The document provides an overview of security threats presented by Goh, Su Gim from F-Secure. It discusses the growing threat landscape, with social media and mobile malware becoming major risks. It highlights recent malware like Stuxnet and DroidDream that targeted critical infrastructure and Android devices. It warns that mobile malware can steal personal data, conduct phishing scams, and make unauthorized phone calls. The document advises users to only download apps from trusted app stores, review app permissions, and use mobile security software to protect against growing mobile threats.

1. THREAT LANDS Presented by Goh, Su Gim Security Advisor, Asia F-Secure Response Labs

2. About me 10 years in the IT Security industry IT network security infrastructure design Assessment and penetration testing Standards and Compliance Security Operation Center / Incident Response Born and Raised in Malaysia Spent 12 years in Hawaii, USA Joined F-Secure about 9 months ago, now based in F-Secure Response Labs, Kuala Lumpur 04 July, 2011 2

3. Agenda About F-Secure The Threat Landscape today Social Media Networking More than just $$ The un-tethered world Malware for the mobile world

4. 4 July, 2011

6. © F-Secure / Public 04 April, 2011 6

7. 1988 Founded 1999 IPO (Helsinki Stock Exchange) Today “Protecting the irreplaceable” Enabling the safe use of computers and smartphones Strong solution portfolio covering both consumers and business The leading Software as a Service (SaaS) partner for operators globally Over 200 operator partnerships in more than 40 countries Strong market presence in Europe, North America and Asia Distributors/resellers in more than 100 countries 20 offices globally and over 800 professionals worldwide F-Secure - Summary 2007

8. F-Secure in Malaysia 04 July, 2011 8 Operations started 2006 KL Sentral office opened 2006 Moved to Bangsar South May 2009 Today, 2011, 25% of the employees in Asia 2005 2006 2007 2008 2009 2011

9. The Virus Eras © F-Secure / Public 04 July, 2011 9 FLOPPY  LAN  EMAIL  WEB  FACEBOOK, MYSPACE, TWITTER, LINKEDIN? MOBILE MALWARE???

10. http://campaigns.f-secure.com/brain/index.html © F-Secure / Public 04 July, 2011 10

11. Malware Attacks 1986 - 2011 1986 - Hobbyist attacks 2002 - Financial attacks 2005 - Spying / Espionage 2010 - Cyber Sabotage © F-Secure Corporation April 28, 2010 11

17. © F-Secure / Public 04 July, 2011 17

18. © F-Secure / Public 04 July, 2011 18

19. Hmm.. Is that my ex-girlfriend viewing my profile? © F-Secure / Public 04 July, 2011 19

20. © F-Secure / Public 04 July, 2011 20

21. © F-Secure / Public 04 July, 2011 21

22. FB’s FAQ © F-Secure / Public 04 July, 2011 22

23. LIKE JACKING © F-Secure / Public 04 July, 2011 23

24. © F-Secure / Public 04 July, 2011 24

25. © F-Secure / Public 04 July, 2011 25

26. © F-Secure / Public 04 July, 2011 26

27. Critical Infrastructure

31. Stuxnet

33. STUXNET Uses 5 Vulnerabilities* Windows Worm Spreads via USB sticks * 4 zero-days

34. Signedcomponent – thestolencertificate

35. Stuxnetisbig Stuxnet 1,5 MB AverageMalware 50-100 KB

36. Siemens Simatic Step7 WinCC PLC

37. 6es7-417

39. Bushehr / Natanz

40. CASE: hosting.ua – the Ukrainian Datacenter © F-Secure / Public 04 July, 2011 40

42. Spring cleaning gone bad… © F-Secure / Public 04 July, 2011 42

45. UNTETHERED © F-Secure / Public 04 July, 2011 45

46. The big brother aka 大哥大 04 July, 2011 46

47. The battlefield today.. 04 July, 2011 47

48. The ever growing Smartphone… 04 July, 2011 48 “Smartphones to break 100 million shipment mark in Asia/Pacific (Excluding Japan) by 2011” - IDC “IDC expects 137 million units in 2011, double the units in 2010” “53% of Chinese citizens in key urban centres own a smartphone, well ahead of countries like the US, where penetration stands at around 30%, and Japan, on 10%” Consultancy Accenture

49. Smartphone market share: Today and Tomorrow 04 July, 2011 49

50. Android overtakes BlackBerry as Top US Smartphone platform 04 July, 2011 50

51. WHAT CAN MOBILE MALWARE DO??? PERSONAL DATA DISCLOSURE PHISHING SPYWARE DIALERWARE FINANCIAL MALWARE 04 July, 2011 51

52. Huike.cn serving Windows Mobile apps 04 July, 2011 52

53. 3D Anti-Terrorist 04 July, 2011 53

54. Windows Mobile Trojan Poses as 3D Anti-Terrorist Action War Game Developed by Beijing Huike Technology in China Distributed in windows freeware download sites Packaged with virus written in Russia Malicious code initiate silently international calls to Premium Numbers 04 July, 2011 54

55. A Dialerware example 04 July, 2011 55

56. Dialerware continued.. 04 July, 2011 56

57. The numbers +882346077 Antarctica +17675033611 Dominican republic +88213213214 EMSAT satellite prefix +25240221601 Somalia +2392283261 São Tomé and Príncipe +881842011123 Globalstar satellite prefix

58. www.keyzone-telemedia.com 04 July, 2011 58

59. www.premium-rates.com 04 July, 2011 59

61. Geinimi, Aka 給你米 Android BOT Opens a backdoor and calls home Calls home to various servers: 04 July, 2011 61 www.frijd.comwww.aiucr.com www.uisoa.comwww.islpast.comwww.piajesj.comwww.qoewsl.com www.weolir.comwww.riusdu.comwww.widifu.comwww.udaore.com

62. The Variants… HongTouTou紅頭頭 / ADRD Targeting users in China Distributed on free file sharing websites as wallpaper apps Gather IMEI/IMSI - encrypted Search as a mobile user Emulate clicks as a mobile user Monitor SMS conversations 04 July, 2011 62

63. Do Androids Dream? [THE MOTHER OF THEM ALL] Root your phone (Admin access) Sends IMEI/IMSI to remote server Steals sensitive data More than 50 applications infected Repackaged by app developer by Myournet Kingmail2010 we20090202 Hosted on Android Market 50,000 to 200,000 downloads in 4 days 04 July, 2011 63 DroidDream

64. Trojanised apps by Myournet 04 July, 2011 64 Falling Down Super Guitar Solo Super History Eraser Photo Editor Super Ringtone Maker Super Sex Positions Hot Sexy Videos Chess 下坠滚球_Falldown Hilton Sex Sound Screaming Sexy Japanese Girls Falling Ball Dodge Scientific Calculator Dice Roller 躲避弹球 Advanced Currency Converter App Uninstaller 几何战机_PewPew Funny Paint Spider Man 蜘蛛侠

65. Real App on left and virused-up version (Myournet) 04 July, 2011 65

66. In case of emergency, press this: 04 July, 2011 66 The KILL SWITCH

67. On March 1st 2011, Google yanked 58 apps in Android Market March 6th, Google created the Android Market Security Tool to REMOTELY remove the malicious apps and the DroidDreamtrojan from hundreds of thousands of devices Gives me a mixed feeling… 04 July, 2011 67 The Google KILL SWITCH

69. Distributed by an unregulated Chinese app market

70. Detected by Symantec as BgServicerunning on infected devices

72. Yingyonghui.com © F-Secure Confidential 04 July, 2011 70

73. © F-Secure Confidential 04 July, 2011 71

74. “SIDELOADING” : Androiddownloadz.com 04 July, 2011 72

75. 04 July, 2011 73 Eventually, virus writerswill realize it's easier to makemoney by infecting phonesthan by infecting computers

76. So how do I protect myself? 04 July, 2011 74

77. (1) TRUSTED & REPUTABLE SOURCES Download from reputable app markets Avoid third party app stores (Sideloading) Review developer name, reviews and star ratings If it is too good to be true.. IT IS There is NO FREE LUNCH 04 July, 2011 75

78. (2) Scrutinize permissions Check on permissions when installing an app Ensure the permissions match the features it provides 04 July, 2011 76

79. (3) Auto-locking, reset and wipe (Housekeeping) Automatic locking after a few minutes of no activity Reset and wipe when disposing or recycling your phone 04 July, 2011 77

80. (4) Install a mobile security app Install an Anti-virus for your SmartPhone against trojans/viruses/malware Other security vendor features (Anti Theft) include Remote Wipe, Lock & Alarm Remote Alarm GPS Locator Remote backup 04 July, 2011 78

81. Keeping yourself posted… www.f-secure.com/weblog Twitter F-Secure mikkohypponen sugimgoh 04 July, 2011 79

82. THE END Q&A? 04 July, 2011 80