Mobile Malware Attacks and Defense

Informationen zum Autor Ken Dunham has more than a decade of experience on the front lines of information security. As Director of Global Response for iSIGHT Partners, he oversees all global cyber-threat response operations. He frequently briefs upper levels of federal and private-sector cyber security authorities on emerging threats, and regularly interfaces with vulnerability and geopolitical experts to assemble comprehensive malicious code intelligence and to inform the media of significant cyber threats. A major media company identified Mr. Dunham as the top quoted global malicious code expert in 2006. Mr. Dunham regularly discovers new malicious code, has written anti-virus software for Macintosh, and has written about malicious code for About.com, SecurityPortal, AtomicTangerine, Ubizen, iDEFENSE, and VeriSign. He is one of the pioneers of Internet community anti-virus support with websites rated as the best global resource by Yahoo Internet Life, PC WEEK, AOL and many others. Mr. Dunham is a member of the High Technology Crime Investigation Association (HTCIA), Government Emergency Telecommunications and Wireless Priority Service, AVIEN, Virus Bulletin, InfraGard, an RCG Information Security Think Tank, CME, and many other private information sharing channels. Mr. Dunham also participated in the CIA Silent Horizon (blue team) and DHS CyberStorm (observer) exercises. Mr. Dunham is a certified reverse engineer and regularly analyzes emergent exploits and malicious code threats and actors targeting client networks. He also works as a Wildlist Reporter each month with the Wildlist organization. He is the author of several books and is a regular columnist for an information security magazine. Mr. Dunham is also the founder of Boise Idaho Information Systems Security Association (ISSA) and Idaho InfraGard chapters. Klappentext Smile...You're on Webcam! A new more dangerous time for mobile device users! filled with mobile malware! is upon us. As with desktop computers! the world of PDAs and smartphones is no longer immune to malicious attack. The number of mobile malware attacks is on the rise! according to a study by the Informa Telecoms & Media that was sponsored by McAfee. Eighty-three percent of mobile operators surveyed have been hit by device infections. This is five times more than the number of incidents as recently as 2005. Nearly half of the mobile operators who have been the recipients of mobile malware experienced an attack within the last three months! according to the report. To date! nearly 400 mobile viruses have been detected. This is a staggering data point considering it has only been 3 years since the first instance of mobile malware was discovered in the wild. By comparison! it took TWENTY YEARS for traditional! wired malware to number 400. OK...SO! WHAT IS MOBILE MALWARE? Like malicious software (or "malware") in the wired world! mobile viruses are small programs that infect a host device. While most mobile phones are potential targets! smart phones and wireless PDAs as particularly attractive to fraudsters given their advanced capabilities to support PC-like applications including Web browsing and instant messaging. And! mobile malware can be downright...creepy. One particularly alarming mobile virus! according to Paul Miller! managing director of Symantec's mobile security group! is a form of snoopware that allows hackers to activate a microphone on a smartphone: Once that happens! anybody--from a stranger in the bedroom to a competitor in the boardroom--can listen in on a person's life at any time. Even more disturbing are mobile malware variants that can take over one's camera phone! So! for those of you who charge your cell phones on your night stand every night?smile! because you could be on candid Web camera. With more than 70 percent of mobile phone owners using their devices as an alarm clock. Our phones are always with us no...

Klappentext

Smile...You're on Webcam!
A new more dangerous time for mobile device users, filled with mobile malware, is upon us. As with desktop computers, the world of PDAs and smartphones is no longer immune to malicious attack. The number of mobile malware attacks is on the rise, according to a study by the Informa Telecoms & Media that was sponsored by McAfee. Eighty-three percent of mobile operators surveyed have been hit by device infections. This is five times more than the number of incidents as recently as 2005. Nearly half of the mobile operators who have been the recipients of mobile malware experienced an attack within the last three months, according to the report. To date, nearly 400 mobile viruses have been detected. This is a staggering data point considering it has only been 3 years since the first instance of mobile malware was discovered in the wild. By comparison, it took TWENTY YEARS for traditional, wired malware to number 400.

OK...SO, WHAT IS MOBILE MALWARE?
Like malicious software (or "malware") in the wired world, mobile viruses are small programs that infect a host device. While most mobile phones are potential targets, smart phones and wireless PDAs as particularly attractive to fraudsters given their advanced capabilities to support PC-like applications including Web browsing and instant messaging.

And, mobile malware can be downright...creepy. One particularly alarming mobile virus, according to Paul Miller, managing director of Symantec's mobile security group, is a form of snoopware that allows hackers to activate a microphone on a smartphone:

Once that happens, anybody--from a stranger in the bedroom to a competitor in the boardroom--can listen in on a person's life at any time.

Even more disturbing are mobile malware variants that can take over one's camera phone! So, for those of you who charge your cell phones on your night stand every night?smile, because you could be on candid Web camera. With more than 70 percent of mobile phone owners using their devices as an alarm clock. Our phones are always with us now. This can't even be called spyware, because it is so much more.

The first such applications were sold as "spouse monitoring tools" last year, he commented, adding, "It didn't take long, though, for someone to write a malicious stealth code." So, like every other from of hacking it has not taken long for mobile malware to move from mischief to malicious to criminal.

Securing mobile communications is big business, particularly considering the number of people currently using their smart phones or PDA to conduct on-line transactions and banking. According to industry experts, the success mobile banking and payments, as well as the concept of the mobile wallet, will be measured against the industry's ability to effectively contain the malware problems to a level that is at least on par with that of the existing Internet channel.

This is the first book for IT professionals charged with this responsibility. The book is written for cellular providers, security professionals in finance and banking industry, anti-virus developers and consultants, as well as security researchers. The book will analyze mobile malware currently being developed by malicious hackers and organized criminals. And, it will present cutting edge methods and techniques to defend mobile devices from this very real threat. Also included is a special chapter on threats specific to European networks, such as the Leslie virus, that infected more than 100,000 mobile devices in Spain.

Zusammenfassung
Malware has gone mobile, and the security landscape is changing quickly with emerging attacks on cell phones, PDAs, and other mobile devices. This book covers a wide range of malware targeting operating systems like Symbian and new devices like the iPhone. It helps you to analyze mobile device/platform vulnerabilities and exploits.

Inhalt
Acknowledgements

Chapter 1 Introduction to Mobile Malware
…