Apple pulls Russian malware from iOS App Store

2»

Comments

  • Reply 21 of 36
    pendergastpendergast Posts: 1,358member
    Where did you get that idea?

    I suppose I should have posted a caveat regarding "only"; obviously nothing is perfectly secure. But for all intents and purposes, the only malware in circulation on non-jailbroken iOS devices is via apps that slipped through the App Store's approval process. And these are quickly pulled (my point; the App Store allows Apple control over actually pulling malware, vs the traditional approach of allowIng users to install apps from a variety of sources).

    I am not referring to java exploits.
  • Reply 22 of 36

    Quote:

    Originally Posted by NasserAE View Post


     


    Whatever developers do with your personal info is out of your control once you give them access. However, The privacy setting in iOS 6 prevent other apps that are not supposed to access your calendar and contact from doing so.



     


    Very true. However, everyone needs to think truly about what they install & authorize. The new privacy settings are a great addition, but we all know how well the whole "Allow or Deny" thing worked for MS. People tend to just click on anything asked of them without thinking just to move forward.


     


    I'm just saying we can't let ourselves fall into the mentality that "Walled garden + privacy settings = totally safe".

  • Reply 23 of 36
    gatorguygatorguy Posts: 21,112member

    Quote:

    Originally Posted by NasserAE View Post


     


    Whatever developers do with your personal info is out of your control once you give them access. However, The privacy setting in iOS 6 prevent other apps that are not supposed to access your calendar and contact from doing so. For example, after I installed iOS 6 I discovered that Realtors.com iOS app was accessing my contacts. Why do they need my contacts? I also found a couple of other apps trying to access my contacts and they are not supposed to do that.


     


    The new privacy setting in iOS 6 are not meant to prevent what developers do with your contacts but instead give you control on who should have access to your personal data.



    The apps you found to be doing more than you had allowed are referred to as malware when doing the same on the Android platform. The antivirus companies have a quite broad definition for it.

  • Reply 24 of 36
    smallwheelssmallwheels Posts: 584member


    Do any Android owners feel unsafe when going to the Android Ap locations? Has Google ever mentioned that they look into malware at all in the Android Marketplace?

  • Reply 25 of 36
    macbook promacbook pro Posts: 1,605member
    Do any Android owners feel unsafe when going to the Android Ap locations? Has Google ever mentioned that they look into malware at all in the Android Marketplace?


    Public Service Announcement ... Please stop drinking and/or eating prior to reading this post. The Surgeon General of the United States has issued a warning on this post as drinks and foodstuffs can be quite painful when forcefully expelled from the nose.


    Google does provide Google Play Bouncer among other features ...

    "Today we’re revealing a service we’ve developed, codenamed Bouncer, which provides automated scanning of Android Market for potentially malicious software without disrupting the user experience of Android Market or requiring developers to go through an application approval process..." (1)

    "... This remote removal functionality — along with Android’s unique Application Sandbox and Permissions model, Over-The-Air update system, centralized Market, developer registrations, user-submitted ratings, and application flagging — provides a powerful security advantage to help protect Android users in our open environment..." (2)


    but ...


    Android botnet ... (3)

    "The past quarter has seen the number of malicious apps double from 10,000 to 20,000 in just one month ..." (4)

    "... hundreds of thousands of devices were infected after malware found its way onto the official Google Play marketplace." (4)

    "... More worryingly for users, even Google’s official application marketplace, Google Play, was breached, with 17 malicious apps downloaded over 700,000 times before they were spotted and removed from the site..." (4)

    "The security firm said at the start of the year, it had found more than 5,000 malicious applications designed to target Google's Android mobile operating system, but the figure has since risen to about 20,000 in recent months. By the coming third-quarter, the firm estimates there will be around 38,000 malware samples, and close to 130,000 in the fourth-quarter." (5)

    "... malware targeting Android grew by 3,325 percent in the last seven months of 2011..." (6)


    1. Hiroshi Lockheimer. Published 2 February 2012. Android and Security, Google Mobile Blog. Retrieved 5 July 2012.
    2. Rich Cannings. Published 23 June 2012. Exercising Our Remote Application Removal Feature. Android Developers Blog. Retrieved 5 July 2012.
    3. Terry Zink. Published 3 July 2012. Spam from an Android botnet. Terry Zink's Cyber Security Blog. Retrieved 5 July 2012.
    4. Unattributed. Published 2 July 2012. The True Face of the Android threat. Trend Micro. Retrieved 5 July 2012.
    5. Zack Whittaker. Published 4 July 2012. Trend Micro warns of Android malware pandemic by Q4 2012. ZDNet. Retrieved 5 July 2012.
    6. Jeffrey Burt. Published 5 July 2012. Android Malware Creates Smartphone Botnet, Researchers Say. eWeek. Retrieved 5 July 2012.


    All I could think when originally reading the bold, italicized text was ... WTF... Who are they kidding?
  • Reply 27 of 36
    markbyrnmarkbyrn Posts: 612member
    voxmagis wrote: »
    Interesting that this was 'discovered' by Kaspersky - leading to months more of them crying they can't put anti-virus software on the iPhone.

    Yes, extremely interesting considering that the company lied about Apple wanting them to advise them about security issues. In my mind, Kaspersky is bordering close to being a protection racket and it would not surprise me if they were brewing up malware to make more a market for their products.
  • Reply 28 of 36
    hungoverhungover Posts: 603member

    Quote:

    Originally Posted by markbyrn View Post





    Yes, extremely interesting considering that the company lied about Apple wanting them to advise them about security issues. In my mind, Kaspersky is bordering close to being a protection racket and it would not surprise me if they were brewing up malware to make more a market for their products.


     Shooting the messenger won't  rewrite history.


     


    Apple have done a very good job thus far but it is inevitable that attempts to slip malware in to walled app stores will increase in line with market share. Phone malware has been around since the days of the Symbian Cabir. We the public just need to accept that the safety of our personal data is in the hands of other people.

  • Reply 29 of 36

    Quote:

    Originally Posted by markbyrn View Post





    Yes, extremely interesting considering that the company lied about Apple wanting them to advise them about security issues. In my mind, Kaspersky is bordering close to being a protection racket and it would not surprise me if they were brewing up malware to make more a market for their products.


    It almost seems kind of like one of those arsonists who set a fire, and then "discover" the fire and report it to the authorities.  That was my first thought when I saw Kaspersky mentioned in this article.

  • Reply 30 of 36
    adamcadamc Posts: 576member

    Quote:

    Originally Posted by markbyrn View Post





    Yes, extremely interesting considering that the company lied about Apple wanting them to advise them about security issues. In my mind, Kaspersky is bordering close to being a protection racket and it would not surprise me if they were brewing up malware to make more a market for their products.


    Could it be kaspersky created this app and passed it along to someone to upload it for approval.


     


    The speed of finding out what this app did, by them, is a bit suspicious.

  • Reply 31 of 36
    hungoverhungover Posts: 603member

    Quote:

    Originally Posted by AdamC View Post


    Could it be kaspersky created this app and passed it along to someone to upload it for approval.


     


    The speed of finding out what this app did, by them, is a bit suspicious.



     How paranoid are you?


     


    If you read the links you will see that Kaspersky were contacted by a telco who had noticed suspicious behavour related to this app. Do you not think that if they wanted to scare iPhone owners they would create something that does more than just annoy your friends?


     


    Are you suggesting that they are also responsible for the other apps that uploaded plain text copies of owners address bocks  (Aurora Feint/LinkedIn/Path)?

  • Reply 32 of 36
    gatorguygatorguy Posts: 21,112member

    Quote:

    Originally Posted by markbyrn View Post





    Yes, extremely interesting considering that the company lied about Apple wanting them to advise them about security issues. In my mind, Kaspersky is bordering close to being a protection racket and it would not surprise me if they were brewing up malware to make more a market for their products.


    Wow, now that you brought it up,...


    what about Android malware?  Could Kapersky, Symantec or some big OS competitors be funding or outright creating it? It wouldn't surprise me that someone like Microsoft was brewing some up right now and telling Kapersky where to find it.


     


     


     


    /s

  • Reply 33 of 36

    Quote:

    Originally Posted by MacBook Pro View Post

    Android botnet ... (3)

    "The past quarter has seen the number of malicious apps double from 10,000 to 20,000 in just one month ..." (4)

    "... hundreds of thousands of devices were infected after malware found its way onto the official Google Play marketplace." (4)

    "... More worryingly for users, even Google’s official application marketplace, Google Play, was breached, with 17 malicious apps downloaded over 700,000 times before they were spotted and removed from the site..." (4)

    "The security firm said at the start of the year, it had found more than 5,000 malicious applications designed to target Google's Android mobile operating system, but the figure has since risen to about 20,000 in recent months. By the coming third-quarter, the firm estimates there will be around 38,000 malware samples, and close to 130,000 in the fourth-quarter." (5)

    "... malware targeting Android grew by 3,325 percent in the last seven months of 2011..." (6)

     


     


    Thats growth that any droid dork would be proud of. The perceived freedom they spout off about does comes at a high price, and with a shitty company such as giggle watching the door you may as well hand over everything on your way in... 

  • Reply 34 of 36


    They should also send some of their Apple "boys" over there to rough these guys up and send the world a message: don't mess with our walled-garden. Seriously what kind of cack-sucking ossholes do this? They should be strung up in a public square like those people caught kissing each other in Dubai.

  • Reply 35 of 36
    hirohiro Posts: 2,663member

    Quote:

    Originally Posted by Gatorguy View Post


    Wow, now that you brought it up,...


    what about Android malware?  Could Kapersky, Symantec or some big OS competitors be funding or outright creating it? It wouldn't surprise me that someone like Microsoft was brewing some up right now and telling Kapersky where to find it.


     


     


     


    /s



     


     


    Not to bag on any particular entity in the security biz, good or bad, but it has gone to the dogs in the past couple years and fill-in-the-blank exploit/demonstration is now an open market activity with recognized brokers and a highest bidder mentality.


     


    This is just a tip of the iceberg in the open example: http://www.forbes.com/sites/andygreenberg/2012/03/23/shopping-for-zero-days-an-price-list-for-hackers-secret-software-exploits/.  Once upon a time there were just a couple government, code and security companies that purchased them with the express intent of using them to plug holes.  But open market is much more lucrative.


     


    I would not find it the least bit amazing if there are lowish danger exploit+demos sold and then "discovered" by the buyer.  Simply because high danger stuff is far more valuable to the cyber criminals as a money making opportunity than it might be as PR/advertising to a security company.

  • Reply 36 of 36
    hungoverhungover Posts: 603member

    Quote:

    Originally Posted by FjordPrefect View Post


    They should also send some of their Apple "boys" over there to rough these guys up and send the world a message: don't mess with our walled-garden. Seriously what kind of cack-sucking ossholes do this? They should be strung up in a public square like those people caught kissing each other in Dubai.



     Step away from the banjo... come on, keep things in perspective. The firm was sending unsolicited sms invites to people. The owners were not financially harmed in anyway. It was an abuse, that is best resolved via legal action.


     


    Erm... just noticed your user name. Sorry, it's been a long day, am sitting in the pub and I have evidentally had a sense of humour bypass. Time for another pangalactic garglebalster, or two.

Sign In or Register to comment.