Mobile leads in malware resurgence for 2012
McAfee finds PC malware back after hiatus, but mobile malware shows biggest percentage gain -- and Android is the target
May 29, 2012 — CSO — Malware is back -- big time -- after something of a holiday hiatus at the end of last year, the security firm McAfee says in its threats report for the first quarter of this year.
"Although we observed declines in the numbers( of many areas of malware and threats at the end of 2011, this quarter is almost its polar opposite," the report said (PDF document.) ("PC malware had its busiest quarter in recent history, and mobile malware also increased at a huge rate."
McAfee reported the total number of malware samples at about 83 million, with new samples at nearly 7 million. The U.S. continues to be the prime target of malicious web content.
While fake antivirus programs declined, the company reported finding 200,000 new examples of password-stealing Trojan horses, plus increases in rootkits and malware with forged security signatures of trusted providers.
The biggest percentage spike, however, came in mobile malware, which went from fewer than 2,000 in the final quarter of 2011 to more than 8,000 in the first three months of 2012. The vast majority of that -- almost 7,000 -- were aimed at the Android platform. The company said some of that spike was due to better detection.
Pierluigi Paganini, a malware expert and program, delivery and maintenance director at Bit4ld said it was "an expected and unavoidable event."
There are multiple reason for the explosion of interest in mobile platforms, the most obvious being the explosive growth of mobile devices, he said. "There is a large diffusion on mobile platform of social networking activities -- millions of users always connected who share every kind of media without prevention. That's a paradise for malware creators," he says.
Blake Turrentine, a mobile security expert and trainer for Black Hat, adds that mobile security has not kept up with the threats. "Anti-malware apps on mobile phones are in their infancy," he says.
Couple that with a continuing lack of awareness of threats and almost casual risky behaviors like jailbreaking mobile phones or downloading apps from third-party stores that are the main vehicles for spreading malware, Paganini said it is no surprise that there is"growing interest from cybercriminals and governments in mobile platforms. Setting up a botnet, for example, is not so hard, while the consequences [for victims] are devastating."
Not only is it relatively easy to set up bots and botnets -- they are not that expensive either, given the potential payoffs. McAfee reported that on underground forums they range in price from $450 to $8,000. They found that spam levels dropped by more than 1 trillion messages per month, but botnets grew to nearly 5 million infected computers.