Incident: Malicious Trojan Injected into Dog Wars Android App Icon.

Published Date: 2011-08-16

Postmortem Analysis
Timeline 1. The software failure incident happened in August 2011.
System 1. Dog Wars app Beta 0.981 2. Android operating system 3. SMS permission system 4. PETA alert service by sending text messages to "73822" [7187]
Responsible Organization 1. The individual(s) who modified the older version of the Dog Wars app to include the Trojan horse [7187].
Impacted Organization 1. Users who had the older version of the Dog Wars app installed on their devices were impacted by the software failure incident as their devices were compromised by the Trojan horse, leading to unauthorized actions being taken without their knowledge [7187].
Software Causes 1. The software cause of the failure incident was the presence of a Trojan horse named "Android.Dogowar" in an older version of the Dog Wars app, Beta 0.981, which was found on "warez" sites [7187].
Non-software Causes 1. The creation of a controversial Android app called "Dog Wars" that glorified animal abuse, leading to public outcry and backlash [7187].
Impacts 1. The modified version of the Dog Wars app included a Trojan horse that sent a text message to everyone in the contact list stating, "I take pleasure in hurting small animals," potentially damaging the reputation of the device owner [7187]. 2. The Trojan signed up United States-based devices for a text alert service operated by People for the Ethical Treatment of Animals (PETA) without the device owner's consent, potentially causing unwanted messages and alerts [7187]. 3. The incident led to public outcry, prompting the makers of Dog Wars to change the name of a later version of the app to KG Dogfighting and PETA to release its own app to combat cruelty to animals, indicating a shift in the app landscape due to the software failure incident [7187].
Preventions 1. Implementing stricter security measures for app distribution platforms like the Android Market to prevent unauthorized or malicious apps from being available to users [7187]. 2. Conducting thorough security reviews and audits of apps before they are made available for download to ensure they do not contain malware or malicious code [7187]. 3. Educating users about the risks of downloading apps from unofficial sources or "warez" sites where pirated software is exchanged, and promoting safe app downloading practices [7187].
Fixes 1. Removing the malicious code injected into the app by the Trojan horse, Android.Dogowar, would fix the software failure incident [7187]. 2. Releasing an updated and clean version of the Dog Wars app without the malware would address the issue [7187]. 3. Enhancing security measures to prevent unauthorized modifications and injections of malicious code into the app would help prevent similar incidents in the future [7187].
References 1. Symantec [7187]

Software Taxonomy of Faults

Category Option Rationale
Recurring one_organization (a) The software failure incident related to the modified version of the Dog Wars app with the Trojan horse injecting malicious code and sending unauthorized text messages happened again within the same organization. The incident occurred with the earlier version of the app, Beta 0.981, and then resurfaced with the later version renamed KG Dogfighting, both associated with Kage Games [7187].
Phase (Design/Operation) design, operation (a) The software failure incident in the article can be attributed to the design phase. The modified version of the Dog Wars app contained a Trojan horse that sent unauthorized text messages and signed up devices for a PETA alert service without the device owner's knowledge. This malicious behavior was introduced into the app during the development phase, specifically in the older version of the app (Beta 0.981) [7187]. (b) The software failure incident can also be linked to the operation phase. The Trojan code injected into the devices operated in the background, sending out unauthorized text messages and initiating the PETA alert service without the user's consent. This unauthorized operation of the system was a result of the malicious actions of the Trojan code once the compromised device started up [7187].
Boundary (Internal/External) within_system (a) within_system: The software failure incident in this case was within the system. The modified version of the Dog Wars app contained a Trojan horse named "Android.Dogowar" that was injected into the app itself. This Trojan horse was responsible for sending unauthorized text messages and signing up devices for a PETA alert service without the knowledge of the device owners [7187].
Nature (Human/Non-human) non-human_actions, human_actions (a) The software failure incident in this case was due to non-human actions, specifically the presence of a Trojan horse named "Android.Dogowar" in an older version of the Dog Wars app. This Trojan horse was designed to send text messages without the device owner's knowledge, including a message that appeared to be from the device owner stating, "I take pleasure in hurting small animals." Additionally, the Trojan signed up devices for a text alert service operated by PETA, all without human participation [7187]. (b) However, it is important to note that the creation and distribution of the modified version of the app with the Trojan horse were the result of human actions. The incident involved someone attempting to associate the app with PETA, and the malware was found in an older version of the app that was not on the official Android Market but could be found on pirated software exchange sites. The actions of the individual or group behind this modification were deliberate and aimed at causing harm or spreading a message through the app [7187].
Dimension (Hardware/Software) software (a) The software failure incident in Article 7187 was not directly attributed to hardware issues. The incident involved a modified version of the Dog Wars app that included a Trojan horse, which was injected into the device as a package called "Dogbiet" [7187]. (b) The software failure incident in Article 7187 was primarily due to contributing factors originating in software. The modified version of the Dog Wars app contained a Trojan horse named "Android.Dogowar," which was responsible for sending unauthorized text messages and signing up devices for a PETA alert service without the user's knowledge [7187].
Objective (Malicious/Non-malicious) malicious (a) The software failure incident described in the article is malicious in nature. The modified version of the Dog Wars app contained a Trojan horse that sent out text messages without the device owner's knowledge, including a message that said, "I take pleasure in hurting small animals." Additionally, the Trojan signed up devices for a text alert service operated by PETA, without the user's consent. This malicious behavior was not associated with PETA but was likely the work of someone attempting to associate the app with PETA [7187].
Intent (Poor/Accidental Decisions) poor_decisions (a) The intent of the software failure incident was likely due to poor_decisions. The modified version of the Dog Wars app containing the Trojan horse was designed to send a text message to contacts stating, "I take pleasure in hurting small animals," and sign up devices for a PETA alert service without the user's knowledge [7187]. This malicious behavior was not associated with PETA but was likely an attempt to associate the app with the organization. The decision to include such harmful actions in the app can be considered a poor decision that led to the software failure incident.
Capability (Incompetence/Accidental) development_incompetence, accidental (a) The software failure incident in Article 7187 can be attributed to development incompetence. The incident involved the modification of the Dog Wars app to include a Trojan horse that sent malicious text messages and signed up devices for a PETA alert service without the users' knowledge. This modification was likely the work of someone attempting to associate the app with PETA, showcasing a lack of professional competence in ensuring the security and integrity of the app [7187]. (b) Additionally, the incident can also be categorized as accidental, as the app modification was not officially endorsed by PETA, and the organization expressed surprise at the creation of this malicious version of the app. The PETA representative mentioned that they did not know who created this version of the app, indicating that the actions were accidental and not intentional on their part [7187].
Duration temporary The software failure incident described in the article is temporary. The incident was caused by a modified version of the Dog Wars app, which included a Trojan horse that sent unauthorized text messages and signed up devices for a PETA alert service without the user's knowledge. This incident was not a permanent failure but rather a temporary issue introduced by the malicious modification of the app [7187].
Behaviour crash, omission, value, other (a) crash: The software failure incident in the article can be categorized as a crash. The modified version of the Dog Wars app containing the Trojan horse caused the compromised device to send unauthorized text messages and sign up for a PETA alert service without the device owner's knowledge. This behavior can be considered a crash as the system lost control and performed actions not intended by the user or the app developers [7187]. (b) omission: The software failure incident can also be categorized as an omission. The Trojan injected into the device omitted to perform the intended functions of the original app and instead sent out unauthorized text messages and signed up for a service without the user's consent. This omission led to the system behaving in an unintended manner [7187]. (c) timing: The timing of the software failure incident is not explicitly mentioned in the article. Therefore, it is unknown if the failure was due to the system performing its intended functions correctly but at the wrong time. (d) value: The software failure incident can be categorized as a value failure. The Trojan injected into the device caused the system to perform its intended functions incorrectly by sending out unauthorized text messages and signing up for a service without the user's consent. This incorrect behavior deviated from the expected and intended functions of the app [7187]. (e) byzantine: The software failure incident does not exhibit characteristics of a byzantine failure, which involves inconsistent responses and interactions. The incident described in the article primarily involves unauthorized actions taken by the Trojan injected into the device, rather than inconsistent behavior or interactions. (f) other: The other behavior exhibited in this software failure incident is the deceptive nature of the Trojan. The Trojan disguised itself by using an icon that closely resembled the legitimate app icon, with the only noticeable difference being the word "PETA" instead of "BETA." This deceptive behavior aimed to trick users into installing the malicious software, showcasing a form of social engineering and manipulation [7187].

IoT System Layer

Layer Option Rationale
Perception None None
Communication None None
Application None None

Other Details

Category Option Rationale
Consequence unknown (a) death: People lost their lives due to the software failure (b) harm: People were physically harmed due to the software failure (c) basic: People's access to food or shelter was impacted because of the software failure (d) property: People's material goods, money, or data was impacted due to the software failure (e) delay: People had to postpone an activity due to the software failure (f) non-human: Non-human entities were impacted due to the software failure (g) no_consequence: There were no real observed consequences of the software failure (h) theoretical_consequence: There were potential consequences discussed of the software failure that did not occur (i) other: Was there consequence(s) of the software failure not described in the (a to h) options? What is the other consequence(s)? The software failure incident described in the article did not result in any of the consequences mentioned above. The incident involved a modified version of the Dog Wars app that included a Trojan horse sending text messages and signing devices up for a PETA alert service, but there were no reports of physical harm, death, impact on basic needs, property loss, delays, or harm to non-human entities as a direct result of this software issue. The primary consequence was related to the unauthorized actions taken by the malware within the app [7187].
Domain information, entertainment (a) The failed system was related to the information industry as it involved a modified version of the controversial Android app "Dog Wars" that included a Trojan horse, which sent text messages and signed up devices for a text alert service operated by PETA [7187].

Sources

Back to List