Mobile Malware the "New Frontier of Cybercrime"
Cybercriminals kicked off 2011 with a bang, with more than six million unique malware samples and a surge in fake antivirus and mobile malware attacks in the first quarter of 2011, according to the McAfee Labs Threat Report released June 1. The report specifically highlighted mobile malware as the “new frontier of cybercrime.”
Criminals are actively pursuing alternate attack vectors, said Vincent Weafer, senior vice president of McAfee Labs. For example, lab experts found that the most recent version of SpyEye can “thrive” on more than 150 different “modules,” including USB thumb drives, instant messaging and Firefox certificates.
Mobile devices are increasingly targeted by attackers, the report found. Google’s Android mobile operating system became the second most popular target for malware, after Symbian, which accounted for nearly three-quarters of all mobile malware, according to the report.
Droid Mobile App Downloads Still Risky
McAfee Labs also released a white paper, “Downloading from Mobile App Stores is Risky Business,” which focuses on the rise of mobile malware and the security risks of mobile app stores, especially alternative third-party markets.
As users can download and install apps from other sources than just the official Android Market, there is no central clearinghouse where Google can check every single Android app, according to the McAfee Labs white paper.
Google yanked apps infected with DroidDream malware from the Android Market in March, and again a few days ago when DroidDream Light was discovered in more than 20 apps. DroidDream uses two exploits, Exploit/LVedu and Exploit/DiutesEx, which were initially used by users to gain root access to their own devices.
Also highlighted in the white paper was Android/Drad, which is also distributed via maliciously modified apps. The Drad malware listens for commands from a centralized server and can download additional software, although “it stops short of being a full-fledged mobile botnet,” McAfee Labs said.
The criminals behind the Zeus crimeware toolkit have also targeted mobile devices, creating new versions of Zitmo mobile malware for both Symbian and Windows Mobile systems to steal user bank account information.
Mobile Malware to Install Automatically
While PC malware often rely on known software and operating system vulnerabilities to trigger drive-by downloads that infect machines visiting specially designed or compromised Websites, most mobile malware has required user interaction, the researchers wrote.
“In the near future mobile exploits will certainly allow automatic malware installation,” McAfee said.
The company noted that fake antivirus scams were also prolific during the quarter, with 350,000 unique fake-alert samples being detected in March 2011.
The recent spate of rogue scareware for the Mac OS X hit in May, too late to be included in the Q1 report.
Spam Traffic Drops to 1.5 Trillion Messages Per Day
While month-to-month numbers haven’t really shown a dramatic decline in spam traffic, the shutdown of Rustock did significantly reduce the volume of Internet spam. Spam levels dropped down to 2007 levels, at about 1.5 trillion messages per day in this quarter, according to the report.
However, spam continues to outnumber legitimate email by a ratio of three to one, and there are plenty of other botnets, such as Maazben, Bobaz, Lethic, Cutwal and Grum, that are poised to “fill the gap.”
Even with the decline in overall spam volume, cybercriminals still rely on popular “lures” to trick users into opening malicious attachments or clicking on dangerous links.
Spam promoting phony or real products was the most popular form used by attackers, such as drug spam in Russia and South Korea, and fake delivery status notifications in Australia and China. Zeus Trojans and other banking malware also used spam messages purporting to be from UPS, FedEx, the United States Postal Service and Internal Revenue Service.
Malicious Websites Spike in Q1
McAfee Labs also saw significant spikes in malicious Web content corresponding with the Japanese earthquake and tsunami. There was an average of 8,600 new bad sites per day in the first quarter, and nearly half of the top 100 results of the daily top search terms led to malicious sites.
SECNAP NOTE: Enterprises who allow users to connect their mobiles through corporate Wi-Fi networks should deploy SECNAP's mobile-enabled Intrusion Prevention System, or a similar solution, to effectively block mobile malware.
For a copy of the complete article go to: http://www.eweek.com/c/a/Security/Mobile-Malware-Fake-AV-Web-Threats-Dominated-Q1-2011-McAfee-763650/