Botnets go mobile and net a lucrative catchWed 15 Feb, 2012 // Briony Williams
Researchers at security firm Symantec and at North Carolina State University have recently discovered a large and successful botnet -- with the twist that this one involves mobile phones, specifically Android smartphones.
A botnet is a cluster of devices infected with the same malware (unknown to their owners), and under the control of the same botmaster, by means of one or more "command and control" servers. Known for several years as a major mode of compromise for desktop computers, the botnet is now becoming prevalent on mobile platforms as their user base increases, and especially for the open-source Android platform.
Saxon Jiang, a researcher at N.C. State University, and Cathal Mullaney, a security engineer at Symantec, discovered and researched the lucrative and very large botnet for Android, which has been named "Android.Bmaster". Its functioning is outlined in a blog post at http://www.symantec.com/connect/blogs/androidbmaster-million-dollar-mobile-botnet
The initial infection of an Android device is by means of a Trojan, a hidden software application that is installed under the cover of an apparently legitimate and useful application. This software then sends a message to the botmaster's command and control server, containing details of the phone (such as its IMEI number and location). The server then sends it Remote Administration Tool software, which the server can then use to control the infected phone. The phone is then caused to connect with a premium service (either SMS, phone, or video) in order to leech funds from the user's account. This is done according to very carefully crafted rules of frequency and amount, so that the user may not immediately notice the occurrence. Although each stolen amount may be small, the size of the botnet runs to several thousand devices, and the cumulative amount of money involved may be of the order of $1600 to $9000 US dollars per day.
The botnet targets users in China on two specific mobile networks in China, and hence is less of a threat to users elsewhere in the world. In addition, the initial malware is downloadable only from a third-party app website, not the official Android Market. However, the researchers found that the botnet appears to have been operating undetected since September 2011, which means that a great deal of theft has been occurring.
The Android.Bmaster malware and its botnet represent a worrying escalation of malware on the mobile platform, given the sophistication of the control operated by the botnet server, and the sheer number of devices infected. Although this particular botnet appears confined to China, it cannot be long before botnets of comparable sophistication are found elsewhere in the world as well.
“We have been pleased to work with commissum who have provided us with services to address our Security Assurance requirements. commissum met our demands, as an organisation operating within the Legal Services sector, with the highest level of integrity, commitment and excellent level of service. We would have no hesitation in recommending commissum.”
Mr Kenneth P, IT Manager, National Legal Services
"commissum recently provided us with services to assess a web application and supporting infrastructure. I was impressed with the consultants throughout the project, by their technical knowledge, flexibility, open communication and willingness to go that extra mile. Of particular benefit was the sound advice given both during and after the engagement. By identifying vulnerabilities promptly, accompanied with practical recommendations on how to address them. We were able to implement improvements quickly. Good value, a job well done.”
JM, Infosec Analyst, International Investment Bank
"We engaged with commissum for the first time this year and found them highly professional and a pleasure to do business with. We were particularly pleased with the report provided which was of excellent quality, with an appropriate level of detail and clarity in its recommendations. I would happily refer others to commissum.”
Mr Billy K, IT Director, National Law Firm
"We are extremely pleased with the work carried out by the commissum team. All of the commissum staff were a pleasure to work with and maintained a high level of professionalism at all times. They were able to provide us with sound advice and guidance to make sure that we got the best value for money from our test and provided excellent communication and recommendations before, during and after the tests. I would strongly recommend commissum to other companies that are looking for peace of mind in relation to their IT security and I can say that we will use commissum again for future testing.”
Chris S, IT Officer - UK Housing Association
"commissum understood exactly what we needed and delivered excellent service on time, and on budget. Why can't all companies be like them!"
Mr Duncan M, Information Security Manager - National Building Society
Get in touch with one of our security consultants today
- No obligation
- Expert advice
- Tailored solutions
"commissum was particularly responsive and the project was well managed under demanding conditions. I was very happy with the technical standard. Very good value for money as well”
Mr Kenneth Y, Head of IT Risk & Compliance, International Retail Bank
"I was very pleased with the work delivered by commissum from start to finish. The quality of reporting was excellent and the consultants very helpful with clear communication throughout the engagement. I would happily recommend commissum to others.”
Ms Louisa L, IT Manager, National Building Society
"commissum provided us with a high quality service. We found the project team helpful and flexible in responding to changes in requirement; the technical staff in particular were excellent. All commitments including deliverable timescales were met and I would have no hesitation in recommending commissum.”
Mr A Moretti, Executive Director for IT Security Risk Management, Global Investment Bank
"From the start the project went very smoothly despite the short notice. commissum maintained excellent communication throughout ........ their flexibility and responsiveness right up to the end of the project was of great value to us.”
Mr Keith H, Senior Business Manager - UK Local Government