查看完整版本: F-Secure發現Android平台短信木馬變種


hansem668 2012-4-15 15:59

F-Secure發現Android平台短信木馬變種

<P style="BORDER-BOTTOM: windowtext; BORDER-LEFT: medium none; PADDING-BOTTOM: 0cm; MARGIN: 0cm 0cm 0pt; PADDING-LEFT: 0cm; PADDING-RIGHT: 0cm; BORDER-TOP: medium none; BORDER-RIGHT: medium none; PADDING-TOP: 0cm; mso-element: para-border-div; mso-border-bottom-alt: double windowtext 2.25pt; mso-padding-alt: 0cm 0cm 1.0pt 0cm" class=MsoNormal><SPAN style="FONT-FAMILY: 'Verdana','sans-serif'; FONT-SIZE: 10pt; mso-bidi-font-family: 新細明體; mso-font-kerning: 0pt; mso-fareast-font-family: 新細明體" lang=EN-US>F-Secure</SPAN><SPAN style="FONT-FAMILY: '新細明體','serif'; FONT-SIZE: 10pt; mso-bidi-font-family: 新細明體; mso-font-kerning: 0pt; mso-ascii-font-family: Verdana; mso-hansi-font-family: Verdana">宣布發現兩款</SPAN><SPAN style="FONT-FAMILY: 'Verdana','sans-serif'; FONT-SIZE: 10pt; mso-bidi-font-family: 新細明體; mso-font-kerning: 0pt; mso-fareast-font-family: 新細明體" lang=EN-US>Andriod</SPAN><SPAN style="FONT-FAMILY: '新細明體','serif'; FONT-SIZE: 10pt; mso-bidi-font-family: 新細明體; mso-font-kerning: 0pt; mso-ascii-font-family: Verdana; mso-hansi-font-family: Verdana">平台的木馬,其中一款木馬,會欺騙用戶下載</SPAN><SPAN style="FONT-FAMILY: 'Verdana','sans-serif'; FONT-SIZE: 10pt; mso-bidi-font-family: 新細明體; mso-font-kerning: 0pt; mso-fareast-font-family: 新細明體" lang=EN-US>“Angry Bird Seasons v2.0.0</SPAN><SPAN style="FONT-FAMILY: '新細明體','serif'; FONT-SIZE: 10pt; mso-bidi-font-family: 新細明體; mso-font-kerning: 0pt; mso-ascii-font-family: Verdana; mso-hansi-font-family: Verdana">節日限定版</SPAN><SPAN style="FONT-FAMILY: 'Verdana','sans-serif'; FONT-SIZE: 10pt; mso-bidi-font-family: 新細明體; mso-font-kerning: 0pt; mso-fareast-font-family: 新細明體" lang=EN-US>”</SPAN><SPAN style="FONT-FAMILY: '新細明體','serif'; FONT-SIZE: 10pt; mso-bidi-font-family: 新細明體; mso-font-kerning: 0pt; mso-ascii-font-family: Verdana; mso-hansi-font-family: Verdana">,實際是假下載真騙錢,它們偽裝成能下載正版免費</SPAN><SPAN style="FONT-FAMILY: 'Verdana','sans-serif'; FONT-SIZE: 10pt; mso-bidi-font-family: 新細明體; mso-font-kerning: 0pt; mso-fareast-font-family: 新細明體" lang=EN-US>angry birds</SPAN><SPAN style="FONT-FAMILY: '新細明體','serif'; FONT-SIZE: 10pt; mso-bidi-font-family: 新細明體; mso-font-kerning: 0pt; mso-ascii-font-family: Verdana; mso-hansi-font-family: Verdana">等遊戲字樣,但其實只是欺騙用戶並自動發出多個收費短信。</SPAN>
<DIV style="BORDER-BOTTOM: windowtext 2.25pt double; BORDER-LEFT: medium none; PADDING-BOTTOM: 1pt; PADDING-LEFT: 0cm; PADDING-RIGHT: 0cm; BORDER-TOP: medium none; BORDER-RIGHT: medium none; PADDING-TOP: 0cm; mso-element: para-border-div"><SPAN style="FONT-FAMILY: '新細明體','serif'; FONT-SIZE: 10pt; mso-bidi-font-family: 新細明體; mso-font-kerning: 0pt; mso-ascii-font-family: Verdana; mso-hansi-font-family: Verdana">[attach]4861[/attach]</SPAN></DIV>
<DIV style="BORDER-BOTTOM: windowtext 2.25pt double; BORDER-LEFT: medium none; PADDING-BOTTOM: 1pt; PADDING-LEFT: 0cm; PADDING-RIGHT: 0cm; BORDER-TOP: medium none; BORDER-RIGHT: medium none; PADDING-TOP: 0cm; mso-element: para-border-div"><SPAN style="FONT-FAMILY: '新細明體','serif'; FONT-SIZE: 10pt; mso-bidi-font-family: 新細明體; mso-font-kerning: 0pt; mso-ascii-font-family: Verdana; mso-hansi-font-family: Verdana">該木馬名稱偽</SPAN><SPAN style="FONT-FAMILY: 'Verdana','sans-serif'; FONT-SIZE: 10pt; mso-bidi-font-family: 新細明體; mso-font-kerning: 0pt; mso-fareast-font-family: 新細明體" lang=EN-US>Trojan:Android/FakeNotify.A </SPAN><SPAN style="FONT-FAMILY: '新細明體','serif'; FONT-SIZE: 10pt; mso-bidi-font-family: 新細明體; mso-font-kerning: 0pt; mso-ascii-font-family: Verdana; mso-hansi-font-family: Verdana">,用戶的手機目錄會出現安裝圖示,當啟動後會顯示</SPAN><SPAN style="FONT-FAMILY: 'Verdana','sans-serif'; FONT-SIZE: 10pt; mso-bidi-font-family: 新細明體; mso-font-kerning: 0pt; mso-fareast-font-family: 新細明體" lang=EN-US>Angry Bird Seasons v2.0.0</SPAN><SPAN style="FONT-FAMILY: '新細明體','serif'; FONT-SIZE: 10pt; mso-bidi-font-family: 新細明體; mso-font-kerning: 0pt; mso-ascii-font-family: Verdana; mso-hansi-font-family: Verdana">可供下載,當用戶按了下載後,應用會秘密地自動發送三組短信(到俄羅斯的收費短信號碼)。並且用戶並不會因此而下載到</SPAN><SPAN style="FONT-FAMILY: 'Verdana','sans-serif'; FONT-SIZE: 10pt; mso-bidi-font-family: 新細明體; mso-font-kerning: 0pt; mso-fareast-font-family: 新細明體" lang=EN-US>Angry Bird Seasons v2.0.0 </SPAN><SPAN style="FONT-FAMILY: '新細明體','serif'; FONT-SIZE: 10pt; mso-bidi-font-family: 新細明體; mso-font-kerning: 0pt; mso-ascii-font-family: Verdana; mso-hansi-font-family: Verdana">,只會欺騙用戶發出多個收費短信,再然後顯示用戶可以到一個網站下載更多應用,而且那些應用可能也是木馬之一。</SPAN><SPAN style="FONT-FAMILY: 'Verdana','sans-serif'; FONT-SIZE: 10pt; mso-bidi-font-family: 新細明體; mso-font-kerning: 0pt; mso-fareast-font-family: 新細明體" lang=EN-US> &nbsp;&nbsp;</SPAN><SPAN style="FONT-FAMILY: '新細明體','serif'; FONT-SIZE: 10pt; mso-bidi-font-family: 新細明體; mso-font-kerning: 0pt; mso-ascii-font-family: Verdana; mso-hansi-font-family: Verdana">此外,</SPAN><SPAN style="FONT-FAMILY: 'Verdana','sans-serif'; FONT-SIZE: 10pt; mso-bidi-font-family: 新細明體; mso-font-kerning: 0pt; mso-fareast-font-family: 新細明體" lang=EN-US> F-Secure</SPAN><SPAN style="FONT-FAMILY: '新細明體','serif'; FONT-SIZE: 10pt; mso-bidi-font-family: 新細明體; mso-font-kerning: 0pt; mso-ascii-font-family: Verdana; mso-hansi-font-family: Verdana">同時發現另一款</SPAN><SPAN style="FONT-FAMILY: 'Verdana','sans-serif'; FONT-SIZE: 10pt; mso-bidi-font-family: 新細明體; mso-font-kerning: 0pt; mso-fareast-font-family: 新細明體" lang=EN-US>Trojan:Android/SMStado.A</SPAN><SPAN style="FONT-FAMILY: '新細明體','serif'; FONT-SIZE: 10pt; mso-bidi-font-family: 新細明體; mso-font-kerning: 0pt; mso-ascii-font-family: Verdana; mso-hansi-font-family: Verdana">木馬,會後台偷取用戶</SPAN><SPAN style="FONT-FAMILY: 'Verdana','sans-serif'; FONT-SIZE: 10pt; mso-bidi-font-family: 新細明體; mso-font-kerning: 0pt; mso-fareast-font-family: 新細明體" lang=EN-US>IMEI</SPAN><SPAN style="FONT-FAMILY: '新細明體','serif'; FONT-SIZE: 10pt; mso-bidi-font-family: 新細明體; mso-font-kerning: 0pt; mso-ascii-font-family: Verdana; mso-hansi-font-family: Verdana">碼、手機型號及電話號碼,並傳到網上,發送一個俄羅斯的收費短信號碼。</SPAN><SPAN style="FONT-FAMILY: 'Verdana','sans-serif'; FONT-SIZE: 10pt; mso-bidi-font-family: 新細明體; mso-font-kerning: 0pt; mso-fareast-font-family: 新細明體" lang=EN-US>&nbsp;Trojan:Android/SMStado.A</SPAN><SPAN style="FONT-FAMILY: '新細明體','serif'; FONT-SIZE: 10pt; mso-bidi-font-family: 新細明體; mso-font-kerning: 0pt; mso-ascii-font-family: Verdana; mso-hansi-font-family: Verdana">木馬還有另一功能,就是它能夠自動從網上下載另一個木馬程式,並跟隨手機自啟動。</SPAN><SPAN style="FONT-FAMILY: 'Verdana','sans-serif'; FONT-SIZE: 10pt; mso-bidi-font-family: 新細明體; mso-font-kerning: 0pt; mso-fareast-font-family: 新細明體" lang=EN-US>&nbsp;</SPAN><SPAN style="FONT-FAMILY: '新細明體','serif'; FONT-SIZE: 10pt; mso-bidi-font-family: 新細明體; mso-font-kerning: 0pt; mso-ascii-font-family: Verdana; mso-hansi-font-family: Verdana">據</SPAN><SPAN style="FONT-FAMILY: 'Verdana','sans-serif'; FONT-SIZE: 10pt; mso-bidi-font-family: 新細明體; mso-font-kerning: 0pt; mso-fareast-font-family: 新細明體" lang=EN-US>F-Secure</SPAN><SPAN style="FONT-FAMILY: '新細明體','serif'; FONT-SIZE: 10pt; mso-bidi-font-family: 新細明體; mso-font-kerning: 0pt; mso-ascii-font-family: Verdana; mso-hansi-font-family: Verdana">表示,以上的病毒其實並少見,只是木馬製作者越來越懂得用戶心態,包裝偽裝成市場熱門的應用,其實用戶不要在非可信的地方下載應用,在安裝應用時小心一些,便可避免中招。<B style="mso-bidi-font-weight: normal">安裝應用時,</B></SPAN><B style="mso-bidi-font-weight: normal"><SPAN style="FONT-FAMILY: 'Verdana','sans-serif'; FONT-SIZE: 10pt; mso-bidi-font-family: 新細明體; mso-font-kerning: 0pt; mso-fareast-font-family: 新細明體" lang=EN-US> Android</SPAN></B><B style="mso-bidi-font-weight: normal"><SPAN style="FONT-FAMILY: '新細明體','serif'; FONT-SIZE: 10pt; mso-bidi-font-family: 新細明體; mso-font-kerning: 0pt; mso-ascii-font-family: Verdana; mso-hansi-font-family: Verdana">手機會顯示應用需要什麼授權,用戶可能並不細心留意便按確定,病毒就是藉此入侵,以</SPAN></B><B style="mso-bidi-font-weight: normal"><SPAN style="FONT-FAMILY: 'Verdana','sans-serif'; FONT-SIZE: 10pt; mso-bidi-font-family: 新細明體; mso-font-kerning: 0pt; mso-fareast-font-family: 新細明體" lang=EN-US>Trojan:Android/SMStado.A</SPAN></B><B style="mso-bidi-font-weight: normal"><SPAN style="FONT-FAMILY: '新細明體','serif'; FONT-SIZE: 10pt; mso-bidi-font-family: 新細明體; mso-font-kerning: 0pt; mso-ascii-font-family: Verdana; mso-hansi-font-family: Verdana">為例,安裝病毒時,手機已經有提醒用戶程式可以發送短信並需要用戶付費。</SPAN></B><B style="mso-bidi-font-weight: normal"><SPAN style="FONT-FAMILY: 'Verdana','sans-serif'; FONT-SIZE: 10pt; mso-bidi-font-family: 新細明體; mso-font-kerning: 0pt; mso-fareast-font-family: 新細明體" lang=EN-US><?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /><o:p></o:p></SPAN></B></DIV>
<P style="BORDER-BOTTOM: windowtext 2.25pt double; BORDER-LEFT: medium none; PADDING-BOTTOM: 1pt; PADDING-LEFT: 0cm; PADDING-RIGHT: 0cm; BORDER-TOP: medium none; BORDER-RIGHT: medium none; PADDING-TOP: 0cm; mso-element: para-border-div"></P>
<P style="BORDER-BOTTOM: windowtext; BORDER-LEFT: medium none; PADDING-BOTTOM: 0cm; MARGIN: 0cm 0cm 0pt; PADDING-LEFT: 0cm; PADDING-RIGHT: 0cm; BORDER-TOP: medium none; BORDER-RIGHT: medium none; PADDING-TOP: 0cm; mso-element: para-border-div; mso-border-bottom-alt: double windowtext 2.25pt; mso-padding-alt: 0cm 0cm 1.0pt 0cm" class=MsoNormal><SPAN lang=EN-US><o:p><FONT size=3 face=Calibri>&nbsp;</FONT></o:p></SPAN></P>

way0911 2012-4-17 22:08

實用的文章,感謝提供囉<br><img smilieid="1" src="http://dz.adj.idv.tw/images/smilies/default/smile.gif" border="0"><br>
頁: [1]
查看完整版本: F-Secure發現Android平台短信木馬變種