"Mobile viruses: myth or threat?" History of mobile viruses


Let's start with the “fresh” thing - Triad today can be considered the newest and “bulletproof” virus for smartphones. It was discovered only in March 2017.

It is unique in its proximity to classic viruses, and not ransomware Trojans, as is usually the case on Android. You still need to manage to pick it up from “unverified sources,” but then a much fun “action movie” begins:

Triada is a virus that not only misbehaves in the system, but wedges itself into its vital areas

  1. Triada turns on after you install and give permissions to your favorite music downloader from VKontakte, for example. Afterwards, the program quietly finds out your smartphone model, firmware and Android version, amount of free space on storage devices and a list of installed applications. AND sends this information on the Internet, to your servers. There are a huge number of these servers, they are scattered in different countries, that is, it will not even be possible to come and organize a “mask show” at the location of the server with the malware.
  2. In response to Triada receives instructions(really, an individual approach to the patient!), how best to hide yourself specifically in this version of Android and this smartphone, is embedded in each (!) of the installed applications and takes control of system components to hide yourself in the list of installed applications and running processes. After this, the part of the virus standing alone in the system “covers up” its tracks - it no longer works as separate application, but coordinates its actions with the help of pieces of the infected system.
  3. Done, the system is conquered! From this moment on, the smartphone turns into a “puppet” to which attackers give commands at a distance and receive information on any of the available servers. Now Triada acts primitively - it finds out the data of your bank card, withdraws money from it, takes out the codes needed for payment from the incoming SMS, “draws” false numbers about the balance to the owner.

But with the ability to “gut” any installed application or installing a new one at a distance is just the “flowers” ​​- the peculiarity of the “Triad” is that it is a modular virus, it will be possible to attach a variety of different types of remote tricks to it.

As you can see, viruses for Android are not only primitive “your phone is blocked, you’re charged a hundred bucks”, which you can get rid of by deleting the application. And, if in new versions of Android it is at least more difficult to access root and you can see something suspicious at the stage of requesting rights by the application, then older versions (Android 4.4, 4.3 and older) are absolutely defenseless against a new infection - only a complete flashing will save you.

Marcher

The so-called “banking malware” was developed back in 2013, but its “finest hour” came only in the summer of 2016. Famous for good camouflage and “internationalism,” so to speak.

Marcher is a simple Trojan that does not do anything supernatural, but simply replaces service pages with itself huge amount banks using pop-up windows. The mechanism is as follows:

  • Trojan penetrates the system along with the infected application. Marcher's popularity peaked with the "freshly stolen" versions from Nintendo Super Mario Run. If you don’t remember, this is such a super-promoted “runner” from the creators of Pokemon GO!
  • Searches for banking applications on your smartphone and online shopping applications selects “blanks” in accordance with which bank you use.
  • Sends a “bait” to your smartphone- a message in the notification shade with a bank/store icon and a message in the style of “N rubles have been credited to your account”/“75% discount coupon for any product today only!”
  • Owner smartphone clicks on the notification. After which the Trojan opens exact copy, a 1-in-1 page similar to the one you are used to seeing in the official application. And it says something like “the connection to the network has been interrupted, please re-enter your bank card details.”
  • Owner smartphone enters bank card details. There's a lot of money here!

“Dude, I somehow forgot your card number. Don't you remind me?

In this simple way, the Trojan faked the process of buying airline tickets, purchasing goods in online stores and software on Google Play, and the operation of banking applications. Users of bank cards in Germany, France, Poland, Turkey, the USA, Australia, Spain, Austria and the UK were targeted. Initially, the virus was “sharpened” for Android 6.x; there were significantly fewer smartphones running other versions.

Loki

Not even just one, but a whole cascade of “chameleon” Trojans, not as criminally severe as Triada, but just as painful for the operating system. Antivirus specialists paid attention to the malware at the beginning of 2016, and the malware began to penetrate en masse into people’s smartphones already in December 2016.

Loki is such an organized robbery by prior conspiracy in your smartphone

The malware acts so quickly and smoothly that you want to give them a standing ovation. Just look at this “multi-move”:

  • The first Trojan enters the system with a safe application and starts with it. After this, it immediately “requests reinforcements,” that is, it downloads the second Trojan from its sources and installs it with a pack of tools to obtain root rights. It monitors the system, waits for the smartphone user to turn off the display, and in this mode extracts root. Then he launches his “colleague”.
  • Second Trojan intercepts root rights, gains access to the /system partition (“factory” firmware files, which are saved even after resetting the settings), unpacks a couple more Trojans and shoves them into “fireproof” system partitions.
  • Third Trojan comes to life in this very section /system, in which it replaces the part of the system responsible for loading and removes the standard “gibles” of Android. If by some miracle the owner removes all previous viruses and gets to the third Loki, with its removal the smartphone firmware will “die.”
  • At that time fourth of the Trojan cascade operates from a secure system folder, from where it downloads another pack of viruses, runs ads, or simply increases the counters of application downloads/website visits on the infected smartphone. Blocks the downloading and installation of antiviruses, improves its protection.

It is impossible to “uproot” the traces of this violent activity from the smartphone’s brain, so an infection can be “cured” using Loki only by completely reflashing it with the loss of all data.

Faketoken

If previous Trojans deliberately act on the sly so that the smartphone user does not realize about the infection until the last moment, then Faketoken is simple and straightforward in its approach, like an experienced gopnik - it demands to be given the rights to any actions with the smartphone, and if the owner refuses, the algorithm comes into play “Listen, why don’t you understand? Then I’ll repeat it!”

  1. First, the user is forced to give administrator rights to the virus
  • Install you mean application with the usual label from some site vasyapupkinsuperwarez.net. You launch it, and after that they begin to “torture” you.
  • Trojan opens system window asking for administrator rights. In the best democratic traditions, the owner of a smartphone has two options - to allow the Trojan to access the system, or not to allow it. But in case of failure, Faketoken will open again window asking for system rights, and will do this constantly until the smartphone user capitulates.
  • After this, using the same thermorectal cryptanalysis method, the Trojan obtains rights to display pop-ups and replacing the standard application for sending SMS.
  • After success in the Trojan conquests contacts its command and control server on the Internet and downloads from there template phrases in 77 languages, which he will then use to blackmail the mobile phone user.
  • Then, using prepared phrases, Faketoken begins to mess with the system full screen messages in the style of “confirm the name and password of your Gmail account” and “we now have to link a card in Google Play, enter the required data.” Until the bitter end, of course.
  • The Trojan frolics in the system, sends and receives SMS, makes calls, downloads applications. And finally, it locks the screen, encrypts all files in internal memory and microSD and demands "ransom".

Godless

The Godless Trojan is impressive not even for its, so to speak, functionality, but for its camouflage - for a long time its presence in applications was not recognized even by the vaunted system antivirus scan on Google Play. The result is a little predictable - the malware infected over 850 thousand smartphones around the world, and almost half of them belong to residents of India, which seems to hint at the origin of the Trojan.

If you download a flashlight from Google Play, you get an undeletable virus with encryption and root rights

The functionality of the Trojan is slightly different from its many colleagues in 2016; only the “beginning” is new:

  • Smartphone user downloads application from Google Play, turns it on, as a result of which the Trojan is launched along with the application. Just don’t think anything bad about the Google check, because there is no malicious code in this “kit” - the Trojan downloads the malicious code when it is first launched.
  • To begin with Godless mines on a smartphone root rights, free without SMS. Using approximately the same set of tools as in your Towelroot, for example. The Trojan carries out such operations when the screen is turned off.
  • After this, the arrogant Trojan sends itself to the /system folder (from where it can no longer be deleted without flashing) and encrypts itself using an AES key.
  • WITH complete set Godless access rights starts little by little steal personal data users from a smartphone and install third-party applications. In its initial versions, the Trojan, by the way, hid the standard Google Play from the user’s eyes and replaced it with a “parody” through which it stole the name and password from the account.

Among the applications that Godless was most often “attached” to were numerous “flashlights” and clones of famous Android games. viruses. worms , Trojans , adware (intrusive advertising) And "horror stories", but almost no one cares about such subtleties. They say that viruses are viruses.

The differences between the “grades of joy” are as follows:

  • Virus is a malicious program that sneaks onto your computer unnoticed due to system vulnerabilities. And, most importantly, it does not engage in sabotage on its own, but infects other files in the system. In the case of Android, such malware would have to penetrate after a banal click on an advertisement or visit a website, and then “rewrite” Gmail, VKontakte and other applications for itself in such a way that after the removal of the original virus, the infected applications would continue to do their dirty deed.
  • Worm- does a bad job and harshly, mercilessly, with all possibilities, distributes himself through all communication channels. On computers, worms sent themselves via e-mail, instant messengers, local network, flash drives - that is, they cloned themselves in the most shameless way.
  • Trojan never knocks on the system from the outside - you install and launch the malicious program yourself. This happens because Trojans replace ordinary, familiar and well-known applications, and sometimes they are simply “sewn” onto completely functional programs. That is, you buy and download useful program- and get malicious software as a gift!
  • "Scary stories" (scareware)- applications that cause panic: “Oh God, your entire smartphone is full of viruses and applications for wiretapping by intelligence agencies around the world! Download our antivirus and find out the whole truth!” You download, run, conduct a so-called scan, after which the program says: “There are a terrifying number of viruses in the system! Your phone will die if you don’t remove the viruses, but to do this you must enter your bank card details here and here.” This beauty is often ignored by all antiviruses, because it does not hack or steal anything from the system - it simply deceives the buyer and asks for money.

Litvinov Sergey

Research work that proves that most mobile devices are susceptible to virus infection, which can lead to a mobile virus epidemic.

Download:

Preview:

INTRODUCTION………………………………………………………………………………………..3

§1. Smartphones and communicators – what’s the difference?.................................................. ..........4

§2. History of the development of mobile viruses……………………………………………………………6

§3. Ways of spreading mobile viruses……………………………………..10

§4. Research on the state of student mobile devices

Municipal educational institution "Gymnasium No. 24"………………………………………………………...14

§5. Protection against mobile viruses………………………………………..15

CONCLUSION………………………………………………………………………………..20

INTRODUCTION

Viruses for mobile phones not such a new topic, but it is becoming relevant now. In just the last two years, they have infected several million pipes around the world. And recently, a similar scourge reached our country, so this topic is also becoming very relevant for Russians.

Goal of the work : find out whether there really is a danger of a mobile virus epidemic and how to protect your mobile phone from malicious software.

Hypothesis: Most mobile devices are susceptible to virus infection, which can lead to a mobile virus epidemic.

Job objectives:

1) find out what a mobile virus is;

2) consider the history of the development of mobile viruses;

3) determine the main ways of spreading mobile viruses;

4) conduct a survey among students of the municipal educational institution “Gymnasium No. 24”, on the basis of which draw conclusions about the number of virus-vulnerable devices;

All mobile phones can be divided into two types: phones that use an operating system (smartphones, communicators) and phones that run firmware. Firmware is a program work manager phone, but “sewn” into the phone itself. Each mobile phone manufacturer creates its own firmware for specific models(thus predetermining the functionality of the phone).

As already noted, the topic of the spread of viruses among mobile devices is no longer so new, since they first made themselves known several years ago. The situation has changed dramatically with the advent and widespread use of smartphones and communicators. These devices have operating systems with enough “intelligence” to become a habitat for viruses. What makes these devices special? Let's try to figure it out.

Smartphone – This is a phone with computer functions. The shape of a smartphone is similar to a telephone. It usually does not have a touch screen, and typing is done using a standard telephone keypad. However, on telephone keypad It’s inconvenient to type a large amount of text, and on a small screen it’s less comfortable to read a book or view a table. Therefore, as a replacement for a PDA (pocket personal computer) a smartphone is hardly suitable. This is rather a new “advanced” phone with great capabilities. Smartphones have their own operating systems - Windows Mobile and Symbian - and software adapted for them.

Communicator is a PDA with a built-in GSM/GPRS module. The communicator will allow its owner to make phone calls and go out Internet network. The communicator is larger in size touch screen, and characters are entered using a stylus. The operating systems of the communicator are the same as in the PDA plus software for working with the telephone module. The communicator can also be used as a telephone, but it is more convenient to use a headset. Alternatively, you can use the communicator only to access the Internet and as a PDA, while leaving the phone for conversations. The advantage of this option is, first of all, that if the communicator’s batteries suddenly run out, at least you won’t be left without a phone, and it’s still more convenient to talk on the phone.

Billions of people on the planet can no longer imagine life without a mobile phone, and many of them are accustomed to making financial transactions using mobile terminals, which, of course, did not escape the attention of hackers. By the way, the main difference between viruses for portable smartphones and communicators from computer viruses is the secrecy of their operation and quite noticeable material damage. The fact is that any smartphone or communicator is a device with the ability to make paid calls and browse the Internet. Consequently, these functions are the main targets of attackers. So, technical excellence modern smartphones and communicators makes them easy prey for mobile viruses. “Mobile viruses have long ceased to be just exotic specimens in the databases of virus laboratories. Today, it’s enough to get into a place with a large crowd of people - a metro, a cinema, an airport, and your smartphone is already under threat,” the company’s official statement says. How real is the threat and what can you expect from a malicious virus? List of functions malware for mobile phones inspires respect: mobile viruses are able to block the operation of memory cards and can, unnoticed by the user, send SMS messages to paid services, steal data from the address book and send it to the owner of the insidious program. There already exists one that establishes total control over a smartphone and sends information about calls made and SMS sent to the attacker. On television channels there is open advertising (essentially a virus) “SMS Interceptor”.

According to experts from Doctor Web, the concerns expressed are somewhat exaggerated. “There is no particular reason to talk about an epidemic of mobile viruses yet. Due to the design of mobile phones and the huge variety of platforms, it is almost impossible to write a universal epidemiological virus. Malware for mobile phones is different in that it cannot spread on its own. For infection to occur, the user must install the program and allow it to run...”

The analytical review is dedicated to modern virus threats to mobile devices - equipment running portable operating systems and equipped with wireless data transmission technologies. However, its practical side concerns mainly smartphones and communicators. It is this sector of mobile devices that is most attractive to virus writers.

§2. History of the development of mobile viruses.

Before diving into the history of mobile viruses, you should generally understand what they are. A cell phone virus is an application that disguises itself as a game or an attractive Internet file. After the subscriber downloads it to his phone, the “subversion” begins.

The history of mobile viruses goes back a little less than ten years - quite a serious age by the standards of the cellular market. True, it all started not entirely with mobile phones, or rather not only with them. Let's follow a brief chronology.

Became a "pioneer" Timofonica mail worm. It, however, cannot be considered a full-fledged mobile virus, since the utility was installed on a computer and was engaged in sending SMS messages containing simple text: “Information for you: Telefonica is cheating you!” Fortunately, the destructive capabilities of the pseudo-virus were limited to this - it was not installed on the phone, did not multiply in the system, and did not carry out any subversive work. However, the appearance of Timofonica showed that mobile phone owners are not immune from receiving unnecessary messages that could hypothetically contain malicious utilities. That same year, there was an incident involving several hundred subscribers of a Japanese cellular operator whose mobile phones strangely began calling the police, causing the network to become overloaded. But these two cases only preceded the emergence of serious mobile threats.

The first real virus for mobile devices that could actually cause harm appeared only in June 2004, when mailboxes the largest developers of anti-virus software received a letter with an attached fileСaribe . This message was sent to antivirus companies in order to demonstrate the fundamental possibility of the existence of mobile viruses. An analysis of the file showed that it is nothing less than a worm for the Symbian OS operating system of mobile devices. The virus was developed by a group of virus writers who specialize in creating new viruses for non-standard systems and applications. This time, members of the group managed to draw attention to viruses for smartphones. What was especially unexpected was that to spread itself, its loved one, the virus did not use the usual email, but Bluetooth.

Unfortunately, the source code of this virus was published on the Internet and within a short time for software platform Hundreds of different viruses were written on Symbian OS, including both worms and Trojans. A month later, a malicious application appeared for Windows platforms Mobile – Duts. This was followed by other Windows Mobile viruses, in particular Brador , which became the first mobile virus to allow access to the infected device from the outside. Finally, the appearance in February 2006 of RedBrowser – the first mobile virus for phones with Java support, which dramatically increased the potential audience of infected devices. Following this, other viruses appeared that posed a threat to the functionality of the infected phone and the owner’s balance (we are talking about the loss of money due to sending SMS messages). Soon after, the danger of losing all personal data became very real.

In November 2004, on some Internet forums on mobile topics, a new Trojan was posted under the guise of an installation package of new desktop icons and “themes” -Skuller. Launching and installing this program on the system results in substitution of icons standard applications operating system with an icon depicting a skull. At the same time, new applications are installed into the system, on top of the original ones. Thus, this Trojan demonstrated to the whole world two unpleasant features: the ability to unhindered overwriting system applications and lack of operating system resilience to damaged system files.

It is convenient to present the development and emergence of the first families of mobile viruses in the form of a table:

Name

Date of discovery

Functional

June 2004

Bluetooth distribution

July 2004

File infection

August 2004

Providing remote access over the network

August 2004

November 2004

Substitution of icon files

January 2005

Distribution via Bluetooth, file infection

February 2005

Installing corrupted applications

March 2005

Substitution of system applications

March 2005

Distribution via Bluetooth and MMS

March 2005

Replacing antivirus application loaders

April 2005

Substitution of font files

April 2005

Substitution of system applications

May 2005

Substitution of system applications

June 2005

Replacement of system applications, installation of Comwar

July 2005

Substitution of font files

The quantitative development of families of mobile viruses in the first years of their appearance (2004-2005) was quite uniform: new malicious programs for the OS for mobile devices (not counting modifications of already known viruses) appeared on average about twice a month (see Figure 1).

Fig.1. Increase in the number of known families of mobile viruses (2004-2005)

In the same context, it would be appropriate to consider statistics on the number of countries in which precedents of infection were recorded in the early years of the spread of viruses (see Figure 2).

Fig.2. Precedents of infections of mobile devices in different countries (2004-2005)

§3. Ways of spreading mobile viruses.

As already noted, in order for a virus to enter the phone, the user must give permission to do so: run or install a program, receive an SMS, MMS, or any file. From the combination of these factors, it follows that at present mobile systems are exposed to danger almost exclusively due to the human factor. As follows from the table above, the functionality of most known mobile viruses is based solely on several features of operating systems: the ability to overwrite any files, including system ones, and the extreme instability of the system when it encounters unexpected (non-standard for a given distribution or damaged) files.

The situation seems especially frightening given the attractiveness of the mobile device sphere to a variety of virus writers. The following “advantageous” features distinguish it from the computer sphere:

  1. Increased “quality” contact between devices: as a rule, mobile devices are capable of providing constant communication with the outside world (with mobile networks, the Internet, with computers and with each other). For this purpose, they are equipped with a large number of data exchange technologies: SMS, MMS, Bluetooth.
  2. Increased “quantitative” contact between devices: they are carried with you everywhere. During these movements, the devices, entering the scope of Bluetooth communication with other devices, are able to exchange data. A mobile phone carried in a pocket comes into contact with thousands of other phones in a matter of hours, and in large crowds they form powerful data networks.
  3. Mobile technologies integrated with computers provide extremely favorable conditions for spam mailings and professional espionage.
  4. Wireless data transmission technologies can currently provide an attacker with a degree of anonymity close to absolute.

The first two points create serious preconditions for an instant and global epidemic (for example, in the event of the appearance of a sufficiently powerful Bluetooth worm), and the last two will help attract professional virus writers to the mobile field, working in conjunction with criminal structures.

In general, the reasons for the spread of mobile viruses include the following: software vulnerabilities; low level"mobile" literacy; the attitude of mobile phone owners towards mobile viruses as a problem of the future; curiosity (what will happen if I run this file/game/program?); failure to comply with basic safety rules.

Among the symptoms of infection, we will highlight the main ones: the appearance after copying and installing any files of all sorts of problems (for example, the phone freezes for no reason, any applications do not start, it is impossible to open any folder, etc.); appearance of unknown suspicious files and icons; the mobile phone spontaneously sends SMS and MMS, quickly emptying the owner’s account; any phone functions are blocked. As you know, a virus, having gained control, can do everything in the system that a user can do: mass mailing of SMS and MMS unnoticed by the user; unauthorized calls to paid numbers; rapid depletion of the subscriber's account (as a result of calls to paid numbers and mass SMS mailings and MMS); destruction of user data (phone book, files, etc.); theft of confidential information (passwords, account numbers, etc.); blocking phone functions (SMS, games, camera, etc.) or the device as a whole; fast discharge battery; distribution (on behalf of the phone owner) of infected files to everyone possible ways(email, WiFi, Bluetooth, etc.); possibility of remote control of the device, etc.

Since, as already noted, viruses are written for a specific operating system, the most common of them today should be mentioned: Windows CE (Pocket PC, Windows Mobile), Symbian OS, Palm OS and Linux. The communicator sector is dominated by Windows, and the smartphone sector by Symbian. Palm OS and Linux in general are not widespread in the field of handheld devices. It is too early to judge the degree of security of a particular platform. However, the results of testing existing mobile viruses presented on the official Kaspersky website show that Symbian phones automatically process (download, play, launch) any file that ends up in the “Inbox” folder, including those received via Bluetooth or MMS - be it a picture, audio file or installer. Windows Mobile phones only save received files in memory and wait for the user to access them. Based on all of the above, the Symbian platform seems to be the most susceptible to virus attacks and the most vulnerable to them. However, this is nothing more than a reflection of the current state of the market, and can hardly be evidence of the “immunity” of Windows Mobile. It’s just that the vulnerability of the Symbian OS, as the most common platform for smartphones and, as a result, most susceptible to attacks by virus writers, was demonstrated first.

To summarize, it should be noted that for mobile version Windows most common viruses are utilities remote administration(backdoor). This is usually a small file that, after running, is “rooted” in the directory, thus gaining control every time the infected device is started. When the device is active, it secretly establishes a connection to the Internet and sends the victim’s IP address by email to the author, informing him that the communicator is online and the backdoor is active. After this, such a utility opens various ports for receiving commands, which allows the author of the virus to obtain the user’s personal data or download a program into the infected device that destroys all data stored in it.

The main types of malware for Symbian are Trojans and worms that destroy or maliciously modify data, disrupt the performance of mobile devices, etc. This category also includes multi-purpose Trojans that simultaneously spy on the user and “steal” personal data.

As already noted, mobile viruses are usually spread via Bluetooth and MMS. They can cause very rapid infection large quantity systems, disrupting the functionality of the mobile network or turning it into control of an attacker distributed network. Weak security of wireless data transfer protocols makes it possible for trained electronic hackers to take control of user devices as they interact with the Internet. In addition, viruses can block the basic functions of a mobile phone (for example, sending SMS), delete games, turn off the built-in camera, drain the phone’s battery several times faster than usual, etc. In fact, the smarter the terminal, the more susceptible it is to viruses.

What are the signs viral infection?

  1. Slow response to user actions, especially when launching programs
  2. Distortion of the contents of files and directories or their complete disappearance
  3. Frequent crashes and freezes of the device
  4. Messages or images appear spontaneously on the screen
  5. Unauthorized launch of programs
  6. Providing arbitrary sound signals
  7. Impossibility of overloading the device.

If you find one or more of the above signs, then most likely your mobile phone is infected, and you need to take urgent measures to find and remove viruses, as well as treat infected files.

§4. Mobile device health survey

students of municipal educational institution "Gymnasium No. 24"

We tried to test and prove that currently most mobile devices are susceptible to virus infection. A total of 104 people were interviewed. Testing showed (see Figure 3):

  1. Bluetooth is available to 100% (104 people), almost all of them (102 people, which is 98%) constantly use it;
  2. the MMS service is available to 80% (83 people) of users, but only 44% (46 people) use it;
  3. 81% (84 people) of respondents have access to the Internet, and 52% (54 people) use it.
  4. The service of sending and receiving SMS messages is available to all users of mobile devices and is used by them constantly.

As the survey results show, most mobile devices have functions that facilitate the spread of viruses. In addition, all these functions are quite widely used by subscribers mobile communications, which increases the risk of viruses getting into the phone.

Rice. 3. Availability and use of basic capabilities of mobile devices

§5. Protection against mobile viruses.

Among the questions in our questionnaire were such as “Have you heard anything about mobile viruses?”, “Do you know how to protect your phone from them?”, “Does your mobile device have an anti-virus program?” Here are the answers we received (see Figure 4):

  1. 59% (61 people) of respondents know that viruses can spread on the mobile network
  2. Only 33% (34 people) know about methods of protection.
  3. Only 8% (9 people) have an antivirus program.

Rice. 4. Mobile literacy indicators

This suggests that the situation with users’ mobile literacy is not entirely hopeless. Of course, not all devices can support an antivirus program, which is why the number of people using an antivirus is small.

Conducting a study on this problem, we tested 52 telephone devices for viruses, of which 41% (22 phones) were infected, and the users of these phones did not even suspect it. This once again proves that the problem of the spread of mobile viruses is relevant.

And now more about protecting mobile devices. There are several ways to do this. Let's look at some of them.

The first one is the simplest. If you don't want a virus to get into your phone, carefully monitor all incoming messages. Do not open those that seem suspicious or came from a sender unknown to you. In addition, you should not keep Bluetooth on all the time, especially in crowded places. In settings Bluetooth your pocket pet, be sure to uncheck the option “Available to everyone" Or at least allow access to your phone only after entering a security password. How it works? It all works as follows - when another smartphone or mobile phone tries to connect to yours, it will be prompted to enter a password. And only if the password is exactly the same as the one you typed, the connection will occur. Try never to set your phone to automatically open all incoming messages, otherwise the virus will definitely penetrate your mobile phone. If a suspicious file is sent to you via Bluetooth, you can always refuse to receive it. Do not download files from the Internet directly to your mobile phone. First download them to your PC, check them with an antivirus, and then install them on your mobile phone.

Another way a mobile infection can get into your phone is MMS And SMS messages. But remember that before installing any program, be sure to ask your permission to do so (these are the features of the OS), so never respond to a request that comes out of nowhere, i.e. you don’t know who, much less why, is requesting the connection. Please note that some viruses can completely disable your mobile devices. Mobile viruses will not cause physical harm (at least for now), but they can easily crash the entire firmware of your phone.

Second way. You need to install an antivirus on the computer to which your cell phone or smartphone is connected. An antivirus program will be able to quickly find and destroy the virus before it is too late. For many modern smartphones, special anti-virus protection has already been developed. Experts have been working on solving these problems for a long time. There are currently several software solutions to protect mobile devices from viruses. Kaspersky Lab has developed several versions of the antivirus for Windows, Symbian and Palm OS. Similar products are offered by both well-known antivirus manufacturers (TrendMicro, Network Associates, F-Secure) and young companies specializing directly in the development of mobile antivirus solutions (Airscanner, Simworks). In the case of MMS worms for mobile phones, the optimal protection seems to be on the operator’s side, in which all MMS traffic passes through an Internet server with an anti-virus product installed on it.

New security standards for mobile devices have already been introduced in Los Angeles. They are developed by such large companies as Nokia and Samsung. The standards were called the Mobile Security Specification and are described as the basis for a new generation of secure mobile devices. Subscribers are expected to use this technology to protect the operating system of their phones. The general principle of this specification is based on the fact that all information that needs protection will be stored in secure sectors of phones - Mobile Terminal Module (MTM), which are guaranteed not to be hacked by a virus. However, it is not yet known when this technology will become active. Experts say it will be several years before mobile phone users can really experience its benefits.

I would like to dwell in more detail on antivirus software.Antivirus program (antivirus) is a program for detecting viruses and treating infected files, as well as for prevention - preventing infection of files or the operating system with malicious code.

It is no secret that the presence of special software that provides reliable protection against the most modern mobile viruses is critically important, because it is not without reason that almost all antivirus software manufacturers have turned their attention to the problem of mobile device security. Developments in this direction are being carried out by both domestic and foreign companies: there are such solutions on the market as Kaspersky Mobile Anti-Virus, BitDefender Mobile Security, F-Secure Mobile Anti-Virus, Norton Smartphone Security, Handy Safe for Windows Mobile Pocket PC, Trend Micro Mobile Security.

The characteristics of such programs are very standard.

Firstly, it should be noted the multifunctionality of the systems layout. In addition to a full-fledged antivirus with the ability to “cure” infected objects, mobile antiviruses include a personal firewall, a spam filter for SMS, and data encryption with password access to the system. Such software, at the user’s request, can quickly scan the internal memory, memory card, or the entire device, deleting malicious files.

Secondly, mobile antiviruses provide scanning of folders and archives Email in real time. This is especially true for services that are most successfully used by the majority of corporate users via mobile devices. Similarly, all incoming program and document files that are downloaded to a computer using Bluetooth and MMS are scanned online. In addition, the anti-virus product monitors the launch of executable files and other communication channels, and when launched, analyzes the hardware capabilities of the device, the state of their protection, and prompts the user with the most optimal protection strategy for him. When a program detects an infected file, it usually isolates it immediately to protect all other data on the system and asks for permission to further actions at the user.

Thirdly, modern antivirus software supports regular automatic update their bases over a wireless network. Additional libraries increase its effectiveness - they usually appear on the manufacturer’s server immediately after a new virus sample is detected. The anti-virus databases and functional modules of the product should be updated automatically, in accordance with the period specified by the user, or by default.

Fourth, virus protection software is optimized specifically for mobile devices. Considering the fact that smartphones and communicators usually have weaker resources compared to desktop computers, anti-virus software can work with models that have a low processor frequency (from 200 MHz) and RAM(from 64 MB). They occupy a fairly small amount of memory (up to 10-12 MB). In this case, installation is possible directly through a mobile Internet connection or through a connection to a desktop computer, and the minimally consumed resources do not greatly reduce the battery life.

CONCLUSION

In conclusion, we can say: mobile viruses exist! This is no longer a myth, but a real threat! Until recently, it was believed that mobile viruses, if they were a threat, were only for advanced mobile phones; owners of ordinary mobile phones had nothing to fear. Alas, this is no longer true! Since cross-platform mobile viruses have already been created, adherence to any one OS does not guarantee protection against viruses. The originally existing line between mobile and computer viruses has been erased. Now these devices can mutually infect each other. It took computer viruses more than 20 years to become widespread. Mobile viruses have traveled this path much faster, which means that mobile virus writers are actively using the experience of creating and distributing computer viruses. There are about 5 billion cellular subscribers in the world. Many people literally never part with their cell phones. Mobile phones store confidential information. It is not difficult to imagine the scale of the consequences in the event of an epidemic of mobile viruses. Of course, there is no need to exaggerate the problem of the emergence of mobile viruses, but you should not brush it aside, believing that the problem is artificially inflated by antivirus companies and the media.

From the Overview report viral activity for 2008" antivirus laboratory “Doctor Web”: “...We are still only talking about the possibility of some kind of global epidemic of a mobile virus. But we should not forget that the technical prerequisites for this already exist and are developing at a fairly high speed.”

It is quite difficult to predict further developments in the field of mobile viruses, since it is in a state of unstable equilibrium: the number of factors that provoke serious security threats is growing faster than the readiness of the technical and social environment for them.

The following trends are leading to an increase in the number of malware for mobile devices in particular and to an increase in threats to the security of smartphones and communicators in general:

  1. Their percentage among devices used for mobile communications is constantly growing. The more popular the technology, the easier and more profitable it is to attack;
  2. as the field expands, so does the number of skilled individuals who can potentially attack its security;
  3. Smartphones and communicators are becoming more powerful and functional, beginning to displace PDAs. This means that viruses and virus writers have more and more opportunities;
  4. increasing the functionality of a device naturally leads to an increase in the number of potential interesting information, which is stored in it. Unlike a regular mobile phone, which on average contains only an address book, the memory of a smartphone or communicator can store any files that are usually stored on a computer disk. And using programs to access password-protected online services (for example, ICQ) jeopardizes the security of personal data.

The materials from our report can be used in computer science and ICT lessons to increase students’ interests in the subject; for the design of thematic newspapers for the decade of computer science and mathematics; These works can be presented at class themed hours.

The study of this topic is not limited to the scope of our report. We plan to study in more detail the classifications of antivirus programs (for example, scanners, auditors, watchmen, vaccines or server antiviruses, workstation antiviruses, false antiviruses and others), the methods of operation of antivirus software (such as the method of matching the definition of viruses in the dictionary, the detection method strange behavior of programs, detection method using emulation, method " whitelist"and others), compare the development of mobile and computer viruses and anti-virus programs.

Why did your mobile phone suddenly begin to behave differently than usual, or even “take on” its own “life”? Perhaps because a malicious program has settled in it. Today, the number of viruses and Trojans for Android is growing exponentially. Why? Yes, because the cunning virus writers know that smartphones and tablets are increasingly being used by our fellow citizens as electronic wallets, and do everything to move funds from the owners’ accounts into their pockets. Let's talk about how to understand that a mobile device has caught an infection, how to remove a virus from Android and protect yourself from repeated infections.

Symptoms of a virus infection on an Android device

  • The gadget turns on longer than usual, slows down, or suddenly reboots.
  • Your SMS and phone call history contains outgoing messages and calls that you did not make.
  • Money is automatically debited from your phone account.
  • Ads that are not associated with any application or site are displayed on your desktop or browser.
  • The programs are installed by themselves, Wi-Fi, Bluetooth or the camera are turned on.
  • Lost access to electronic wallets, mobile banking or for unknown reasons the amount in the accounts has decreased.
  • Someone has taken over your account on social networks or instant messengers (if used on a mobile device).
  • The gadget is locked, and a message is displayed on the screen that you have violated something and must pay a fine or simply transfer money to someone to unlock it.
  • Applications suddenly stopped launching, access to folders and files was lost, and some device functions were blocked (for example, buttons could not be pressed).
  • When launching programs, messages like “an error occurred in the com.android.systemUI application” pop up.
  • Unknown icons appeared in the application list, and unknown processes appeared in the task manager.
  • The antivirus program informs you when malicious objects are detected.
  • The antivirus program has spontaneously deleted itself from the device or does not start.
  • The battery of your phone or tablet began to discharge faster than usual.

Not all of these symptoms are 100% indicative of a virus, but each is a reason to immediately scan your device for infection.

The easiest way to remove a mobile virus

If the gadget remains operational, the easiest way to remove the virus is to use the antivirus installed on Android. Run a full scan of the phone’s flash memory, and if a malicious object is detected, select the “Delete” option, saving the neutralized copy in quarantine (in case the antivirus detected something safe and mistook it for a virus).

Unfortunately, this method helps in about 30-40% of cases, since most malicious objects actively resist being removed. But there is control over them too. Next we will look at options when:

  • the antivirus does not start, does not detect or does not remove the source of the problem;
  • the malicious program is restored after removal;
  • The device (or its individual functions) is blocked.

Removing malware in safe mode

If you can't clean your phone or tablet normally, try doing it safely. The majority of malicious programs (not just mobile ones) do not show any activity in safe mode and do not prevent destruction.

To boot your device into Safe Mode, press the On/Off button, place your finger on “Power Off” and hold it until the “Enter Safe Mode” message appears. After that, click OK.

If you have an old one Android version— 4.0 and lower, turn off the gadget in the usual way and turn it on again. When appearing on screen Android logo Press the volume up and down keys at the same time. Hold them down until the device boots up completely.

While in safe mode, scan your device with an antivirus. If there is no antivirus or it does not start for some reason, install (or reinstall) it from Google Play.

In this way they are successfully removed ad viruses such as Android.Gmobi 1 and Android.Gmobi.3 (according to Dr. Web classification), which download various programs to the phone (in order to increase the rating), and also display banners and advertisements on the desktop.

If you have superuser rights (root) and you know exactly what caused the problem, launch a file manager (for example, Root explorer), follow the path where this file is located and delete it. Most often, mobile viruses and Trojans place their body ( executable files with extension .apk) to the system/app directory.

To switch to normal mode, simply restart your device.

Removing mobile viruses via computer

Removing viruses on a phone via a computer helps when a mobile antivirus cannot cope with its task even in safe mode or the device’s functions are partially blocked.

There are also two ways to remove a virus from a tablet and phone using a computer:

  • using an antivirus installed on a PC;
  • manually through a file manager for Android gadgets, for example, Android Commander.

Using antivirus on your computer

To scan your mobile device files with an antivirus installed on your computer, connect your phone or tablet to the PC with a USB cable, selecting the “As a USB drive” method.

Then turn on USB.

After this, 2 additional “disks” will appear in the “Computer” folder on the PC - the internal memory of the phone and the SD card. To start scanning, open context menu each disk and click “Scan for viruses”.

Removing malware using Android Commander

Android Commander is a program for exchanging files between an Android mobile gadget and a PC. When launched on a computer, it provides the owner with access to the memory of a tablet or phone, allowing you to copy, move and delete any data.

For full access to all the contents of the Android gadget, you must first obtain root rights and enable USB debugging. The latter is activated via service application“Options” - “System” - “Developer options”.

Next, connect the gadget to your PC as a USB drive and run it with permissions Android administrator Commander. In it, unlike Windows Explorer, protected system files and directories of the Android OS are displayed - the same way as, for example, in Root Explorer - a file manager for root users.

On the right half Android windows Commander shows the directories of the mobile device. Find the executable file of the application (with the extension .apk) that is causing the problem and delete it. Alternatively, copy suspicious folders from your phone to your computer and scan each of them with an antivirus.

What to do if the virus is not removed

If the above operations did not lead to anything, the malicious program still makes itself felt, and also if operating system after cleaning it has ceased to function normally, you will have to resort to one of the radical measures:

  • reset with restoration of factory settings through the system menu;
  • hard reset via the Recovery menu;
  • reflashing the device.

Any of these methods will return the device to the same state as after purchase - there will be no user programs left on it, personal settings, files and other information (data about SMS, calls, etc.). Your Google account will also be deleted. Therefore, if possible, transfer phone book to your SIM card and copy paid applications and other valuable items to external media. It is advisable to do this manually - without using special programs, so as not to accidentally copy the virus. After this, begin the “treatment”.

Restoring factory settings through the system menu

This option is the simplest. It can be used when the functions of the operating system and the device itself are not blocked.

Go to the Settings application, open the Personal - Backup section and select Factory reset.

Hard reset via Recovery menu

A “hard” reset will help deal with the malware if it is not removed by any of the above methods or has blocked login. To our joy, access to the Recovery menu (system recovery) is retained.

Login to Recovery on different phones and tablets are carried out in their own way. On some, for this you need to hold down the “Volume +” key when turning on, on others - “Volume -”, on others - press a special recessed button, etc. The exact information is contained in the instructions for the device.

In the Recovery menu, select the option “wipe data/factory reset” or simply “factory reset”.

Flashing

Flashing is essentially reinstalling the Android OS, the same last resort as reinstalling Windows on the computer. It is resorted to in exceptional cases, for example, when a certain Chinese virus is embedded directly in the firmware and has been living on the device since its “birth.” One of these malware is spyware android spy 128 origin.

To flash a phone or tablet, you will need root rights, a distribution kit (the firmware itself), an installation program, a computer with a USB cable or an SD card. Remember that each gadget model has its own individual firmware versions. Installation instructions are usually included with them.

How to avoid virus infection of Android devices

  • Install mobile applications only from trusted sources, refuse hacked programs.
  • Update your device as system updates are released - in them, developers close vulnerabilities that are exploited by viruses and Trojans.
  • Install a mobile antivirus and keep it always on.
  • If your gadget serves as your wallet, do not allow other people to use it to access the Internet or open unverified files on it.

Viruses for mobile phones, smartphones and tablet computers are not a myth, but a cruel reality of today. Deny the problem of mass spread of mobile viruses It’s just as stupid and ridiculous as denying the problem of the massive spread of computer viruses. Antiviruses for smartphones are among the best-selling mobile applications, and the Internet is teeming with recommendations for protection against mobile viruses- in a word, everything is like on “big” computers. But the first mobile virus was not created in order to harm anyone or “make” more money, but simply for the sake of sport. However, first things first...

In June 2004, a team of professional virus writers 29A developed the world's first virus for mobile devices - Caribe. It was a worm for the Symbian platform, spreading via Bluetooth. It did not cause any particular harm, other than increased battery consumption, and it should not have done so - the 29A team developed this virus only to draw the attention of OS and antivirus software manufacturers to significant gaps in the Symbian security system. On behalf of the team leader, the Caribe source codes were sent to leading antivirus manufacturers, but soon, as a result of a leak, they became publicly available. This gave rise to the massive spread of Caribe (or, according to antivirus classification, Cabir virus) and its clones on smartphones around the world.

A little later, at the World Athletics Championships in Helsinki, the largest local epidemic of a mobile virus occurred. In a large, crowded stadium, Cabir managed to spread almost instantly. The situation was resolved by Finnish antivirus specialists. F-Secure company: A special place was set up right at the stadium where F-Secure employees removed Cabir from the smartphone memory of eligible spectators. In total, more than twenty countries were affected by Cabir and its modifications.

The Cabir epidemic brought attention to the problem mobile security, however, not users, but virus writers. A month after its appearance, Cabir was released Duts virus - the first virus for the Windows Mobile platform. This virus had the ability to infect executable files, but before infection it asked permission from the user of the PDA or communicator. As we can see, nature has not deprived the Duts developers of a sense of humor.

And here is the next virus for Windows Mobile - Brador- was not so funny: it was the first in the world backdoor for mobile platform. Brador waited for the infected device to connect to the Network, and as soon as it was established, it sent the IP address of the device to the “owner” by e-mail and opened a special port for it. The “owner,” having connected to the infected device through this time, could gain access to its files, send it certain files and display text messages on its screen.

However, viruses for Windows Mobile never gained much traction. The fact is that at that time, the share of Windows Mobile in the market of smartphones and communicators was not particularly large - then mainly PDAs were produced on this OS, which were connected to the Internet extremely rarely and infrequently. So the Symbian platform held the palm in this area.

The next virus appeared on this platform, this time more dangerous - Mosquit. This virus is the first mobile Trojan in history. Mosquit virus appeared as a result of the introduction of malicious code into the initially harmless game Mosquitos. When launched, the infected game sent SMS messages to the attacker’s short numbers, thereby generating income for him. Later, a similar action was created Trojan horse RedBrowser, which was distributed on feature phones with Java support. The scheme turned out to be so simple to implement that it is still used today - the vast majority of modern mobile “Trojans” (and viruses in general) are engaged in sending messages to paid numbers.

Further more. Viruses that appeared soon Skuller And Locknut(also known by the name unpronounceable in polite society - Gavno) drew public attention to two significant vulnerabilities of the Symbian OS. Thus, Skuller replaced standard Symbian programs with their inoperative copies, without encountering any resistance from the operating system. well and Locknut virus It simply amazes with its primitiveness and at the same time high destructive ability. The fact is that at that time the operating room Symbian system did not check executable files for integrity or “correctness”, focusing only on the file extension; in other words, any file with the extension *.app, The OS considered it an application. The creators of the Locknut virus took advantage of this. This virus places the program in the system startup gavno.app and accompanying files with the extension *.rsc. Moreover, neither the program nor its files were executable - “inside” they were ordinary text documents. However, Symbian, paying attention exclusively to the expansion, tried to launch the notorious "program". Of course, this led to a system crash and freeze, and the smartphone refused to boot.

After the release of Skuller and Locknut, the Internet was flooded with similar Symbian viruses, exploiting the above vulnerabilities: Dampig, Fontal, Hobbie and many others. The development of mobile viruses has essentially stopped. Perhaps the only know-how developed at that time was the use of MMS messages to spread worms; the first virus to use this technology, was Comwar, which appeared in March 2005.

Despite the massive spread of viruses for mobile platforms, users were still in no hurry install antiviruses on your smartphones, absurdly believing that the problem is far-fetched. In fact, there really was a problem, and although the scale of the spread of mobile viruses at that time could not be compared with today, it was still worth thinking about ensuring the security of your smartphone. In general, the situation repeated that which developed in the late 1990s and early 2000s on computers: despite the Chernobyl, MELISSA and ILOVEYOU epidemics, most computers remained without anti-virus protection.

However, the situation did not go unnoticed. In addition to antivirus companies that began producing more and more mobile antiviruses, mobile OS developers also became interested in security problems and began to plug gaps and holes in their systems. Cellular operators also did not stand aside, installing filters on their servers that clear MMS messages of malicious code. Journalists from computer and mobile publications began to explain to readers how to protect themselves from mobile infections.

Finally, users came to their senses. They started putting anti virus programs and firewalls on their smartphones and communicators, they stopped downloading software and games from suspicious sources, they began to block the sending of SMS messages by Java programs in the phone settings. It seemed that computer viruses gone forever... However, the Android operating system came onto the scene, and virus writers, “overlapping” with it, gave birth to such an epidemic of viruses that the world has never seen before.

System Android turned out to be quite vulnerable for malware. Unlike other Linux and Unix-like systems, the superuser in Android is not password protected. This, on the one hand, makes life easier for the user (no need to enter a password when installing programs or performing other important actions), but allows viruses to almost freely gain access to the most important system functions. For those who are not familiar with the system of rights in Unix and Linux, we explain: the superuser is the most important user in the system hierarchy, and it is on his behalf that all system-critical actions are performed. You can even recompile the kernel as superuser. Thus, a person who does not bother to install an antivirus on an Android device is, in fact, “giving” it to attackers.

There is another reason that allowed it to spread on such a scale. viruses on Android- applications that are submitted for verification to Android Market , system application catalog, are not pre-moderated. As a result, the Android Market is teeming with low-quality crafts, “buggy” programs and, what interests us most in this article, “Trojan” applications. Therefore, you must always exercise extreme caution, including when installing programs and games from the Android Market.

So, what do we have today? The story that happened on computers was repeated on mobile devices. At first, mobile viruses were just the tricks of bored virus writers who just wanted to show that smartphones were also “sick.” However, over time they turned into a serious danger, and not a trace remained of their former innocence. Every user" smart phone" is obliged to observe basic security measures, unless, of course, he wants to get infected and lose all his data or money from his account.

What are these measures? Firstly, you need to install an antivirus on your smartphone and not trust programs obtained from dubious or unknown sources- in short, everything is like on a computer. Secondly, you need to follow specific safety rules - do not open suspicious Bluetooth transmissions and MMS messages, and block access to the Internet, SMS, files and contacts of those applications who do not need this access to work. By following these simple rules, you can protect your smartphone or mobile phone from viruses, and yourself from the headache associated with their removal, as well as from problems such as the disappearance of money from your mobile account or a lightning-fast increase in Internet traffic.


2024 gtavrl.ru.