Mobile Version Subscribe to Virus Experts – We Make Your Digital Life Secured RSS FeedSubscribe to Virus Experts – We Make Your Digital Life SecuredComments FEED

Browse > Home /

Android rootkits – malware on your smartphone

June 5, 2010 by admin  
Filed under Security News

Leave a Comment

Many of you are probably familiar with the concept of rootkits – malicious software that lurks hidden at a low-level on your Windows or Unix computer, remaining undetected by conventional anti-virus software.

 

Although new rootkits can be prevented from infecting your computer, if you had any rootkits before you installed your anti-virus, they may never be revealed. This threat really began to capture the headlines a couple of years ago, and as a result security vendors like Sophos provided free anti-rootkit software for Windows users to check and clean-up their systems.

 

But rootkits aren’t just limited to conventional desktop operating systems.

 

Earlier this year we saw two scientists from Rutgers University discuss the possibility of smartphone rootkits, and now – according to media reports – security researchers are planning to demonstrate a malicious rootkit for Google’s Android operating system.

 

Trustwave’s Nicholas J Percoco and Christian Papathanasiou are planning to give alive demonstration at DEF CON next month of the kernel-level Android rootkit they have developed. Percoco and Papathanasiou claim that the rootkit – once activated – could be used to track the location of the mobile phone’s owner, read their private SMS messages, and redirect calls to bogus numbers.

 

Of course, all of this relies upon malicious hackers having been able to plant the rootkit in the first place on your Android phone.

 

And that’s quite a challenge for anybody who wants to spy on you.

 

Read More…

 

Tags: , , , , , ,

RootRepeal – The New and Great Rootkit Detector and Remover

May 31, 2010 by admin  
Filed under Removal Tips,Tools and Videos

Leave a Comment

 

RootRepeal is a new rootkit detector currently in public beta.

 

It is designed with the following goals in mind:

  1. Easy to use – a user with little to no computer experience should be able to use it.
  2. Powerful – it should be able to detect all publicly available rootkits.
  3. Stable – it should work on as many different system configurations as possible, and, in the event of an incompatibility, not crash the host computer.
  4. Safe – it will not use any rootkit-like techniques (hooking, etc.) to protect itself.

 

Currently, RootRepeal includes the following features:

  1. Driver Scan – scans the system for kernel-mode drivers.  Displays all drivers currently loaded, and shows if a driver has been hidden, and whether the driver’s file is visible on-disk.
  2. Files Scan – scans any fixed drive on the system for hidden, locked or falsified* files.
  3. Processes Scan – scans the system for processes.  Displays all processes currently running, and shows if a processes is hidden or locked.
  4. SSDT Scan – shows whether any of the functions in the System Service Descriptor Table (SSDT) are hooked.
  5. Stealth Objects Scan – attempts to determine if any rootkits are active by looking for typical symptoms.
  6. Hidden Services Scan – scans for hidden system services.
  7. Shadow SSDT Scan – counterpart to the SSDT Scan, but deals mostly with graphics and window-related functions.

* – falsified files are files which have their size mis-reported to the Windows API.  Some rootkits use this to hide data.

 

RootRepeal is currently in public beta.  Whereas every effort has been made to ensure compatibility with every system configuration on Windows 2000, XP, 2003 and Vista, it cannot be guaranteed.  There is always some risk when scanning for rootkits.  Before running RootRepeal, please make sure you have backups of all important data and have saved all open documents.

 

System Requirements

  • Microsoft® Windows 2008 Server; Windows Vista®; Windows XP Professional or Home Edition; Windows 2000 with Service Pack 4; Windows 2003 Server
    Note: Only x86 versions of Windows are supported.
  • 128MB of RAM.
  • 600KB of hard-drive space.

 

Download: RootRepeal.rar
MD5 (of the EXE): 880D7A26B7BB6B00A0709E75F149B83D
SHA-1 (of the EXE): 1943798277BBB1C396A980C58D077F5A57636932

 

VirusTotal Scan: http://www.virustotal.com/analisis/dd2d8492185ded564fdae8f5a1d85946123c346086763a238b0d74f1e2848259-1250214648

 

NOTE : Because, as mentioned above, there is always an element of risk when scanning for rootkits, the author offers NO WARRANTY for RootRepeal.  USE AT YOUR OWN RISK!


The latest version of RootRepeal can always be found at the static links http://rootrepeal.googlepages.com/RootRepeal.rar, or http://rootrepeal.googlepages.com/RootRepeal.zip (see below for more mirrors, in case the bandwidth limits have been exceeded).

 

Note: This site has recently been exceeding bandwidth, so if any of the above download links are unavailable, please use one of the following:

http://ad13.geekstogo.com/RootRepeal.zip
http://ad13.geekstogo.com/RootRepeal.rar
http://rootrepeal.psikotick.com/RootRepeal.zip
http://rootrepeal.psikotick.com/RootRepeal.rar

 

For more info about this project :  http://sites.google.com/site/rootrepeal/


Tags: , , , , , , , ,

Surveillance rootkits on smartphones

February 24, 2010 by admin  
Filed under Security News

1 Comment

Liviu Iftode and Vinod Ganapathy, two researchers at Rutgers University, have revealed some experiments they have been conducting, showing how rootkits could be used to take control of smartphones.

 

The scientists have shown that a malicious attacker could cause a smartphone to “eavesdrop on a meeting, track its owner’s travels, or rapidly drain its battery to render the phone useless”.

 

Watch the following YouTube video to learn more:

 

 

It’s a cute little video, but how realistic is this threat in reality?

 

I don’t think the kind of attack described by Iftode and Ganapathy is a big deal right now.

 

Yes, it is possible to change or put software onto a smartphone (by, for instance, installing a rootkit) so that the mobile device then performs malicious functions. For instance, code that enables covert remote surveillance, battery drainage or silently steals data.

 

Of course, this relies upon the smartphone allowing you to make changes to its low-level software. Popular smartphones like the Apple iPhone lock down that kind of meddling to a great extent.

 

So, the key thing to remember is that the bad guys have to somehow get the malicious rootkit onto your phone in the first place.

 

How are they going to do that?

 

They would either need to have physical access to your smartphone, exploit an unpatched security vulnerability or use a social engineering attack to trick you into installing malicious code. Even if they went down the “trick” route they would be relying upon the phone’s OS to allow you to install unapproved apps (iPhones, for instance, are strictly controlled by their Cupertino-based overlords, allowing users to only install code that has been approved and checked by the AppStore).

 

So it doesn’t sound like what Iftode and Ganapathy are describing is actually any different from the rootkits that infect traditional desktop computers. The main difference is that there are probably less opportunities (and thus much harder) to infect a mobile phone than, say, a computer running Windows.

 

Furthermore, I would argue that the typical mobile phone user is still typically less used to installing applications than their Windows counterparts, and so the chances of success via fooling the user into installing a dangerous application can be assumed to be even lower.

 

Iftode and Ganapathy have not demonstrated any revolutionary new way of getting round the biggest hurdle for those wanting to spy on smartphones: how are they going to get the malware onto the phone?

 

If I really wanted to snoop on someone’s phone I think it would probably be easier to swap my victim’s mobile phone for an identical (but bugged) device rather than go to all this effort with no promise of success.

 

Smartphone snooping

Sure, the mobile phone malware threat is growing – but it’s a tiny raindrop in a thunderstorm compared to regular attacks that strike Windows computers. Slowly but slowly it’s becoming more serious (the recent discovery of financially-motivated malware that targets jailbroken iPhones is proof of that), and undoubtedly we will begin to see more users running anti-virus security on their phones in the years to come.

 

However, if I was responsible for securing my company’s mobile phones I would be much more worried about the real security threat of staff losing their phones in taxis or on the train, rather than the theoretical risk of surveillance rootkits.

 

It’s a nice video and presentation that Iftode and Ganapathy made, but I won’t be losing any sleep over it just yet.

 

More information on the topic of smartphone rootkits can be found in the paper Iftode and Ganapathy have produced: “Rootkits on Smart Phones: Attacks, implications and opportunities” [PDF]

 

By Graham Cluley, Sophos

 

Tags: , , , , , , , , , , , , , , , , , , ,