For Home

Virus Profile: Android/Voldbrk.J

Threat Search
Print
   
Virus Profile information details
Risk Assessment: Home Low | Corporate Low
Date Discovered: 3/22/2012
Date Added: 6/22/2012
Origin: N/A
Length: N/A
Type: Vulnerability
Subtype: PDA Device
DAT Required: N/A
Removal Instructions
   
 
 
   

Description

Exploit/Voldbrk.J is exploit that takes advantage of the vulnerability to gain root.

Indication of Infection

Exploits a vulnerability to gain root privilege

Methods of Infection

This exploit attacks a vulnerability of system. User should apply a security patch and update the system to the latest version. This exploit will be used to gain root privilege by malware. As always, users should never install unknown or un-trusted software. This is especially true for illegal software, such as cracked applications—they are a favorite vector for malware infection.
   

Virus Characteristics

Exploit/Voldbrk.J is distributed in an elf executable. The code of Exploit/Voldbrk.J is close to the Exploit/Voldbrk variants, they exploit the device in a same way. Exploit/Voldbrk.J exploits an out of boundary array access. It exploits a vulnerability of volume manager, which is “/system/bin/vold” Exploit/Voldbrk.J searches the processes list to see if the process of /system/bin/vold is running, if it is, it will send a socket message to the process with certain data to get the root privilege. Exploit/Voldbrk.J require user to insert a SD card to the device. According to the code, seems the vulnerability is in Froyo, Gengerbread and Honeycomb.