Comments on: ZeuS Trojan for Google Android Spotted http://krebsonsecurity.com/2011/07/zeus-trojan-for-google-android-spotted/ In-depth security news and investigation Wed, 19 Jun 2013 20:40:46 +0000 hourly 1 http://wordpress.org/?v=3.5.1 By: Dohn Joe http://krebsonsecurity.com/2011/07/zeus-trojan-for-google-android-spotted/comment-page-1/#comment-25120 Dohn Joe Mon, 15 Aug 2011 05:41:02 +0000 http://krebsonsecurity.com/?p=10651#comment-25120 A list of all infected official marketplace apps is here: http://insan-it.blogspot.com/2011/08/android-security-year-in-review.html

]]> By: Jane http://krebsonsecurity.com/2011/07/zeus-trojan-for-google-android-spotted/comment-page-1/#comment-24117 Jane Wed, 13 Jul 2011 13:52:26 +0000 http://krebsonsecurity.com/?p=10651#comment-24117 Not just eBay. Maybe you remember the scare a couple years ago with electronic picture frames coming from *the factory* with viruses.

It’s “in the news” again. I’ve never tried posting a link here before, but here goes nothing:

Homeland Security: Devices, Components Coming In With Malware (informationweek)
http://www.informationweek.com/news/government/security/231001333

DHS: Imported Gadgets Possibly Include Malicious Software (pcmag)
http://www.pcmag.com/article2/0,2817,2388361,00.asp
(I take exception with this one in the very first paragraph. “A Homeland Security official confirmed … popular American gadgets, are often infected with malicious software.” — not supported by the quote a few lines later.)

]]> By: Rod http://krebsonsecurity.com/2011/07/zeus-trojan-for-google-android-spotted/comment-page-1/#comment-24113 Rod Wed, 13 Jul 2011 11:57:13 +0000 http://krebsonsecurity.com/?p=10651#comment-24113 I have news for ya: infected android and iphones are already sold on ebay with the virus PRE INSTALLED!

]]> By: Louis Leahy http://krebsonsecurity.com/2011/07/zeus-trojan-for-google-android-spotted/comment-page-1/#comment-24089 Louis Leahy Tue, 12 Jul 2011 21:40:08 +0000 http://krebsonsecurity.com/?p=10651#comment-24089 Another issue with your comments is that you appear to fail to understand the meaning of proprietary. In fact contrary to your assertion the majority of attacks occur on interfaces that use either ascii or unicode number sets which are in the public domain and the main source of the problems.

]]> By: Louis Leahy http://krebsonsecurity.com/2011/07/zeus-trojan-for-google-android-spotted/comment-page-1/#comment-24088 Louis Leahy Tue, 12 Jul 2011 21:21:18 +0000 http://krebsonsecurity.com/?p=10651#comment-24088 Well I didn’t say completely I said largely I have read a lot of media commentary globally and this has not been reported elsewhere in the mainstream media but in any case I wonder what your motive is in attacking someone who is actually endeavouring to do something about the problems good luck with that attitude I am sure you are really proud of your efforts.

]]> By: Neej http://krebsonsecurity.com/2011/07/zeus-trojan-for-google-android-spotted/comment-page-1/#comment-24072 Neej Tue, 12 Jul 2011 17:40:26 +0000 http://krebsonsecurity.com/?p=10651#comment-24072 “…Krebs seems to be largely alone in highlighting these problems and we find that particularly frustrating given the gravity of these issues ….”

Seriously? Maybe you only read this blog but even then I just counted 4 different websites linked in this post to people other than Brian that are “highlighting these problems”.

And sorry to inform you of this (well, not really actually as you seem a little … amatuerish) but most interfaces where attacks on virtual keyboards have been proprietary in nature. Perhaps this is why Trusteer just ignores you, who knows.

]]> By: sunhaq http://krebsonsecurity.com/2011/07/zeus-trojan-for-google-android-spotted/comment-page-1/#comment-24070 sunhaq Tue, 12 Jul 2011 16:12:28 +0000 http://krebsonsecurity.com/?p=10651#comment-24070 You missed the many security problems with the iPhone/iPad banking apps I guess.

]]> By: Louis Leahy http://krebsonsecurity.com/2011/07/zeus-trojan-for-google-android-spotted/comment-page-1/#comment-24065 Louis Leahy Tue, 12 Jul 2011 13:04:06 +0000 http://krebsonsecurity.com/?p=10651#comment-24065 Again Krebs seems to be largely alone in highlighting these problems and we find that particularly frustrating given the gravity of these issues. We wrote to Trusteer on multiple occasions in the last 2 years offering our solution to fix their interface however our communications have been ignored. We think Trusteers’ and other vendors systems that use these mechanisms can work if they implement proper authentication. We note Krebs arguments in previous articles against Virtual Keyboards however it is possible to defend against screen capture by disabling onscreen feed back our interface is designed to allow this to be done. We have released a demo on our site for the windows 7 phone which we have just completed. The key issue is that interfaces need to be proprietary in nature to render the costs of attacking far higher than they now are and the important issue with that is to automate the process of making the interface proprietary so that the costs of implementation are kept to a minimum.

]]> By: Christian http://krebsonsecurity.com/2011/07/zeus-trojan-for-google-android-spotted/comment-page-1/#comment-24062 Christian Tue, 12 Jul 2011 12:39:32 +0000 http://krebsonsecurity.com/?p=10651#comment-24062 We’re disabling all this “premium services” by default for our company mobiles.

Are there any serious companys using this stuff for billing?
Im not aware of any.

greetings

]]> By: xyz http://krebsonsecurity.com/2011/07/zeus-trojan-for-google-android-spotted/comment-page-1/#comment-24060 xyz Tue, 12 Jul 2011 12:32:38 +0000 http://krebsonsecurity.com/?p=10651#comment-24060 @Michse Selba – “this malware tries to catch THESE SMS codes on your phone”

If the malware can do this, it can do anything else.

Regardless, what is the fundamental difference now between a phone and a PC that can prevent the same well known triks in PC world on a smartphone?

]]>