Kindle Fire HD - Infected ???

The place to post if you need help or advice

Moderators: ChrisThornett, LXF moderators

Kindle Fire HD - Infected ???

Postby Noob_Computa_Ninja » Sun Jan 12, 2014 6:59 pm

Hi there.

I was hoping that you could help me with an issue I'm having with my kindle fire HD

I was surfing reddit/r/superman yesterday. I cliked on a link, it took me to an external website. Once I got there
I immediatley got a pop up message on my kindle telling me that I was infected.

It then asked my to click ok to continue (to install the malware I suspect).
I did not click on the pop up box (or anywhere in it).

I took a screenshot, sent the image to myself on my email account (from the Kindle email app itself).

The error message/pop up image states the following = (I've just broken up the http in that link incase it was pointing to a real site)

The page at 'ht tp://mobilekd.com' says:
Thursady January 9 ALERT! Your Amazon KFTT is INFECTED. Please INSTALL to
continue.

I then downloaded the Bit Defender AV app for andriod/kindle and performed a scan. The scan came back clean.

However when I downladed the Bit defender App I was expecting it to download some virus definitions (like you'd expect, if you were on your PC), but it didn't. I thought that was a little strange.

Once I hade scanned the device. I turned off the wifi and then turned off the Kindle.

I'm about to factory wipe my Kindle.

What do you reccomend ? Am I being a little paranoid ? (I don't think there is anything wrong with a little healthy paranoia when you're dealing with computer security though).

I've not noticed any unusual activity on my Amazon app account today. (However, that's not really surprising as I've turned off the Kindle. So even if it had been infected it wouldn't have had much of a chance to do anyting yet).

I suspect it's just a scare-ware pop up. Has anyone else seen this, or anyting like this at all on thier tablet devices ?

Any help or advice would be greatly appreciated ! TIA
Noob_Computa_Ninja
 
Posts: 7
Joined: Sat Jan 11, 2014 5:39 pm

Postby purplepenguin » Sun Jan 12, 2014 10:30 pm

Welcome to the Forum :D

I'm not qualified to give you a definitive answer. So I give you my opinion.

Kindle's OS is probably based on Android/Linux and would not be affected by malicious code created for a PC. Most PCs run Windows so the people who create viruses tend to focus on code for that platform.

The kindle's storage area is like a USB flash drive (The Firmware/OS would be on a separate partition). While a virus cannot run in the storage area it is unlikely but possible that it could transfer to your PC from there.

When you connect the Kindle to your PC it should show up as a mass storage device. There's no harm in letting your PC's AV scan it.

Can you post a link to the screen shot?

I don't have any AV on my Android devices and have never had any issues.

If you are particularly worried. Restore the Kindle to factory settings. That should wipe any iffy files that you have downloaded as well as your data.

PP
So it looks like I'm back to LinuxMint again. Why you ask? Because my machine smell nicer.

I'm not too sure I'd want a Mint and Cinnamon muffin with my brew though. Guess I'm lucky they don't run my local bakery.
purplepenguin
LXF regular
 
Posts: 133
Joined: Wed Oct 05, 2011 2:19 pm
Location: Blissfully at the Command Line

Postby guy » Mon Jan 13, 2014 5:33 pm

Caveat: I speak from a general background, not current knowledge of Kindle security.

There is relatively little malware capable of directly infecting a Kindle Fire (which AFAIK uses Amazon's own hacked version of Android). The OS is fairly secure against traditional PC viruses, and Amazon's hacks probably won't help compatibility with Android-specific attacks either. BitDefender is hopefully more concerned that basic lockdown settings haven't been compromised, and could get any handful of signatures it needs by transparently downloading them from Mummy without bothering to tell you.

Most malware of the type you describe requires the user to (unknowingly) grant it access permissions by clicking something, which, since you carefully didn't, makes it unlikely that anything cached by your browser ever got activated.

Does the browser have a cache that can be cleared? Other than that, personally I'd just keep an eye on the device for a while, just in case it was compromised and something recurs.

Frankly, the data sucked off and traded around the world as a matter of course by the likes of Amazon, Google, Facebook, et. al. is likely to have compromised your privacy far more.
"Klinger, do you know how many zoots were killed to make that one suit?" — BJ Hunnicutt
User avatar
guy
LXF regular
 
Posts: 1105
Joined: Thu Apr 07, 2005 12:07 pm
Location: Worcestershire

Postby Noob_Computa_Ninja » Mon Jan 13, 2014 8:17 pm

Hi all.

Thanks very much for the help and advice !
It's much appreciated.
Noob_Computa_Ninja
 
Posts: 7
Joined: Sat Jan 11, 2014 5:39 pm

Postby Noob_Computa_Ninja » Sun Jan 19, 2014 4:35 pm

Hi all.

Here are the two screen shots of those error/ fake AV messages
(These are direct links to my basic imgur gallery)

01. http://i.imgur.com/aMeuZEM.jpg
02. http://i.imgur.com/o108jmY.jpg

Since I last posted, I received another message claiming I was infected with another virus.

I got fed up, and wiped my Kindle and started again fresh.

As an aside, I currently have the Bit defender app installed on my device.
Is it wise/possible to run two or more AV apps on the kindle at the same time ?
I know you really shouldn't do this on a win PC, as they tend to conflict.
Does this cause any issues on android ?

Thanks again for any help or advice.
Noob_Computa_Ninja
 
Posts: 7
Joined: Sat Jan 11, 2014 5:39 pm

Postby purplepenguin » Sun Jan 19, 2014 6:13 pm

The page at.......... says your infected


Who is this website to make such a claim? They don't look to be a page from a trusted AV provider. To be honest it looks more like a phising attempt. Could the site be compromised? Is it always the same site/domain? It may even just be an aggressive advert. Even if I was on a Windows machine and that message popped up I'd just ignore it and carry on my merry way.

I've just had a quick look on-line and none of the big boys (Symantec, Kaspersky etc.) offer on-line kindle scans. If Kindle was at risk I'm pretty sure they would as they do for PCs. They love to scare you into buy their products after all that is how they make money.

PP
So it looks like I'm back to LinuxMint again. Why you ask? Because my machine smell nicer.

I'm not too sure I'd want a Mint and Cinnamon muffin with my brew though. Guess I'm lucky they don't run my local bakery.
purplepenguin
LXF regular
 
Posts: 133
Joined: Wed Oct 05, 2011 2:19 pm
Location: Blissfully at the Command Line

Postby purplepenguin » Sun Jan 19, 2014 6:17 pm

Post a link to the page and I'll have a look on my Android devices. See if its saying the same.
So it looks like I'm back to LinuxMint again. Why you ask? Because my machine smell nicer.

I'm not too sure I'd want a Mint and Cinnamon muffin with my brew though. Guess I'm lucky they don't run my local bakery.
purplepenguin
LXF regular
 
Posts: 133
Joined: Wed Oct 05, 2011 2:19 pm
Location: Blissfully at the Command Line

Postby Noob_Computa_Ninja » Sun Jan 19, 2014 8:53 pm

Hi there Purple penguin.

I posted one of the links in my first post.
(I just broke up the link in case that it may have sent someone to a dodgy infected site)
I don't think it would have, I just wouldn't want anyone to get caught out.

Thanks for the help so far.
Noob_Computa_Ninja
 
Posts: 7
Joined: Sat Jan 11, 2014 5:39 pm

Postby purplepenguin » Sun Jan 19, 2014 9:22 pm

Yeah I tried that one. mobilekd.com?
All I get is a blank white page on Android and PC. Absolutely nothing.

The source for the page is:

Code: Select all
<iframe src="" style="border: 0px; width: 100%; height: 100%;"></iframe>


There's no DTD or other html tags. eh!!

What is the site supposed to be?

If you ask me it's looking more and more like the site and not your device that has problems.
So it looks like I'm back to LinuxMint again. Why you ask? Because my machine smell nicer.

I'm not too sure I'd want a Mint and Cinnamon muffin with my brew though. Guess I'm lucky they don't run my local bakery.
purplepenguin
LXF regular
 
Posts: 133
Joined: Wed Oct 05, 2011 2:19 pm
Location: Blissfully at the Command Line


Return to Help!

Who is online

Users browsing this forum: No registered users and 2 guests

cron