[RESOLVED] Driveby Malware In Android

[CharleyHorse]

Will NoScript block the driveby download of the malware mentioned in the link below?
http://www.pcworld.com/article/255538/a ... k.rss_news

[Tom T.]

Will NoScript block the driveby download of the malware mentioned in the link below?
http://www.pcworld.com/article/255538/a ... k.rss_news

Since it's targeted specifically to Android, this should probably be posted in NoScript Mobile, although that would require registration. But while we're here, from your link:

(the attack ignores PC browsers)

Not an actual drive-by:

This isn't quite a PC drive-by attack because the user still needs to install the app,

http://blog.mylookout.com/blog/2012/05/ ... ompatible/

Distribution of NotCompatible depends on compromised websites that have a hidden iframe at the bottom of each page. If a user visits a compromised website from an Android device, their mobile web browser will automatically begin downloading the NotCompatible application, named ‘Update.apk’. Like any drive-by downloads, a user needs to install the downloaded application before a device will be infected.

See FAQ 4.8:

# IFRAMEs embedded in untrusted pages are always blocked, unless they load content from the same site as their parent
# IFRAMEs embedded in trusted pages are blocked if they try to load content from untrusted sites
# If NoScript Options|Embeddings|Apply these restrictions to trusted sites too is checked, no IFRAME can be loaded unless it loads content from the same site as its parent

FAQ: "What Is A Trusted Site?"

* You may ask, what if site I really trust gets compromised? Will I get infected as well because I've got it in my whitelist, ...?
No, you won't, most probably. When a respectable site gets compromised, 99.9% of the times malicious scripts are still hosted on a different domain which is likely not in your whitelist, and gets just included by the pages you trust. Since NoScript blocks 3rd party scripts which have not been explicitly whitelisted themselves, you're still safe, with the additional benefit of an early warning

[CharleyHorse]

Thanks for the prompt response to my inquiry.
I've often told others that if I had to choose only one security addon/ program it would be NoScript.

[Tom T.]

Thanks for the prompt response to my inquiry.
I've often told others that if I had to choose only one security addon/ program it would be NoScript.

I too, although I might be biased... And you're quite welcome.

[GµårÐïåñ]

I am not surprised at all that Lookout caught this and exposed it, I was part of the initial development team when it was still called Flexilis and we started the project originally intended for the Windows based phones to protect them against OS specific malware, but then expanded and applied that to the other platforms as well, specially that Android became very popular.

Clearly, if you are running inside a browser, use NS and you are safe, but even outside of that, download and have Lookout running on your phone/tablet because it is the first of its kind to handle malware, viruses, quasi-firewall (the reason I say quasi is because it requires root for low level protection and many phones under contract are locked = no root access), and also protects your device by locating, locking, wiping and aiding in its recovery and that's all in the free version, the premium version gives you even more.

Its a must and all the knock offs by Avast, Trend Micro, Norton, Comodo, AVG and Webroot to name a few are just late comers to the party who are mimicking it and realizing what we realized a long time ago and that is mobile devices need as much protection (if not more in the world of people using mobile for everything) as the regular machines, but the difference is we built it from the ground up when there was no such thing out there, they are just piggy backing on their name recognition with nothing more to offer in way of better quality.

Good luck and take care. BTW, Tom, leave the bias to me you are too modest.