I think I found a new malware on Windows 10 mobile

buddy007

New member
Apr 18, 2014
124
0
0
Visit site
Hello all,
I just upgraded my sister's lumia 730 from WP8. 1 to Windows 10 mobile. I hard reset the phone after upgrade so it would be a smooth ride without the 8.1 junk. Now after the upgrade, if I open any non SSL site i.e http sites, for example, gsmarena.com, pocketnow.com, etc, the site loads and after a couple of seconds it redirects to ad site. No matter how many times I tried, it always redirects.
At this point I hard reset the phone again, but it is still the same. I am absolutely unable to browse the Web without. t it redirecting to an ad.
Anyone experienced this before? Any solution? I put her on release preview ring, current version is 10586.420
Note: I've tried this on mobile data too and the end result is the same.

Posted via the Windows Central App for Android
 

Maurizio Troso

New member
Aug 22, 2014
4,692
0
0
Visit site
Hello all,
I just upgraded my sister's lumia 730 from WP8. 1 to Windows 10 mobile. I hard reset the phone after upgrade so it would be a smooth ride without the 8.1 junk. Now after the upgrade, if I open any non SSL site i.e http sites, for example, gsmarena.com, pocketnow.com, etc, the site loads and after a couple of seconds it redirects to ad site. No matter how many times I tried, it always redirects.
At this point I hard reset the phone again, but it is still the same. I am absolutely unable to browse the Web without. t it redirecting to an ad.
Anyone experienced this before? Any solution? I put her on release preview ring, current version is 10586.420
Note: I've tried this on mobile data too and the end result is the same.

Posted via the Windows Central App for Android

Relax, Win10M can't be attacked due it's own closed nature. You got the classic redirect link. It's due to a dirty chronology / past infected site visited, whic pop ups every site you take.
Go to Settings, advanced, Clean cache, cookies, chronology, everything, then reboot phone.

A nice workaroud I use everytime for not closing my session is tapping back fast, faster than redirector ;)
In some rare case, I simply tap X (STOP) and rewrite the site name I was visiting.
It works on pc too ;)

Hope next Edge mobile versione will came with ad block extension, as desktops
 

thron

New member
Apr 29, 2014
384
0
0
Visit site
I haven't seen this on my own phone, but I'm curious how this occurs.. is it an infected cookie? What causes it to give the appearance of an infection?
I don't fully buy that W10 Mobile is impenetrable, because nothing is "hack proof," if someone wants in badly enough, they can get in to anything.
 

PGrey

New member
Sep 2, 2013
709
0
0
Visit site
Yep, W10m isn't closed, iOS is FAR more closed, by comparison.
Think about it, I can install an app/driver for my XYZ widget, that someone makes for W10m, which means you have the same right to grant someone privledge to install almost anything at kernel level.

The low-installed base is a help here though, it's probably not very interesting for someone to go to the bother. However, the Universal Windows app model may change this. In the same way it's opening up app development, it may also open up exploits...
 

EspHack

New member
Jun 11, 2013
1,279
0
0
Visit site
I haven't seen this on my own phone, but I'm curious how this occurs.. is it an infected cookie? What causes it to give the appearance of an infection?
I don't fully buy that W10 Mobile is impenetrable, because nothing is "hack proof," if someone wants in badly enough, they can get in to anything.

it probably has more holes than the other two for the same reason it is regarded as secure: no one is looking into it

obviously it is not impenetrable, but you have to wonder, if there ever was a person hacked directly thought his windows phone in any news worthy fashion, man, that was some serious hacking, you would need to be such a threat they would be willing to do anything
 

hprvez

New member
Aug 7, 2013
327
0
0
Visit site
Yep, W10m isn't closed, iOS is FAR more closed, by comparison.
Think about it, I can install an app/driver for my XYZ widget, that someone makes for W10m, which means you have the same right to grant someone privledge to install almost anything at kernel level.

The low-installed base is a help here though, it's probably not very interesting for someone to go to the bother. However, the Universal Windows app model may change this. In the same way it's opening up app development, it may also open up exploits...
Everything you wrote is wrong or very wrong
 

Maurizio Troso

New member
Aug 22, 2014
4,692
0
0
Visit site
I haven't seen this on my own phone, but I'm curious how this occurs.. is it an infected cookie? What causes it to give the appearance of an infection?
I don't fully buy that W10 Mobile is impenetrable, because nothing is "hack proof," if someone wants in badly enough, they can get in to anything.

Sandbox design by zero. Other mobile o.s. are designed more like an onion. More, in droids, most of users jailbreak their phones
 

Maurizio Troso

New member
Aug 22, 2014
4,692
0
0
Visit site
(Are you on a flip phone and your carrier charges you for every letter you type?)

LOL

My old english teacher must spinning in his grave!

I was tryin to say Windows 10 was designed by zero with a sandbox structure, different by iOs and Android made in concentric structure (like an onion) + thousand external subroutines.

I used a primitive language for sayin a complex thing :D
 

PGrey

New member
Sep 2, 2013
709
0
0
Visit site
Everything you wrote is wrong or very wrong

Okay, then explain *exactly* how malicious code is prevented from being published in the store?
I can publish a utility, and obtain a driver cert, and as long as it matches my "company", and meets certain guidelines, I'm allowed to publish.

While this makes it *appear* closed, it's really not that hard to circumvent, if someone decides the attack surface is sufficient.
 

Krystianpants

New member
Sep 2, 2014
1,828
0
0
Visit site
Does it happen on your wifi at home? What about on cellular data? Sometimes wifi routers are hacked and cause redirections. Sometimes a worm on an old pc can spread to the wifi router as there have been many exploits found for typical routers. Having WPS enabled on a router is the worst thing you can possibly do.

If you hard reset and you don't restore any backups and this happens then you need to look at the network.
 

PGrey

New member
Sep 2, 2013
709
0
0
Visit site
Does it happen on your wifi at home? What about on cellular data? Sometimes wifi routers are hacked and cause redirections. Sometimes a worm on an old pc can spread to the wifi router as there have been many exploits found for typical routers. Having WPS enabled on a router is the worst thing you can possibly do.

If you hard reset and you don't restore any backups and this happens then you need to look at the network.

That's interesting, the router wouldn't have occurred to me, but it makes perfect sense. I bet buffer overflows are pretty common in unchecked router code, given the packet issues and such. There's a lot of alignment being managed, and I'm sure they're try to squeeze every last bit out of transfers.
I would hope the larger manufacturers would run at least basic code checks on their firmware work, but if you're writing some routines in assembly to optimize, then there's not much that I know of in terms of scanning tools...
 

Iain_S

New member
Dec 20, 2012
525
0
0
Visit site
yes completely wrong, they test all 3 for exploits and hacks and security bugs each year for money. Windows Phone has never been hacked to my knowledge.
 

PGrey

New member
Sep 2, 2013
709
0
0
Visit site
It's never been hacked for the last reason here (to my knowledge either), lack of market share, as per the last comment.
Trust me, I've test-signed drivers (for driver-test purposes), and you could get a signed driver in, as part of a "utility" or similar, if you were motivated.

Absolutely, you couldn't use a current, known compromise, as that would be caught by a scan. But, you could write a new exploit, and once coded, compiled in, it wouldn't get caught, by any scan, since the signature wouldn't match a known issue.

Will it happen, probably/hopefully not.
As things get more sandboxed, the likelihood will go down, eventually.

That said, if someone really wants to exploit, they'd probably go with Android.

If you think they can test-scan for new/unknown exploits, please explain the technical details, I'm curious...
 

Maurizio Troso

New member
Aug 22, 2014
4,692
0
0
Visit site
That's interesting, the router wouldn't have occurred to me, but it makes perfect sense. I bet buffer overflows are pretty common in unchecked router code, given the packet issues and such. There's a lot of alignment being managed, and I'm sure they're try to squeeze every last bit out of transfers.
I would hope the larger manufacturers would run at least basic code checks on their firmware work, but if you're writing some routines in assembly to optimize, then there's not much that I know of in terms of scanning tools...


That's an old iussue, exploded on news magazines last year, there was a check site checking if a simple malicious site could change + redirect DNS router.
Most of producer released new firmware, and there was a workaround in 3 steps which did one thing all routers SHOULD got since out-of-the-box: closing all checking backdoor remote tools except the main menu.

That are useful tools for advanced users, but completely unknown to the averages
 

Members online

Forum statistics

Threads
322,908
Messages
2,242,875
Members
428,004
Latest member
hetb