Wednesday, November 19, 2014

SMS-head worm attacks Android device – PCLab.pl

You are under Press Releases. Materials contained herein have been developed by companies unrelated
PCLab.pl Editor or Group Onet.pl SA. Editors PCLab.pl is not responsible for the content of this publication.

Sending bulk SMS messages containing malicious links to harmful malware is now one of the most popular ways to distribute the risks associated with Android. Such methods spread malicious programs are used by cybercriminals to distribute so. SMS worms. In early November, security analysts of Doctor Web company discovered another such program. After starting the dangerous bot can send short messages, delete installed applications and files, steal confidential information, attack and perform other malicious actions on an infected machine.

Join the Dr.Web virus database program Android. Wormle.1.origin is equipped with various functions. After installing the bot creates a shortcut on the main screen and runs as a system service com.driver.system.

Android.Wormle.1.origin connects to the server command and control (C & amp; C) and is waiting for further guidance from hackers. It should be noted that cybercriminals can control the bot directly through their server C & amp; C, as well as through Google Cloud Messaging-service that allows developers to communicate with their applications to target devices through active Google account.

This program has a very extensive set of features. In particular, it can perform the following tasks:

  • To send an SMS message with the specified text to one or more of the numbers listed in the command;
  • To send an SMS message with the specified text to all numbers in Address Book
  • Make a specific phone number to the black list in order to block incoming SMS messages and calls from this number;
  • send an inquiry about USSD code – (USSD number is in the black list in order to ensure that the user will not receive response SMS);
  • Communicate information on all incoming SMS and outgoing calls to the server C & amp; C;
  • Run the recorder or stop recording during it;
  • Obtain information on accounts linked to the infected machine;
  • Obtain information about all installed applications
  • Acquire contact information;
  • Gather information about the mobile operator;
  • Specify the version of the operating system;
  • Determine the country where the SIM card has been registered;
  • Determine the number of subscriber
  • Remove the specified application (to accomplish this bot Special displays a dialog box that forces the user to remove the program);
  • Collect information about the files and folders located on the SD card;
  • Load the zip archive containing specified in the user file or folder to the server C & amp; C;
  • Delete the file or directory
  • Remove all SMS messages stored on your device;
  • Carry out a DDoS attack on a particular website;
  • Connect to Server C & amp; C in accordance with specific parameters;
  • Change the address of the server control
  • Clean the black list.

Cybercriminals can therefore using the Android.Wormle.1.origin perform all sorts of tasks ranging from sending paid SMS and steal confidential data to conduct DDoS attacks on various websites. In addition, the virus can obtain information about your bank account, which extends the harmful effects of the program on an even larger scale.

Android.Wormle.1.origin runs like a worm SMS and spread to Android devices via SMS containing a link to download. Such messages may look like this:

“I love you http: // [] app.ru/*numer*” where “number” is the number of the recipient.

So looking messages are sent to all recipients in the Phonebook, which Android.Wormle.1.origin can infect a very large number of devices in a short time, and thus greatly expand the same botnet. Statistics collected by Doctor Web indicate that, so far malware has infected more than 14,000 thousands of devices belonging to users in more than 20 countries. Most of them – 12, 946,000 (91.49%) – located in Russia and the Ukraine (0.88%), the USA (0.76%), Belarus (0.51%), in Kazakhstan (0.25%), Uzbekistan (0.21%) and Tajikistan (0.15%).

“Security analysts of Doctor Web continues to closely monitor this threat. Entry to detect this malicious program was added to the virus database, so your Android device, on which the program operates and Dr.Web Dr.Web Light are protected against attacks Android.Wormle.1.origin “- tells Joanna Schulz-Torój, specialist Doctor Web.

LikeTweet

No comments:

Post a Comment