Franklin Heath Ltd

Master Your Information Assets

  • Categories

  • Meta

Archive for the ‘Malware’ Category

Mobile Malware Lies… Sorry, Statistics!

Posted by Craig H on 9 February 2011

McAfee put out a press release this week which has been picked up by many news outlets, leading with two statements that are factually correct but blatantly misleading:

  • “The number of pieces of new mobile malware in 2010 increased by 46 percent compared with 2009”
  • “Of the almost 55 million total pieces of malware McAfee Labs has identified, 36 percent was created in 2010”

That is clearly intended to make people think 46 is bigger than 36, so the bad guys must be concentrating more on mobile malware now, and that’s what most of the news outlets are reporting, but that conclusion is ABSOLUTELY WRONG.

You can either say that mobile malware increased by 46% and overall malware increased by 56% (36/64), or you can say that 32% (46/146) of total mobile malware was written in 2010 and 36% of total overall malware was written in 2010.  Mixing the frames of reference is obvious misdirection, and that’s even before pointing out that total mobile malware, according to their own statistics, is less than 1000, whereas total non-mobile malware is nearly 55 million!

McAfee’s full report is here.

Posted in Malware | Leave a Comment »

2011: Not the Year of Mobile Malware

Posted by Craig H on 30 December 2010

It’s nearly New Year, so it’s time for the usual “Next year will be the year of mobile malware” posts from companies trying to sell you PC-style anti-virus products. They’ve been saying this every year for 5 years now, and it still hasn’t happened because, very simply, phones aren’t PCs.

There are many control points which exist for phone software but not for PCs: Read the rest of this entry »

Posted in Malware | 2 Comments »

Give the Bad Guys your PayPal Account?

Posted by Craig H on 20 May 2010

I was concerned to read this blog post from PayPal’s VP of Platform, announcing their Mobile Payments Library. The feasibility of in-application mobile payments is something I’ve looked at often over the years, and I’ve always come to the conclusion that it’s extremely difficult to do securely. I haven’t seen any evidence here that PayPal have solved that.

There are some interesting challenges at the API level that are probably only relevant to security geeks (how does the service know that the application that’s invoking it is properly authorised?) but I won’t go into that now, because it seems there is a more basic and glaring error:

Read the rest of this entry »

Posted in Malware, Payment, Risks | Leave a Comment »

Freeware Application Testing Idea

Posted by Craig H on 1 April 2010

We know that there is a lot of inconvenience associated with distributing free (as in beer) applications for the Symbian platform at the moment – either the developer has to pay to get it Symbian Signed or every user has to sign the application for their own phone using Open Signed Online.

I am suggesting that the Symbian Foundation should host a beta test site for free applications. Developers and volunteer testers would be able to sign up to the site with just an email address and an IMEI, and then they could upload any application they like, and download any application they like. On download, the application would automatically go through Open Signed Online and be signed for that user’s specified IMEI.

Read the rest of this entry »

Posted in Applications, Malware, Risks | 4 Comments »

What Defines a "Botnet"?

Posted by Craig H on 23 November 2009

There have been various reports over the weekend of a new development of the “Ikee” iPhone worm that now collects banking details. It is being reported as a “botnet“, which seems to be a popular term with journalists (possibly because it appeals to “Rise of the Machines” type scare-mongering 🙂 ).

I’ve been quite sceptical about such reports since this July when the “Sexy View” malware on the Symbian Platform was reported as the “first mobile botnet“. Now in my view that wasn’t even a proper worm (it had to be manually installed by the user on every phone it spread to) and definitely not a botnet (there was no remote control of the malware after it was installed), so is there any more truth in these latest reports?

According to F-Secure’s initial analysis, the latest iPhone malware connects to an IP address in Lithuania, and downloads something from it, but it’s not clear from that what the thing it downloads is, or what it does with it. Although they call the IP address a “command & control center”, I remain sceptical, and would like to see some more details before conceding that this actually is the “first mobile botnet”…

Posted in Malware | 1 Comment »

Mobile Malware "Study": Not News

Posted by Craig H on 31 July 2009

SMobile Systems put out a press release this week, with the headline “One in 63 Smartphones Infected by Mobile Spyware and Malware”. Unfortunately this headline is grossly misleading, and it has therefore been the cause of a lot of inaccurate reports.

It’s striking that SMobile Systems have chosen not to publish any of the supporting data from this “study”. I believe this is because, when the actual data is examined, the accurate conclusion is malware or spyware found in only 31 infected smartphones, most of them obsolete, which would, of course, be of no interest to any news media.

Read the rest of this entry »

Posted in Malware | 7 Comments »

Signed Malware, Revoked

Posted by Craig H on 16 July 2009

A number of blogs and news sites have picked up on a report from Dancho Danchev last week, identifying some malware that was submitted to, and signed by, the Symbian Signed portal.

As soon as we were notified of that (the following day) we revoked both the content certificate and the publisher certificate used to sign the malware. That means that the Symbian software installer will not now install the malware, providing that revocation checking is turned on. Unfortunately, revocation checking is often turned off by phone manufacturers, because the data traffic could cause problems for people who do not have a data plan as part of their service or who pay for data by volume.

Here’s how to turn on revocation checking, which we strongly recommend if you have a flat-rate data plan:

Read the rest of this entry »

Posted in Malware | 7 Comments »

Hey, I'm on the Radio!

Posted by Craig H on 2 June 2009

This morning the BBC World Service broadcast my response to their Digital Planet report on mobile malware. I’m pleased with the way it came out, thanks to Gareth Mitchell’s sympathetic interview and Michelle Martin’s excellent editing!

It’s repeated twice today and once tomorrow, and you can also listen online or download the podcast.

Posted in Malware | Leave a Comment »

The Mobile Malware Threat

Posted by Craig H on 5 May 2009

Last week, the BBC World Service radio programme Digital Planet included a piece on mobile phone viruses. This was based on research done at the Center for Complex Network Research (CCNR) entitled Understanding the Spreading Patterns of Mobile Phone Viruses.

Steve Litchfield of All About Symbian, pulling no punches, calls this “a load of BBC tosh” 🙂 To be fair though, I don’t particularly blame the BBC, who have simply taken journalistic license with the report’s main conclusion: “it is not unconcievable[sic] that the phase transition point will be reached in the near future, raising the possibility of major viral outbreaks.”

Unfortunately for the BBC and Professor Barabási at the CCNR, I think the research is flawed. Read the rest of this entry »

Posted in Malware | 9 Comments »