Mobile Growth Leads To Malware Surge, McAfee Says

Many recently discovered threats update old tactics. Android devices the most popular targets.
11 Security Sights Seen Only At Black Hat
11 Security Sights Seen Only At Black Hat
(click image for larger view and for slideshow)
McAfee's latest Threats Report, released Sept. 9, makes one thing clear: as much as mobile device proliferation has been a boon for vendors and developers, it's also been a field day for writers of malicious code. Indeed, the second quarter of 2012 witnessed the biggest increase in detected malware in four years, with 1.5 million new dangers recorded since Q1.

McAfee's database of dangerous programs swelled to more than 90 million listings, and the firm projects the tally will top 100 million by next quarter.

The dramatic uptick doesn't necessarily mean that the Internet is fundamentally more precarious, however; many of the recently discovered threats are simply updated takes on old tactics, and with more users carrying tasks across multiple devices and platforms, an increase in cybercrime makes sense. Nevertheless, the report highlights not only the ongoing diligence users must maintain toward security, but also the familiar dangers that might be lurking in new, less suspicious disguises.

Total mobile malware detections were up around 600% year-over-year, although Q2 saw new threats drop by around 30% relative to Q1's all-time high. Android was the most popular mobile target, with SMS-sending programs, mobile botnets, and Trojans among attackers' favorite tools. The fact that Android is not unassailable is no secret, but recent reports suggest that Jelly Bean might thwart sinister activity more effectively.

[ Is Bouncer a wimp? Read Google Bouncer Beat Up By Security Researchers. ]

McAfee emphasized that Android drive-by downloads rely on the same modus operandi they've employed to torment PC users: a device need only visit an infected site to download compromised software. "Attacks that we've traditionally seen on PCs are now making their way to other devices," said Vincent Weafer, senior VP of McAfee Labs, in a statement. The full report issues an even stronger warning: "Mobile malware is certainly not proof-of-concept or early code. It is fully functional and mature."

Botnet attacks, meanwhile, reached a 12-month high, in part because they have cleverly harnessed Twitter. This new deployment allows a perpetrator to anonymously network infected accounts to generate spam, issue viruses, or crash Web servers. Such tactics previously required a dedicated server, be it purchased or stolen, but Twitter enables hackers to leverage others' resources without these logistic challenges. Though predicated on a newer platform, the approach mirrors previous attacks on relay chat servers, McAfee notes.

Ransomware steadily increased; after topping 20,000 new reports the first time in Q3 of 2010, 2012 detections now total more than 120,000. Corrupting AutoRun files accounted for 1.2 million new samples, meanwhile, and password-stealing programs, with 1.6 million discoveries, were also a prominent threat. Signed malware--which tricks users into trusting a file, often via a stolen certificate--also reached a new high.

Apple users, accustomed to relative immunity from cyber mischief, still experience relatively few problems compared to Windows users--but as Flashback demonstrated, Macs no longer hold exempt status; it's clear that "malware can be written for any operating system and any platform," claimed McAfee.

Alex Smith, a senior analyst at Canalys, attributed increased malware activity to the greater diversity of devices and platforms. The sheer number of Android devices, he said in an interview, is a "huge opportunity for malicious hackers."

Smith identifies virtualization, which was recently exposed to the bad code parade, as a particular challenge. "We need dedicated virtual technologies [for security]," he claimed, adding that the "incumbent technologies might not be the optimal solution in this virtual world." Smith hesitated to say the Internet's actual danger had grown in proportion with McAfee's numbers. He remarked that the fragmented anti-malware industry is no longer confined to traditional powers such as McAfee and Symantec. With international competitors including Panda, AGV, Avast, and Kaspersky, "there are a lot of vendors looking to tackle the problem." That is, with more watchful eyes directed at potential threats, security experts have grown more adept at identifying new malware.

Even so, he said that more hackers are at work than before. With growing numbers of technology-savvy users in Eastern Europe and Asia, he said, it's inevitable that some "bad apples" surface. Black market malware toolkits allow these new entrants to make strides quickly.

Still, Smith says the biggest threat could come from legitimate developers, as sloppy coding could open security vulnerabilities.

Cybercriminals are taking aim at your website. Is your security strategy up to the challenge? Also in the new, all-digital 10 Steps To E-Commerce Security issue of Dark Reading: About half of the traffic to e-commerce sites is machine generated--and much of it is malicious. (Free registration required.)