<html dir="ltr">

<head>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">

<style id="owaParaStyle" type="text/css">P {margin-top:0;margin-bottom:0;}</style>

</head>

<body ocsi="0" fpstyle="1" style="">

<div style="direction: ltr; font-family: Verdana; color: rgb(0, 0, 0); font-size: 13px;">

<div style="">There are two stories.  One is that, yes, they used misleading names.<br>

<br>

The other is that they somehow overrode apps within the market so existing apps showed false "upgrades".<br>

<br>

I'm not clear exactly what happened, but the uniform consensus is Google should look at things a bit more closely before approving apps.<br>

</div>

<div><br>

<div style="font-family: Tahoma; font-size: 13px;">

<div style="font-family: Tahoma; font-size: 13px;">

<div style="font-family: Tahoma; font-size: 13px;">

<div style="font-family: Tahoma; font-size: 13px;">

<div style="font-family: Verdana; font-size: 13px;">

<div style="font-size: 13px;">

<div style="font-size: 13px;">

<div style="font-size: 13px;">

<div style="font-size: 13px;"><font size="3"><span style="font-weight: bold;">Josh More</span></font> | Senior Security Consultant - CISSP, GIAC-GSLC Gold, GIAC-GCIH<br>

<span style="font-weight: bold;">Alliance Technologies</span> | <a href="http://www.AllianceTechnologies.net" style="color: rgb(255, 0, 0);">

www.AllianceTechnologies.net</a><br>

400 Locust St., Suite 840 | Des Moines, IA 50309<br>

515.245.7701 | 888.387.5670 x7701<br>

<br>

Blog: Don't just blame the bad guys, it's your fault too<br>

<a href="http://www.alliancetechnologies.net/blogs/morej" style="color: rgb(255, 0, 0);">http://www.alliancetechnologies.net/blogs/morej</a><br>

<br>

How are we doing? Let us know here:<br>

<a href="http://www.alliancetechnologies.net/forms/alliance-technologies-feedback-survey">http://www.alliancetechnologies.net/forms/alliance-technologies-feedback-survey</a><br>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

<div style="font-family: Times New Roman; color: rgb(0, 0, 0); font-size: 16px;">

<hr tabindex="-1">

<div style="direction: ltr;" id="divRpF378466"><font color="#000000" size="2" face="Tahoma"><b>From:</b> cialug-bounces@cialug.org [cialug-bounces@cialug.org] on behalf of Tom Pohl [tom@tcpconsulting.com]<br>

<b>Sent:</b> Thursday, March 03, 2011 09:15<br>

<b>To:</b> Central Iowa Linux Users Group<br>

<b>Subject:</b> Re: [Cialug] Android market compromise<br>

</font><br>

</div>

<div></div>

<div>So let me get this straight. So, the market was't compromised, a new publisher uploaded malware and named their apps the same as other more popular apps in the store?

<div><br>

</div>

<div>Thanks!</div>

<div>-Tom</div>

<div><br>

<div><br>

</div>

<div><br>

<div>

<div>On Mar 3, 2011, at 8:17 AM, Josh More wrote:</div>

<br class="Apple-interchange-newline">

<blockquote type="cite">

<div style="">

<pre style="word-wrap: break-word; font-size: 10pt; font-family: Tahoma; color: black;">NO!

AVG put my phone into a reboot loop.  Use Lookout.

-----Original Message-----

From: Stuart Thiessen [thiessenstuart@aol.com]

Received: Thursday, 03 Mar 2011, 8:11

To: Central Iowa Linux Users Group [cialug@cialug.org]

Subject: Re: [Cialug] Android market compromise

</pre>

<div>A question ... I noticed there was an AVG for Android in the Market. Does that provide any real protection?

<div><br>

</div>

<div>Thanks,</div>

<div><br>

</div>

<div>Stuart</div>

<div><br>

<div>

<div>On Mar 2, 2011, at 19:57 , Josh More wrote:</div>

<br class="Apple-interchange-newline">

<blockquote type="cite"><span class="Apple-style-span" style="">

<div>

<div style="direction: ltr; font-family: Verdana; color: rgb(0, 0, 0); font-size: 13px;">

<div>I've been following the android market compromise yesterday and today and finally found a reasonably complete list of the infected apps.  If you installed or updated any of the apps below in the last five days, your phone might be infected.  I have removed

 Chinese names from this list to limit the spam trap issue.  If you're installing non-English apps, check out the links.  The top link has the fix.  You can also fix this by upgrading to Android 2.3 (which may require you to root your phone and install a third

 party build like Cyanogen).<br>

<br>

<br>

___Links___<br>

<a href="http://forum.xda-developers.com/showthread.php?t=977154" target="_blank">http://forum.xda-developers.com/showthread.php?t=977154</a>  <--- Protection is here<br>

<br>

<a href="http://www.androidpolice.com/2011/03/01/the-mother-of-all-android-malware-has-arrived-stolen-apps-released-to-the-market-that-root-your-phone-steal-your-data-and-open-backdoor/" target="_blank">http://www.androidpolice.com/2011/03/01/the-mother-of-all-android-malware-has-arrived-stolen-apps-released-to-the-market-that-root-your-phone-steal-your-data-and-open-backdoor/</a><br>

<br>

<a href="http://www.androidpolice.com/2011/03/02/update-on-the-malware-monster-droiddream-is-an-android-nightmare-and-weve-got-more-details/" target="_blank">http://www.androidpolice.com/2011/03/02/update-on-the-malware-monster-droiddream-is-an-android-nightmare-and-weve-got-more-details/</a><br>

<br>

<a href="http://blog.mylookout.com/2011/03/security-alert-malware-found-in-official-android-market-droiddream/" target="_blank">http://blog.mylookout.com/2011/03/security-alert-malware-found-in-official-android-market-droiddream/</a><br>

<br>

<br>

<br>

___List___<br>

Advanced App to SD<br>

Advanced Barcode Scanner<br>

Advanced Compass Leveler<br>

Advanced Currency Converter<br>

Advanced File Manager<br>

Advanced Sound Manager<br>

App Uninstaller<br>

Basketball Shot Now<br>

Best password safe<br>

Bowling Time<br>

Bubble Shoot<br>

Chess<br>

Color Blindness Test<br>

Dice Roller<br>

Falldown<br>

Falling Ball Dodge<br>

Falling Down<br>

Finger Race<br>

Funny Face<br>

Funny Paint<br>

Hilton Sex Sound<br>

Hot Sexy Videos<br>

Magic Hypnotic Spiral<br>

Magic Strobe Light<br>

Mr. Runner<br>

Music Box<br>

Omok Five in a Row<br>

Panzer Panic<br>

PewPew<br>

Photo Editor<br>

Piano<br>

Quick Delete Contacts<br>

Quick Notes<br>

Scientific Calculator<br>

Screaming Sexy Japanese Girls<br>

Sexy Girls: Japanese<br>

Sexy Legs<br>

Spider Man<br>

Super Guitar Solo<br>

Super History Eraser<br>

Super Ringtone Maker<br>

Super Sex Positions<br>

Super Sexy Ringtones<br>

Super Stopwatch & Timer<br>

Supre Bluetooth Transfer<br>

Task Killer Pro<br>

Tie a Tie<br>

<br>

</div>

<div><br>

<div style="font-family: Tahoma; font-size: 13px;">

<div style="font-family: Tahoma; font-size: 13px;">

<div style="font-family: Tahoma; font-size: 13px;">

<div style="font-family: Tahoma; font-size: 13px;">

<div style="font-family: Verdana; font-size: 13px;">

<div style="font-size: 13px;">

<div style="font-size: 13px;">

<div style="font-size: 13px;">

<div style="font-size: 13px;"><font size="3"><span style="font-weight: bold;">Josh More</span></font><span class="Apple-converted-space"> </span>| Senior Security Consultant - CISSP, GIAC-GSLC Gold, GIAC-GCIH<br>

<span style="font-weight: bold;">Alliance Technologies</span><span class="Apple-converted-space"> </span>|<span class="Apple-converted-space"> </span><a href="http://www.AllianceTechnologies.net/" style="color: rgb(255, 0, 0);" target="_blank">www.AllianceTechnologies.net</a><br>

400 Locust St., Suite 840 | Des Moines, IA 50309<br>

515.245.7701 | 888.387.5670 x7701<br>

<br>

Blog: Don't just blame the bad guys, it's your fault too<br>

<a href="http://www.alliancetechnologies.net/blogs/morej" style="color: rgb(255, 0, 0);" target="_blank">http://www.alliancetechnologies.net/blogs/morej</a><br>

<br>

How are we doing? Let us know here:<br>

<a href="http://www.alliancetechnologies.net/forms/alliance-technologies-feedback-survey" target="_blank">http://www.alliancetechnologies.net/forms/alliance-technologies-feedback-survey</a><br>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

_______________________________________________<br>

Cialug mailing list<br>

<a href="mailto:Cialug@cialug.org" target="_blank">Cialug@cialug.org</a><br>

<a href="http://cialug.org/mailman/listinfo/cialug" target="_blank">http://cialug.org/mailman/listinfo/cialug</a><br>

</div>

</span></blockquote>

</div>

<br>

</div>

</div>

</div>

_______________________________________________<br>

Cialug mailing list<br>

<a href="mailto:Cialug@cialug.org" target="_blank">Cialug@cialug.org</a><br>

http://cialug.org/mailman/listinfo/cialug<br>

</blockquote>

</div>

<br>

</div>

</div>

</div>

</div>

</div>

</body>

</html>