Your browser is obsolete!

The page may not load correctly.

Free trial
Dr.Web for Android

Defend what you create

Other Resources

Close

Library
My library

+ Add to library

Contact us
24/7 Tech support

Send a message

Call us

+7 (495) 789-45-86

Forum
Profile

Back to news

New Trojan for Android can mount DDoS attacks

December 26, 2012

The Russian anti-virus vendor Doctor Web warns Internet users about a new malicious program for Android. TheAndroid.DDoS.1.origin can carry out DDoS-attacks on various internet resources and send short messages upon a corresponding command from criminals.

After installation, Android.DDoS.1.origin creates an application icon, similar to that of Google Play. If the user decides to use the fake icon to access Google Play, the original application will be launched, which significantly reduces the risk of any suspicion.

When launched, the Trojan tries to connect to a remote server and, if successful, it transmits the phone number of the compromised device to criminals and then waits for further SMS commands. Supported directives include attack a specified server and send SMS. If criminals want the Trojan to attack a server, a command message will contain the parameter [server:port]. Upon receipt of such a command Android.DDoS.1.origin starts to send data packets at the specified address. If the malicious program is required to send an SMS, the command message will contain the message text and the number to which it should be sent. Activities of the Trojan can lower performance of the infected handset and affect the well-being of its owner, as access to the Internet and SMS are chargeable services. Should the device send messages to premium numbers, malicious activities will cost the user even more.

It is not quite clear yet how the Trojan spreads but most probably criminals employ social engineering tricks and disguise the malware as a legitimate application from Google.

It is worth noting that the code of Android.DDoS.1.origin is heavily obfuscated. Given that the Trojan can carry out attacks on web sites and send various text messages to any number, including those of content providers, we can assume that the malware can also be used to conduct illegal activities for third parties (e.g, attack a competitor's site, promote products with SMS or subscribe users to chargeable services by sending SMS to short numbers).

Doctor Web's virus analysts continue to examine Android.DDoS.1.origin. Devices running Dr.Web products for Android are well protected from this Trojan.

Tell us what you think

You will be awarded one Dr.Webling per comment. To ask Doctor Web’s site administration about a news item, enter @admin at the beginning of your comment. If your question is for the author of one of the comments, put @ before their names.


Other comments

The Russian developer of Dr.Web anti-viruses

Doctor Web has been developing anti-virus software since 1992

Dr.Web is trusted by users around the world in 200+ countries

The company has delivered an anti-virus as a service since 2007

24/7 tech support

© Doctor Web
2003 — 2017

Doctor Web is the Russian developer of Dr.Web anti-virus software. Dr.Web anti-virus software has been developed since 1992.

2-12А, 3rd street Yamskogo polya, Moscow, Russia, 125040