본문 바로가기
IT 보안소식

카스퍼스키(Kaspersky), 세계 최초 안드로이드OS SMS 트로이목마 발견

by 잡다한 처리 2010. 8. 10.
반응형


세계적인 보안회사 카스퍼스키(Kaspersky)가 안드로이드 OS에서 SMS를 이용하는 트로이 목마를 발견했다고 한다.

아침에 출근하면서 트위터로 기사를 접했는데, 시간이 안나서 ㅠ.ㅠ 이제야 올리게 됨 ㅎㅎ
지금은 SMS을 이용하는 트로이목마지만, 이제 앞으로 Virus 및 Worm도 나올 날이 얼마 남지 않은듯 ㅡ.ㅡ;;
후딱 공부하자!!

First SMS Trojan detected for smartphones running Android

Kaspersky Lab, a leading developer of secure content management solutions, announces that the first malicious program classified as a Trojan-SMS has been detected for smartphones running on Google’s Android operating system. Named Trojan-SMS.AndroidOS.FakePlayer.a, it has already infected a number of mobile devices.

The new malicious program penetrates smartphones running Android in the guise of a harmless media player application. Users are prompted to install a file of just over 13 KB with the standard Android extension .APK. Once installed on the phone, the Trojan uses the system to begin sending SMSs to premium rate numbers without the owner’s knowledge or consent, resulting in money passing from a user’s account to that of the cybercriminals.

The Trojan-SMS category is currently the most widespread class of malware for mobile phones, but Trojan-SMS.AndroidOS.FakePlayer.a is the first to specifically target the Android platform. It should be noted that there have already been isolated cases of devices running Android being infected with spyware. The first such program appeared in 2009.

“The IT market research and analysis organization IDC has noted that those selling devices running Android are experiencing the highest growth in sales among smartphone manufacturers. As a result, we can expect to see a corresponding rise in the amount of malware targeting that platform,” says Denis Maslennikov, Mobile Research Group Manager at Kaspersky Lab. “Kaspersky Lab is actively developing technologies and solutions to protect this operating system and plans to release Kaspersky Mobile Security for Android in early 2011.”

Kaspersky Lab recommends that users pay close attention to the services that an application requests access to when it is being installed. That includes access to premium rate services that charge to send SMSs and make calls. When a user agrees to these functions during the installation of an application, the smartphone may then be able to make calls and send SMSs without further authorization.

The signature for Trojan-SMS.AndroidOS.FakePlayer.a has already been added to Kaspersky Lab’s antivirus databases.


- VirusTotal 현황
File RU.apk received on 2010.08.09 11:52:16 (UTC)
Antivirus Version Last Update Result
AhnLab-V3 2010.08.09.00 2010.08.09 -
AntiVir 8.2.4.34 2010.08.09 -
Antiy-AVL 2.0.3.7 2010.08.09 -
Authentium 5.2.0.5 2010.08.09 -
Avast 4.8.1351.0 2010.08.09 -
Avast5 5.0.332.0 2010.08.09 -
AVG 9.0.0.851 2010.08.08 -
BitDefender 7.2 2010.08.09 -
CAT-QuickHeal 11.00 2010.08.09 -
ClamAV 0.96.0.3-git 2010.08.09 -
Comodo 5694 2010.08.09 -
DrWeb 5.0.2.03300 2010.08.09 Android.SmsSend.1
Emsisoft 5.0.0.36 2010.08.09 -
eSafe 7.0.17.0 2010.08.08 -
eTrust-Vet 36.1.7777 2010.08.09 -
F-Prot 4.6.1.107 2010.08.09 -
F-Secure 9.0.15370.0 2010.08.09 -
Fortinet 4.1.143.0 2010.08.09 -
GData 21 2010.08.09 -
Ikarus T3.1.1.84.0 2010.08.09 -
Jiangmin 13.0.900 2010.08.07 -
Kaspersky 7.0.0.125 2010.08.09 Trojan-SMS.AndroidOS.FakePlayer.a
McAfee 5.400.0.1158 2010.08.09 -
McAfee-GW-Edition 2010.1 2010.08.09 -
Microsoft 1.6004 2010.08.09 -
NOD32 5351 2010.08.09 -
Norman 6.05.11 2010.08.08 -
nProtect 2010-08-09.02 2010.08.09 -
Panda 10.0.2.7 2010.08.08 -
PCTools 7.0.3.5 2010.08.09 -
Prevx 3.0 2010.08.09 -
Rising 22.60.00.04 2010.08.09 -
Sophos 4.56.0 2010.08.09 -
Sunbelt 6704 2010.08.09 -
SUPERAntiSpyware 4.40.0.1006 2010.08.09 -
Symantec 20101.1.1.7 2010.08.09 -
TheHacker 6.5.2.1.339 2010.08.09 -
TrendMicro 9.120.0.1004 2010.08.09 -
TrendMicro-HouseCall 9.120.0.1004 2010.08.09 -
VBA32 3.12.12.8 2010.08.04 -
ViRobot 2010.8.9.3978 2010.08.09 -
VirusBuster 5.0.27.0 2010.08.08 -
 
Additional information
File size: 12927 bytes
MD5   : fdb84ff8125b3790011b83cc85adce16
SHA1  : 1e993b0632d5bc6f07410ee31e41dd316435d997
SHA256: 14ebc4e9c7c297f3742c41213938ee01fd198dd4f4a5f188bbbb6ffcf4db5f14
TrID  : File type identification
Java Archive (78.3%)
ZIP compressed archive (21.6%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
ssdeep: 384:zZBs7IF0ziI4wOweZTqJu/SJQdWg6eyQbUjkX:zZ9vwqVMu/3Eg6eyQbUi
sigcheck: publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEiD  : -
RDS   : NSRL Reference Data Set
-



댓글