Thoughts on Malware for Mobile Devices - Part 2

Published: 2010-07-12
Last Updated: 2010-07-12 18:44:43 UTC
by Chris Carboni (Version: 1)
11 comment(s)

In last month's diary I asked two main questions.

How would I really know if there was malware on my smart phone?

How do we really know that mobile malware is not widespread right now?

So a poll was created asking for your experiences.

One reader commented asking what the definition of "malware" was.  Given that most of the readers of this diary are sufficiently knowledgeable about security to dismiss tracking cookies and other such things, I have to believe that only true malware is being reported.

I hope you reported the cookies.

The results and some preliminary analysis follows:

DISCLAIMER:  This is not a scientific poll, I am not a statistician and this should in no way be construed as an effort to spread FUD.

Of 540 respondents to date (the six respondents listing other have been removed as their methods and results were not described)

83 of 540 (15.3%) of respondents were scanning for malware.

15 of 83 (18.1%) who were looking for malware on their mobile device found it.

457 of 540 (84.6%) were not scanning their devices.

Now, 540 responses is not a particularly large sample, but I have been monitoring the statistics as responses are entered and the percentage of people reporting they found malware consistently ranged from 15-20% so 18.1% seems to be a reasonable number.  Likewise the percentage of people who were not scanning ranged consistently from 82-86%

Based on those numbers, 83 of the 457 people who responded who were not looking for malware would be infected.  Ouch.

How many mobile devices are out there right now?

How many in your office building?  How many in your city, your state, your country?

How many in the world?

Let's say these numbers are double what would be seen in the population at large.

Even so, if 9% of all the smart phones were infected with malware (especially if we didn't know it), that would be cause (IMHO) for alarm.

I couldn't find any good numbers on existing smart phones but according to this ZD Net Article Credit Suisse projected that total smartphone sales for 2009 will end up at around 176 million units. In the years ahead, Credit Suisse expects the smartphone market to balloon to around 1.5 billion units. By comparison, worldwide unit sales of all mobile phones in  2009 will be about 1.2 billion and worldwide unit sales of all PCs in 2009 will be about 300 million.

Let's say the Credit Suisse was way, way off and we'll say there are only 100 Million smart phones in the world today.

And we'll say that even the 9% above was way off and it's half that, which would be only 25% of what the poll you responded to said.

4.5 Million infected devices.

1.5 Billion Units?  I don't even want to think about it.

Do the math.  Plug in your own numbers. Check your smart phones.

So my delayed, and corrected answer to the gentlemen at SANSFire who asked "Will this year be the year that malware on mobile devices becomes a problem?" is:

 

I think it is.  We just don't know it.

 

UPDATE:

Mikel wrote in:

Will you be following up with a site you can point your mobile app to that can scan it online?

I know my handy phone has started using it's entire battery life in under 12 hours - ever since I downloaded a ring tone.  So I'm really worried.

By the way, how do you look and see what's running on a mobile app?  I don't see any cmdline prompt.

Any recommendations for mobile AV?

 

Thanks Mikel


I don't know of any site that you can point your mobile device to and have it be scanned online. and I would think that data charges for that would be prohibitive unless you had a truly "unlimited" data plan.

As for recommendations, it's no secret I'm not a fan of signature based AV.  However, this is a case where something is better than nothing.

A defense in depth approach would be to use a different vendor on your smart phone than you use for your PC AV and then if possible, scan your device either on insertion to your PC or manually.

I'm not sure what OS is on your device, but if it's Windows Mobile, task manager is there.

 

 

 

Christopher Carboni - Handler On Duty

http://twitter.com/ccarboni

Keywords:
11 comment(s)

Comments

What's this all about ..?
password reveal .
<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure:

<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure. The social networks are not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go.

<a hreaf="https://technolytical.com/">the social network</a> is not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go. The social networks only collect the minimum amount of information required for the service that they provide. Your personal information is kept private, and is never shared with other companies without your permission
https://thehomestore.com.pk/
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> nearest public toilet to me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> nearest public toilet to me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
https://defineprogramming.com/
https://defineprogramming.com/
Enter comment here... a fake TeamViewer page, and that page led to a different type of malware. This week's infection involved a downloaded JavaScript (.js) file that led to Microsoft Installer packages (.msi files) containing other script that used free or open source programs.
distribute malware. Even if the URL listed on the ad shows a legitimate website, subsequent ad traffic can easily lead to a fake page. Different types of malware are distributed in this manner. I've seen IcedID (Bokbot), Gozi/ISFB, and various information stealers distributed through fake software websites that were provided through Google ad traffic. I submitted malicious files from this example to VirusTotal and found a low rate of detection, with some files not showing as malware at all. Additionally, domains associated with this infection frequently change. That might make it hard to detect.
https://clickercounter.org/
Enter corthrthmment here...

Diary Archives