A Hidden Apple in the DNS Changer Sandwich
July 9, 2012
By Jack Walsh

I wonder if I am following the right crowd on Twitter? Last week, I was inundated with a superabundance of tweets about battling DNS Changer. Sources everywhere warned that if you didn’t take steps soon, you could lose access to the Internet on Monday July 9th (i.e., today). With so many folks tweeting, blogging, and writing articles about the evils of DNS Changer, one might suspect that it’s a really big problem out there on the Internet...

Not buying into the hype, I found myself waiting for a story along the lines of, “keep moving people; there’s nothing to see here”. Just such a story finally materialized Friday in Government Information Security. And if there were earlier articles of a similar nature, I missed them (probably because I was drowning in stories concerned with protecting yourself from impending DNS Changer doom).

The article cited Barry Greene, the spokesman for the DNS Changer Working Group who scoffed at the idea that July 9th would be a sort of “Malware Monday”. The truth is, reported the article, that DNS Changer would affect, “fewer than 2-100ths of a percent (0.02 percent) of all PCs in the world.” Yes, as the article title suggests, this DNS Changer business seems to be much ado about nothing – or at least much ado about nothing significant.

For more about DNS Changer including how to detect and remediate it, you can visit the DNS Changer Working Group Website. You can also read more about DNS Changer in this blog by my colleague: “Will Malware Knock Thousands Off the Internet?

Sandwiched in the middle of all the DNS Changer stories was a more interesting one about Apple iOS apps. A malware-infected app got past Apple’s checks and made its way into their App Store. The infected app, “Find and Call”, was uncovered by researchers at Kaspersky. As far as we know, it was the first app with malicious behavior to make its way into the Apple App Store. Apple has since removed the app.

How “Find and Call” works is that it uploads the app user’s phone book and phone numbers to a remote server. The server then sends SMS messages to those folks in the user’s address book. The received SMS messages appear as they came from the owner of the mobile device running “Find and Call” (presumably someone known and trusted). Encouraging the apps survival and propagation, the SMS message suggests that the recipient download the “Find and Call” app.

Note that there was also a similar Android app with the same mischievous behavior on Google Play. Like Apple, Google has removed the app from their store.

The good news is that the app does not appear to be destructive. The bad news is that like Bouncer for Google, Apple’s checks on apps entering its App Store don’t guarantee immunity from malware-imbued apps.

What do you think is the bigger story - Malware in the Apple App Store or DNS Changer?


Post new comment

  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd>

More information about formatting options

This question is for testing whether you are a human visitor to prevent automated spam submissions.
Enter the characters shown in the image.