Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: DroidDream android malware analysis - SANS Internet Storm Center SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
DroidDream android malware analysis

We talked recently about rogue apps inside the Android Marketplace. About this malware, there is an excellent analysis posted by Jon Larimer. More information at 

-- Manuel Humberto Santander Peláez | | | msantand at isc dot sans dot org

Manuel Humberto Santander Pelaacuteez

195 Posts
ISC Handler
Mar 5th 2011
@Google while reading about CVE-2009-1185, "exploid2.c" from 2010 and CVE-2010-EASY (<off>"easy", heyhey</off>): how-dee-wow, wake up, we are in 2011.

@Google also: I want "root" access to my soon coming android. Please please please implement "su" (and fix the rest).

42 Posts
Forgot: indeed "excellent" analysis.

42 Posts
I read somewhere else about a vulnerability that was fixed in Android 2.2.2. I have the original Droid first sold in Nov. 2009 and its latest official firmware is 2.2.1. Are we getting to the point where people have to buy new devices just to fix security problems?

It would be like vendors deciding to not fix security problems in older products because they came out with new ones, but 'older' in this case is barely one year. People aren't going to replace working devices; instead they will just become a platform that can be compromised to attack other systems.
Even if not supported you can update your old phone yourself like I did on my old HTC Magic (Sapphire). Go to xda-developers and find a nice ROM. Its a lot reading at first, but quite easy once you know how it works.

Sign Up for Free or Log In to start participating in the conversation!