‫ McAfee Threats Report: Second Quarter 2011 – 1st Section

This quarter Android OS-based malware became the most popular target for mobile malware developers. That’s a rapid rise for Android, which outpaces second place Java Micro Edition threefold.

The malware landscape this quarter has presented us several surprises. Although numerically not the busiest period in history, when combined with the first quarter we have the busiest ever first half-year in this vector. The increase is 22 percent over 2010! McAfee Labs identified almost six million unique malware samples during this quarter. This puts us on track for our cumulative malware “zoo” collection to reach 75 million samples by year’s end.

Just to reinforce how significant the growth has been during the last several years, here is a look at the monthly incremental growth of unique malware binaries:

Among the specific families we track, fake anti-virus software continues to show consistent growth and has even begun to climb aboard a new platform: the Mac. You read that right; fake-AV for Apple’s platform is now a reality. This does not surprise us at McAfee Labs. There are more Mac users than ever before. This puts the Apple platforms squarely in the crosshairs of malware authors. It will be interesting to see if this type of malware makes its way to the iPhone and iPad as well.

Generic password-stealing Trojans declined just a bit this quarter, while AutoRun malware was greatly reduced. Koobface threats dropped to the lowest levels in years.

Rootkits and Stealth Malware

Another malware category demonstrating recent steady growth is the rootkit. A rootkit (sometimes called stealth malware) is code that hides its elements from the operating system and security software. Cybercriminals use rootkits to make other malware stealthier and more persistent. The better hidden the malware is, the longer it will remain on the system and engage in its malicious activity. As you can see from the following chart, rootkits are on the rise overall. The first half of 2011 was comparable to malware overall: Rootkits have seen their busiest-ever six months, up almost 38 percent over 2010! Two of the busiest rootkits that we encounter are Koutodoor and TDSS. Both are nasty and hide malware to steal data.

For several quarters, one of the major trends we’ve seen is that malware authors prefer to write exploits that target vulnerabilities in Adobe products. This trend does not prove that Adobe’s technologies are more vulnerable or have more coding bugs than Microsoft’s. Rather, Adobe is one of the clear leaders in worldwide client applications, and this leadership is what drives malware authors and cybercriminals: They target what is popular and in wide use. The following chart shows the malware McAfee Labs has seen this quarter that attempts to exploit vulnerabilities in Adobe and Microsoft products.