Ad Vulna: Vulnerable and Aggressive Adware Threatening Millions (opens in new tab)

(fireeye.com)

72 pointsSektor12y ago25 comments

25 comments

This is why I'm really hesitant to use popular libraries like Flurry.

I'm making a kids game & really want to respect the kids' privacy. I can't hand the keys to all that data & possible backdoors to some "free" third party library & just trust they will play nice.

gtufano12y ago

After giving some thoughts on your same issue (customer privacy and security), I moved on to use Piwik (http://piwik.org/ a well known opensource analytics server) on a personal server. There are also native libraries for mobile usage (I use PiwikTracker https://github.com/mattiaslevin/PiwikTracker for iOS and OS X). Less bell and whistles than Flurry, but definitely a more controlled environment. ;)

vdaniuk12y ago

Piwik allows site owners to track and uniquely identify visitors using their IP adresses. If I were concerned about my privacy I would trust Google more than a random website owner. Just a point to consider.

4 more replies

Amadou12y ago

They need a new term -- "Vulna" is just too close in sound and in look to "vulva." Maybe it is on purpose to catch people's attention (it caught mine in a near spit-take), but that would be a poor decision for anyone who wants to be taken seriously.

lucian190012y ago

That didn't even cross my mind. Perhaps it depends on language background?

imdsm12y ago

Natural English here and didn't occur to me either.

galapago12y ago

Relevant: http://xkcd.com/671/

andyhmltn12y ago

I thought exactly the same when looking at it

SektorOP12y ago

I'm interested if anyone has been able to identify the library or spot any clues other than the image from the article http://www.fireeye.com/blog/wp-content/uploads/2013/10/scree...

ricardobeat12y ago

It could be any of a dozen in the 2% range http://www.appbrain.com/stats/libraries/ad

SektorOP12y ago

Just noticed it seems to be some sort of tamagotchi clone from what I can see. the yellow/white meter could be growth and the icon to the right an egg. this (unrelated) app uses the same 'notebook' style of backdrop.

https://lh3.ggpht.com/8gjIb24gOSjoLwxYvVgfFfMz9ItAT_0h86QRlY...

duked12y ago

The game is candy crush so I assume it refers to AdTrack.king which is strange because googling that library shows that people knew it was malicious even while it wasn't flagged as such by mobile AV. http://malwarefixes.com/remove-adtrack-king-com-redirect/

jevinskie12y ago

I'm curious as to why FireEye chose not to disclose the library. What would you call this kind of disclosure?

greenyoda12y ago

"I'm curious as to why FireEye chose not to disclose the library."

For the same reason that most responsible security researchers don't disclose zero-day threats: to prevent people from exploiting them before they can be fixed. In this case, they did notify Google, which can pull the compromised apps out of their app store and notify the developers who've used this library that they need to rewrite their apps.

SektorOP12y ago

Covering their own asses so the framework dev doesn't come after them is the only reason I could see.

The pixelization just reminds me of 'dodgy plumbers' on 'current affairs' shows or somesuch. I'm sure someone will recognize the pictured app eventually.

gcb012y ago

your point is moot.

The ad library, who runs the code and expose the JS apis so that html ads can call it, proably advertise to its clients that they can do that.

So which actor exactly is being left out if they do not disclose? only the victims.

fauigerzigerk12y ago

What kind of perverted joke is this? They're making grandiose claims about severe security threats without telling us which library it is? This is pure spam. I'm going to flag this nonsense.

hipsters_unite12y ago

That's what I thought, read all the way to the end and didn't even find out what the actual threat was. Ridiculous.

barista12y ago

Key quote:

"We have analyzed all Android apps with over one million downloads on Google Play, and we found that over 1.8% of these apps used Vulna. These affected apps have been downloaded more than 200 million times in total."

gibwell12y ago

This must be a false report, because according to Eric Schmidt, Android is more secure than the iPhone. There cannot be 200 million vulnerable downloads.

jtnadams12y ago

Typical Android

j / k navigate · click thread line to collapse

25 comments

johnvschmitt12y ago

This is why I'm really hesitant to use popular libraries like Flurry.

I'm making a kids game & really want to respect the kids' privacy. I can't hand the keys to all that data & possible backdoors to some "free" third party library & just trust they will play nice.

gtufano12y ago

vdaniuk12y ago

4 more replies

Amadou12y ago

lucian190012y ago

That didn't even cross my mind. Perhaps it depends on language background?

imdsm12y ago

Natural English here and didn't occur to me either.

galapago12y ago

Relevant: http://xkcd.com/671/

andyhmltn12y ago

I thought exactly the same when looking at it

SektorOP12y ago

I'm interested if anyone has been able to identify the library or spot any clues other than the image from the article http://www.fireeye.com/blog/wp-content/uploads/2013/10/scree...

ricardobeat12y ago

It could be any of a dozen in the 2% range http://www.appbrain.com/stats/libraries/ad

SektorOP12y ago

https://lh3.ggpht.com/8gjIb24gOSjoLwxYvVgfFfMz9ItAT_0h86QRlY...

duked12y ago

jevinskie12y ago

I'm curious as to why FireEye chose not to disclose the library. What would you call this kind of disclosure?

greenyoda12y ago

"I'm curious as to why FireEye chose not to disclose the library."

SektorOP12y ago

Covering their own asses so the framework dev doesn't come after them is the only reason I could see.

The pixelization just reminds me of 'dodgy plumbers' on 'current affairs' shows or somesuch. I'm sure someone will recognize the pictured app eventually.

gcb012y ago

your point is moot.

The ad library, who runs the code and expose the JS apis so that html ads can call it, proably advertise to its clients that they can do that.

So which actor exactly is being left out if they do not disclose? only the victims.

fauigerzigerk12y ago

What kind of perverted joke is this? They're making grandiose claims about severe security threats without telling us which library it is? This is pure spam. I'm going to flag this nonsense.

hipsters_unite12y ago

That's what I thought, read all the way to the end and didn't even find out what the actual threat was. Ridiculous.

barista12y ago

Key quote:

gibwell12y ago

This must be a false report, because according to Eric Schmidt, Android is more secure than the iPhone. There cannot be 200 million vulnerable downloads.

jtnadams12y ago

Typical Android

j / k navigate · click thread line to collapse