SlideShare ist ein Scribd-Unternehmen logo

Malware in Mobile Platform from Panoramic Industrial View

Antiy Labs
Antiy Labs
Technologie
1 von 49
Malware in Mobile Platform from Panoramic Industrial View Antiy Labs
Contents introduction •a piece of “news” + a mobile phone phenomenon •new threat solution •Is everything under control? analysis •the history of confrontation conclusion •conclusion
INTRODUCTION: A PIECE OF “NEWS”+ A MOBILE PHONE
Talking From A Piece of “News”
Analysis
Taking from a Grey Mobile Phone Customize Extra Expenses Extra Services Download Other Software 恶意行为 Network Flows Website Hits Steal Message, Privacy Contacts list
Information Analysis on Malware Name com.google.android.providers.enhancedgooglesearch Chinese Name Original Name a.apk URL Source Collection Source System Android Platform Format apk MD5 Value BFBB58D0F8B487869393A0244AE71AFC CRC32 Value C1C12A99 SHA1 Value 59EE114166CDBCDDB88B38299934021080053D86 Bytes Malware Information Name Trojan/Android.droiddg.a[rmt,sys] CNCERT Name a.remote.droiddg.a Chines Name Other Names None Original/Tied Firmware embedding Threat type remote system
A Truely Funny Story A sexy E-market A grey Android mobile Genuine mobile Real E-market
Diverted Industrial Chain
INTERPRETATIONS OF NEW THREATS
Crossing the System Platform(Zitmo) Android RIM OS Windows Zeus Zitmo Symbian account/ random password identifying code WinCE attacker Net Bank
Steal Message and Contacts List (SW.Spyware)  Propagation Means – Disguise as Tax Amount Calculating Software Package Calculating  Procedure – Installation – Model as QQ Loginform to Lure Uses – Get the Account and Password of QQ and Send to Some Specific Mobile Phone  Object system – Android  Harm – Steal Message Contetns – The SW.Spyware.B Variant Can Even Monitor the Communication Record of User  Damage Range – First version of Android virus  Propagaton Time – July, 2010
Spycall (Nickispy) • Spycall and send back • Disguise as Google+ in the First Time 2011/09/17 第13页
Form Control System(Adrd) • Trojan/Android.Adrd.a[exp] Issue the control command and the malware trigger command Provide the data-accessing address URL needed by malware behavior Provide the parameter data needed by malware behavior Provide updating service for malware files
the interdisciplinary use of leak and social engineering 1. Replace normal application by means of Google application download bug 2. Consumers download bootleg applications which are actually malware, with 200 thousand victims. 3.Google clears out malware by remote upgrade interplay and provides security software 4.The malware attacker disguises as Google security software
SOLUTION: IS EVERYTHING UNDER CONTROL
Traditional view Host SIS format APK PE ……… Malware Mobile malware Android Spreading System SymbOS media entrance Various Windows media Mobile
Major Spreading Approaches • Official • GPRS/3G market/network • Wi-Fi • Third-party market • PC shared network • Message/multimedia Internet User message installation download PC Inserting penetration ROM • Flash memory share • User Flash • USB communication • Vendor pre-setting up 第18页
Dalvik Disassembling: IDA Pro 第19页
Static Analysis: ARM Disassembling 第20页
Static Analysis: Java Decompilation 2011/09/20 第21页
Dynamic Analysis: SDK Simulator 第22页
Dynamic Analysis: Behavior Monitor 第23页
Network Analysis 第24页
Automatic Analysis 第25页
Disassembling Dalvik Code 第26页
Disassembling Dalvik Code 第27页
Disassembling ARM Code 第28页
Decompilation as Java 第29页
System Simulation 第30页
Network Data Analysis 第31页
Dynamic Behavior Monitor 第32页
Automatic Comprehensive Analysis 第33页
Visualized Comprehensive Analysis 第34页
ANALYSIS: THE HISTORY OF CONFRONTATION
Those Forgotten Grey Faces ? CIH Melisa Sasser 1998 1999 2004
Those Forgotten Red Alert ?
A Cross-Platform Contrast 2001 2010
Winux(2001)
Cross Platform-Mobile + PC Bimorphism SymbianUpdateSrv.exe 912812352001_3rd.sisx start and update new module 0xe61caca0.dat (jar) symbianDL.exe dlinstall.dat (sisx) Function disguising class files download module module install.dat20 (sisx) symbianStarter.exe symbianSrv.exe clearing module service-monitoring symbianChkServer.exe module heartbeat telecontrol module
The Confrontation History Since 1988 Industrial Confrontation Systematical Confrontation Normalized Confrontation
Notable Event and Typical Method of Normalized Confrontation • Bouncing Ball Virus • Pattern Matching Penetrated • Difficulty Promoted • Encrypted Virus • Direct Attack Mechanism • Metamorphic Virus • Disrupting the Wording Chain • Script Virus • Interfering Mechanism • Macro Virus • Normalized Confrontation
Normalized Confrontation Virus current database framework diverter Object obataining matching preprocessor box assessor disposer Solution
Systematical confrontation(2000~2005)
Systematical confrontation (notable event) The Emerge of P2P Zombie Network The Application of PKI System in Zombie Network Attack on VirusTotal by distributed DDos Shift from Client to Could Port
Industrial Confrontation (2005—Now) underground information industrial industrial system system
An Integral Whole Seen from Underground Economy Chain invade enterprise sale server steal secret invade server network games underground obtain money steal virtual industrial steal account launder currency player steal bank money account invade website massively steal network send rubbish e- exchange mail account compile malware steal virtual reject service spreading property attack incorporate forum spread charge spread Compile Zombie mobile tying spread network malware mobile SP expense malware code deducting
Industrial Chain: Complex and Interminable app store Software personal content supplier supplier enterprise security application vendors sale service software service private official supplier service after-sale baseband spare- manufactu sale solution OS chip parts ring approach Qualcomm TechFaith ARM Symbian、WM、 genuine product TI DaTang Memory Macos、android、 grey product …… Battery palm…… custom and tie 48
Summary Malware has developed and broke through the traditional single concept of program code. It has penetrated into the whole system of society, politics, economy and life. It is impossible to resist malware effectively only relying on anti-virus vendors. The battle against malware requires the management and resistance of the whole social system. Anti-virus men of all countries, unite! Thank you! seak@antiy.com

Empfohlen

Defending Behind the Mobile Device
Defending Behind the Mobile DeviceDefending Behind the Mobile Device
Defending Behind the Mobile DeviceTyler Shields
 
Trend Micro - Virtualization and Security Compliance
Trend Micro - Virtualization and Security Compliance Trend Micro - Virtualization and Security Compliance
Trend Micro - Virtualization and Security Compliance 1CloudRoad.com
 
Trend Micro Dec 6 Toronto VMUG
Trend Micro Dec 6 Toronto VMUGTrend Micro Dec 6 Toronto VMUG
Trend Micro Dec 6 Toronto VMUGtovmug
 
The New Mobile Landscape - OWASP Ireland
The New Mobile Landscape - OWASP IrelandThe New Mobile Landscape - OWASP Ireland
The New Mobile Landscape - OWASP IrelandTyler Shields
 
Survey of Rootkit Technologies and Their Impact on Digital Forensics
Survey of Rootkit Technologies and Their Impact on Digital ForensicsSurvey of Rootkit Technologies and Their Impact on Digital Forensics
Survey of Rootkit Technologies and Their Impact on Digital ForensicsTyler Shields
 
HONEYPOTLABSAC: A VIRTUAL HONEYPOT FRAMEWORK FOR ANDROID
HONEYPOTLABSAC: A VIRTUAL HONEYPOT FRAMEWORK FOR ANDROIDHONEYPOTLABSAC: A VIRTUAL HONEYPOT FRAMEWORK FOR ANDROID
HONEYPOTLABSAC: A VIRTUAL HONEYPOT FRAMEWORK FOR ANDROIDIJCNCJournal
 
Puppetnets and Botnets: Information Technology Vulnerability Exploits
Puppetnets and Botnets: Information Technology Vulnerability ExploitsPuppetnets and Botnets: Information Technology Vulnerability Exploits
Puppetnets and Botnets: Information Technology Vulnerability Exploitsecarrow
 
Rpt repeating-history
Rpt repeating-historyRpt repeating-history
Rpt repeating-historyAnatoliy Tkachev
 

Empfohlen

Defending Behind the Mobile Device
Defending Behind the Mobile DeviceDefending Behind the Mobile Device
Defending Behind the Mobile DeviceTyler Shields
 
Trend Micro - Virtualization and Security Compliance
Trend Micro - Virtualization and Security Compliance Trend Micro - Virtualization and Security Compliance
Trend Micro - Virtualization and Security Compliance 1CloudRoad.com
 
Trend Micro Dec 6 Toronto VMUG
Trend Micro Dec 6 Toronto VMUGTrend Micro Dec 6 Toronto VMUG
Trend Micro Dec 6 Toronto VMUGtovmug
 
The New Mobile Landscape - OWASP Ireland
The New Mobile Landscape - OWASP IrelandThe New Mobile Landscape - OWASP Ireland
The New Mobile Landscape - OWASP IrelandTyler Shields
 
Survey of Rootkit Technologies and Their Impact on Digital Forensics
Survey of Rootkit Technologies and Their Impact on Digital ForensicsSurvey of Rootkit Technologies and Their Impact on Digital Forensics
Survey of Rootkit Technologies and Their Impact on Digital ForensicsTyler Shields
 
HONEYPOTLABSAC: A VIRTUAL HONEYPOT FRAMEWORK FOR ANDROID
HONEYPOTLABSAC: A VIRTUAL HONEYPOT FRAMEWORK FOR ANDROIDHONEYPOTLABSAC: A VIRTUAL HONEYPOT FRAMEWORK FOR ANDROID
HONEYPOTLABSAC: A VIRTUAL HONEYPOT FRAMEWORK FOR ANDROIDIJCNCJournal
 
Puppetnets and Botnets: Information Technology Vulnerability Exploits
Puppetnets and Botnets: Information Technology Vulnerability ExploitsPuppetnets and Botnets: Information Technology Vulnerability Exploits
Puppetnets and Botnets: Information Technology Vulnerability Exploitsecarrow
 
Rpt repeating-history
Rpt repeating-historyRpt repeating-history
Rpt repeating-historyAnatoliy Tkachev
 
Emerging cyber threats_report2012
Emerging cyber threats_report2012Emerging cyber threats_report2012
Emerging cyber threats_report2012day4justice
 
Known Knowns, Unknown Unknowns and Anti Virus stuff yadayadayada
Known Knowns, Unknown Unknowns and Anti Virus stuff yadayadayadaKnown Knowns, Unknown Unknowns and Anti Virus stuff yadayadayada
Known Knowns, Unknown Unknowns and Anti Virus stuff yadayadayadanamblasec
 
Introduction - Trend Micro Deep Security
Introduction - Trend Micro Deep SecurityIntroduction - Trend Micro Deep Security
Introduction - Trend Micro Deep SecurityAndrew Wong
 
RSA 2012 Presentation: Information Protection
RSA 2012 Presentation: Information ProtectionRSA 2012 Presentation: Information Protection
RSA 2012 Presentation: Information ProtectionSymantec
 
Trend Micro - 13martie2012
Trend Micro - 13martie2012Trend Micro - 13martie2012
Trend Micro - 13martie2012Agora Group
 
AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...
AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...
AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...Amazon Web Services
 
Comilion introduction presentation 26102012 (1)
Comilion introduction presentation 26102012 (1)Comilion introduction presentation 26102012 (1)
Comilion introduction presentation 26102012 (1)AP DealFlow
 
Shmoocon 2010 - The Monkey Steals the Berries
Shmoocon 2010 - The Monkey Steals the BerriesShmoocon 2010 - The Monkey Steals the Berries
Shmoocon 2010 - The Monkey Steals the BerriesTyler Shields
 
Trend micro real time threat management press presentation
Trend micro real time threat management press presentationTrend micro real time threat management press presentation
Trend micro real time threat management press presentationAndrew Wong
 
Android Camp 2011 @ Silicon India
Android Camp 2011 @ Silicon IndiaAndroid Camp 2011 @ Silicon India
Android Camp 2011 @ Silicon IndiaAvinash Birnale
 
Securing the Human (人を守るセキュリティ)
Securing the Human (人を守るセキュリティ)Securing the Human (人を守るセキュリティ)
Securing the Human (人を守るセキュリティ)itforum-roundtable
 
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updatesBriskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updatesBriskinfosec Technology and Consulting
 
Mobile Malware
Mobile MalwareMobile Malware
Mobile MalwareMartin Holovský
 
Android open-source operating System for mobile devices
Android open-source operating System for mobile devicesAndroid open-source operating System for mobile devices
Android open-source operating System for mobile devicesIOSR Journals
 
Taxonomy mobile malware threats and detection techniques
Taxonomy mobile malware threats and detection techniquesTaxonomy mobile malware threats and detection techniques
Taxonomy mobile malware threats and detection techniquescsandit
 
Android Services Black Magic by Aleksandar Gargenta
Android Services Black Magic by Aleksandar GargentaAndroid Services Black Magic by Aleksandar Gargenta
Android Services Black Magic by Aleksandar GargentaMarakana Inc.
 
Security News bytes October 2013
Security News bytes October 2013Security News bytes October 2013
Security News bytes October 2013n|u - The Open Security Community
 
Rp threat-predictions-2013
Rp threat-predictions-2013Rp threat-predictions-2013
Rp threat-predictions-2013Комсс Файквэе
 
IRJET- A Survey on Android Ransomware and its Detection Methods
IRJET- A Survey on Android Ransomware and its Detection MethodsIRJET- A Survey on Android Ransomware and its Detection Methods
IRJET- A Survey on Android Ransomware and its Detection MethodsIRJET Journal
 
Connecting the Dots of the User Experience
Connecting the Dots of the User ExperienceConnecting the Dots of the User Experience
Connecting the Dots of the User ExperienceGianluca Brugnoli
 
Info security - mobile approach
Info security - mobile approachInfo security - mobile approach
Info security - mobile approachEY Belgium
 
APPNATION IV - The State of Security in the Mobile Enterprise - Cesare Garlati
APPNATION IV - The State of Security in the Mobile Enterprise - Cesare GarlatiAPPNATION IV - The State of Security in the Mobile Enterprise - Cesare Garlati
APPNATION IV - The State of Security in the Mobile Enterprise - Cesare GarlatiMasha Geller
 

Weitere ähnliche Inhalte

Was ist angesagt?

Emerging cyber threats_report2012
Emerging cyber threats_report2012Emerging cyber threats_report2012
Emerging cyber threats_report2012day4justice
 
Known Knowns, Unknown Unknowns and Anti Virus stuff yadayadayada
Known Knowns, Unknown Unknowns and Anti Virus stuff yadayadayadaKnown Knowns, Unknown Unknowns and Anti Virus stuff yadayadayada
Known Knowns, Unknown Unknowns and Anti Virus stuff yadayadayadanamblasec
 
Introduction - Trend Micro Deep Security
Introduction - Trend Micro Deep SecurityIntroduction - Trend Micro Deep Security
Introduction - Trend Micro Deep SecurityAndrew Wong
 
RSA 2012 Presentation: Information Protection
RSA 2012 Presentation: Information ProtectionRSA 2012 Presentation: Information Protection
RSA 2012 Presentation: Information ProtectionSymantec
 
Trend Micro - 13martie2012
Trend Micro - 13martie2012Trend Micro - 13martie2012
Trend Micro - 13martie2012Agora Group
 
AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...
AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...
AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...Amazon Web Services
 
Comilion introduction presentation 26102012 (1)
Comilion introduction presentation 26102012 (1)Comilion introduction presentation 26102012 (1)
Comilion introduction presentation 26102012 (1)AP DealFlow
 
Shmoocon 2010 - The Monkey Steals the Berries
Shmoocon 2010 - The Monkey Steals the BerriesShmoocon 2010 - The Monkey Steals the Berries
Shmoocon 2010 - The Monkey Steals the BerriesTyler Shields
 
Trend micro real time threat management press presentation
Trend micro real time threat management press presentationTrend micro real time threat management press presentation
Trend micro real time threat management press presentationAndrew Wong
 
Android Camp 2011 @ Silicon India
Android Camp 2011 @ Silicon IndiaAndroid Camp 2011 @ Silicon India
Android Camp 2011 @ Silicon IndiaAvinash Birnale
 
Securing the Human (人を守るセキュリティ)
Securing the Human (人を守るセキュリティ)Securing the Human (人を守るセキュリティ)
Securing the Human (人を守るセキュリティ)itforum-roundtable
 
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updatesBriskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updatesBriskinfosec Technology and Consulting
 
Android open-source operating System for mobile devices
Android open-source operating System for mobile devicesAndroid open-source operating System for mobile devices
Android open-source operating System for mobile devicesIOSR Journals
 
Taxonomy mobile malware threats and detection techniques
Taxonomy mobile malware threats and detection techniquesTaxonomy mobile malware threats and detection techniques
Taxonomy mobile malware threats and detection techniquescsandit
 
Android Services Black Magic by Aleksandar Gargenta
Android Services Black Magic by Aleksandar GargentaAndroid Services Black Magic by Aleksandar Gargenta
Android Services Black Magic by Aleksandar GargentaMarakana Inc.
 
IRJET- A Survey on Android Ransomware and its Detection Methods
IRJET- A Survey on Android Ransomware and its Detection MethodsIRJET- A Survey on Android Ransomware and its Detection Methods
IRJET- A Survey on Android Ransomware and its Detection MethodsIRJET Journal
 
Connecting the Dots of the User Experience
Connecting the Dots of the User ExperienceConnecting the Dots of the User Experience
Connecting the Dots of the User ExperienceGianluca Brugnoli
 

Was ist angesagt? (20)

Emerging cyber threats_report2012
Emerging cyber threats_report2012Emerging cyber threats_report2012
Emerging cyber threats_report2012
 
Known Knowns, Unknown Unknowns and Anti Virus stuff yadayadayada
Known Knowns, Unknown Unknowns and Anti Virus stuff yadayadayadaKnown Knowns, Unknown Unknowns and Anti Virus stuff yadayadayada
Known Knowns, Unknown Unknowns and Anti Virus stuff yadayadayada
 
Introduction - Trend Micro Deep Security
Introduction - Trend Micro Deep SecurityIntroduction - Trend Micro Deep Security
Introduction - Trend Micro Deep Security
 
RSA 2012 Presentation: Information Protection
RSA 2012 Presentation: Information ProtectionRSA 2012 Presentation: Information Protection
RSA 2012 Presentation: Information Protection
 
Trend Micro - 13martie2012
Trend Micro - 13martie2012Trend Micro - 13martie2012
Trend Micro - 13martie2012
 
AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...
AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...
AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...
 
Comilion introduction presentation 26102012 (1)
Comilion introduction presentation 26102012 (1)Comilion introduction presentation 26102012 (1)
Comilion introduction presentation 26102012 (1)
 
Shmoocon 2010 - The Monkey Steals the Berries
Shmoocon 2010 - The Monkey Steals the BerriesShmoocon 2010 - The Monkey Steals the Berries
Shmoocon 2010 - The Monkey Steals the Berries
 
Trend micro real time threat management press presentation
Trend micro real time threat management press presentationTrend micro real time threat management press presentation
Trend micro real time threat management press presentation
 
Android Camp 2011 @ Silicon India
Android Camp 2011 @ Silicon IndiaAndroid Camp 2011 @ Silicon India
Android Camp 2011 @ Silicon India
 
Securing the Human (人を守るセキュリティ)
Securing the Human (人を守るセキュリティ)Securing the Human (人を守るセキュリティ)
Securing the Human (人を守るセキュリティ)
 
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updatesBriskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updates
 
Mobile Malware
Mobile MalwareMobile Malware
Mobile Malware
 
Android open-source operating System for mobile devices
Android open-source operating System for mobile devicesAndroid open-source operating System for mobile devices
Android open-source operating System for mobile devices
 
Taxonomy mobile malware threats and detection techniques
Taxonomy mobile malware threats and detection techniquesTaxonomy mobile malware threats and detection techniques
Taxonomy mobile malware threats and detection techniques
 
Android Services Black Magic by Aleksandar Gargenta
Android Services Black Magic by Aleksandar GargentaAndroid Services Black Magic by Aleksandar Gargenta
Android Services Black Magic by Aleksandar Gargenta
 
Security News bytes October 2013
Security News bytes October 2013Security News bytes October 2013
Security News bytes October 2013
 
Rp threat-predictions-2013
Rp threat-predictions-2013Rp threat-predictions-2013
Rp threat-predictions-2013
 
IRJET- A Survey on Android Ransomware and its Detection Methods
IRJET- A Survey on Android Ransomware and its Detection MethodsIRJET- A Survey on Android Ransomware and its Detection Methods
IRJET- A Survey on Android Ransomware and its Detection Methods
 
Connecting the Dots of the User Experience
Connecting the Dots of the User ExperienceConnecting the Dots of the User Experience
Connecting the Dots of the User Experience
 

Ähnlich wie Malware in Mobile Platform from Panoramic Industrial View

Info security - mobile approach
Info security - mobile approachInfo security - mobile approach
Info security - mobile approachEY Belgium
 
APPNATION IV - The State of Security in the Mobile Enterprise - Cesare Garlati
APPNATION IV - The State of Security in the Mobile Enterprise - Cesare GarlatiAPPNATION IV - The State of Security in the Mobile Enterprise - Cesare Garlati
APPNATION IV - The State of Security in the Mobile Enterprise - Cesare GarlatiMasha Geller
 
When developer's api simplify user mode rootkits developing.
When developer's api simplify user mode rootkits developing.When developer's api simplify user mode rootkits developing.
When developer's api simplify user mode rootkits developing.Yury Chemerkin
 
I haz you and pwn your maal whitepaper
I haz you and pwn your maal whitepaperI haz you and pwn your maal whitepaper
I haz you and pwn your maal whitepaperHarsimran Walia
 
C0c0n 2011 mobile security presentation v1.2
C0c0n 2011 mobile security presentation v1.2C0c0n 2011 mobile security presentation v1.2
C0c0n 2011 mobile security presentation v1.2Santosh Satam
 
Symantec Website Security Threat Report
Symantec Website Security Threat ReportSymantec Website Security Threat Report
Symantec Website Security Threat Reportcheinyeanlim
 
Telesemana ce nominum:mef
Telesemana ce nominum:mefTelesemana ce nominum:mef
Telesemana ce nominum:mefRafael Junquera
 
NewsByte Mumbai October 2017
NewsByte Mumbai October 2017NewsByte Mumbai October 2017
NewsByte Mumbai October 2017chauhananand17
 
Software Supply Chain Attacks (June 2021)
Software Supply Chain Attacks (June 2021)Software Supply Chain Attacks (June 2021)
Software Supply Chain Attacks (June 2021)TzahiArabov
 
The Endless Wave of Online Threats - Protecting our Community
The Endless Wave of Online Threats - Protecting our CommunityThe Endless Wave of Online Threats - Protecting our Community
The Endless Wave of Online Threats - Protecting our CommunityAVG Technologies AU
 
Droidcon2013 security genes_trendmicro
Droidcon2013 security genes_trendmicroDroidcon2013 security genes_trendmicro
Droidcon2013 security genes_trendmicroDroidcon Berlin
 
2013 Security Threat Report Presentation
2013 Security Threat Report Presentation2013 Security Threat Report Presentation
2013 Security Threat Report PresentationSophos
 
Deep Dive Into Android Security
Deep Dive Into Android SecurityDeep Dive Into Android Security
Deep Dive Into Android SecurityMarakana Inc.
 
Mobile Commerce: A Security Perspective
Mobile Commerce: A Security PerspectiveMobile Commerce: A Security Perspective
Mobile Commerce: A Security PerspectivePragati Rai
 
Lumension Security - Adjusting our defenses for 2012
Lumension Security - Adjusting our defenses for 2012Lumension Security - Adjusting our defenses for 2012
Lumension Security - Adjusting our defenses for 2012Andris Soroka
 
Battling Malware In The Enterprise
Battling Malware In The EnterpriseBattling Malware In The Enterprise
Battling Malware In The EnterpriseAyed Al Qartah
 
Maximize Computer Security With Limited Ressources
Maximize Computer Security With Limited RessourcesMaximize Computer Security With Limited Ressources
Maximize Computer Security With Limited RessourcesSecunia
 
NXP'S-PORTFOLIO-FOR-ADDRESSING-IOT-SECURITY.pdf
NXP'S-PORTFOLIO-FOR-ADDRESSING-IOT-SECURITY.pdfNXP'S-PORTFOLIO-FOR-ADDRESSING-IOT-SECURITY.pdf
NXP'S-PORTFOLIO-FOR-ADDRESSING-IOT-SECURITY.pdfssuser57b3e5
 

Ähnlich wie Malware in Mobile Platform from Panoramic Industrial View (20)

Info security - mobile approach
Info security - mobile approachInfo security - mobile approach
Info security - mobile approach
 
APPNATION IV - The State of Security in the Mobile Enterprise - Cesare Garlati
APPNATION IV - The State of Security in the Mobile Enterprise - Cesare GarlatiAPPNATION IV - The State of Security in the Mobile Enterprise - Cesare Garlati
APPNATION IV - The State of Security in the Mobile Enterprise - Cesare Garlati
 
When developer's api simplify user mode rootkits developing.
When developer's api simplify user mode rootkits developing.When developer's api simplify user mode rootkits developing.
When developer's api simplify user mode rootkits developing.
 
Mbs w23
Mbs w23Mbs w23
Mbs w23
 
I haz you and pwn your maal whitepaper
I haz you and pwn your maal whitepaperI haz you and pwn your maal whitepaper
I haz you and pwn your maal whitepaper
 
C0c0n 2011 mobile security presentation v1.2
C0c0n 2011 mobile security presentation v1.2C0c0n 2011 mobile security presentation v1.2
C0c0n 2011 mobile security presentation v1.2
 
News Bytes - December 2012
News Bytes - December 2012News Bytes - December 2012
News Bytes - December 2012
 
Symantec Website Security Threat Report
Symantec Website Security Threat ReportSymantec Website Security Threat Report
Symantec Website Security Threat Report
 
Telesemana ce nominum:mef
Telesemana ce nominum:mefTelesemana ce nominum:mef
Telesemana ce nominum:mef
 
NewsByte Mumbai October 2017
NewsByte Mumbai October 2017NewsByte Mumbai October 2017
NewsByte Mumbai October 2017
 
Software Supply Chain Attacks (June 2021)
Software Supply Chain Attacks (June 2021)Software Supply Chain Attacks (June 2021)
Software Supply Chain Attacks (June 2021)
 
The Endless Wave of Online Threats - Protecting our Community
The Endless Wave of Online Threats - Protecting our CommunityThe Endless Wave of Online Threats - Protecting our Community
The Endless Wave of Online Threats - Protecting our Community
 
Droidcon2013 security genes_trendmicro
Droidcon2013 security genes_trendmicroDroidcon2013 security genes_trendmicro
Droidcon2013 security genes_trendmicro
 
2013 Security Threat Report Presentation
2013 Security Threat Report Presentation2013 Security Threat Report Presentation
2013 Security Threat Report Presentation
 
Deep Dive Into Android Security
Deep Dive Into Android SecurityDeep Dive Into Android Security
Deep Dive Into Android Security
 
Mobile Commerce: A Security Perspective
Mobile Commerce: A Security PerspectiveMobile Commerce: A Security Perspective
Mobile Commerce: A Security Perspective
 
Lumension Security - Adjusting our defenses for 2012
Lumension Security - Adjusting our defenses for 2012Lumension Security - Adjusting our defenses for 2012
Lumension Security - Adjusting our defenses for 2012
 
Battling Malware In The Enterprise
Battling Malware In The EnterpriseBattling Malware In The Enterprise
Battling Malware In The Enterprise
 
Maximize Computer Security With Limited Ressources
Maximize Computer Security With Limited RessourcesMaximize Computer Security With Limited Ressources
Maximize Computer Security With Limited Ressources
 
NXP'S-PORTFOLIO-FOR-ADDRESSING-IOT-SECURITY.pdf
NXP'S-PORTFOLIO-FOR-ADDRESSING-IOT-SECURITY.pdfNXP'S-PORTFOLIO-FOR-ADDRESSING-IOT-SECURITY.pdf
NXP'S-PORTFOLIO-FOR-ADDRESSING-IOT-SECURITY.pdf
 

Mehr von Antiy Labs

Development, Confusion and Exploration of Honeypot Technology
Development, Confusion and Exploration of Honeypot TechnologyDevelopment, Confusion and Exploration of Honeypot Technology
Development, Confusion and Exploration of Honeypot TechnologyAntiy Labs
 
Data Storage and Security Strategies of Network Identity
Data Storage and Security Strategies of Network IdentityData Storage and Security Strategies of Network Identity
Data Storage and Security Strategies of Network IdentityAntiy Labs
 
Security Challenges of Antivirus Engines, Products and Systems
Security Challenges of Antivirus Engines, Products and SystemsSecurity Challenges of Antivirus Engines, Products and Systems
Security Challenges of Antivirus Engines, Products and SystemsAntiy Labs
 
The Evolution Theory of Malware and Our Thought
The Evolution Theory of Malware and Our Thought The Evolution Theory of Malware and Our Thought
The Evolution Theory of Malware and Our Thought Antiy Labs
 
Virus Detection System
Virus Detection SystemVirus Detection System
Virus Detection SystemAntiy Labs
 
Virus Detection Based on the Packet Flow
Virus Detection Based on the Packet FlowVirus Detection Based on the Packet Flow
Virus Detection Based on the Packet FlowAntiy Labs
 
PE Trojan Detection Based on the Assessment of Static File Features
PE Trojan Detection Based on the Assessment of Static File FeaturesPE Trojan Detection Based on the Assessment of Static File Features
PE Trojan Detection Based on the Assessment of Static File FeaturesAntiy Labs
 
Embeddable Antivirus engine with high granularity
Embeddable Antivirus engine with high granularityEmbeddable Antivirus engine with high granularity
Embeddable Antivirus engine with high granularityAntiy Labs
 

Mehr von Antiy Labs (8)

Development, Confusion and Exploration of Honeypot Technology
Development, Confusion and Exploration of Honeypot TechnologyDevelopment, Confusion and Exploration of Honeypot Technology
Development, Confusion and Exploration of Honeypot Technology
 
Data Storage and Security Strategies of Network Identity
Data Storage and Security Strategies of Network IdentityData Storage and Security Strategies of Network Identity
Data Storage and Security Strategies of Network Identity
 
Security Challenges of Antivirus Engines, Products and Systems
Security Challenges of Antivirus Engines, Products and SystemsSecurity Challenges of Antivirus Engines, Products and Systems
Security Challenges of Antivirus Engines, Products and Systems
 
The Evolution Theory of Malware and Our Thought
The Evolution Theory of Malware and Our Thought The Evolution Theory of Malware and Our Thought
The Evolution Theory of Malware and Our Thought
 
Virus Detection System
Virus Detection SystemVirus Detection System
Virus Detection System
 
Virus Detection Based on the Packet Flow
Virus Detection Based on the Packet FlowVirus Detection Based on the Packet Flow
Virus Detection Based on the Packet Flow
 
PE Trojan Detection Based on the Assessment of Static File Features
PE Trojan Detection Based on the Assessment of Static File FeaturesPE Trojan Detection Based on the Assessment of Static File Features
PE Trojan Detection Based on the Assessment of Static File Features
 
Embeddable Antivirus engine with high granularity
Embeddable Antivirus engine with high granularityEmbeddable Antivirus engine with high granularity
Embeddable Antivirus engine with high granularity
 

Kürzlich hochgeladen

Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 

Kürzlich hochgeladen (20)

Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 

Malware in Mobile Platform from Panoramic Industrial View

  • 1. Malware in Mobile Platform from Panoramic Industrial View Antiy Labs
  • 2. Contents introduction •a piece of “news” + a mobile phone phenomenon •new threat solution •Is everything under control? analysis •the history of confrontation conclusion •conclusion
  • 3. INTRODUCTION: A PIECE OF “NEWS”+ A MOBILE PHONE
  • 4. Talking From A Piece of “News”
  • 6. Taking from a Grey Mobile Phone Customize Extra Expenses Extra Services Download Other Software 恶意行为 Network Flows Website Hits Steal Message, Privacy Contacts list
  • 7. Information Analysis on Malware Name com.google.android.providers.enhancedgooglesearch Chinese Name Original Name a.apk URL Source Collection Source System Android Platform Format apk MD5 Value BFBB58D0F8B487869393A0244AE71AFC CRC32 Value C1C12A99 SHA1 Value 59EE114166CDBCDDB88B38299934021080053D86 Bytes Malware Information Name Trojan/Android.droiddg.a[rmt,sys] CNCERT Name a.remote.droiddg.a Chines Name Other Names None Original/Tied Firmware embedding Threat type remote system
  • 8. A Truely Funny Story A sexy E-market A grey Android mobile Genuine mobile Real E-market
  • 11. Crossing the System Platform(Zitmo) Android RIM OS Windows Zeus Zitmo Symbian account/ random password identifying code WinCE attacker Net Bank
  • 12. Steal Message and Contacts List (SW.Spyware)  Propagation Means – Disguise as Tax Amount Calculating Software Package Calculating  Procedure – Installation – Model as QQ Loginform to Lure Uses – Get the Account and Password of QQ and Send to Some Specific Mobile Phone  Object system – Android  Harm – Steal Message Contetns – The SW.Spyware.B Variant Can Even Monitor the Communication Record of User  Damage Range – First version of Android virus  Propagaton Time – July, 2010
  • 13. Spycall (Nickispy) • Spycall and send back • Disguise as Google+ in the First Time 2011/09/17 第13页
  • 14. Form Control System(Adrd) • Trojan/Android.Adrd.a[exp] Issue the control command and the malware trigger command Provide the data-accessing address URL needed by malware behavior Provide the parameter data needed by malware behavior Provide updating service for malware files
  • 15. the interdisciplinary use of leak and social engineering 1. Replace normal application by means of Google application download bug 2. Consumers download bootleg applications which are actually malware, with 200 thousand victims. 3.Google clears out malware by remote upgrade interplay and provides security software 4.The malware attacker disguises as Google security software
  • 17. Traditional view Host SIS format APK PE ……… Malware Mobile malware Android Spreading System SymbOS media entrance Various Windows media Mobile
  • 18. Major Spreading Approaches • Official • GPRS/3G market/network • Wi-Fi • Third-party market • PC shared network • Message/multimedia Internet User message installation download PC Inserting penetration ROM • Flash memory share • User Flash • USB communication • Vendor pre-setting up 第18页
  • 20. Static Analysis: ARM Disassembling 第20页
  • 21. Static Analysis: Java Decompilation 2011/09/20 第21页
  • 22. Dynamic Analysis: SDK Simulator 第22页
  • 23. Dynamic Analysis: Behavior Monitor 第23页
  • 24. Network Analysis 第24页
  • 25. Automatic Analysis 第25页
  • 30. System Simulation 第30页
  • 35. ANALYSIS: THE HISTORY OF CONFRONTATION
  • 36. Those Forgotten Grey Faces ? CIH Melisa Sasser 1998 1999 2004
  • 37. Those Forgotten Red Alert ?
  • 40. Cross Platform-Mobile + PC Bimorphism SymbianUpdateSrv.exe 912812352001_3rd.sisx start and update new module 0xe61caca0.dat (jar) symbianDL.exe dlinstall.dat (sisx) Function disguising class files download module module install.dat20 (sisx) symbianStarter.exe symbianSrv.exe clearing module service-monitoring symbianChkServer.exe module heartbeat telecontrol module
  • 41. The Confrontation History Since 1988 Industrial Confrontation Systematical Confrontation Normalized Confrontation
  • 42. Notable Event and Typical Method of Normalized Confrontation • Bouncing Ball Virus • Pattern Matching Penetrated • Difficulty Promoted • Encrypted Virus • Direct Attack Mechanism • Metamorphic Virus • Disrupting the Wording Chain • Script Virus • Interfering Mechanism • Macro Virus • Normalized Confrontation
  • 43. Normalized Confrontation Virus current database framework diverter Object obataining matching preprocessor box assessor disposer Solution
  • 45. Systematical confrontation (notable event) The Emerge of P2P Zombie Network The Application of PKI System in Zombie Network Attack on VirusTotal by distributed DDos Shift from Client to Could Port
  • 46. Industrial Confrontation (2005—Now) underground information industrial industrial system system
  • 47. An Integral Whole Seen from Underground Economy Chain invade enterprise sale server steal secret invade server network games underground obtain money steal virtual industrial steal account launder currency player steal bank money account invade website massively steal network send rubbish e- exchange mail account compile malware steal virtual reject service spreading property attack incorporate forum spread charge spread Compile Zombie mobile tying spread network malware mobile SP expense malware code deducting
  • 48. Industrial Chain: Complex and Interminable app store Software personal content supplier supplier enterprise security application vendors sale service software service private official supplier service after-sale baseband spare- manufactu sale solution OS chip parts ring approach Qualcomm TechFaith ARM Symbian、WM、 genuine product TI DaTang Memory Macos、android、 grey product …… Battery palm…… custom and tie 48
  • 49. Summary Malware has developed and broke through the traditional single concept of program code. It has penetrated into the whole system of society, politics, economy and life. It is impossible to resist malware effectively only relying on anti-virus vendors. The battle against malware requires the management and resistance of the whole social system. Anti-virus men of all countries, unite! Thank you! seak@antiy.com