Sophos says Counterclank is not Android malware

SECURITY OUTFIT Sophos has classed the controversial Counterclank Trojan as advertising not malware.

At the beginning of the week Symantec revealed the Counterclank Trojan, which it claimed was the biggest malware distribution of the year. Mobile security firm Lookout disagreed, saying it was just an aggressive form of an ad network, an assessment with which Sophos agrees.

Symantec found the code present in 13 apps on the Android Market and classed it as malware because it sends information about the phone to a remote server called Apperhand.

Vanja Svajcer, principal virus researcher at Sophos said, "It turns out that the Apperhand framework is related to an advertising framework used more than half a year ago by the Plankton app."

"We have to go back several years, to the birth of potentially unwanted applications (PUA) on Windows, which would probably be the best way to describe the applications reporting to Apperhand.com. They are not inherently created with malicious intent."

Nevertheless Sophos said the issue needs to be taken seriously. Some users could end up with unwanted adverts and losing "personally identifiable information".

We've asked Symantec for its response but have not had a reply. On Tuesday it defended itself, saying that it wanted to help users make their own decisions by providing the information.

Sophos believes that hackers are already attempting to create malicious packages for Android that will go undiscovered for as long as possible.

"These apps could lie dormant until a critical number of devices are infected. As a consequence, soon we will see more obfuscated examples which will be more difficult to discover," added Svajcer.

However, Google has just announced its Bouncer scanner, which will scour the Android Market for malicious software. µ