ABSTRACT
Mobile malware is rapidly becoming a serious threat. In this paper, we survey the current state of mobile malware in the wild. We analyze the incentives behind 46 pieces of iOS, Android, and Symbian malware that spread in the wild from 2009 to 2011. We also use this data set to evaluate the effectiveness of techniques for preventing and identifying mobile malware. After observing that 4 pieces of malware use root exploits to mount sophisticated attacks on Android phones, we also examine the incentives that cause non-malicious smartphone tinkerers to publish root exploits and survey the availability of root exploits.
- Adwords content guidelines. http://adwords.google.com/support/aw/bin/static.py?hl=en&guide=28435&page=guide.cs.Google Scholar
- Android Market. http://www.android.com/market.Google Scholar
- Google AdSense Program Policies. https://www.google.com/adsense/support/bin/answer.py?answer=48182.Google Scholar
- iPhone App Store. http://www.apple.com/iphone/apps-for-iphone.Google Scholar
- Ovi store. http://store.ovi.com.Google Scholar
- xda-developers. http://www.xda-developers.com.Google Scholar
- Top 10 Android Phones, 2011. http://www.pcworld.com/reviews/collection/3286/top_10_android_phones.html.Google Scholar
- A. Al-Bataineh and G. White. Detection and Prevention Methods of Botnet-generated Spam. In MIT Spam Conference, 2009.Google Scholar
- T. Asad. Jailbreak ios 4.3.3 untethered on iphone 4, 3gs, ipad, ipod touch with pwnagetool 4.3.3 {tutorial}. Redmond Pie, 2011. http://www.redmondpie.com/jailbreak-ios-4.3.3-untethered-iphone-4-3gs-ipad-ipod-touch-4g-3g-using-pwnagetool-4.3.3-tutorial.Google Scholar
- M. Balakrishnan, I. Mohomed, and V. Ramasubramanian. Where's That Phone? Geolocating IP Addresses on 3G Networks. In IMC, 2009. Google ScholarDigital Library
- D. Barroso. ZeuS Mitmo: Man-in-the-mobile (III). http://securityblog.s21sec.com/2010/09/zeus-mitmo-man-in-mobile-iii.html.Google Scholar
- M. Becher, F. Freiling, J. Hoffmann, T. Holz, S. Uellenbeck, and C. Wolf. Mobile Security Catching Up? Revealing the Nuts and Bolts of the Security of Mobile Devices. In IEEE Symposium on Security and Privacy, 2011. Google ScholarDigital Library
- M. Boodaei. Mobile Users Three Times More Vulnerable to Phishing Attacks. Trusteer Technical Report.Google Scholar
- C. Burns. HTC Unlocking Bootloaders Across the Board {OFFICIAL}, 2011. http://www.slashgear.com/htc-unlocking-bootloaders-across-the-board-official-26155031.Google Scholar
- J. Caballero, C. Grier, C. Kreibich, and V. Paxson. Measuring pay-per-install: The commoditization of malware distribution. In USENIX Security, 2011. Google ScholarDigital Library
- M. Calamia. Mobile payments to surge to $670 billion by 2015. http://www.mobiledia.com/news/96900.html, 2011.Google Scholar
- R. Cannings. An update on Android Market security. Google Mobile Blog. http://googlemobile.blogspot.com/2011/03/update-on-android-market-security.html.Google Scholar
- G. Clucley. Hacked iPhones held hostage for 5 Euros. Naked Security, 2009.Google Scholar
- C.Mulliner, N. Golde, and J. Seifert. SMS of Death: From Analyzing to Attacking Mobile Phones on a Large Scale. In USENIX Security, 2011. Google ScholarDigital Library
- Cyanogen(mod). OpenVPN, 2011. http://www.cyanogenmod.com/features/openvpn.Google Scholar
- N. Daswani, C. Mysen, V. Rao, S. Weis, K. Gharachorloo, and S. Ghosemajumder. Online advertising fraud. Crimeware: Understanding New Attacks and Defenses, 2008.Google Scholar
- N. Daswani and M. Stoppelman. The anatomy of Clickbot. A. In Proceedings of the first conference on First Workshop on Hot Topics in Understanding Botnets, pages 11--11. USENIX Association, 2007. Google ScholarDigital Library
- S. Doherty and P. Krysiuk. Android.Basebridge. Symantec, 2011. http://www.symantec.com/security_response/writeup.jsp?docid=2011-060915-4938-99.Google Scholar
- M. Egele, C. Kruegel, E. Kirda, and G. Vigna. PiOS: Detecting Privacy Leaks in iOS Applications. In NDSS, 2011.Google Scholar
- W. Enck, P. Gilbert, B. Chun, L. P. Cox, J. Jung, P. McDaniel, and A. N. Sheth. TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones. In OSDI, 2010. Google ScholarDigital Library
- W. Enck, M. Ongtang, and P. McDaniel. On Lightweight Mobile Phone Application Certification. In CCS, 2009. Google ScholarDigital Library
- F-Secure. Trojanised mobile phone game makes expensive phone calls. http://www.f-secure.com/weblog/archives/00001930.html, 2010.Google Scholar
- A. P. Felt, K. Greenwood, and D. Wagner. The Effectiveness of Application Permissions. In USENIX WebApps, 2011. Google ScholarDigital Library
- A. P. Felt and D. Wagner. Phishing on Mobile Devices. In W2SP, 2011.Google Scholar
- J. Franklin and V. Paxson. An inquiry into the nature and causes of the wealth of Internet miscreants. In CCS, 2007.Google Scholar
- D. Goodin. Backdoor in top iPhone games stole user data, suit claims. The Register, 2009.Google Scholar
- C. Guo, H. J. Wang, and W. Zhu. Smart Phone Attacks and Defenses. In ACM Workshop on Hot Topics in Networks, 2004.Google Scholar
- J. Hamada. New Android Threat Gives Phone a Root Canal. Symantec, 2011. http://www.symantec.com/connect/blogs/new-android-threat-gives-phone-root-canal.Google Scholar
- E. Haselsteiner and K. Breitfuß. Security in near field communication. Workshop on RFID Security, 2006.Google Scholar
- iClarified. How to change your iPhone IMEI with ZiPhone (Windows). http://www.iClarified.com/entry/index.php?enid=657.Google Scholar
- J. Jamaluddin, N. Zotou, and P. Coulton. Mobile phone vulnerabilities: a new generation of malware. In IEEE International Symposium on Consumer Electronics, 2004.Google ScholarCross Ref
- X. Jiang. Security Alert: New Sophisticated Android Malware DroidKungFu Found in Alternative Chinese App Markets. http://www.cs.ncsu.edu/faculty/jiang/DroidKungFu.html, 2011.Google Scholar
- C. Johnson. Kenzero virus blackmails those who illegally download anime porn. BBC. http://news.bbc.co.uk/2/hi/technology/8622665.stm.Google Scholar
- Juniper Global Threat Center. Fake player. http://globalthreatcenter.com/?p=1907.Google Scholar
- G. Lawton. Is it finally time to worry about mobile malware? Computer, May 2008. Google ScholarDigital Library
- M. Fossi (Editor). Symantec Report on the Underground Economy. Symantec Corporation, 2008.Google Scholar
- J. Markoff. Surveillance of Skype Messages Found in China. New York Times, 2008.Google Scholar
- B. Miller, P. Pearce, C. Grier, C. Kreibich, and V. Paxson. What's Clicking What? Techniques and Innovations of Today's Clickbots. In DIMVA, 2011. Google ScholarDigital Library
- Mobclix. Monthly value of an app user. http://blog.mobclix.com/index/PDF/january_infographic.pdf.Google Scholar
- C. Mulliner. Vulnerability Analysis and Attacks on NFC-enabled Mobile Phones. In Proceedings of the 1st International Workshop on Sensor Security (IWSS) at ARES, Fukuoka, Japan, 2009.Google Scholar
- Y. Niu, F. Hsu, and H. Chen. iPhish: Phishing Vulnerabilities on Consumer Electronics. In UPSEC, 2009. Google ScholarDigital Library
- P. Porras and H. Saidi and V. Yegneswaran. An Analysis of the Ikee.B (Duh) iPhone Botnet. SRI International, 2009. http://mtc.sri.com/iPhone.Google Scholar
- Panda Security. Eeki.A. http://www.pandasecurity.com/homeusers/security-info/215107/Eeki.A, 2009.Google Scholar
- C. Peikari. PDA attacks, part 2: airborne viruses-evolution of the latest threats. (IN) SECURE Magazine, 2005.Google Scholar
- P. Roberts. Android NFC bug could be the first of many. http://threatpost.com/en_us/blogs/android-nfc-bug-could-be-first-many-062011, 2011.Google Scholar
- S. Rosenblatt. Avast to go mobile, get VPN. The Download Blog, 2011. http://download.cnet.com/8301-2007_4-20074377-12/avast-to-go-mobile-get-vpn.Google Scholar
- A. Schmidt, H. Schmidt, L. Batyuk, J. H. Clausen, S. A. Camtepe, and S. Albayrak. Smartphone Malware Evolution Regisited: Android Next Target? In MALWARE, 2009.Google Scholar
- A. Shevchenko. An overview of mobile device security. http://www.viruslist.com/en/analysis.Google Scholar
- T. Strazzere. Security Alert: HongTouTou, New Android Trojan, Found in China. The Lookout Blog, 2011.Google Scholar
- T. Strazzere. Security Alert: Malware Found Targeting Custom ROMs (jSMSHider). The Lookout Blog, 2011.Google Scholar
- T. Strazzere. Security Alert: zHash, A Binary that can Root Android Phones, Found in Chinese App Markets and Android Market. The Lookout Blog, 2011.Google Scholar
- Symantec. Android.geinimi. http://www.symantec.com/security_response/writeup.jsp?docid=2011-010111-5403-99.Google Scholar
- Symantec. Android threat set to trigger on the end of days, or the day's end. http://www.symantec.com/connect/blogs/android-threat-set-trigger-end-days-or-day-s-end, 2011.Google Scholar
- Symantec. Symbos.spitmo. http://www.symantec.com/security_response/writeup.jsp?docid=2011-040610-5334-99, 2011.Google Scholar
- B. Thompson. UAE Blackberry update was spyware. http://news.bbc.co.uk/2/hi/technology/8161190.stm.Google Scholar
- S. Toyssy and M. Helenius. About malicious software in smartphones. Journal in Computer Virology, 2006.Google Scholar
- P. Traynor, M. Lin, M. Ongtang, V. Rao, T. Jaeger, P. McDaniel, and T. La Porta. On Cellular Botnets: Measuring the Impact of Malicious Devices on a Cellular Network Core. In CCS, 2009. Google ScholarDigital Library
- Trend Micro. BBOS_ZITMO.B. http://about-threats.trendmicro.com/Malware.aspx?language=us&name=BBOS_ZITMO.B, 2011.Google Scholar
- T. Vidas, D. Votipka, and N. Christin. All your droid are belong to us: A survey of current android attacks. In WOOT, 2011. Google ScholarDigital Library
- J. Wortham. Unofficial Software Incurs Apple's Wrath. The New York Times, 2009.Google Scholar
Index Terms
- A survey of mobile malware in the wild
Recommendations
Testing malware detectors
In today's interconnected world, malware, such as worms and viruses, can cause havoc. A malware detector (commonly known as virus scanner) attempts to identify malware. In spite of the importance of malware detectors, there is a dearth of testing ...
Detecting, validating and characterizing computer infections in the wild
IMC '11: Proceedings of the 2011 ACM SIGCOMM conference on Internet measurement conferenceAlthough network intrusion detection systems (IDSs) have been studied for several years, their operators are still overwhelmed by a large number of false-positive alerts. In this work we study the following problem: from a large archive of intrusion ...
The Next Malware Battleground: Recovery After Unknown Infection
Malware has become a natural aspect of Internet computing due to the imperfectness of systems that identify malware and prevent their installation. Our ability to control the volume of unwanted and malicious traffic on the Internet—the spam messages, ...
Comments