Nearly All Mobile Malware in Q3 Was Targeted at Android
The amount of malware targeted at Android devices jumped nearly 37 percent since last quarter, and puts 2011 on track to be the busiest in mobile and general malware history. Almost all new mobile malware in Q3 was targeted at Android.
The information was reported by McAfee at the company's
Q3 2011 threats report.
"This has been a very steady quarter in terms of threats, as both general and mobile malware are more prevalent than ever," said Vincent Weafer, senior vice president of McAfee Labs. "So far this year, we?ve seen many interesting yet challenging trends that are affecting the threat landscape, including heightened levels of sophistication and high-profile hacktivist attacks."
At the end of 2010, McAfee Labs predicted that malware would reach the 70 million unique samples by the end of 2011. Because of the rapid proliferation of malware this year, McAfee Labs has increased this prediction to 75 million unique malware samples reached by year?s end, the busiest in malware history.
Malware authors are capitalizing on the popularity of Android devices, as demonstrated by the fact that the Android platform was the only mobile operating system for all new mobile malware in Q3. One of the most popular forms of trickery in Q3 was SMS-sending Trojans that collect personal information and steal money. Another new method of stealing user information is malware that records phone conversations and forwards them to the attacker.
Fake Anti-Virus (AV), AutoRun and password-stealing Trojans have bounced back strongly from previous quarters, while AutoRun and passwords stealers remain at relatively constant levels. Mac malware also continues to grow, following a sharp increase in Q2. Although the increase in Q3 was not as significant, McAfee Labs warns that as certain platforms grow in popularity for both consumer and business use, such as the Mac operating system, malware authors will increasingly use theses platforms to target victims.
Web threats are also a common way for attackers to prey on unsuspecting victims. Websites have bad or malicious reputations for a variety of reasons, and are often influenced by the hosting of malware of phishing sites. The number of "bad sites" dropped a bit, from an average of 7,300 new bad sites in Q2 to 6,500 new bad sites in Q3.
While spam still remains at its lowest levels since 2007, spearphishing, or targeted spam, is at its greatest development in years. While not prominent, spearphishing is still highly sophisticated and effective, resulting in an elevated threat level. While overall botnet infections dropped slightly in Q3, they seemed to have shown a significant increase in Argentina, Indonesia, Russia and Venezuela. As for the botnets that were the most damaging, Cutwail, Festi and Lethic lead the pack, while previous frontrunners Grum, Bobax and Maazben declined.
Social engineering is also a lure used in targeted attacks that depend greatly on geography and language. Attackers show remarkable insight into what works in different cultures and regions - not just globally but also seasonally, and can vary by month, season or holiday. In the United States, "Delivery Service Notifications" (or fake error messages) are the most popular, while in the United Kingdom "419 scams" reign supreme. In France, phishing scams dominate, while drug spam is the most popular lure in Russia.
Hacktivist attacks were primarily launched by Anonymous in Q3. One clear differentiator from past quarters is that the goals were not as abundantly transparent as in previous quarters. The report highlights hacktivist activity from Q3, with at least 10 high-profile attacks at the hands of Anonymous, including attacks against the Arizona Fraternal Order of Police, Booz Allen Hamilton, Bay Area Rapid Transit, Austrian Police and Goldman Sachs.
'Dirty Dozen' list of vulnerable smartphones
The Android market has cultivated innovation and significant growth in the smartphone industry, but there are systemic problems in the distribution ecosystem which adversely impact security.
Security firm Bit9 has pulled together what it calls its "Dirty Dozen" list, putting the Google Android operating system in the spotlight, with claims that an estimated 56 percent of Android phones in the marketplace today are running out-of-date and insecure versions of the Android.
Smartphones running the Android operating system represent the majority of all new phone purchases. Unlike Apple iOS, RIM Blackberry or Windows Phone, the phone manufacturer - not the software vendor - is responsible for providing Android software updates to their smartphone. Phone carriers also inject themselves into the process, selling further customized models and sometimes charging data usage for software updates.
"The result is chaos," Harry Svedlove, Bit9's chief technology officer, says. "As anyone who has ever owned an Android phone can attest, waiting for your phone to receive the latest Android release is like walking through prickly bushes - slow, painful, and sometimes buggy (except for the Google Nexus phone, the only model where Google is responsible for the software updates)," he added.
According to the Bit9 study, all of the top 12 most vulnerable smartphones of 2011, are Android phones. More than half of all Android devices are running a version of the operating system that is over 18 months old.
The Bit9 "Dirty Dozen" not-so-smart smartphone list includes:
1. Samsung Galaxy Mini
2. 2 HTC Desire
3. Sony Ericsson Xperia X10
4. Sanyo Zio
5. HTC Wildfire
6. Samsung Epic 4G
7. LG Optimus S
8. Samsung Galaxy S
9. Motorola Droid X
10. LG Optimus One
11. Motorola Droid 2
12. HTC Evo 4G
For instance, the Samsung Galaxy Mini was released in April of this year based on a version of Android that was about 11 months out of date the day it shipped, according to Bit9.
Most Android phones come to market at least one major version behind the latest Android release, and they stay around six months behind the update curve moving forward. Manufacturers come out with newer models every 12 to 18 months and quickly end-of-life their previous models, usually well before the two year contracts most users sign with their carriers. Many times, updates are not pushed over-the-air (OTA). Users are required to go to support websites, download and unzip packages, manually backup their data, and wade through painful processes to get the latest updates. When OTA updates are released, they are staggered across geographies and phone carriers and can take months before reaching all affected models. Samsung - recently declared the world's biggest smartphone vendor - performed the worst of the top four Android manufacturers. Initial releases and updates to Samsung Android phones fall, on average, eight months behind Android?s release schedule (that?s counting when they start rolling out updates; no one knows how long the process actually takes).
"All software has vulnerabilities. The Android code is no more vulnerable than Apple iOS or any other operating system," said Svedlove. "The issue is what happens when a flaw is discovered. The quicker a software update can be distributed, the more secure you are. The longer a device remains outdated with known vulnerabilities, the greater the risk," he added.
"It's time to raise industry awareness and put pressure on the manufacturers and carriers to do better."
"This has been a very steady quarter in terms of threats, as both general and mobile malware are more prevalent than ever," said Vincent Weafer, senior vice president of McAfee Labs. "So far this year, we?ve seen many interesting yet challenging trends that are affecting the threat landscape, including heightened levels of sophistication and high-profile hacktivist attacks."
At the end of 2010, McAfee Labs predicted that malware would reach the 70 million unique samples by the end of 2011. Because of the rapid proliferation of malware this year, McAfee Labs has increased this prediction to 75 million unique malware samples reached by year?s end, the busiest in malware history.
Malware authors are capitalizing on the popularity of Android devices, as demonstrated by the fact that the Android platform was the only mobile operating system for all new mobile malware in Q3. One of the most popular forms of trickery in Q3 was SMS-sending Trojans that collect personal information and steal money. Another new method of stealing user information is malware that records phone conversations and forwards them to the attacker.
Fake Anti-Virus (AV), AutoRun and password-stealing Trojans have bounced back strongly from previous quarters, while AutoRun and passwords stealers remain at relatively constant levels. Mac malware also continues to grow, following a sharp increase in Q2. Although the increase in Q3 was not as significant, McAfee Labs warns that as certain platforms grow in popularity for both consumer and business use, such as the Mac operating system, malware authors will increasingly use theses platforms to target victims.
Web threats are also a common way for attackers to prey on unsuspecting victims. Websites have bad or malicious reputations for a variety of reasons, and are often influenced by the hosting of malware of phishing sites. The number of "bad sites" dropped a bit, from an average of 7,300 new bad sites in Q2 to 6,500 new bad sites in Q3.
While spam still remains at its lowest levels since 2007, spearphishing, or targeted spam, is at its greatest development in years. While not prominent, spearphishing is still highly sophisticated and effective, resulting in an elevated threat level. While overall botnet infections dropped slightly in Q3, they seemed to have shown a significant increase in Argentina, Indonesia, Russia and Venezuela. As for the botnets that were the most damaging, Cutwail, Festi and Lethic lead the pack, while previous frontrunners Grum, Bobax and Maazben declined.
Social engineering is also a lure used in targeted attacks that depend greatly on geography and language. Attackers show remarkable insight into what works in different cultures and regions - not just globally but also seasonally, and can vary by month, season or holiday. In the United States, "Delivery Service Notifications" (or fake error messages) are the most popular, while in the United Kingdom "419 scams" reign supreme. In France, phishing scams dominate, while drug spam is the most popular lure in Russia.
Hacktivist attacks were primarily launched by Anonymous in Q3. One clear differentiator from past quarters is that the goals were not as abundantly transparent as in previous quarters. The report highlights hacktivist activity from Q3, with at least 10 high-profile attacks at the hands of Anonymous, including attacks against the Arizona Fraternal Order of Police, Booz Allen Hamilton, Bay Area Rapid Transit, Austrian Police and Goldman Sachs.
'Dirty Dozen' list of vulnerable smartphones
The Android market has cultivated innovation and significant growth in the smartphone industry, but there are systemic problems in the distribution ecosystem which adversely impact security.
Security firm Bit9 has pulled together what it calls its "Dirty Dozen" list, putting the Google Android operating system in the spotlight, with claims that an estimated 56 percent of Android phones in the marketplace today are running out-of-date and insecure versions of the Android.
Smartphones running the Android operating system represent the majority of all new phone purchases. Unlike Apple iOS, RIM Blackberry or Windows Phone, the phone manufacturer - not the software vendor - is responsible for providing Android software updates to their smartphone. Phone carriers also inject themselves into the process, selling further customized models and sometimes charging data usage for software updates.
"The result is chaos," Harry Svedlove, Bit9's chief technology officer, says. "As anyone who has ever owned an Android phone can attest, waiting for your phone to receive the latest Android release is like walking through prickly bushes - slow, painful, and sometimes buggy (except for the Google Nexus phone, the only model where Google is responsible for the software updates)," he added.
According to the Bit9 study, all of the top 12 most vulnerable smartphones of 2011, are Android phones. More than half of all Android devices are running a version of the operating system that is over 18 months old.
The Bit9 "Dirty Dozen" not-so-smart smartphone list includes:
1. Samsung Galaxy Mini
2. 2 HTC Desire
3. Sony Ericsson Xperia X10
4. Sanyo Zio
5. HTC Wildfire
6. Samsung Epic 4G
7. LG Optimus S
8. Samsung Galaxy S
9. Motorola Droid X
10. LG Optimus One
11. Motorola Droid 2
12. HTC Evo 4G
For instance, the Samsung Galaxy Mini was released in April of this year based on a version of Android that was about 11 months out of date the day it shipped, according to Bit9.
Most Android phones come to market at least one major version behind the latest Android release, and they stay around six months behind the update curve moving forward. Manufacturers come out with newer models every 12 to 18 months and quickly end-of-life their previous models, usually well before the two year contracts most users sign with their carriers. Many times, updates are not pushed over-the-air (OTA). Users are required to go to support websites, download and unzip packages, manually backup their data, and wade through painful processes to get the latest updates. When OTA updates are released, they are staggered across geographies and phone carriers and can take months before reaching all affected models. Samsung - recently declared the world's biggest smartphone vendor - performed the worst of the top four Android manufacturers. Initial releases and updates to Samsung Android phones fall, on average, eight months behind Android?s release schedule (that?s counting when they start rolling out updates; no one knows how long the process actually takes).
"All software has vulnerabilities. The Android code is no more vulnerable than Apple iOS or any other operating system," said Svedlove. "The issue is what happens when a flaw is discovered. The quicker a software update can be distributed, the more secure you are. The longer a device remains outdated with known vulnerabilities, the greater the risk," he added.
"It's time to raise industry awareness and put pressure on the manufacturers and carriers to do better."