[Cialug] Android market compromise

Crouse crouse at usalug.net
Thu Mar 3 14:10:21 CST 2011 

Cool, thanks for that info.

I wasn't sure, I have a color nook that I have rooted to use Android,
and it was 2.1 ver.
I honestly couldn't recall if i'd ever used any of those apps before.

http://usalug.com/Crouse/nookcolor/

It's a pretty fun toy though :)



On Thu, Mar 3, 2011 at 12:42 PM, Josh More
<MoreJ at alliancetechnologies.net> wrote:
> Yep.  It fixes this particular issue.
>
>
> Josh More | Senior Security Consultant - CISSP, GIAC-GSLC Gold, GIAC-GCIH
> Alliance Technologies | www.AllianceTechnologies.net
> 400 Locust St., Suite 840 | Des Moines, IA 50309
> 515.245.7701 | 888.387.5670 x7701
>
> Blog: Don't just blame the bad guys, it's your fault too
> http://www.alliancetechnologies.net/blogs/morej
>
> How are we doing? Let us know here:
> http://www.alliancetechnologies.net/forms/alliance-technologies-feedback-survey
>
> ________________________________________
> From: cialug-bounces at cialug.org [cialug-bounces at cialug.org] on behalf of Crouse [crouse at usalug.net]
> Sent: Thursday, March 03, 2011 12:37
> To: Central Iowa Linux Users Group
> Subject: Re: [Cialug] Android market compromise
>
> So.......
>
> if I read the information correctly from some of the above links ...
>
> $ su
> su
> # remount rw
> Remounting /system (/dev/stl9) in read/write mode
> # touch /system/bin/profile
> # chmod 644 /system/bin/profile
> #
>
> basically creating a blank "profile" file in /system/bin/ with
> permissions of 644 fixes this ?
>
>
>
> On Thu, Mar 3, 2011 at 9:18 AM, Josh More
> <MoreJ at alliancetechnologies.net> wrote:
>> There are two stories.  One is that, yes, they used misleading names.
>>
>> The other is that they somehow overrode apps within the market so existing
>> apps showed false "upgrades".
>>
>> I'm not clear exactly what happened, but the uniform consensus is Google
>> should look at things a bit more closely before approving apps.
>>
>> Josh More | Senior Security Consultant - CISSP, GIAC-GSLC Gold, GIAC-GCIH
>> Alliance Technologies | www.AllianceTechnologies.net
>> 400 Locust St., Suite 840 | Des Moines, IA 50309
>> 515.245.7701 | 888.387.5670 x7701
>>
>> Blog: Don't just blame the bad guys, it's your fault too
>> http://www.alliancetechnologies.net/blogs/morej
>>
>> How are we doing? Let us know here:
>> http://www.alliancetechnologies.net/forms/alliance-technologies-feedback-survey
>> ________________________________
>> From: cialug-bounces at cialug.org [cialug-bounces at cialug.org] on behalf of Tom
>> Pohl [tom at tcpconsulting.com]
>> Sent: Thursday, March 03, 2011 09:15
>> To: Central Iowa Linux Users Group
>> Subject: Re: [Cialug] Android market compromise
>>
>> So let me get this straight. So, the market was't compromised, a new
>> publisher uploaded malware and named their apps the same as other more
>> popular apps in the store?
>> Thanks!
>> -Tom
>>
>>
>> On Mar 3, 2011, at 8:17 AM, Josh More wrote:
>>
>> NO!
>>
>> AVG put my phone into a reboot loop.  Use Lookout.
>>
>>
>>
>>
>> -----Original Message-----
>> From: Stuart Thiessen [thiessenstuart at aol.com]
>> Received: Thursday, 03 Mar 2011, 8:11
>> To: Central Iowa Linux Users Group [cialug at cialug.org]
>> Subject: Re: [Cialug] Android market compromise
>>
>>
>> A question ... I noticed there was an AVG for Android in the Market. Does
>> that provide any real protection?
>> Thanks,
>> Stuart
>> On Mar 2, 2011, at 19:57 , Josh More wrote:
>>
>> I've been following the android market compromise yesterday and today and
>> finally found a reasonably complete list of the infected apps.  If you
>> installed or updated any of the apps below in the last five days, your phone
>> might be infected.  I have removed Chinese names from this list to limit the
>> spam trap issue.  If you're installing non-English apps, check out the
>> links.  The top link has the fix.  You can also fix this by upgrading to
>> Android 2.3 (which may require you to root your phone and install a third
>> party build like Cyanogen).
>>
>>
>> ___Links___
>> http://forum.xda-developers.com/showthread.php?t=977154  <--- Protection is
>> here
>>
>> http://www.androidpolice.com/2011/03/01/the-mother-of-all-android-malware-has-arrived-stolen-apps-released-to-the-market-that-root-your-phone-steal-your-data-and-open-backdoor/
>>
>> http://www.androidpolice.com/2011/03/02/update-on-the-malware-monster-droiddream-is-an-android-nightmare-and-weve-got-more-details/
>>
>> http://blog.mylookout.com/2011/03/security-alert-malware-found-in-official-android-market-droiddream/
>>
>>
>>
>> ___List___
>> Advanced App to SD
>> Advanced Barcode Scanner
>> Advanced Compass Leveler
>> Advanced Currency Converter
>> Advanced File Manager
>> Advanced Sound Manager
>> App Uninstaller
>> Basketball Shot Now
>> Best password safe
>> Bowling Time
>> Bubble Shoot
>> Chess
>> Color Blindness Test
>> Dice Roller
>> Falldown
>> Falling Ball Dodge
>> Falling Down
>> Finger Race
>> Funny Face
>> Funny Paint
>> Hilton Sex Sound
>> Hot Sexy Videos
>> Magic Hypnotic Spiral
>> Magic Strobe Light
>> Mr. Runner
>> Music Box
>> Omok Five in a Row
>> Panzer Panic
>> PewPew
>> Photo Editor
>> Piano
>> Quick Delete Contacts
>> Quick Notes
>> Scientific Calculator
>> Screaming Sexy Japanese Girls
>> Sexy Girls: Japanese
>> Sexy Legs
>> Spider Man
>> Super Guitar Solo
>> Super History Eraser
>> Super Ringtone Maker
>> Super Sex Positions
>> Super Sexy Ringtones
>> Super Stopwatch & Timer
>> Supre Bluetooth Transfer
>> Task Killer Pro
>> Tie a Tie
>>
>>
>> Josh More | Senior Security Consultant - CISSP, GIAC-GSLC Gold, GIAC-GCIH
>> Alliance Technologies | www.AllianceTechnologies.net
>> 400 Locust St., Suite 840 | Des Moines, IA 50309
>> 515.245.7701 | 888.387.5670 x7701
>>
>> Blog: Don't just blame the bad guys, it's your fault too
>> http://www.alliancetechnologies.net/blogs/morej
>>
>> How are we doing? Let us know here:
>> http://www.alliancetechnologies.net/forms/alliance-technologies-feedback-survey
>> _______________________________________________
>> Cialug mailing list
>> Cialug at cialug.org
>> http://cialug.org/mailman/listinfo/cialug
>>
>> _______________________________________________
>> Cialug mailing list
>> Cialug at cialug.org
>> http://cialug.org/mailman/listinfo/cialug
>>
>>
>> _______________________________________________
>> Cialug mailing list
>> Cialug at cialug.org
>> http://cialug.org/mailman/listinfo/cialug
>>
>>
> _______________________________________________
> Cialug mailing list
> Cialug at cialug.org
> http://cialug.org/mailman/listinfo/cialug
> _______________________________________________
> Cialug mailing list
> Cialug at cialug.org
> http://cialug.org/mailman/listinfo/cialug
>

More information about the Cialug mailing list