Mobile malware spikes in Q1, signed malware climbs, McAfee reports

By | May 23, 2012

Posted in: Network Security Trends

Mobile malware continues to increase, focused heavily on adware and sending premium-rate SMS services, according to McAfee’s first  quarter Threats Report. In addition to simple SMS malware, McAfee reports increasingly sophisticated backdoor Trojans on Android, which uses a root exploit to take control of the phone and receive commands, as well as sending SMS messages based on the country of the SIM card.

The increase in mobile malware is startling — more than 6,000 new malware specimens in Q1 of a total of just over 8,000 now in the McAfee database. McAfee cautions, however, that their improved ability to detect mobile malware is partly responsible for the precipitous jump. Almost all the new malware is written for the Android platform, but again there’s a caveat. Most of the malicious apps come from unauthorized sites, primarily in Russia and china, rather the Android Market. The unofficial sites are popular with non-English speaking Droid owners looking for apps in their own language, says Adam Wosotowsky, messaging data architect at McAfee. Android has done a good job keeping malicious apps off its market or booting them off before many people have a chance to download them.

The numbers for PC malware continue to sound like numbers in astronomy  — at some point they get so big you have trouble wrapping your head around them (so, a million light years is the distance light, traveling at 186,000 miles per second, travels in a million years, and I’m bushed after a round trip to New Jersey). So, about 7 million new samples in Q1 is a nice bump, but doesn’t get “wow” reaction as it would a few years back when we were accustomed to speaking in terms of thousands as a lot.

New rootkits samples bounced back nicely after a slump in the second half of last year. Rootkits are critical in gaining control of systems. One neat trick, says Wosotowsky, is rootkits that get wiped off infected machines coming back to life when they are restored via corporate backups. Thank you.

The most disturbing trend, perhaps, is a rapid ascent of signed malware, from almost nothing last September to more than 300,000 unique new signed malware binaries, more than 200,000 of those in Q1. In the wake of spectacular breaches of certificate authorities, such as DigiNotar, criminals are using stolen certs to evade security software and bypass system policies. It says “Trust me.”

Exploit kits, such as the nearly ubiquitous Blackhole, continue to update with new exploits, specifically The MIDI Remote Code Execution Vulnerability in Windows Multimedia Library (CVE-2012-0003),and the Java Runtime Environment sandbox breach (CVE-2012-0507. In addition, several new kits have sprung up in this lively and dynamic marketplace: Sakura, Hierarchy, Yang Pack, Zhi Zhu, and Gong Da Pack.

You May Also Be Interested In: