Overclock.net › Forums › Industry News › Software News › [SMH] New Android trojan nearly impossible to remove
New Posts  All Forums:Forum Nav:

[SMH] New Android trojan nearly impossible to remove - Page 3

post #21 of 55
This is why my rooted android phone is locked down tighter than Fort Knox. Its really convenient using system logs to dispute At&t charges. And malware and other programs have to have my express permission to install.
Medusa
(24 items)
 
  
CPUMotherboardGraphicsGraphics
Intel Processor Z87 Extreme6 Intel(R) HD Graphics 4600 AMD Radeon HD 7900 Series 
GraphicsRAMHard DriveHard Drive
AMD Radeon HD 7900 Series Team Extreme Crucial M4 Crucial M4 
Hard DriveHard DriveHard DriveOptical Drive
Samsung Spinpoint F3 Samsung Spinpoint F3 Hitachi 7K2000  Lite-On BD-Rom 
CoolingOSOSOS
Zalman CNPS10x Extreme Windows 8.1 Windows 10 Pro Windows 10 Enterprise LTSB 
MonitorKeyboardPowerCase
Asus VE228H Thermaltake Poseidon RGB  Rosewill Fortress 750w Fractal Defire R3 
MouseMouse PadAudioAudio
Madcats R.A.T. 7 Steelseries Goliath ASUS Xonar D1 Logitech Z2300 
  hide details  
Reply
Medusa
(24 items)
 
  
CPUMotherboardGraphicsGraphics
Intel Processor Z87 Extreme6 Intel(R) HD Graphics 4600 AMD Radeon HD 7900 Series 
GraphicsRAMHard DriveHard Drive
AMD Radeon HD 7900 Series Team Extreme Crucial M4 Crucial M4 
Hard DriveHard DriveHard DriveOptical Drive
Samsung Spinpoint F3 Samsung Spinpoint F3 Hitachi 7K2000  Lite-On BD-Rom 
CoolingOSOSOS
Zalman CNPS10x Extreme Windows 8.1 Windows 10 Pro Windows 10 Enterprise LTSB 
MonitorKeyboardPowerCase
Asus VE228H Thermaltake Poseidon RGB  Rosewill Fortress 750w Fractal Defire R3 
MouseMouse PadAudioAudio
Madcats R.A.T. 7 Steelseries Goliath ASUS Xonar D1 Logitech Z2300 
  hide details  
Reply
post #22 of 55
Quote:
Originally Posted by Bit_reaper View Post

And here I was under the impression that thees kind of things where not possible on a linux based OS.

It is not the linux part that is the problem. It is the java part that is the problem. Java can never and will never be secure. As long as the system depends on java to run, it will always be a security nightmare.

When you code something in java, you are begging for problems just like this. Add that one top of java performance hit, it simply surprises me that we are still using the language.

When something is written for linux, something like this is nearly impossible. But when it is written for java running on top of linux, is nearly impossible to prevent.
The Guppy
(13 items)
 
  
CPUMotherboardGraphicsRAM
i7 980x Ga-x58a-ud3r rev.2 460 gtx Sli 16gb 
Hard DrivePowerCase
Samsung f3 Corsair TX950W Haf 932 
  hide details  
Reply
The Guppy
(13 items)
 
  
CPUMotherboardGraphicsRAM
i7 980x Ga-x58a-ud3r rev.2 460 gtx Sli 16gb 
Hard DrivePowerCase
Samsung f3 Corsair TX950W Haf 932 
  hide details  
Reply
post #23 of 55
Quote:
Originally Posted by Bit_reaper View Post

And here I was under the impression that thees kind of things where not possible on a linux based OS.

Android is a Java stack on top of Linux. Java = Malware.
post #24 of 55
Quote:
Originally Posted by BSLSK05 View Post

This is why my rooted android phone is locked down tighter than Fort Knox. Its really convenient using system logs to dispute At&t charges. And malware and other programs have to have my express permission to install.

To be honest, you don't understand security that well. I am not insulting you, but point out the problem.

It really does not matter if your are rooted or not, that just does not matter. It also does not have to have your "express permission" to do install. In fact, one of the best parts of the current batches of malware, is they do not need you to do anything. I have seen some malware that installs by getting permission from you turning up the volume.

The best way to have a secure device is to treat your phone like a 5 year old. If you would not allow a 5 year old to do it, then you should not allow your phone to do.

Would you allow your 5 year old child to take candy from strangers?

Would you send your 5 year old child into a adult store?

Would you allow your 5 year old child randomly eat anything they find on the ground?

No?

Then you should not let your phone do it.


But your "I have it locked down like fort knox" idea of manly security is going to bite you in the bottom. Most of the security problems we are going to face in the next 30 years are going to get into fort knox not by busting in the front door, but by social engineering.

Which means you need a phone less like "fort knox" and more like a public library.
The Guppy
(13 items)
 
  
CPUMotherboardGraphicsRAM
i7 980x Ga-x58a-ud3r rev.2 460 gtx Sli 16gb 
Hard DrivePowerCase
Samsung f3 Corsair TX950W Haf 932 
  hide details  
Reply
The Guppy
(13 items)
 
  
CPUMotherboardGraphicsRAM
i7 980x Ga-x58a-ud3r rev.2 460 gtx Sli 16gb 
Hard DrivePowerCase
Samsung f3 Corsair TX950W Haf 932 
  hide details  
Reply
post #25 of 55
Quote:
Originally Posted by RiverOfIce View Post

It is not the linux part that is the problem. It is the java part that is the problem. Java can never and will never be secure. As long as the system depends on java to run, it will always be a security nightmare.

When you code something in java, you are begging for problems just like this. Add that one top of java performance hit, it simply surprises me that we are still using the language.

When something is written for linux, something like this is nearly impossible. But when it is written for java running on top of linux, is nearly impossible to prevent.

Nonsense, poopy-pants!

Java gets targeted a lot simply because it's hardware agnostic, and is installed on almost every computer out there, as well as many other devices. That means it's worth the effort to attack because the number of computers you can potentially infect is huge. The exact same reason that Windows has such a huge malware base.

This is also the same reason that Adobe Flash and Adobe PDF are so frequently targets.

Also, the performance hit from the Java JVM is basically negligible these days.

Everything has vulnerabilities... The only safe computer is a powered-off computer, no matter what software it's running.
Edited by SectorNine50 - 6/10/13 at 8:49am
Perpetual Upgrade
(17 items)
 
Server
(17 items)
 
Galago UltraPro
(9 items)
 
CPUMotherboardGraphicsRAM
i7-4770K MSI Z97M Gaming Zotac GTX 1080 AMP! Edition (2x4GB) Corsair DDR3-2000 
Hard DriveHard DriveCoolingCooling
128GB Crucial M4 (2x) 500GB RAID 0 Swiftech Apogee Black Ice GT Stealth 240 
OSKeyboardPowerCase
Windows 10 Pro 64bit Corsair K70 Vengence Seasonic X650 Aerocool DS Cube 
MouseAudio
Logitech G500 ASUS Xonar DX 
CPUMotherboardGraphicsRAM
Phenom II X4 965 MSI 870A-G54 nVidia 8400GS (2x2GB) Patriot DDR3-1600 
RAMHard DriveHard DriveCooling
(2x4GB) Patriot DDR3-1600 (3x) 320GB RAID 5 (1x) 1TB Backup Storage Coolermaster TX3 
OSPowerOther
Proxmox Hypervisor Antec TruePower 430W HP Smart Array P400 
CPUGraphicsRAMHard Drive
Intel i7-4750HQ Intel Iris Pro Graphics 5200  (2 x 4GB) DDR3-1600 90GB Intel mSATA SSD 
Hard DriveOSOSMonitor
500GB 5400RPM HDD Ubuntu Gnome 15.10 Windows 10 14" 1080p ColorPro IPS 
Case
Galago UltraPro 
  hide details  
Reply
Perpetual Upgrade
(17 items)
 
Server
(17 items)
 
Galago UltraPro
(9 items)
 
CPUMotherboardGraphicsRAM
i7-4770K MSI Z97M Gaming Zotac GTX 1080 AMP! Edition (2x4GB) Corsair DDR3-2000 
Hard DriveHard DriveCoolingCooling
128GB Crucial M4 (2x) 500GB RAID 0 Swiftech Apogee Black Ice GT Stealth 240 
OSKeyboardPowerCase
Windows 10 Pro 64bit Corsair K70 Vengence Seasonic X650 Aerocool DS Cube 
MouseAudio
Logitech G500 ASUS Xonar DX 
CPUMotherboardGraphicsRAM
Phenom II X4 965 MSI 870A-G54 nVidia 8400GS (2x2GB) Patriot DDR3-1600 
RAMHard DriveHard DriveCooling
(2x4GB) Patriot DDR3-1600 (3x) 320GB RAID 5 (1x) 1TB Backup Storage Coolermaster TX3 
OSPowerOther
Proxmox Hypervisor Antec TruePower 430W HP Smart Array P400 
CPUGraphicsRAMHard Drive
Intel i7-4750HQ Intel Iris Pro Graphics 5200  (2 x 4GB) DDR3-1600 90GB Intel mSATA SSD 
Hard DriveOSOSMonitor
500GB 5400RPM HDD Ubuntu Gnome 15.10 Windows 10 14" 1080p ColorPro IPS 
Case
Galago UltraPro 
  hide details  
Reply
post #26 of 55
Quote:
Originally Posted by RiverOfIce View Post

To be honest, you don't understand security that well. I am not insulting you, but point out the problem.

It really does not matter if your are rooted or not, that just does not matter. It also does not have to have your "express permission" to do install. In fact, one of the best parts of the current batches of malware, is they do not need you to do anything. I have seen some malware that installs by getting permission from you turning up the volume.
Which means you need a phone less like "fort knox" and more like a public library.

Rooting actually does matter. One of the nifty things you get when you root is called Super User. You can set this to lock out all commands to root system storage and prevent apps from seeing things they aren't suppose to. Super User is a nanny for my 5 year old. Because I treat my phone like this, my Galaxy S is turning three this year with no software or hardware faults. I have never had an issue with malicious software and I probably wont.

P.S. to every android user, automatic updates can allow stuff like this to happen if an app you get outside of the play store is infected. Its best to not give your apps internet access unless the company and software is trusted and their app is well designed. (Facebook, Twitter, Tumblr, Google Apps, ETC.)
Medusa
(24 items)
 
  
CPUMotherboardGraphicsGraphics
Intel Processor Z87 Extreme6 Intel(R) HD Graphics 4600 AMD Radeon HD 7900 Series 
GraphicsRAMHard DriveHard Drive
AMD Radeon HD 7900 Series Team Extreme Crucial M4 Crucial M4 
Hard DriveHard DriveHard DriveOptical Drive
Samsung Spinpoint F3 Samsung Spinpoint F3 Hitachi 7K2000  Lite-On BD-Rom 
CoolingOSOSOS
Zalman CNPS10x Extreme Windows 8.1 Windows 10 Pro Windows 10 Enterprise LTSB 
MonitorKeyboardPowerCase
Asus VE228H Thermaltake Poseidon RGB  Rosewill Fortress 750w Fractal Defire R3 
MouseMouse PadAudioAudio
Madcats R.A.T. 7 Steelseries Goliath ASUS Xonar D1 Logitech Z2300 
  hide details  
Reply
Medusa
(24 items)
 
  
CPUMotherboardGraphicsGraphics
Intel Processor Z87 Extreme6 Intel(R) HD Graphics 4600 AMD Radeon HD 7900 Series 
GraphicsRAMHard DriveHard Drive
AMD Radeon HD 7900 Series Team Extreme Crucial M4 Crucial M4 
Hard DriveHard DriveHard DriveOptical Drive
Samsung Spinpoint F3 Samsung Spinpoint F3 Hitachi 7K2000  Lite-On BD-Rom 
CoolingOSOSOS
Zalman CNPS10x Extreme Windows 8.1 Windows 10 Pro Windows 10 Enterprise LTSB 
MonitorKeyboardPowerCase
Asus VE228H Thermaltake Poseidon RGB  Rosewill Fortress 750w Fractal Defire R3 
MouseMouse PadAudioAudio
Madcats R.A.T. 7 Steelseries Goliath ASUS Xonar D1 Logitech Z2300 
  hide details  
Reply
post #27 of 55
Samsung SCH-R631, phone and text only.

I love low tech. I've read that the NSA has a hard time obtaining data from non-data phones.
post #28 of 55
Quote:
Originally Posted by SectorNine50 View Post

Nonsense, poopy-pants!

Java gets targeted a lot simply because it's hardware agnostic, and is installed on almost every computer out there, as well as many other devices. That means it's worth the effort to attack because the number of computers you can potentially infect is huge. The exact same reason that Windows has such a huge malware base.

This is also the same reason that Adobe Flash and Adobe PDF are so frequently targets.

Also, the performance hit from the Java JVM is basically negligible these days.

Everything has vulnerabilities... The only safe computer is a powered-off computer, no matter what software it's running.

Actually wouldn't Java be on the same level as a webbrowser like Chrome, FF, IE? In that the infection comes not from an exploit in any flaws in the main OS...but abuses the permissions given to the Java Machine or web browser? I'm sure they did more than just target the Java stack in this case as otherwise this shouldn't be a big deal (right?) but a safe computer is one that the admin has complete knowledge of and control of the source code of everything running on the machine with explicit permissions having to be given at every step. SO yeah...nothing reasonable. biggrin.gif

EDIT: ROFL at someone calling FB's app well designed. That thing is pretty sad when you compare it to it's Russian knockoff site's app VK. It's pretty to look at but slow and glitchy.

@PDXMark: Umm..maybe you're trying to be ironic but taking your terms literally is fun. Paraphrased "A non-data phone is hard to get data from". But really, if you text and have that thing on receiving and sending a signal; the NSA can get plenty from you or the network provider.
Edited by Rookie1337 - 6/10/13 at 9:41am
     
CPUGraphicsRAMHard Drive
Intel Core m3-6Y30 Intel HD515 8GB 1866DDR3L Micron M600 MTFDDAV256MBF M.2, 256 GB 
CoolingOSOSMonitor
Fanless Win10 Home x64 Kubuntu 16.04 (requires Linux kernel 4.5/4.6) 13.3 inch 16:9, 1920x1080 pixel, AU Optronics A... 
CPUMotherboardGraphicsRAM
AthlonIIX4 640 3.62GHz (250x14.5) 2.5GHz NB Asus M4A785TD-M EVO MSI GTX275 (Stock 666) 8GBs of GSkill 1600 
RAMHard DriveHard DriveHard Drive
4GBs of Adata 1333 Kingston HyperX 3k 120GB WD Caviar Black 500GB Hitachi Deskstar 1TB 
Optical DriveCoolingOSOS
LG 8X BDR (WHL08S20) Cooler Master Hyper 212+ Kubuntu x64 Windows 7 x64 
OSMonitorPowerCase
Bodhi Linux x64 Acer G215H (1920x1080) Seasonic 520 HAF912 
CPUMotherboardGraphicsRAM
N450 1.8GHz AC and 1.66GHz batt ASUS proprietary for 1001P GMA3150 (can play bluray now!?) 1GB DDR2 
Hard DriveOptical DriveOSOS
160GB LGLHDLBDRE32X Bodhi Linux Fedora LXDE 
OSOSMonitorKeyboard
Kubuntu SLAX 1280x600 + Dell 15inch Excellent! 
PowerCase
6 cells=6-12hrs and a charger 1001P MU17 Black 
  hide details  
Reply
     
CPUGraphicsRAMHard Drive
Intel Core m3-6Y30 Intel HD515 8GB 1866DDR3L Micron M600 MTFDDAV256MBF M.2, 256 GB 
CoolingOSOSMonitor
Fanless Win10 Home x64 Kubuntu 16.04 (requires Linux kernel 4.5/4.6) 13.3 inch 16:9, 1920x1080 pixel, AU Optronics A... 
CPUMotherboardGraphicsRAM
AthlonIIX4 640 3.62GHz (250x14.5) 2.5GHz NB Asus M4A785TD-M EVO MSI GTX275 (Stock 666) 8GBs of GSkill 1600 
RAMHard DriveHard DriveHard Drive
4GBs of Adata 1333 Kingston HyperX 3k 120GB WD Caviar Black 500GB Hitachi Deskstar 1TB 
Optical DriveCoolingOSOS
LG 8X BDR (WHL08S20) Cooler Master Hyper 212+ Kubuntu x64 Windows 7 x64 
OSMonitorPowerCase
Bodhi Linux x64 Acer G215H (1920x1080) Seasonic 520 HAF912 
CPUMotherboardGraphicsRAM
N450 1.8GHz AC and 1.66GHz batt ASUS proprietary for 1001P GMA3150 (can play bluray now!?) 1GB DDR2 
Hard DriveOptical DriveOSOS
160GB LGLHDLBDRE32X Bodhi Linux Fedora LXDE 
OSOSMonitorKeyboard
Kubuntu SLAX 1280x600 + Dell 15inch Excellent! 
PowerCase
6 cells=6-12hrs and a charger 1001P MU17 Black 
  hide details  
Reply
post #29 of 55
Quote:
Originally Posted by stcawthern View Post

Amazes me that someone put hours and hours into this with their only goal to piss people off and run up bills.

Makes you wonder how pathetic their life must be.

Pathetic?, no.
If somebody has the talent to create these then they have talent that could be put to good use should somebody put up the coin.
The only problem here is somebody hasn't offered them money or enough money to be on the 'good' side.

In this kind of a world it's currency > morals...
Fate/Zero
(19 items)
 
Storage Server
(9 items)
 
 
MotherboardRAMHard DriveHard Drive
Gigabyte N3150-D3V 8GB Crucial Non-ECC (Live life on the edge) Western Digital 4TB Western Digital 4TB 
Hard DriveHard DriveOSPower
Western Digital 4TB Western Digital 4TB FreeNAS Corsair 350W 
Case
3U Logic Case SC-2306B-550B 
  hide details  
Reply
Fate/Zero
(19 items)
 
Storage Server
(9 items)
 
 
MotherboardRAMHard DriveHard Drive
Gigabyte N3150-D3V 8GB Crucial Non-ECC (Live life on the edge) Western Digital 4TB Western Digital 4TB 
Hard DriveHard DriveOSPower
Western Digital 4TB Western Digital 4TB FreeNAS Corsair 350W 
Case
3U Logic Case SC-2306B-550B 
  hide details  
Reply
post #30 of 55
This is why I'm not using Android tongue.gif
unfortunately that leave a majority of smartphone OEMs out and some of them have such beautiful devices
Dream PC
(17 items)
 
Surface Pro 3
(9 items)
 
 
CPUMotherboardGraphicsRAM
INTEL Core i7 6700K ASUS Maximus VIII Hero Z170 MSI Geforce GTX 980 Ti Gaming 6G G.SKILL Ripjaws 4 series 16GB DDR4 3000 
Hard DriveHard DriveCoolingOS
SAMSUNG SM951 NVMe 512GB SAMSUNG 850 EVO 1TB COOLER MASTER Nepton 280L MICROSOFT Windows 10 Pro x64 
MonitorMonitorKeyboardPower
BENQ XL2420TE DELL UltraSharp U2415 WASD V2 custom CORSAIR HX850i 
CaseMouseAudioOther
NZXT H440 white CORSAIR Vengeance M95 CREATIVE Sound Blaster Z CPU Delid 
Other
LED Lighting 
CPUMotherboardGraphicsRAM
Intel Core i5 4300U Microsoft Surface Intel HD Graphics 4400 8 GB DDR3L 
Hard DriveOSKeyboardMouse
256 GB SSD Windows 10 Pro x64 Surface Pro 4 Type Cover with Fingerprint ID Microsoft Arc Mouse Surface Edition 
  hide details  
Reply
Dream PC
(17 items)
 
Surface Pro 3
(9 items)
 
 
CPUMotherboardGraphicsRAM
INTEL Core i7 6700K ASUS Maximus VIII Hero Z170 MSI Geforce GTX 980 Ti Gaming 6G G.SKILL Ripjaws 4 series 16GB DDR4 3000 
Hard DriveHard DriveCoolingOS
SAMSUNG SM951 NVMe 512GB SAMSUNG 850 EVO 1TB COOLER MASTER Nepton 280L MICROSOFT Windows 10 Pro x64 
MonitorMonitorKeyboardPower
BENQ XL2420TE DELL UltraSharp U2415 WASD V2 custom CORSAIR HX850i 
CaseMouseAudioOther
NZXT H440 white CORSAIR Vengeance M95 CREATIVE Sound Blaster Z CPU Delid 
Other
LED Lighting 
CPUMotherboardGraphicsRAM
Intel Core i5 4300U Microsoft Surface Intel HD Graphics 4400 8 GB DDR3L 
Hard DriveOSKeyboardMouse
256 GB SSD Windows 10 Pro x64 Surface Pro 4 Type Cover with Fingerprint ID Microsoft Arc Mouse Surface Edition 
  hide details  
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Software News
Overclock.net › Forums › Industry News › Software News › [SMH] New Android trojan nearly impossible to remove