mobile virus and security
Content
Seminar on Cell phone Virus and Security
By Mohit Khanna Roll no 31 Cs-8th sem
Content Intr Introd oduc ucti tion on Ways ays of Expl Exploiti oiting ng Devic Devices es Threats Types ypes of of viru virus s Commo Common n Prot Protect ection ion Removal of Virus Refer eferen ence ces s
Brief Introduction Virus Virus - program program that copies itself by affecting affecting other running thing Trojan ± causes malicious activity and cannot cannot replicates MK4
Worm Worm ± ability ability to to spread spread on its its own own to the computer on the network
Slide 3 MK4
to know basic about the virus and trojan that replicates wikipedia with worm defination from hyponen Mohit K hanna, hanna, 3/28/2010
Ways of Exploiting Devices 1)Attacks exploiting software vulnerabilities.Network Attack MK5
2) Social engineering based attacks
MK6
Slide 4 MK5
bluetooth is the main src of network attack or an attack in internet
another way of fooling is like you are won $1000 as you are 50 lakh visitors Mohit K hanna, hanna, 3/28/2010
MK6
showing network connection with bluetooth and main src of attack Mohit K hanna, hanna, 3/28/2010
Threats Cause financial loss l oss to user. - Unknow Unknown n calls made, made, sms sms sent. sent. - Losing confidentialit confidentiality y of data data stored on the phone.
Excessive Bluetooth usage. - Continuous scanning, spreading via bluetooth Make Phone unusable. MK7
- Devices Devices crash frequently frequently or or work work miserably slow slow. - Infect system files. Hence, some applications applications do not work.
Data loss - Delete address book entries. Miscellaneous - Repla Replace ce icons icons..
Slide 5 MK7
reason behind the loss of data on the phone which intern make the phone unusable Mohit K hanna, hanna, 3/28/2010
More Threats 1) Location Tracking 2) Accesing secret and confidential information 3) Loss of security.
MK 8
Slide 6 MK8
futuristic threat provide that imei no can be scanned and army confidential information can be hacked which intern provide loss of security Mohit K hanna, hanna, 3/28/2010
Different Type Type of Virus 1. Cabir 2. CommWar Comm Warrior rior 3. Skulls 4. Flexispy 5. 3396003964 6. Duts 7. Redbrowser
Cabir Detected June 2004. First network worm capable of spreading through bluetooth. Caribe.sis : worm as a System file. Continuous scanning for mobile devices using bluetooth. Causes battery drainage
CommWarrrior
Network worm capable of propagating via MMS,also MMS,also bluetooth.discovered bluetooth.discovered in 2005 Worm searches for ³active´ bluetooth devices. When found sends .sis infected file when the receiver agrees. Also sends infected file to all contacts in address book. Financial harm to the user and battery drainage.
MK9
Slide 10 MK9
this is a case study where bob get among from unknown user and is infected by the comm warrior Mohit K hanna, hanna, 3/28/2010
MK 1
10 MK 10
Image from M.Hypponen M.Hypponen [1]
Slide 11 MK10
bob answer no his phone starting beeping as long as it makeyes Mohit K hanna, hanna, 3/28/2010
MK11
bob tries to make a call but he cannot make a call .other phone gets infected whenhe place his phone memory into another phone Mohit K hanna, hanna, 3/28/2010
M
Image courtesy M.Hypponen M.Hypponen [1]
Slide 12 MK12
commwarrior scans other devices through bluetooth and when bob sends a messageto alice her phone gets infected as well Mohit K hanna, hanna, 3/28/2010
13 MK 13
Image courtesy M.Hypponen M.Hypponen [1]
Slide 13 MK13
now commwarrior seends seends it to every other mobile in address book and bill get counted for every mms made Mohit K hanna, hanna, 3/28/2010
Skuller Another Another series series of Trojan horse horse Replaces the phone desktop item with an image of skull. Overwrite any files including system files, system becomes unstable The .aif files files are are malici malicious; ous; Once Once a mobile mobile has has been been infect infected ed it can only be used to make calls; SMS, MMS, camera etc. will not work
Flexispy Disco Discover vered ed in in 2006 2006 march march A record records s both voice voice call call and SMS information Flexispy Flexispy.A is installed installed in a standard SIS package After After insta installat llation ion the application will immediately go into hiding and locks its files so that the application uninstaller cannot remove it.
3396003964 Its has the name of Hati Hati hati hati sms virus It keeps sending SMS to the number 3396003964 every 3 seconds You always always receive sms(from sms(from your your friends) friends) late It keeps keeps your your network network connection connection busy, busy, when other people call you, they can¶t reach you A fully charged charged phone doesn¶t doesn¶t last more than than 30 minutes.
Duts A para parasit sitic ic file file inf infect ector or virus virus Duts Duts is a 1520 1520 bytes bytes long long progra program m the the vir virus us asks asks for for permission to infect infect infect all EXE EXE files files in in the the current directory directory.. virus body is appended to the file and the last section is made readable and executable
RedBrows RedBrowse er
Sends SMS messages to specific number in russia User User chooses chooses to pass pass option option then then Redbrowser.A will start a continuous flood of SMS messages with cost of $5 Claim Claim of free free service service is a form form of social social engineering. Limits Limits the the trojan trojan only only to to Russian Russian speaking countries.
Common protection against malware 1) NonNon-dis disco cover verab able le mode mode 2) Inst Instal alll ant antiv ivir irus us.. 3) Untr Untrus uste ted d sites sites & soft softwa ware res s 4) Firm Firmw ware are Upd Updat ates es.. 5) Fire Firew wall all prote protect ctio ion n
vailable Antivirus Available
F-Secure Kaspe spersky Eset Eset mobile mobile Anti Antivir virus us Mcafee Stopzilla Syman mantec
MK 1
Slide 20 MK1
taken from google images Mohit K hanna, hanna, 3/28/2010
MK 15
Remove viruses
1. Remo Remove ve 3396 339600 0039 3964 64 - Dow Downloa nload d the the litt little le program called Fexplorer Once installed, look l ook for the folder µGuardian¶ in the system system folders folders in C:\ and DELETE DELETE IT. IT. MK 16
2. Remove Flexispy Flexispy - Download Download F-Secur F-Secure e Mobile Mobile Anti-Virus . Scan the phone and remove any components of the malware.
Slide 21 MK15
fexplorer must be install on every mobile to access the system files Mohit K hanna, hanna, 3/28/2010
MK16
fsecure antivirus must be install and phone must be scanned the phone and remove the components.r the components.Reboot the phone to move any malware andgo to phone application to remove any more component Mohit K hanna, hanna, 3/28/2010
3. Remove cabir and commwarriorcommwarrior- Install File 18 18 manager and Delete the file c:\system\apps\commwarrior\commwarrior.exe 1 c:\system\apps\commwarrior\commrec.mdl c:\system\smybiansecuredata \caribesecuritymanager MK
MK 7
Slide 22 MK17
Using
the file manger to remove the boot hook c:\SYSTE M\RECOGS\FLO.MDL.Reboot the devices the manager application to uninstall ƑcabreƑ application Using all the file manager remove all from c:\SYSTE M\SM YBIANSECURED ATA\CARIBESEC ATA\CARIBESECURITY M ANAGER Use
Mohit K hanna, hanna, 3/28/2010
MK18
A file manager manager program must must be installed on on yourphone yourphone . You have to enable the option that allows you to view the files in the system directory. Go to the directory directory c:system\apps\commwar c:system\apps\commwarrior rior and delete these these files there: there: c:\system\apps\commwarrio c:\system\apps\commwarrior\commwarrio r\commwarrior.exe r.exe c:\system\apps\commwarrio c:\system\apps\commwarrior\commrec.m r\commrec.mdl dl Mohit K hanna, hanna, 3/28/2010
REFERENCES [1] Hypponen, M.Malware M.Malware goes mobile. Scientific American 295,5 (Nov 2006) [2] F-S ECURE. F-Secure Virus Information : . http://www.f-secure.com/v-descs/cabir.shtml [3] F-S ECURE. F-Secure Virus Information http://www.fsecure.com/vdescs/commwarrior.shtml [4] A.Gostev, A.Gostev, Kaspersky Labs.(Oct 2006). 20 06). Mobile Malware Evolution:http://www.viruslist/en/analysis Evolution:http://www.viruslist/en/analysis [5] http://images.google.co.in
THANK YOU
QUESTION
AND ANSWER
By Mohit Khanna Roll no 31 Cs-8th sem
Content Intr Introd oduc ucti tion on Ways ays of Expl Exploiti oiting ng Devic Devices es Threats Types ypes of of viru virus s Commo Common n Prot Protect ection ion Removal of Virus Refer eferen ence ces s
Brief Introduction Virus Virus - program program that copies itself by affecting affecting other running thing Trojan ± causes malicious activity and cannot cannot replicates MK4
Worm Worm ± ability ability to to spread spread on its its own own to the computer on the network
Slide 3 MK4
to know basic about the virus and trojan that replicates wikipedia with worm defination from hyponen Mohit K hanna, hanna, 3/28/2010
Ways of Exploiting Devices 1)Attacks exploiting software vulnerabilities.Network Attack MK5
2) Social engineering based attacks
MK6
Slide 4 MK5
bluetooth is the main src of network attack or an attack in internet
another way of fooling is like you are won $1000 as you are 50 lakh visitors Mohit K hanna, hanna, 3/28/2010
MK6
showing network connection with bluetooth and main src of attack Mohit K hanna, hanna, 3/28/2010
Threats Cause financial loss l oss to user. - Unknow Unknown n calls made, made, sms sms sent. sent. - Losing confidentialit confidentiality y of data data stored on the phone.
Excessive Bluetooth usage. - Continuous scanning, spreading via bluetooth Make Phone unusable. MK7
- Devices Devices crash frequently frequently or or work work miserably slow slow. - Infect system files. Hence, some applications applications do not work.
Data loss - Delete address book entries. Miscellaneous - Repla Replace ce icons icons..
Slide 5 MK7
reason behind the loss of data on the phone which intern make the phone unusable Mohit K hanna, hanna, 3/28/2010
More Threats 1) Location Tracking 2) Accesing secret and confidential information 3) Loss of security.
MK 8
Slide 6 MK8
futuristic threat provide that imei no can be scanned and army confidential information can be hacked which intern provide loss of security Mohit K hanna, hanna, 3/28/2010
Different Type Type of Virus 1. Cabir 2. CommWar Comm Warrior rior 3. Skulls 4. Flexispy 5. 3396003964 6. Duts 7. Redbrowser
Cabir Detected June 2004. First network worm capable of spreading through bluetooth. Caribe.sis : worm as a System file. Continuous scanning for mobile devices using bluetooth. Causes battery drainage
CommWarrrior
Network worm capable of propagating via MMS,also MMS,also bluetooth.discovered bluetooth.discovered in 2005 Worm searches for ³active´ bluetooth devices. When found sends .sis infected file when the receiver agrees. Also sends infected file to all contacts in address book. Financial harm to the user and battery drainage.
MK9
Slide 10 MK9
this is a case study where bob get among from unknown user and is infected by the comm warrior Mohit K hanna, hanna, 3/28/2010
MK 1
10 MK 10
Image from M.Hypponen M.Hypponen [1]
Slide 11 MK10
bob answer no his phone starting beeping as long as it makeyes Mohit K hanna, hanna, 3/28/2010
MK11
bob tries to make a call but he cannot make a call .other phone gets infected whenhe place his phone memory into another phone Mohit K hanna, hanna, 3/28/2010
M
Image courtesy M.Hypponen M.Hypponen [1]
Slide 12 MK12
commwarrior scans other devices through bluetooth and when bob sends a messageto alice her phone gets infected as well Mohit K hanna, hanna, 3/28/2010
13 MK 13
Image courtesy M.Hypponen M.Hypponen [1]
Slide 13 MK13
now commwarrior seends seends it to every other mobile in address book and bill get counted for every mms made Mohit K hanna, hanna, 3/28/2010
Skuller Another Another series series of Trojan horse horse Replaces the phone desktop item with an image of skull. Overwrite any files including system files, system becomes unstable The .aif files files are are malici malicious; ous; Once Once a mobile mobile has has been been infect infected ed it can only be used to make calls; SMS, MMS, camera etc. will not work
Flexispy Disco Discover vered ed in in 2006 2006 march march A record records s both voice voice call call and SMS information Flexispy Flexispy.A is installed installed in a standard SIS package After After insta installat llation ion the application will immediately go into hiding and locks its files so that the application uninstaller cannot remove it.
3396003964 Its has the name of Hati Hati hati hati sms virus It keeps sending SMS to the number 3396003964 every 3 seconds You always always receive sms(from sms(from your your friends) friends) late It keeps keeps your your network network connection connection busy, busy, when other people call you, they can¶t reach you A fully charged charged phone doesn¶t doesn¶t last more than than 30 minutes.
Duts A para parasit sitic ic file file inf infect ector or virus virus Duts Duts is a 1520 1520 bytes bytes long long progra program m the the vir virus us asks asks for for permission to infect infect infect all EXE EXE files files in in the the current directory directory.. virus body is appended to the file and the last section is made readable and executable
RedBrows RedBrowse er
Sends SMS messages to specific number in russia User User chooses chooses to pass pass option option then then Redbrowser.A will start a continuous flood of SMS messages with cost of $5 Claim Claim of free free service service is a form form of social social engineering. Limits Limits the the trojan trojan only only to to Russian Russian speaking countries.
Common protection against malware 1) NonNon-dis disco cover verab able le mode mode 2) Inst Instal alll ant antiv ivir irus us.. 3) Untr Untrus uste ted d sites sites & soft softwa ware res s 4) Firm Firmw ware are Upd Updat ates es.. 5) Fire Firew wall all prote protect ctio ion n
vailable Antivirus Available
F-Secure Kaspe spersky Eset Eset mobile mobile Anti Antivir virus us Mcafee Stopzilla Syman mantec
MK 1
Slide 20 MK1
taken from google images Mohit K hanna, hanna, 3/28/2010
MK 15
Remove viruses
1. Remo Remove ve 3396 339600 0039 3964 64 - Dow Downloa nload d the the litt little le program called Fexplorer Once installed, look l ook for the folder µGuardian¶ in the system system folders folders in C:\ and DELETE DELETE IT. IT. MK 16
2. Remove Flexispy Flexispy - Download Download F-Secur F-Secure e Mobile Mobile Anti-Virus . Scan the phone and remove any components of the malware.
Slide 21 MK15
fexplorer must be install on every mobile to access the system files Mohit K hanna, hanna, 3/28/2010
MK16
fsecure antivirus must be install and phone must be scanned the phone and remove the components.r the components.Reboot the phone to move any malware andgo to phone application to remove any more component Mohit K hanna, hanna, 3/28/2010
3. Remove cabir and commwarriorcommwarrior- Install File 18 18 manager and Delete the file c:\system\apps\commwarrior\commwarrior.exe 1 c:\system\apps\commwarrior\commrec.mdl c:\system\smybiansecuredata \caribesecuritymanager MK
MK 7
Slide 22 MK17
Using
the file manger to remove the boot hook c:\SYSTE M\RECOGS\FLO.MDL.Reboot the devices the manager application to uninstall ƑcabreƑ application Using all the file manager remove all from c:\SYSTE M\SM YBIANSECURED ATA\CARIBESEC ATA\CARIBESECURITY M ANAGER Use
Mohit K hanna, hanna, 3/28/2010
MK18
A file manager manager program must must be installed on on yourphone yourphone . You have to enable the option that allows you to view the files in the system directory. Go to the directory directory c:system\apps\commwar c:system\apps\commwarrior rior and delete these these files there: there: c:\system\apps\commwarrio c:\system\apps\commwarrior\commwarrio r\commwarrior.exe r.exe c:\system\apps\commwarrio c:\system\apps\commwarrior\commrec.m r\commrec.mdl dl Mohit K hanna, hanna, 3/28/2010
REFERENCES [1] Hypponen, M.Malware M.Malware goes mobile. Scientific American 295,5 (Nov 2006) [2] F-S ECURE. F-Secure Virus Information : . http://www.f-secure.com/v-descs/cabir.shtml [3] F-S ECURE. F-Secure Virus Information http://www.fsecure.com/vdescs/commwarrior.shtml [4] A.Gostev, A.Gostev, Kaspersky Labs.(Oct 2006). 20 06). Mobile Malware Evolution:http://www.viruslist/en/analysis Evolution:http://www.viruslist/en/analysis [5] http://images.google.co.in
THANK YOU
QUESTION
AND ANSWER
