The Register is reporting that the rumors of Cabir in the wild stem from underhanded cell phone shop owners. Some shops are advertising Cabir removal services for prices in the 500 to 1000 peso range.
To put this in perspective, you can get a 1 liter Coca-Cola for 18 pesos(~US$0.32) in the Philipines. The same size Coke costs US$1.19 -$1.30 in the U.S.A. Roughly 1/4-1/3 the cost. The scammers are charging the cost of living equivalent of US$26-$90 for a non-service. I've previously posted links to a number of more genuine Cabir fixtools. As the Boy Scouts' motto says: Be Prepared.
The source article in the Philippine Daily Inquirer suggests that Cabir is being used by techies to play pranks on their friends. The lack of a damaging threat on any of the mobile platforms is helping to create a false sense of security.
Friday, August 27, 2004
Monday, August 23, 2004
Cabir in the wild?
According to their blog, F-secure has recieved some reports of Cabir possibly being in the wild. No confirmations yet.
F-secure blog entry
F-secure blog entry
Tuesday, August 17, 2004
Malware Analysis Jobs
On Monster...
Security Response Engineer- Virus Analyst
Anti-Virus Software Engineer/Developer (Reverse Engineering of Malicious Code )
Symantec is looking to add to their AV team. I believe both postings are referring to the same opening.
From the second listing,"Are you willing to relocate to Santa Monica, CA ? ". Santa Monica has great weather. For more on the location check out Peter Ferrie's Life in the USA series.
Spyware AntiVirus Researcher
Intermute, makers of AdSubtract and SpySubtract, are looing for an SQA manager with AV experience.
The positions with network security firms appear to still be open.
Security Response Engineer- Virus Analyst
Anti-Virus Software Engineer/Developer (Reverse Engineering of Malicious Code )
Symantec is looking to add to their AV team. I believe both postings are referring to the same opening.
From the second listing,"Are you willing to relocate to Santa Monica, CA ? ". Santa Monica has great weather. For more on the location check out Peter Ferrie's Life in the USA series.
Spyware AntiVirus Researcher
Intermute, makers of AdSubtract and SpySubtract, are looing for an SQA manager with AV experience.
The positions with network security firms appear to still be open.
DumpRSC getting along
DumpRSC recognizes version 1(ER5 - RSC format) and version 2 (For s60+ , unicode version of version 1 RSC). Currently only dumps resources as strings, structs not recognized. A hex dump of the resources would be nice.
Wednesday, August 11, 2004
Confirmed - Mosquito Trojan -> Copy protection
F-secure has confirmed with the manufacturer that the Mosquito-trojan is really a form of copy protection.
Users had suspected on various forums that this might have been a ploy by the manufacturer to preempt and discredit the pirate software distribution channels.
Bit of an issue where it takes over users resources and causes economic loss without going through the courts. Isn't this the kind of activity for which we jail virus writers?
F-Secure write-up
Users had suspected on various forums that this might have been a ploy by the manufacturer to preempt and discredit the pirate software distribution channels.
Bit of an issue where it takes over users resources and causes economic loss without going through the courts. Isn't this the kind of activity for which we jail virus writers?
F-Secure write-up
Tuesday, August 10, 2004
More on Mosquito Trojan
Some messages on the handy forum at www.download-und-hilfe.com from late December suggest that perhaps the trojaned Mosquitos is not quite trojaned. I may be misreading, but it appears that the "trojaned" program automatically orders a 1 month license for Mosquitos from mobile ringtone and software distributor Jamba.de.
A similar set of messages(NB:obscenity-laden) from the NokiaFree forum also mentions that the program sends subscription orders to Jamba ("Europe's leading sales platform for mobile content").
I get the impression that this may just be self-help against people who haven't paid for the game.
A similar set of messages(NB:obscenity-laden) from the NokiaFree forum also mentions that the program sends subscription orders to Jamba ("Europe's leading sales platform for mobile content").
I get the impression that this may just be self-help against people who haven't paid for the game.
New Symbian SMS trojan in warez game
The Register has an article on the first trojan for Symbian phones. Apparently a pirated copy of the game Mosquitos 2.0 has an SMS sending trojan attached. It appears to be distributed via various p2p networks and pirated software sharing forums.
I have now accuired a sample.
The trojan appears to have been released earlier this year, perhaps in February. The team at Airscanner have written a preliminary analysis of the trojan for InformIT. No sharing :(
Airscanner's analysis makes a good point that the game does not require any SMS capability. It is odd that the necessary libraries are imported by the binary. Possibility of warez deterrent?
Interesting SMS numbers, no?
Symbian has posted a press release covering the Mosquito trojan.
I have now accuired a sample.
The trojan appears to have been released earlier this year, perhaps in February. The team at Airscanner have written a preliminary analysis of the trojan for InformIT. No sharing :(
Airscanner's analysis makes a good point that the game does not require any SMS capability. It is odd that the necessary libraries are imported by the binary. Possibility of warez deterrent?
Interesting SMS numbers, no?
Symbian has posted a press release covering the Mosquito trojan.
Thursday, August 05, 2004
PocketPC Backdoor - Brador.a
First PocketPC backdoor trojan Brador.a; perhaps this is the beginning of the Pocket PC malware spike. I doubt this trojan has anything to do with the information released at the recent DEFCON. Per Kaspersky's press release Brador is another simple trojan lacking any of the detection evasion techniques of its Win32 cousins. Apparently the backdoor's author is also attempting to make some cash by selling the client to interested parties.
I was expecting, after reading Airscanner's presentation, that any new trojans and backdoors for the PocketPC would be more creative. The first wave of even more troubling viruses and trojans may be upon us soon.
Kaspersky's write-up on Brador.a
Symantec's write-up
I was expecting, after reading Airscanner's presentation, that any new trojans and backdoors for the PocketPC would be more creative. The first wave of even more troubling viruses and trojans may be upon us soon.
Kaspersky's write-up on Brador.a
Symantec's write-up
Wednesday, August 04, 2004
DEFCON stuff
I don't go to Vegas anymore, but I've been looking over the presentations from the recent DEFCON. Airscanner's presentation( "Laid out foundation..." ) on Windows mobile security looks nice. I'm not sure how large the audience was for the presentation but I'm sure there will be another spike in CE malware in the next few weeks. I'm also pretty sure EOR is the mnemonic for exclusive OR on the ARM.
Airscanner's presntations are available on their publications page.
Airscanner's presntations are available on their publications page.
Subscribe to:
Posts (Atom)
Auto "Kill Switch", solving the wrong problem?
Consumer Watchdog, a consumer advocacy group, put out a report on the dangers of Internet connected cars. They received coverage on the nigh...
-
Consumer Watchdog, a consumer advocacy group, put out a report on the dangers of Internet connected cars. They received coverage on the nigh...
-
A number of factors drive malware on new platforms. The chance for pure discovery and experimentation, the desire to be the first, a need to...
