Keywords
|
Malware, Smartphone, Antivirus, Bluetooth, Firewall, Wi-Fi, Privacy |
INTRODUCTION
|
Recently, mobile handsets are becoming more intelligent and complex in functionality, much like personal computer. Moreover, mobiles are more popular than personal computer and are being used more and more often to do business, access the Internet, access bank accounts and pay for goods and services. This resulted in an increased number of criminals who wants to exploit these actions for illegal gains. Today's malware is capable of doing many things, such as stealing and transmitting the contact list and other data, locking the device completely, giving remote access to criminals, sending SMS (Short Message Service) and MMS (Multimedia Messaging Service) messages etc. Mobile malware causes serious public concern as the population of mobile phones is much larger than the population of personal computer. Today due to flexible communication, computation capabilities and their resource constraints, mobile handsets are glued victim to malwares. A mobile handset can be attacked from the Internet since mobile are Internet endpoints or it can be infected from compromised personal computer during data synchronization and also it can have a peer mobile attack or infection through SMS/MMS and Bluetooth. |
Computers are an integral part of everyday operations, organizations depend on them. A computer system failure will have a critical impact on the organization. Computer security entails the methods used to ensure a system is secure. Subjects such as authentication and access controls must be addressed in a broad terms of computer security. Today’s computers are connected to other computers in networks. This then introduces the term network security to refer to the protection of the multiple computers and other devices that are connected together. In our research paper we consider only those threats which is posed by malware. Malware, also known as malicious code and malicious software, refers to a program that is inserted into a system, usually covertly, with the intent of compromising the confidentiality, integrity or availability of the victims data, applications or operating system or otherwise annoying or disrupting the victim. Malware is one of the major security threats in computer and network environment. |
In the beginning, computers were not connected together very well and computer viruses spread extremely slowly. Files were transmitted via BBS(Bulletin Board systems) or diskette. As a result the transmission of infected files and boot sectors was geographically limited. However, as soon as connectivity increased, mostly by the use of computers in the workplace, the boundaries of computer viruses widened. First there was the local area network (LAN), then there was the wide area network (WAN) and now there is the Internet. The extensive use of e-mail has also contributed to the meteoric rise in the number of macro virus incidents. We are now living in a society in which global technology has taken the forefront and global commerce is driven by communication pathways. Computers are an integral part of this technology and so the information they contain also becomes global. Consequently, it is much easier to get a virus today than it was a few years ago. However, the types of viruses that are common today are different than those that were common two years ago. Common threat to computer system and network is malware which includes viruses, worms, Trojan and others bad type of malicious software. Viruses and Trojans are possibly the most damaging vulnerabilities that a computer system may face today. Viruses and Trojans have the ability to damage computer systems to a great extent. A virus is a small, self-contained piece of computer code hidden within another computer program. Like a real virus, it can reproduce, infect other computers and then lie dormant for months or years before it strikes. Figure 1 shows connectivity between different Electronics devices and table 1 shows comparison between Biological and Computer virus[1][3]. |
RELATED WORK
|
The computer systems used by business and home users have developed tremendously over the past ten years. Both system architecture and the way we use computers is totally different from the late 1980 and early 1990. But the virus problem is still there, worse than ever. As a matter of fact, viruses and worms have been able to adopt and benefit from the new features that modern computer environments offer. Virus strains do not evolve as they spread. Some argue that viruses are primitive computer based life forms, but they certainly lack one of the fundamental capabilities of living creatures to produce descendants that are slightly more adapted to a new environment than their parents. This means that as viruses cannot adapt to new system architectures, they become extinct when the number of suitable host systems decreases. New strains are always created by a human, never through natural evolution. However, the whole virus problem does adapt to new architectures and benefit from them. New viruses are written as old ones become extinct. This means that there are always new viruses that take advantage of the latest computer architectures. There are always some viruses or worms that are able to efficiently use the latest and most powerful ways to communicate, sometimes even more efficiently than the human users. Table 2 shows replication speeds for the most common virus[1][2]. |
The replication speed of viruses depends on the replication strategy and the available communication methods. Today's more powerful computer environments enable viruses and worms to spread much faster than a decade ago. Malware can come in almost any size file. To make their code easily propagated through the Internet, malware creators usually keep the files small. Malware is typically found within files that are less than one megabyte (MB) in size. According to Fortinet research, 97% of malware discovered in the past five years is below one MB in size [2]. |
The small size of the malwares file allows malicious content to be transferred over applications such as email, peer to peer download, IM (Instance Messaging) and chat easily and executed quickly. The replication speed has increased dramatically over the past decade. This emphasizes even further the fact that anti-virus software must be kept up to date to protect the system efficiently. A typical update rate for anti-virus software has accordingly decreased from monthly or bi-monthly to daily or real time. Table 3 shows development history of malwares year wise[1][3-7]. |
VIRUSES INFECTION IN MOBILE AND COMPUTER SYSTEM
|
A large number of mobile devices are now part of everyday use. These include cell phones, smartphones and PDAs (Personal Digital Assistants). The functionality and applications offered by current day mobile devices are beginning to rival those offered by a traditional PC. These mobile devices are usually have some form of connectivity (e.g., GSM, GPRS, Bluetooth, WiFi). These devices have vulnerabilities like PCs, but also have some peculiarities of their own. Viruses, Worms and other malicious software have been released that exploit vulnerabilities in some of these devices. These malware can cause harm or annoyance to the users of the mobile devices. Over the past few years, there has been a substantial increase in the number of malware that have been written for mobile devices. As per, there exist at least 31 families and 170 variants of known mobile malware. Statistics have shown that at least 10 Trojans are released every week. Even though it took computer viruses twenty years to evolve, their mobile device counterparts have evolved in just a span of two years. To understand the threat that is involved, we first present the comparison of the environment for PC-based and mobile device malware. The following points illustrate the differences and similarities between mobile malware and PC malware[2][5]. |
Vulnerabilities in PCs that have been exploited are related to vulnerabilities in the operating system or application software. Patches for such vulnerabilities are released periodically by the software vendors. The users (or administrators) of the PCs are then responsible for ensuring that these patches are applied to their systems as and when released. Though vulnerabilities for mobile devices have been found and documented, it is very difficult to “roll-out” patches to the software or firmware on the mobile devices that have already been sold. Considering that the users of mobile devices include a vast majority of people that are not security conscious, it is difficult to expect users to “apply patches” to their devices as and when the patches are released. This problem is compounded because there is no easy way to upgrade the firmware or software of a mobile device just by using the mobile device. Connectivity with a PC is usually the only way to upgrade the firmware or software. |
Mobile devices such as phones are almost always switched on and stay connected to the network. Unlike a PC whose neighboring network nodes remain relatively fixed, the “neighbors” of a mobile device keep changing with every change of location of the user carrying the mobile device. As a result, for example, a single user with an infected phone entering a stadium, can potentially infect the phones of all the people within the stadium if these phones have the same vulnerability. Mobile phone users are less security conscious than the average Internet user. |
Unlike PCs, several variants of mobile devices exist. This makes it difficult for the mobile malware to infect or spread to dissimilar devices. For example, a mobile worm spreading through MMS can do little if the phone it has infected does not have MMS functionality. Mobile malware have not yet caused critical harm or damage. At most they increase the user’s billing, or cause the mobile phone to stop working (can be restored by a factory reset), However, as a result, there is not enough motivation, either for device manufacturers or for the users, for taking preventive action against mobile malware. Table 4 shows different types of malware and their description found in mobile and computer system[4-7]. |
Malware Propagation vector in Computer System
|
Malware propagation vectors refer to the electronic methods by which malware is transmitted to the information systems, platforms or devices it seeks to infect. Email and instant messaging applications are some of the most common vectors used for spreading malware through social engineering techniques. Any medium that enables software to be distributed or shared, however, can be a vector for malware. Examples of malware propagation or distribution vectors include the World Wide Web (WWW), removable media (such as USB-Universal Serial Bus storage keys), networkshared file systems, P2P file sharing networks, Internet relay chat (IRC), Bluetooth or wireless local area networks (WLAN). |
Bluetooth is one prominent vector for malware propagation on mobile devices. Bluetooth is a wireless personal area network (PAN) that allows devices such as mobile phones, printers, digital cameras, video game consoles, laptops and PCs to connect through unlicensed radio frequency over short distances. Bluetooth can be compromised by techniques such as bluejacking and bluesnarfing and is most vulnerable when a users connection is set to “discoverable” which allows it to be found by other nearby Bluetooth devices. Therefore e-mail, web, Instant messengers, Removable media, Network shared file, P2P (peer to peer ) programmes Systems, Internet relay chat and Bluetooth are called malware propagation vector [5-7]. |
Attack vectors of mobile Malware
|
Today smart phone has maximum common features as personal computer so that attack vector is common as PC but more specific attack vectors for mobile malware are SMS, MMS, WiFi, Bluetooth, Vulnerabilities in the operating system. |
RESULTS AND DISCUSSION
|
With the improvement of virus detection technologies the virus creators found it difficult to create viruses that were capable of surviving long. This situation made them to innovate new methods for the survival of their viruses. Some important stealth techniques such as encryption, polymorphism and metamorphism were developed in order to make the viruses capable of escaping conventional scanning methods. But the war between virus creators and anti-virus creators was far from being over. The anti-virus creators implemented new techniques such as heuristic scanning and emulation techniques which were capable of detecting encrypted polymorphic viruses. Some modern anti-viruses used automatic learning static, dynamic heuristics, rootkit heuristics, dynamic analysis through virtualization, dynamic analysis through bare-metal etc. methods are used to remove virus hidden anywhere in the computer. Threat mitigation are perform to detect and stop malware before it can affect its targets. Several types of security tools that can mitigate malware threats i.e. antivirus software, spyware detection and removal utilities, intrusion prevention systems (IPS), and firewalls. Antivirus software is the most commonly used technical control for malware threat mitigation. For operating systems and applications that are frequently targeted by malware, antivirus software has become a necessity for preventing incidents. To protect computer system from threat’s of virus we need to choose a good quality antivirus. Presently maximum viruses are omnipotent in nature, means they does not need to execute but they automatically execute silently in system and spread from one computer to another via LAN, as email attachment, downloadable file or some external link. The common vector of viruses are External network, Guest Client, Executable file, Documents, Emails, Removable media such as CDROM or DVD ROM, Floppy disk, USB Drive, Memory card etc. To protect computer system from virus, do not assume you are not at risk, Use a pop-up blocker with your browser, Download work done only from trusted sources, Keep your software update, do not delay updates, do not automatically open attachments, Scan all incoming email attachments, do not share Memory card/ Pen drives, Track warnings and alerts, do not disable the software, use firewall for blocking suspicious program. |
Although mobile phones are taking on more capabilities formerly available only on PCs, technical security solutions for mobile phones are not as sophisticated or widespread as those for PCs. This means that the bulk of mobile phone security relies on the user making intelligent, cautious choices. Even the most careful users can still fall victim to attacks on their mobile phones. To protect mobile phone, when choosing a mobile phone consider its security features and configure the device to be more secure, Configure web accounts to secure connections, Limit exposure of your mobile phone number, Carefully consider what information you want stored on the device, Carefully choose when selecting and installing apps because they can Trojan, disable interfaces that are not currently in use such as Bluetooth, infrared, or Wi-Fi, Set Bluetooth enabled devices to non-discoverable so attacker can not target your devices, Avoid joining unknown Wi-Fi networks and using public Wi-Fi hotspots and also be careful when using social networking applications[8-10]. |
CONCLUSION
|
Many users may consider mobile phone security to be less important than the security of their PCs, but the consequences of attacks on mobile phones can be just as severe. Malicious software can make a mobile phone a member of a network of devices that can be controlled by an attacker (a “botnet”). Malicious software can also send device information to attackers and perform other harmful commands. Mobile phones can also spread viruses to PCs that they are connected to. Losing a mobile phone used to mean only the loss of contact information, call histories, text messages and perhaps photos. However in more recent years, losing a smartphone can also jeopardize financial information stored on the device in banking and payment apps as well as user names and passwords used to access apps and online services. If the phone is stolen, attackers could use this information to access the users bank account or credit card account. An attacker could also steal, publicly reveal or sell any personal information extracted from the device, including the users information, information about contacts, and GPS locations. Even if the victim recovers the device, he or she may receive many spam emails and SMS/MMS messages and may become the target for future phishing attacks. |
Mobile devices are becoming smarter and more powerful. Such devices, once in widespread use, will herald the growth of using mobile devices for performing sensitive tasks such as storing sensitive data and performing eBanking transactions. Research paper show that there exist sufficient vulnerabilities in these devices that could be exploited to cause harm to the device to reveal sensitive information or to use the mobile device in a malicious way. Today’s smartphone has maximum common functioning feature as personal computers. So that protection from malware is more essential for smartphone and personal computers. It is therefore, easy to visualize that in the near future the threat posed by PC, mobile worms and viruses can cause considerable harm to the users of such devices. To protect communicative electronic devices from malware attack we need to install good quality antivirus and firewall, this is technical solution. We also need to follow some precaution and common sense for better protection of Smartphone, Personal computer and similar electronic devices from infection and attack of malwares. |
|
Tables at a glance
|
|
|
|
|
Table 1 |
Table 2 |
Table 3 |
Table 4 |
|
|
Figures at a glance
|
|
Figure 1 |
|
|
References
|
- White paper, “Computer Viruses from an Annoyance to a serious threats”, F-Secure Corp., available on www.F-Secure.com, September 2001.
- FORTINET White Paper, “Under Standing How File Size affects Malware detection”, Available at website www.fortinet.com/sites/default/files/whitepapers/MalwareFileSize.pdf, Retrieved on dated 25-01-2014.
- Abraham Silberschatz , Galvin Peter B., Greg Gange , “Operating System Concepts”, 8th Edition, Wiley India Private Limited, New Delhi, Published in 2010.
- Basandra Suresh Kumar, ”Computer Today”, Galgotia publication Pvt. Ltd, New Delhi, Revised Edition 2008.
- Peter Mell , Kent Karen , Nusbaum Joseph , “Guide to Malware Incident Prevention and Handling”, NIST Special Publication,November 2005,USA.
- Singh Brijendra, “Network Security and Management”, Prentice HallofIndia Private Limited, New Delhi 110001, Published in 2007.
- Stalling, William “Network Security Essentials application and standards”, Third Edition, Pearson Prentice Hall, Published in 2008
- Rafael Fedler, Julian Schütte, Marcel Kulicke, “Malware Protection on Android” , Fraunhofer AISEC, April 2013
- OUCH, “Understanding Anti-Virus Software, Newsletter”, March 2011
- Virus Bulletin, http://www.virusbtn.com, Retrieved on Sept. 2014
|