𝔖 Scriptorium
✦   LIBER   ✦
πŸ“

Mobile Malware Attacks and Defense

✍ Scribed by Ken Dunham

Publisher
Elsevier
Year
2009
Tongue
English
Leaves
386
Category
Library
⬇  Acquire This Volume

No coin nor oath required. For personal study only.

✦ Synopsis

Malware has gone mobile, and the security landscape is changing quickly with emerging attacks on cell phones, PDAs, and other mobile devices. This first book on the growing threat covers a wide range of malware targeting operating systems like Symbian and new devices like the iPhone. Examining code in past, current, and future risks, protect your banking, auctioning, and other activities performed on mobile devices. Visual Payloads View attacks as visible to the end user, including notation of variants. Timeline of Mobile Hoaxes and Threats Understand the history of major attacks and horizon for emerging threates. Overview of Mobile Malware Families Identify and understand groups of mobile malicious code and their variations. Taxonomy of Mobile Malware Bring order to known samples based on infection, distribution, and payload strategies. Phishing, SMishing, and Vishing Attacks Detect and mitigate phone-based phishing (vishing) and SMS phishing (SMishing) techniques. Operating System and Device Vulnerabilities Analyze unique OS security issues and examine offensive mobile device threats. Analyze Mobile Malware Design a sandbox for dynamic software analysis and use MobileSandbox to analyze mobile malware. Forensic Analysis of Mobile Malware Conduct forensic analysis of mobile devices and learn key differences in mobile forensics. Debugging and Disassembling Mobile Malware Use IDA and other tools to reverse-engineer samples of malicious code for analysis. Mobile Malware Mitigation Measures Qualify risk, understand threats to mobile assets, defend against attacks, and remediate incidents. * Understand the History and Threat Landscape of Rapidly Emerging Mobile Attacks * Analyze Mobile Device/Platform Vulnerabilities and Exploits * Mitigate Current and Future Mobile Malware Threats

✦ Table of Contents

Cover Page......Page 1
Copyright Page......Page 2
Technical Editor......Page 3
Contributing Authors......Page 4
Acknowledgments/Contributors......Page 7
Introduction to Mobile Malware......Page 8
Introduction......Page 9
Understanding Why Mobile Malware Matters Today......Page 10
An Introduction to MM Threats......Page 13
Vectors for Spreading MM......Page 16
SMS......Page 17
BlueChop......Page 18
Car Whispherer......Page 19
Mobile Malware......Page 20
Worm......Page 21
An Introduction to MM Threats......Page 22
An Introduction to Mobile Security Terminology......Page 23
Frequently Asked Questions......Page 24
Visual Payloads......Page 25
F-Secure RF Lab......Page 26
Cabir......Page 29
Skulls......Page 31
CommWarrior......Page 35
BlankFont......Page 38
Identifying Visual Payloads of MM......Page 39
Frequently Asked Questions......Page 40
Timeline of Mobile Malware, Hoaxes, and Threats......Page 41
Qualifying Fear, Uncertainty,
and Doubt (FUD) in the Mobile Market......Page 42
Global Demand for Mobile Devices......Page 43
An Historical Timeline of MM......Page 44
Epoc.Fake.A......Page 61
Worm.SymbOS.Cabir.A......Page 62
Trojan.Skulls.A......Page 63
Trojan.SymbOS.Cardtrap......Page 64
Trojan.SMS.J2ME.RedBrowser......Page 65
Worm.MSIL.Cxover......Page 66
Worm.SymbOS.Mobler.A......Page 67
Trojan.iPhone.A......Page 68
Trojan.POC.MM.Gotcha.A......Page 69
Future Threats......Page 70
An Historical Timeline of Noteworthy MM......Page 73
Future Threats......Page 74
Frequently Asked Questions......Page 75
Notes......Page 76
Overview of Mobile Malware Families......Page 77
Cabir......Page 78
Skuller......Page 84
Doomboot......Page 89
Cardtrap......Page 93
Summary......Page 96
Cardtrap......Page 97
Frequently Asked Questions......Page 98
Taxonomy of Mobile Malware......Page 99
Introduction......Page 100
MMS......Page 101
Bluetooth......Page 105
E-mail......Page 108
Removable Storage......Page 109
Device-to-PC (D2P) Synchronization......Page 111
SMS......Page 112
OS Vulnerabilities......Page 113
Distribution......Page 114
SMS......Page 115
Bluetooth......Page 118
Removable Storage......Page 119
Communications Component......Page 120
Overwriting Files: Nuisance......Page 121
Clandestine Video Recorder: Devious......Page 122
Dialing Your Own Phone: Nuisance......Page 123
Stealing Contacts: Devious......Page 124
Distribution......Page 127
Payload......Page 128
Frequently Asked Questions......Page 129
Phishing, SMishing, and Vishing......Page 130
Introduction to Phishing and Vishing......Page 131
Introduction to Phishing......Page 132
Phishing Mobile Devices......Page 135
Bluetooth Phishing......Page 136
SMS Phishing......Page 137
Voice over IP Phishing......Page 139
Breaking Phishing Filters via Pharming......Page 141
Introduction to Pharming......Page 142
Attack Details......Page 145
Attack Setup......Page 146
Hiding the Attack......Page 147
The hosts.allow File......Page 148
The EarthLink Toolbar......Page 149
The Netcraft Toolbar......Page 151
SpoofGuard......Page 153
The Google Toolbar......Page 155
Internet Explorer......Page 157
Firefox......Page 158
The Opera Browser......Page 159
SpoofStick......Page 161
Attack Prevention......Page 162
Web Proxies......Page 163
Applying Machine Learning for Phishing Detection......Page 164
Bayesian Additive Regression Trees......Page 165
Classification and Regression Trees......Page 166
Neural Networks......Page 167
Support Vector Machines......Page 168
Detecting Mobile Phishing Using a Distributed Framework......Page 169
Learning Phishing E-mails......Page 171
Data Standardization, Cleansing, and Transformation......Page 172
Textual Analysis......Page 175
Structural Analysis......Page 176
Evaluation Metrics......Page 179
Experimental Setup......Page 180
Experimental Results......Page 181
Discussion......Page 184
An Introduction to Vishing......Page 185
How Can I Spot a Vishing Attack?......Page 186
Understanding Vishers’ Tools and Techniques......Page 187
VoIP Server......Page 188
Interactive Voice Management (IVM) Software......Page 189
Text-To-Speech (TTS) and Interactive Voice Recording (IVR)......Page 191
Vishing Packs......Page 192
Consumer Education......Page 193
Notifications......Page 194
Introducing Mobile Phishing Attacks......Page 195
Applying Machine Learning for Phishing Detection......Page 196
Understanding Vishers’ Tools and Techniques......Page 197
Mitigating Vishing Attacks......Page 198
Frequently Asked Questions......Page 199
Notes......Page 201
Operating System and Device Vulnerabilities......Page 202
Windows Mobile......Page 203
Encryption......Page 204
Kernel Mode vs. User Mode......Page 205
Memory/Process Limitation......Page 206
KDataStruct......Page 207
Pocket IE......Page 208
Active Sync......Page 209
The MMS Client......Page 210
Code Execution via SMIL......Page 211
Shellcode Walkthrough......Page 212
Denial-of-Service via WAP Push and Wi-Fi......Page 213
Attack Details......Page 214
Installing Your Own Certificate......Page 215
Buffer Overflow vs. Code Signing......Page 216
IDA Pro......Page 217
The Process......Page 218
Setup......Page 219
Initial Analysis and Target Selection......Page 220
Probe Target......Page 221
Analyze Crash......Page 222
Building the Exploit......Page 224
Operating System......Page 227
Applications......Page 228
The Jailbreak Process......Page 230
Exploit Details......Page 232
Reuse of Old Code......Page 233
An iPhone Exploit in Action......Page 234
Metasploit vs. libtiff......Page 236
Symbian Details......Page 239
Platform Security......Page 240
Code Signing......Page 241
Warezed Installers......Page 242
Social Engineering......Page 244
BlackBerry......Page 245
BlackBerry Vulnerabilities......Page 246
BBProxy......Page 247
J2ME Security......Page 250
Past Vulnerabilities......Page 251
The Nokia 6131 NFC Silent MIDlet Installation Vulnerability......Page 252
Palm OS......Page 253
Palm OS Malware......Page 254
Android......Page 255
J2ME Defense......Page 257
802. 11 Wardriving......Page 258
802.11 Jamming......Page 261
btCrawler......Page 262
Silica......Page 264
Bypassing Code-Signing Protections......Page 266
Examining Offensive Mobile Device Threats......Page 267
Wm......Page 268
Symbian......Page 269
Palm......Page 270
Analyzing Mobile Malware......Page 271
General Design Considerations......Page 272
Prolog and Epilog......Page 275
DLL Injection......Page 277
Dereferencing Pointer Parameters......Page 278
Environment......Page 279
Windows CE System Calls......Page 280
Protected Server Libraries......Page 281
Implementing Kernel-Level Interception......Page 283
Preventing Kernel Mode......Page 285
Interception......Page 286
Connecting the Device......Page 287
Choosing an Analysis Mode......Page 288
Using the Web Interface......Page 289
Analyzing within the Device Emulator......Page 290
Analyzing on a Real Device......Page 291
Reading an Analysis Report......Page 292
Duts......Page 294
Improving the Analysis......Page 295
Analyzing Mobile Malware......Page 297
Notes......Page 298
Forensic Analysis of Mobile Malware......Page 299
The Components of a Mobile Device......Page 300
Investigative Methods of Mobile Forensics......Page 301
Step 3: Collection......Page 302
Mobile Investigative Tips......Page 303
Device in Its Cradle......Page 304
Expansion Sleeve Removed......Page 305
PDA Secure......Page 306
Autopsy and Open Source......Page 307
PDA and Smartphone Forensics......Page 308
Hex Dumps of the Filesystem......Page 309
Symbian......Page 311
Mobile Device Assets and MM Payloads......Page 312
Mobile Locate......Page 313
Security for Stored Data......Page 314
Device Is in the β€œOn” State......Page 315
Imaging and Profiling......Page 316
The BlackBerry Signing Authority Tool......Page 317
Misuse of an iPhone......Page 318
Voice Mail......Page 319
User Accounts......Page 320
Writing the Image to a Remote Machine Using netcat......Page 321
Forensic Investigation of MM on a Mobile Device......Page 322
Connectivity Options and Their Impact on Dead and Live Forensic Analysis......Page 323
Available Hardware......Page 324
Existing Forensic Tools and Toolkits......Page 325
New Techniques to Extract Data......Page 326
EM Monitoring......Page 328
Investigating Mobile Forensics......Page 329
Mobile Device Assets & MM Payloads......Page 330
Forensic Investigation of MM on a Mobile Device......Page 331
Frequently Asked Questions......Page 332
References......Page 333
Debugging and Disassembly of MMC......Page 334
Collecting the Necessary Tools......Page 335
Performing a Static Analysis......Page 336
Emulation......Page 337
Detailing the Analysis of FlexiSPY......Page 338
Installer Analysis......Page 339
File Analysis......Page 340
Setting File Analysis......Page 341
Sniffers and Proxies......Page 343
Debugging DLLs......Page 345
Monitoring API Calls......Page 347
Debugging InfoJack......Page 348
Detailing the Analysis of FlexiSPY......Page 352
Debugging InfoJack......Page 353
Note......Page 354
Mobile Malware Mitigation Measures......Page 355
Evaluating the Target......Page 356
The Value of Information......Page 358
Documents......Page 359
Impersonation......Page 360
Class of Threats......Page 361
Device Loss......Page 362
Network Attacks......Page 363
Browsing......Page 364
DoS......Page 365
Bluetooth......Page 366
Local Attacks......Page 367
Policy......Page 368
Configuration......Page 369
Bluetooth......Page 370
Wi-Fi......Page 371
IR......Page 372
Backup......Page 373
Encryption......Page 374
Products......Page 375
Bluetooth......Page 376
Device/OS Vendor......Page 377
Eset......Page 378
Remote Management......Page 379
Detection......Page 380
Device Loss Reporting Procedure......Page 381
Data Restore......Page 382
Disablement......Page 383
Evaluating Risk by Attack Types......Page 384
Remediation......Page 385
Frequently Asked Questions......Page 386

πŸ“œ SIMILAR VOLUMES

Mobile Malware Attacks and Defense
πŸ“ Mobile Malware Attacks and Defense
✍ Ken Dunham πŸ“‚ Library πŸ“… 2008 πŸ› Syngress 🌐 English

Security threats on mobile platforms are one of the key topics and main targets for the next couple of years, given the ubiquity and popularity of these devices, plus their advanced capabilities and use of sensitive application: micro payments, online banking and e-commerce, access to "the cloud", e

Mobile Malware Attacks and Defense
πŸ“ Mobile Malware Attacks and Defense
✍ Ken Dunham πŸ“‚ Library πŸ“… 2008 🌐 English

Malware has gone mobile, and the security landscape is changing quickly with emerging attacks on cell phones, PDAs, and other mobile devices. This first book on the growing threat covers a wide range of malware targeting operating systems like Symbian and new devices like the iPhone. Examining code

Mobile Malware Attacks and Defense
πŸ“ Mobile Malware Attacks and Defense
✍ Ken Dunham πŸ“‚ Library πŸ“… 2008 πŸ› Syngress 🌐 English

Security threats on mobile platforms are one of the key topics and main targets for the next couple of years, given the ubiquity and popularity of these devices, plus their advanced capabilities and use of sensitive application: micro payments, online banking and e-commerce, access to "the cloud", e