Doctor Web virus analysts discovered the biggest ever botnet (a group of computers infected with malicious software), consisting of Android devices. So far, more than 200,000 smartphones, including those of Polish users have been infected with viruses of the family Android.SmsSend and included in the network controlled by cybercriminals. Preliminary estimates suggest that the damage caused by malware as a result of this incident can amount to hundreds of thousands of dollars.
The infected devices in order to integrate them into a botnet cyber criminals have used several malicious program detected recently Android.SmsSend.754.origin, Android.SmsSend.412 (known in Doctor Web since March 2013 and distributes to the mobile browser), Android.SmsSend. 468.origin (known since April 2013) and Android.SmsSend.585.origin, (recognized in June 2013). The earliest version of the Trojan linked to the investigation into the incident is Android.SmsSend.233.origin, added to the databases of Dr.Web in November 2012. In most cases, the source of the infection turned out to be owned by criminals and sites attacked and controlled by them for further propagation of viruses.Android.SmsSend.754.origin Trojan masquerades as a application called Flow_Player.apk. During the installation, it displays prompts you to run it with administrator privileges – this malicious application gains the power to lock and unlock the screen. In addition, gains Android.SmsSend.754.origin Late remove their icons from the “home” of Android. After installation, the Trojan sends an attacking message on an infected machine, which may include information such as the IMEI number of funds in your prepaid card, the country code and operator code – the SIM card issuer, number and model of mobile phone and operating system version. Android.SmsSend.754.origin then waits for commands from intruders, in response to which they can, for example, send a text message defined for a specific number or aggregate SMS to numbers from the phone’s address book, open the specified URL in a browser or display a message with a specific the title and the content on the screen.
According to information gathered by analysts of Doctor Web, botnet contains more than 200,000 mobile devices based on Android. Most of them (124.458) located in Russia, the second place is Ukraine (39.020 infection), the third and Kazakhstan (21.555). Polish users, although with a lower score (192 infected devices), also found in the area of ??operation of the botnet.
photo Mat. Press
geographical distribution of infection
According to information gathered by analysts of Doctor Web, botnet contains more than 200,000 mobile devices based on Android. Most of them (124.458) located in Russia, the second place is Ukraine (39.020 infection), the third and Kazakhstan (21.555)
Click to go to the gallery (2)
Detected incident is one of the biggest attacks on Android devices that have been recorded in the last six months. Preliminary evaluations suggest that the result of the botnet can be severe damage caused to users by these types of malware.
photo smex – Fotolia.com
biggest botnet in history attacker Android
to infect machines in order to integrate them into a botnet cyber criminals have used several malicious program detected recently Android.SmsSend.754.origin, Android.SmsSend. 412 Android.SmsSend.468.origin and Android.SmsSend.585.origin.
Click to go to the gallery (2)
All these malicious programs are detected and removed by the Dr.Web anti-virus software, but in order to avoid infection, Doctor Web specialists recommend the abandonment of downloading and installing programs from the suspects, unauthorized sources. Doctor Web’s analysts continue to closely monitor the situation.
No comments:
Post a Comment