Malware exploding, especially on mobile devices
Two reports find malware growth in the double digits. Mobile devices are the latest favorite cyber crime target says McAfee
By Joan Goodchild , Senior Editor
February 08, 2011 — CSO —
Mobile malware is soaring and Adobe is the main vector of attack, according to new figures from security firm McAfee that were issued Tuesday.
Cyber criminals are adopting strategies to take advantage of more mobile device use, the report, McAfee Threats Report: Fourth Quarter 2010, claims. The number of pieces of new mobile malware in 2010 increased by 46 percent compared with 2009. The report also uncovered 20 million new pieces of malware in 2010 — nearly 55,000 new malware threats every day.
"Our Q4 Threats Report shows that cybercriminals are keeping tabs on what's popular, and what will have the biggest impact from the smallest effort," said Vincent Weafer, senior vice president of McAfee Labs.
As more consumers use mobile devices and tablets in their daily lives and at work, cybercriminals have taken note, say researchers. As a result, botnet attacks that target mobile devices are expected to rise. In Q4, some of the most active threats included the bots known as Zeus-Murofet, Conficker and Koobface. The number of potentially malicious domains also grew at a rapid pace, according to the report.
"The creators of the Zeus botnet repurposed an old version of a commercial spyware package," the report claims. "Android/Geinimi, a Trojan inserted into legitimate mobile applications and games for the Android platform, was one of the most important threats of the quarter."
The research pointed to phishing URLs in the form of the IRS, gift cards, rewards accounts, and social networking accounts as some of the most popular cons. Adobe product vulnerabilities were the top method of execution, with weaknesses in both Flash, and especially PDF, technologies exploited frequently, according to McAfee.
Poisoning search results also continues to be a problem. Researchers found that within the top 100 results of the top daily search terms, 51 percent led to malicious sites, and on average each of these poisoned results pages contained more than five malicious links. The results fall in line with a Q4 Global Threat Report also released Tuesday by Cisco. Cisco found web malware increased by 139 percent in 2010 compared with the previous year. The rate of Web malware encounters peaked in October 2010, at 250 encounters per enterprise for the month.
"Companies in the pharmaceutical & chemicals and the energy & oil sectors continued to be most at-risk of web malware throughout 2010," said Mary Landesman, market intelligence manager at Cisco. "Other higher risk verticals throughout the year included agriculture & mining and education."
Read more about data protection in CSOonline's Data Protection section.
Other stories by Joan Goodchild