2. Contents
introduction
•a piece of “news” + a mobile phone
phenomenon
•new threat
solution
•Is everything under control?
analysis
•the history of confrontation
conclusion
•conclusion
6. Taking from a Grey Mobile Phone
Customize
Extra Expenses
Extra Services
Download
Other Software
恶意行为 Network Flows
Website Hits
Steal Message,
Privacy
Contacts list
7. Information
Analysis on Malware
Name com.google.android.providers.enhancedgooglesearch
Chinese Name
Original Name a.apk
URL Source
Collection
Source
System
Android
Platform
Format apk
MD5 Value BFBB58D0F8B487869393A0244AE71AFC
CRC32 Value C1C12A99
SHA1 Value 59EE114166CDBCDDB88B38299934021080053D86
Bytes
Malware Information
Name Trojan/Android.droiddg.a[rmt,sys]
CNCERT Name a.remote.droiddg.a
Chines Name
Other Names None
Original/Tied Firmware embedding
Threat type remote system
8. A Truely Funny Story
A sexy E-market
A grey Android mobile Genuine mobile
Real E-market
11. Crossing the System Platform(Zitmo)
Android
RIM OS
Windows Zeus Zitmo
Symbian
account/ random
password identifying code
WinCE
attacker
Net Bank
12. Steal Message and Contacts List (SW.Spyware)
Propagation Means
– Disguise as Tax Amount Calculating Software Package Calculating
Procedure
– Installation
– Model as QQ Loginform to Lure Uses
– Get the Account and Password of QQ and Send to Some Specific Mobile Phone
Object system
– Android
Harm
– Steal Message Contetns
– The SW.Spyware.B Variant Can Even Monitor the Communication Record of User
Damage Range
– First version of Android virus
Propagaton Time
– July, 2010
14. Form Control System(Adrd)
• Trojan/Android.Adrd.a[exp]
Issue the control command
and the malware trigger
command
Provide the data-accessing
address URL needed by
malware behavior
Provide the parameter data
needed by malware behavior
Provide updating service for
malware files
15. the interdisciplinary use of leak and social engineering
1. Replace normal application
by means of Google
application download bug
2. Consumers download bootleg
applications which are actually
malware, with 200 thousand
victims.
3.Google clears out malware by
remote upgrade interplay and
provides security software
4.The malware attacker
disguises as Google security
software
17. Traditional view
Host SIS
format APK
PE
………
Malware Mobile
malware
Android
Spreading System SymbOS
media entrance Various
Windows
media Mobile
18. Major Spreading Approaches
• Official • GPRS/3G
market/network
• Wi-Fi
• Third-party market
• PC shared network
• Message/multimedia Internet
User
message installation download
PC Inserting
penetration ROM
• Flash memory share • User Flash
• USB communication • Vendor pre-setting up
第18页
45. Systematical confrontation (notable event)
The Emerge of P2P Zombie Network
The Application of PKI System in Zombie Network
Attack on VirusTotal by distributed DDos
Shift from Client to Could Port
47. An Integral Whole Seen from Underground Economy Chain
invade
enterprise sale
server steal secret
invade server
network games
underground obtain money
steal virtual
industrial steal account launder
currency
player steal bank money
account
invade website
massively steal network
send rubbish e-
exchange
mail
account
compile
malware steal virtual reject service
spreading property attack
incorporate
forum spread charge spread
Compile Zombie
mobile tying spread network
malware
mobile SP expense
malware code deducting
48. Industrial Chain: Complex and Interminable
app store
Software personal
content supplier
supplier enterprise
security application
vendors sale service
software
service private official
supplier service after-sale
baseband spare- manufactu sale
solution OS
chip parts ring approach
Qualcomm TechFaith ARM Symbian、WM、 genuine product
TI DaTang Memory Macos、android、 grey product
…… Battery palm…… custom and tie
48
49. Summary
Malware has developed and broke through the
traditional single concept of program code. It has
penetrated into the whole system of society, politics,
economy and life. It is impossible to resist malware
effectively only relying on anti-virus vendors. The
battle against malware requires the management and
resistance of the whole social system.
Anti-virus men of all countries, unite!
Thank you!
seak@antiy.com