[Cialug] Android market compromise

Crouse crouse at usalug.net
Thu Mar 3 12:37:36 CST 2011 

So.......

if I read the information correctly from some of the above links ...

$ su
su
# remount rw
Remounting /system (/dev/stl9) in read/write mode
# touch /system/bin/profile
# chmod 644 /system/bin/profile
#

basically creating a blank "profile" file in /system/bin/ with
permissions of 644 fixes this ?



On Thu, Mar 3, 2011 at 9:18 AM, Josh More
<MoreJ at alliancetechnologies.net> wrote:
> There are two stories.  One is that, yes, they used misleading names.
>
> The other is that they somehow overrode apps within the market so existing
> apps showed false "upgrades".
>
> I'm not clear exactly what happened, but the uniform consensus is Google
> should look at things a bit more closely before approving apps.
>
> Josh More | Senior Security Consultant - CISSP, GIAC-GSLC Gold, GIAC-GCIH
> Alliance Technologies | www.AllianceTechnologies.net
> 400 Locust St., Suite 840 | Des Moines, IA 50309
> 515.245.7701 | 888.387.5670 x7701
>
> Blog: Don't just blame the bad guys, it's your fault too
> http://www.alliancetechnologies.net/blogs/morej
>
> How are we doing? Let us know here:
> http://www.alliancetechnologies.net/forms/alliance-technologies-feedback-survey
> ________________________________
> From: cialug-bounces at cialug.org [cialug-bounces at cialug.org] on behalf of Tom
> Pohl [tom at tcpconsulting.com]
> Sent: Thursday, March 03, 2011 09:15
> To: Central Iowa Linux Users Group
> Subject: Re: [Cialug] Android market compromise
>
> So let me get this straight. So, the market was't compromised, a new
> publisher uploaded malware and named their apps the same as other more
> popular apps in the store?
> Thanks!
> -Tom
>
>
> On Mar 3, 2011, at 8:17 AM, Josh More wrote:
>
> NO!
>
> AVG put my phone into a reboot loop.  Use Lookout.
>
>
>
>
> -----Original Message-----
> From: Stuart Thiessen [thiessenstuart at aol.com]
> Received: Thursday, 03 Mar 2011, 8:11
> To: Central Iowa Linux Users Group [cialug at cialug.org]
> Subject: Re: [Cialug] Android market compromise
>
>
> A question ... I noticed there was an AVG for Android in the Market. Does
> that provide any real protection?
> Thanks,
> Stuart
> On Mar 2, 2011, at 19:57 , Josh More wrote:
>
> I've been following the android market compromise yesterday and today and
> finally found a reasonably complete list of the infected apps.  If you
> installed or updated any of the apps below in the last five days, your phone
> might be infected.  I have removed Chinese names from this list to limit the
> spam trap issue.  If you're installing non-English apps, check out the
> links.  The top link has the fix.  You can also fix this by upgrading to
> Android 2.3 (which may require you to root your phone and install a third
> party build like Cyanogen).
>
>
> ___Links___
> http://forum.xda-developers.com/showthread.php?t=977154  <--- Protection is
> here
>
> http://www.androidpolice.com/2011/03/01/the-mother-of-all-android-malware-has-arrived-stolen-apps-released-to-the-market-that-root-your-phone-steal-your-data-and-open-backdoor/
>
> http://www.androidpolice.com/2011/03/02/update-on-the-malware-monster-droiddream-is-an-android-nightmare-and-weve-got-more-details/
>
> http://blog.mylookout.com/2011/03/security-alert-malware-found-in-official-android-market-droiddream/
>
>
>
> ___List___
> Advanced App to SD
> Advanced Barcode Scanner
> Advanced Compass Leveler
> Advanced Currency Converter
> Advanced File Manager
> Advanced Sound Manager
> App Uninstaller
> Basketball Shot Now
> Best password safe
> Bowling Time
> Bubble Shoot
> Chess
> Color Blindness Test
> Dice Roller
> Falldown
> Falling Ball Dodge
> Falling Down
> Finger Race
> Funny Face
> Funny Paint
> Hilton Sex Sound
> Hot Sexy Videos
> Magic Hypnotic Spiral
> Magic Strobe Light
> Mr. Runner
> Music Box
> Omok Five in a Row
> Panzer Panic
> PewPew
> Photo Editor
> Piano
> Quick Delete Contacts
> Quick Notes
> Scientific Calculator
> Screaming Sexy Japanese Girls
> Sexy Girls: Japanese
> Sexy Legs
> Spider Man
> Super Guitar Solo
> Super History Eraser
> Super Ringtone Maker
> Super Sex Positions
> Super Sexy Ringtones
> Super Stopwatch & Timer
> Supre Bluetooth Transfer
> Task Killer Pro
> Tie a Tie
>
>
> Josh More | Senior Security Consultant - CISSP, GIAC-GSLC Gold, GIAC-GCIH
> Alliance Technologies | www.AllianceTechnologies.net
> 400 Locust St., Suite 840 | Des Moines, IA 50309
> 515.245.7701 | 888.387.5670 x7701
>
> Blog: Don't just blame the bad guys, it's your fault too
> http://www.alliancetechnologies.net/blogs/morej
>
> How are we doing? Let us know here:
> http://www.alliancetechnologies.net/forms/alliance-technologies-feedback-survey
> _______________________________________________
> Cialug mailing list
> Cialug at cialug.org
> http://cialug.org/mailman/listinfo/cialug
>
> _______________________________________________
> Cialug mailing list
> Cialug at cialug.org
> http://cialug.org/mailman/listinfo/cialug
>
>
> _______________________________________________
> Cialug mailing list
> Cialug at cialug.org
> http://cialug.org/mailman/listinfo/cialug
>
>

More information about the Cialug mailing list