive applications that carry malware.
c)common interaction;This is based on reading or opening an email or messages which is a common behavior among users.
d)No interaction;This form of infection do not have any interaction with the user ( no emails or messages). It just infects without your notice. This one is very dangerous isn't it?
- Achieving the goal: As quickly as the malware has infected the smart phone it will want to achieve its goal which is getting access to the user data or detailed information by way of damaging the device, deleting important information of the user, modifying data on the device and the like.It can also steal the user data and sell to a third party or the user themselves.
- Spread to other systems;After achieving the goal, it will now spread to other devices through Wi-Fi, blue tooth or infrared, telephone calls and emails or messages.
Below are some viruses that can infect your smart phone.
a)Trojan and viruses such as:
- Red Browser; Red Browser is a Trojan that allows smart phone to visit a Wireless Application Protocol(a type of technology that allows you to send an email and look at information on the internet using a mobile phone) site without WAP connection.During the application installation, the user will be asked to grant a permission for it to send messages. If the permission is granted, Red browser can send messages to paid call centers. It will use the smart phone's connection to social media networks such as Twitter, Face book, Whats App etc in order to get the details of the user and send them messages.
- Card Trap; This is a virus which is present in different models of smart phones which aims in deactivating the system and third party applications.It also infects the memory card with a malware capable of infecting Windows.
- Ghost push; This is a malicious software on smart phones that roots the device and install malicious application directly in to the system and then divides and unroots the device to prevent users from removing the threat by master reset.Ghost push is hard to detect and it cripples the system resources and executes quickly.
- Caribe/Cabir;This one is a worm of computers which was developed in 2004. It is believed to have been the first computer worm that can infect mobile phones running Symbian OS.
b) Ransomware; This is another form of mobile virus that locks out the users so that they cannot have access to their mobile phones. The user will be demanded to pay before they unlock the device.
c) Spyware;This is a software put onto your mobile phone or computer without you realizing it that sends information about you and your Internet use over the Internet.Spyware is mostly classified into four types: Adware, System Monitors, Tracking Cookies, and Trojans; Some examples of spyware are;
- CoolWebSearch;This is a group of programs that takes advantage of Internet Explorer vulnerabilities. The package directs traffic to advertisements on Web sites including Coolwebsearch.com. It displays pop-up ads, rewrites search engine results, and alters the infected computer's hosts file to direct DNS lookups to these sites.
- Internet Optimizer; also known as DyFuCa, redirects Internet Explorer error pages to advertising. When users follow a broken link or enter an erroneous URL, they see a page of advertisements. However, because password-protected Web sites (HTTP Basic authentication) use the same mechanism as HTTP errors, Internet Optimizer makes it impossible for the user to access password-protected sites.
- Zango (180 solutions) ;This transmits detailed information to advertisers about the Web sites which users visit. It also alters HTTP requests for affiliate advertisements linked from a Web site, so that the advertisements make unearned profit for the 180 Solutions Company. It opens pop-up ads that cover over the Web sites of competing companies.
- HuntBar, aka WinTools or Adware,Web Search was installed by an ActiveX drive-by download at affiliate Web sites, or by advertisements displayed by other SpyWare programs-an example of how SpyWare can install more SpyWare. These programs add toolbars to Internet Explorer, track aggregate browsing behavior, redirect affiliate references, and display advertisements.
o
CoolWebSearch, a group of programs, takes advantage of Internet Explorer
vulnerabilities. The package directs traffic to advertisements on Web
sites including coolwebsearch.com. It displays pop-up ads, rewrites
search engine results, and alters the infected computer's hosts file to
direct DNS lookups to these sites.
o Internet Optimizer, also known as DyFuCa, redirects Internet Explorer error pages to advertising. When users follow a broken link or enter an erroneous URL, they see a page of advertisements. However, because password-protected Web sites (HTTP Basic authentication) use the same mechanism as HTTP errors, Internet Optimizer makes it impossible for the user to access password-protected sites.
o Zango (formerly 180 Solutions) transmits detailed information to advertisers about the Web sites which users visit. It also alters HTTP requests for affiliate advertisements linked from a Web site, so that the advertisements make unearned profit for the 180 Solutions Company. It opens pop-up ads that cover over the Web sites of competing companies.
o HuntBar, aka WinTools or Adware,WebSearch was installed by an ActiveX drive-by download at affiliate Web sites, or by advertisements displayed by other SpyWare programs-an example of how SpyWare can install more SpyWare. These programs add toolbars to IE, track aggregate browsing behavior, redirect affiliate references, and display advertisements
Article Source: http://EzineArticles.com/1054106
o Internet Optimizer, also known as DyFuCa, redirects Internet Explorer error pages to advertising. When users follow a broken link or enter an erroneous URL, they see a page of advertisements. However, because password-protected Web sites (HTTP Basic authentication) use the same mechanism as HTTP errors, Internet Optimizer makes it impossible for the user to access password-protected sites.
o Zango (formerly 180 Solutions) transmits detailed information to advertisers about the Web sites which users visit. It also alters HTTP requests for affiliate advertisements linked from a Web site, so that the advertisements make unearned profit for the 180 Solutions Company. It opens pop-up ads that cover over the Web sites of competing companies.
o HuntBar, aka WinTools or Adware,WebSearch was installed by an ActiveX drive-by download at affiliate Web sites, or by advertisements displayed by other SpyWare programs-an example of how SpyWare can install more SpyWare. These programs add toolbars to IE, track aggregate browsing behavior, redirect affiliate references, and display advertisements
Article Source: http://EzineArticles.com/1054106
o
CoolWebSearch, a group of programs, takes advantage of Internet Explorer
vulnerabilities. The package directs traffic to advertisements on Web
sites including coolwebsearch.com. It displays pop-up ads, rewrites
search engine results, and alters the infected computer's hosts file to
direct DNS lookups to these sites.
o Internet Optimizer, also known as DyFuCa, redirects Internet Explorer error pages to advertising. When users follow a broken link or enter an erroneous URL, they see a page of advertisements. However, because password-protected Web sites (HTTP Basic authentication) use the same mechanism as HTTP errors, Internet Optimizer makes it impossible for the user to access password-protected sites.
o Zango (formerly 180 Solutions) transmits detailed information to advertisers about the Web sites which users visit. It also alters HTTP requests for affiliate advertisements linked from a Web site, so that the advertisements make unearned profit for the 180 Solutions Company. It opens pop-up ads that cover over the Web sites of competing companies.
o HuntBar, aka WinTools or Adware,WebSearch was installed by an ActiveX drive-by download at affiliate Web sites, or by advertisements displayed by other SpyWare programs-an example of how SpyWare can install more SpyWare. These programs add toolbars to IE, track aggregate browsing behavior, redirect affiliate references, and display advertisements
Article Source: http://EzineArticles.com/1054106
o Internet Optimizer, also known as DyFuCa, redirects Internet Explorer error pages to advertising. When users follow a broken link or enter an erroneous URL, they see a page of advertisements. However, because password-protected Web sites (HTTP Basic authentication) use the same mechanism as HTTP errors, Internet Optimizer makes it impossible for the user to access password-protected sites.
o Zango (formerly 180 Solutions) transmits detailed information to advertisers about the Web sites which users visit. It also alters HTTP requests for affiliate advertisements linked from a Web site, so that the advertisements make unearned profit for the 180 Solutions Company. It opens pop-up ads that cover over the Web sites of competing companies.
o HuntBar, aka WinTools or Adware,WebSearch was installed by an ActiveX drive-by download at affiliate Web sites, or by advertisements displayed by other SpyWare programs-an example of how SpyWare can install more SpyWare. These programs add toolbars to IE, track aggregate browsing behavior, redirect affiliate references, and display advertisements
Article Source: http://EzineArticles.com/1054106
- Flexispy: This is an application which is considered to be a Trojan, based on symbian (
Suggested Preventive Measures
The preventive measures put in place to manage malware are as follows.
- An antivirus software can be deployed on a device to verify that it is not infected by a known threat, usually by signature detection software that detects malicious executable files. A firewall, meanwhile, can watch over the existing traffic on the network and ensure that a malicious application does not seek to communicate through it. It may equally verify that an installed application does not seek to establish suspicious communication, which may prevent an intrusion attempt.
-
Bio-metric identification.Another method to use is Bio-metric identification. Bio-metric identification is a technique of identifying a person by means of their morphology(by recognition of the eye or face, for example) or their behavior (their signature or way of writing for example). One advantage of using bio-metric security is that users can avoid having to remember a password or other secret combination to authenticate and prevent malicious users from accessing their device. In a system with strong bio-metric security, only the primary user can access the smartphone.
-
Visual Notifications
In order to make the user aware of any abnormal actions, such as a call they did not initiate, one can link some functions to a visual notification that is impossible to circumvent. For example, when a call is triggered, the called number should always be displayed. Thus, if a call is triggered by a malicious application, the user can see, and take appropriate action.
- Rootkit Detector:The intrusion of a rootkit ( A rootkit is a clandestine computer program
designed to provide continued privileged access to a computer while
actively hiding its presence. The term rootkit is a connection of the two words "root" and "kit." ) in the
system is a great danger in the same way as on a computer. It is important to prevent
such intrusions, and to be able to detect them as often as possible.
If the Operating System is compromised due to Jailbreaking ( about unlocking your phone to do whatever you want with it.Jailbreaking is typically used in connection with the iPhone, the most 'locked down' of the mobiles on sale today: it lets you install apps that haven't been approved by Apple, customize the interface in various ways, and generally make iOS more like Android), root kit detection may not work
if it is disabled by the Jailbreak method or software is loaded after Jailbreak
disables Rootkit Detection.
Security Software
This security software is made up of individual components to strengthen various vulnerabilities: prevent malware,intrusions,the identification of a user as a human as well as user authentication.Examples are Anti-virus and firewalls.
Thanks a lot for your time.
Do share this article by using the social network floating button below the article.
