Mobile malware tops one million, but Google says problem exaggerated

NEWS

Editorial Office: Elsevier Ltd The Boulevard, Langford Lane, Kidlington, Oxford, OX5 1GB, United Kingdom Fax: +44 (0)1865 843973 Web: www.networksecuritynewsletter.com Publisher: GregHopwood Valero Publisher: David E-mail: [email protected] Editor: Steve Mansfield-Devine Editor: Mansfield-Devine E-mail:Steve [email protected] E-mail: [email protected] Senior Editor: Sarah Gordon Senior Editor: Sarah Gordon International Editoral Advisory Board: International Advisory Board: Dario Forte, Edward Editoral Amoroso, AT&T Bell Laboratories; Dario Forte, Edward Amoroso, AT&T BellJon Laboratories; Fred Cohen, Fred Cohen & Associates; David, The Fred Cohen, Fred Cohen & Communications; Associates; Jon David, The Fortress; Bill Hancock, Exodus Ken Lindup, Fortress; BillatHancock, ExodusLongley, Communications; Lindup, Consultant Cylink; Dennis QueenslandKen University Consultant at Cylink; Queensland University of Technology; TimDennis Myers, Longley, Novell; Tom Mulhall; Padget of Technology; TimMarietta; Myers, Novell; Mulhall; Padget Petterson, Martin EugeneTom Schultz, Hightower; Petterson, Martin Marietta; Eugene Hightower; Eugene Spafford, Purdue University; WinnSchultz, Schwartau, Inter.Pact Eugene Spafford, Purdue University; Winn Schwartau, Inter.Pact Production Support Manager: Lin Lucas Production Support Manager: Lin Lucas E-mail: [email protected] E-mail: [email protected] Subscription Information Subscription Information An annual subscription to Network Security includes 12 An annual issues and subscription online accesstoforNetwork up to 5 Security users. includes 12 issues and online access for up to 5 users. Prices: Prices: 1221 for all European countries & Iran 1112 forfor allall European & Iran and Japan US$1367 countriescountries except Europe US$1244 countries except Europe and Japan ¥162 000 for for all Japan ¥147 foruntil Japan (Prices525 valid 31 December 2013) (Prices valid until Octoberto2013) To subscribe send 31 payment the address above. To subscribe send payment to the address above. Tel: +44 (0)1865 843687 Tel: +44 (0)1865 843687/Fax: +44 (0)1865 834971 or via www.networksecuritynewsletter.com Email: [email protected], Subscriptions run for 12 months, from the date payment or via www.networksecuritynewsletter.com is received. Subscriptions run for 12 months, from the date payment is received. postage is paid Rahway,Global NJ 07065, PermissionsPeriodicals may be sought directly fromat Elsevier Rights USA. Postmaster send all Oxford USA address corrections to: Network Department, PO Box 800, OX5 1DX, UK; phone: +44 1865 Security, 365 Blair Road, Avenel, NJ 07001, USA 843830, fax: +44 1865 853333, email: [email protected]. You may also contact Global Rights directly through Elsevier’s home page Permissions may beselecting soughtfirst directly from Elsevier then Global Rights (www.elsevier.com), ‘Support & contact’, ‘Copyright Department, OX5 clear 1DX, permissions UK; phone: and +44 make 1865 & permission’.POInBox the 800, USA,Oxford users may 843830, +44 1865 853333, Clearance email: [email protected]. You paymentsfax: through the Copyright Center, Inc., 222 Rosewood may contact through Elsevier’s home Drive,also Danvers, MAGlobal 01923,Rights USA; directly phone: +1 978 750 8400, fax: +1page 978 (www.elsevier.com), firstthe ‘Support & contact’, ‘Copyright 750 4744, and in theselecting UK through Copyright Licensingthen Agency Rapid & permission’. In (CLARCS), the USA, users may clear permissions and make Clearance Service 90 Tottenham Court Road, London W1P payments through the Copyright Clearance Center, Inc., 222 Rosewood 0LP, UK; tel: +44 (0)20 7631 5555; fax: +44 (0)20 7631 5500. Other Drive, Danvers, MA 01923, USA; phone: +1 978 750 8400, fax: +1 978 countries may have a local reprographic rights agency for payments. 750 4744, and in the UK through the Copyright Licensing Agency Rapid Derivative Works Clearance (CLARCS),tables 90 Tottenham Court Road, London SubscribersService may reproduce of contents or prepare lists of W1P arti0LP, UK; tel: +44 (0)20 7631 5555; circulation fax: +44 (0)20 Other cles including abstracts for internal within7631 their5500. institutions. countries may have a local reprographic rights agency for payments. Permission of the Publisher is required for resale or distribution outside Derivative Works the institution. Permission of the Publisher is required for all other Subscribers may reproduce tables of contents or prepare lists of artiderivative works, including compilations and translations. cles including abstracts internal circulation within their institutions. Electronic Storage orfor Usage Permission outside Permission of of the thePublisher Publisherisisrequired requiredfortoresale storeorordistribution use electronically the Permission of the Publisher is required for orallpart other any institution. material contained in this journal, including any article of derivative compilations an article. works, Exceptincluding as outlined above, noand parttranslations. of this publication may Electronic Storage or Usage be reproduced, stored in a retrieval system or transmitted in any form Permission of the Publisher required tophotocopying, store or use electronically or by any means, electronic,ismechanical, recording or any material contained this journal, including anyPublisher. article orAddress part of otherwise, without priorinwritten permission of the an article. Except as outlined above, no part of this publication may permissions requests to: Elsevier Science Global Rights Department, at be a retrievalnoted system or transmitted in any form thereproduced, mail, fax andstored emailinaddresses above. or by any means, electronic, mechanical, photocopying, recording or Notice otherwise, without prior written of any the injury Publisher. Address No responsibility is assumed by thepermission Publisher for and/or dampermissions requests to: Elsevier ScienceofGlobal Rights Department, at age to persons or property as a matter products liability, negligence the mail, fax and email addresses noted above. or otherwise, or from any use or operation of any methods, products, Notice instructions or ideas contained in the material herein. Because of No responsibility is assumed by thesciences, Publisherinforparticular, any injury independent and/or damrapid advances in the medical age to persons or propertyand as drug a matter of products verification of diagnoses dosages should liability, be made.negligence Although or from anyis use or operation of anytomethods, products, all otherwise, advertisingormaterial expected to conform ethical (medical) instructions or ideas contained in the material herein. Because of standards, inclusion in this publication does not constitute a guarantee rapid advances of in the thequality medical sciences, in product particular, independent or endorsement or value of such or of the claims verification of its diagnoses and drug dosages should be made. Although made of it by manufacturer. all advertising material is expected to conform to ethical (medical) standards, inclusion in this publication does not constitute a guarantee or endorsement of the quality or value of such product or of the claims made of it by its manufacturer.

12987 Pre-press/Printed by Mayfield Press (Oxford) by Limited Pre-press/Printed Mayfield Press (Oxford) Limited

2

Network Security

...Continued from front page account credentials, fake identities and miscellaneous services ranging from hacking to hitmen. It also sold guns at one point, but this was stopped by the operator following a mass shooting in the US. The authorities claim that Ulbricht generated sales of more than $1.2bn via the site, of which he took commissions ranging from 8% to 15%. It’s also alleged that Ulbricht hired a hitman to kill one Silk Road user who was blackmailing him. There is no evidence that anyone was harmed as a result, although there are also suggestions that this wasn’t the first occasion on which this had happened. Silk Road operated using Tor Hidden Services, meaning that customers needed to use a Tor-enabled browser to reach it (or a Tor-to-web proxy, although that compromises anonymity). For this reason, the location of the server managed to remain a secret until law enforcement officers seized Ulbricht’s own computer. There is no official suggestion, however, that the arrest was made possible by breaking the anonymity provided by Tor. The FBI claims Ulbricht was arrested as a result of evidence built up from peripheral activities. This evidence included messages on his LinkedIn profile, his solicitation for help with PHP web code on the Stack Overflow forums – code which was subsequently found in the Silk Road server – his use of a personal Gmail account for hiring coders for the site, and so on. However, rumours persist that the FBI (perhaps with some help) hacked the server, placing code on it that revealed its IP address – and perhaps the addresses of its customers. Silk Road acted as a kind of market (it was sometimes described as ‘eBay for illegal drugs’), and there are reports that former vendors and buyers are preparing a ‘Silk Road 2.0’ which is expected to start operations soon. Bitcoin users have been having a rough time for other reasons. Bitcoin Talk, one of the more popular forums for users, was hacked and defaced by attackers calling themselves ‘The Hole Seekers’. The operator of the site said it would remain offline until the attack vector is identified.

Mobile malware tops one million, but Google says problem exaggerated

T

rend Micro claims that it has now logged more than one million examples of malicious apps for mobile platforms – by which it means Android. That figure includes actual malware and high-risk apps, such as those that aggressively serve advertising designed to lead users to dubious websites.

According to Google, however, the problem has been blown out of all proportion – at least with regard to apps available from its Play store. The firm claims that fewer than one in a million downloads cause problems for users. Although the number of malware-laden apps may be high, there is little data on how many times each of these apps is downloaded and run, said Adrian Ludwig, Google’s Android security chief, talking at the recent Virus Bulletin conference in Berlin. Android’s Verify Apps function – in more recent versions of Android – appears to be successful at preventing users from running dubious software, even after it has been downloaded. It warns users when an app has suspicious functionality or content and, according to Ludwig, these warnings are ignored only 0.12% of the time. So the number of downloads of malicious apps is unlikely to be an accurate indication of the problem. Ludwig also provided details of Google’s analysis of 1.5 billion app installs. Of the malicious apps found, 40% were fake apps that execute premium-rate SMS scams, 15% were spyware or data theft apps (such as keyloggers and ad tracking) and 40% were apps that were suspicious and considered “potentially harmful” but weren’t necessarily malicious. Meanwhile, at the recent Hacker Halted conference in Atlanta, researcher Charlie Miller – most notorious for having managed to get a proof-ofconcept malware app into Apple’s App Store for iOS – claimed that the Android malware problem is “hype”.

October 2013