December 30, 2010

Sophisticated New Android Trojan Found in Wild

DECEMBER 29, 2010

Security Alert: Geinimi, Sophisticated New Android Trojan Found in Wild



A new Trojan (“Geinimi”) affecting Android devices has recently emerged in China
  • can compromise a significant amount of personal data on a user’s phone and send it to remote servers
  • the first Android malware in the wild that displays botnet-like capabilities
  • being “grafted” onto repackaged versions of legitimate applications
  • it has the potential to receive commands from a remote server that allow the owner of that server to control the phone
  • the possibilities for intent range from a malicious ad-network to an attempt to create an Android botnet

So why am I writing about this malware, when I don't even own a smartphone?  Because the article was written by my son, Tim.

Back in July (http://strazzere.blogspot.com/2010/07/go-west-young-man.html) I wrote about how Tim moved to California, and became part of the Security Response Team at Lookout in San Francisco.

As part of his work there, Tim found and reverse-engineered this malware, helped develop Lookout's protection for it, and created this writeup.

As we say in New England, Tim is Wicked Smaht and works Wicked Hahd.

And his Mom and Dad are Wicked Proud!


see also:
http://www.securitynewsdaily.com/new-trojan-found-on-android-mobile-devices-0379/
http://www.zdnet.com/blog/google/android-malware-in-the-wild/2724
http://news.cnet.com/8301-1009_3-20026804-83.html
http://content.usatoday.com/communities/technologylive/post/2010/12/nasty-android-trojan-found-grafted-to-gaming-apps-/1
http://www.tgdaily.com/mobility-features/53287-trojan-can-take-over-android-phones
http://news.yahoo.com/s/mashable/20101230/tc_mashable/advanced_trojan_could_zombify_your_android_device
http://www.securitynewsdaily.com/new-trojan-found-on-android-mobile-devices-0379/
http://www.appleinsider.com/articles/10/12/29/new_android_malware_could_produce_chinese_botnet_harvest_personal_data.html
http://www.itespresso.es/un-nuevo-troyano-amenaza-a-los-terminales-android-48779.html
http://www.security.nl/artikel/35655/1/Eerste_Android_malware_met_botnet-eigenschappen.html
http://www.computerworld.ch/news/security/artikel/fieser-android-trojaner-im-anmarsch-55359/
http://mobile.slashdot.org/story/10/12/30/1856242/Android-Trojan-Found-Spreading-From-Chinese-App-Stores

According to Tim:
It's "Geinimi" not "Gemini", and pronounced "Ghay-knee-mē" - translates from Chinese to roughly "Give me rice"


And here's the followup teardown Tim wrote:
http://blog.mylookout.com/2011/01/geinimi-trojan-technical-analysis/



This article originally appeared in my blog: All Things Quality
My name is Joe Strazzere and I'm currently a Director of Quality Assurance.
I like to lead, to test, and occasionally to write about leading and testing.
Find me at http://strazzere.blogspot.com/.

December 28, 2010

Perhaps They Should Have Tested More in 2010



2010 saw some "interesting" bugs show up in the news.  Perhaps these companies should have tested more.


Skype supernodes still aren't so super


Target confused about coupons for months


Apple apparently just learned about Daylight Saving Time


J.P. Morgan Chase chases some significant downtime


Apple didn't know how to display signal bars


Zappos/6pm.com undercharges customers $1.6 million, nobody gets fired


McAfee decides that Windows XP/SP3 is a virus

This article originally appeared in my blog: All Things Quality
My name is Joe Strazzere and I'm currently a Director of Quality Assurance.
I like to lead, to test, and occasionally to write about leading and testing.
Find me at http://strazzere.blogspot.com/.

December 27, 2010

Top Ten Blog Pages for 2010

Aside from my home page, these were the top ten content pages for 2010.  They received the most visits according to Google Analytics:

People in Testing
My page of links to other testing-related blogs of interest.
Please send me links for sites that you think should be added - your site, or sites that you read.


A Glossary of Testing Terms
A list of terms in QA and Testing.  I originally started this years ago so that I could copy and paste the definitions when people asked "What is...?"  I'm happy that you find it useful.


QA and Testing Interview Questions (And Some Answers)
Another list I created to help people asking similar questions.
It's hard to be prepared for an interview.  I'm happy if this list helps.


25 Things About Me
Hmm.  I'm guessing browsers were looking for something else here?


How To Reproduce Bugs
I thought this was funny when I posted it.  But it got a lot more hits than I expected.


There are ALWAYS Requirements
This is where I send people when they ask "But I don't have any written Requirements.  How can I test?"


Optimistic Developers, Pessimistic Testers
This is one of my favorite posts.  I'm please others like it, too.


My QA Bookshelf
A list of the QA and Testing books I own.  I need to update this list soon.


Things I Like to Have in my Test Automation Suites
A list of attributes that (for me) help to make a test automation suite useful.


Issue Tracking Template
An old sample template that can still be of use.


This article originally appeared in my blog: All Things Quality
My name is Joe Strazzere and I'm currently a Director of Quality Assurance.
I like to lead, to test, and occasionally to write about leading and testing.
Find me at http://strazzere.blogspot.com/.

December 24, 2010

Perhaps They Should Have Tested More - Skype (Again)

Supernodes not so super?


Skype once again had a worldwide outage related to software problems in their supernodes:
  • blocked millions of people from making Internet phone calls
  • crash left a large chunk of Skype's 560 million users with nowhere to go
  • was completely offline for more than three hours on Wednesday
  • experienced its biggest global outage in three years
  • was caused by a “software issue” with the “supernodes” 
  • the company plans to issue compensation vouchers 
  • the bigger question is whether businesses should be relying on these services in the first place
It's not the first time the service has gone down.  

In August of 2007, Skype was down for several days.  A faulty algorithm in their supernodes was exposed when many users rebooted their client machines while installing a Windows update: 

Certainly those supernodes are tricky.  

But perhaps Skype should have tested more, particularly after the worldwide failure just a few years ago?

Read more at: 




December 29th - an update from Skype's CIO Lars Rabbe:

"we will be reviewing our testing processes to determine better ways of detecting and avoiding bugs which could affect the system"


This article originally appeared in my blog: All Things Quality
My name is Joe Strazzere and I'm currently a Director of Quality Assurance.
I like to lead, to test, and occasionally to write about leading and testing.
Find me at http://strazzere.blogspot.com/.