Directive Blogs
Mobile Botnets and Zombie Phones
Once considered impossible, the threat of malware on mobile devices is becoming a serious reality. Malware used to just be a plague to PC's, however, in the last few years we have seen a rise in Mobile Malware specifically the threat of Mobile Botnets.
From a Malware/Botnet perspective, mobile devices are increasingly more attractive than traditional PC's. For instance, the ubiquitous use of Mobile Devices in todays world makes for perfect stepping stones for malicious attacks. Our general reliance and dependence on our cell phones and tablets means every day more personal information is being stored on these devices, such as banking information, credit card numbers, email and social media accounts. Mobile devices, by design, have a wide array of communication technologies available to them. These technologies make it incredibly easy for malware to propagate itself. 3G and 4G, along with WiFi connectivity maintain a fairly constant internet connection for most devices. This connectivity makes it easier to trick a user into downloading infected software. Many times the software in question is a legitimate application that is bundled with or infected by malicious code which can modify your phone to provide root or administrator access to your device. Once compromised, the Malware can then use the internet connectivity or SMS (texting) capabilities of the device to communicate with other "members" of the Botnet, Specifically the Command and Control Server. Once this communication is established, data can then be harvested or attacks can be coordinated. Further, Mobile Botnets can create a decentralized control network in which the Command and Control Server needs to issue instructions to only a few compromised devices. From there, those devices will propagate instructions to other devices in a Peer to Peer fashion. A Cloud-like structure can also be established using the compromised devices to transparently process attack and command data. Protections can be put into place for your mobile device. If your mobile device supports it, you can install antivirus software. Smartphone antivirus is still in its infancy and can cause older models to slow down considerably, so mobile best practices may be more effective. Do not download software from untrustworthy sources including third-party app marketplaces. Be sure to inspect the privileges of any app you are about to install. Ask yourself: Does it really need SMS capability, or system privileges? Lastly, if the app looks suspicious, or the site you get it from doesn't look legitimate do NOT download it. Malware on mobile devices is a growing problem today and certainly will continue to grow in the future. The processing power and array of communication technologies on mobile devices make it easy for malware to spread. Be sure to use your best judgment when downloading applications and keep your security software up to date. If you need support implementing a mobile security plan or policy, don't hesitate to contact our help desk or call at 607.433.2200 and set up a consultation.