فا

‫ McAfee Threats Report: First Quarter 2011- 1st Section

IRCRE201106069
Date: 2011-06-13
McAfee Labs has surveyed the threats of the first quarter of 2011 in its last report. This security report studies its first section in short.
Malware Attracted to Android Phones
During this quarter the Android was the second most popular environment for mobile malware, after Symbian OS. As the popularity of that platform continues to grow around the world, we expect to see more and more malware developed for it. Android malware remains third overall in our historical view.
One of the families, Android/DrdDream, comprises a variety of legitimate games and apps that have been injected with malicious code. These threats are unique and quite dangerous due to the use of two root exploits to gain greater control of those phones. The two exploits were initially used by users trying to gain legitimate root access to their own devices, a process commonly referred to as rooting. For mobile devices, much of the malware has required user interaction, but in the near future mobile exploits will certainly allow automatic malware installation.
Like Android/DrdDream, the Android/Drad family is made up of maliciously modified applications. This family sends device information to an attacker-controlled site. Just like in the PC malware world, Android/Drad listens for commands from the attacker. The malware can also download additional software. It appears that the malware uses blackhat search-engine optimization techniques, a process of manipulating search engine results to place dangerous sites higher than they should appear in lists of hits.
The recently released Android/SteamyScr.A is a modified version of a novelty app that turns a phone’s screen into a steamy window. This malware collects device information (International Mobile Equipment Identity and phone numbers) and sends it to the attacker. Android/SteamyScr.A also accepts a number of commands from botnet command servers. This malware is another example of attackers attempting to implement botnet functionality on Android devices.
Google created a security repair tool for Android/DrdDream infections that the creators of Android/Bgyoulu.A cleverly used for their own nefarious purposes. While pretending to be the official Android Market Security Tool, this malware actually monitors incoming SMS data and provides a backdoor for an attacker. Android/Bgyoulu.A appears to sign up a user to a premium-rate SMS service and then deletes the incoming confirmation message. With no indication that the user using a for-pay service, the malware manages to silently steal data and phone information.

The criminals who use the Zeus crimeware toolkit have created new versions of Zitmo for both Symbian and Windows Mobile systems. The bank account–stealing thieves who created SymbOS/Zitmo.A have expanded from Symbian to Windows Mobile.2 MSIL/Zitmo.B is a .NET Compact Framework that is a functional clone of Zitmo.A.
We expect to see much more development in this class of malware. As the world turns more to mobile devices, so too will cybercriminals and malware writers. Expect them to leverage, at Internet speed, everything they have learned from writing malware in the broader PC world.

Botnet Takes a Fall
One of the most important events of this quarter was the coordinated beheading of the Rustock botnet. This carefully scheduled effort among several security providers, law enforcement, and CERTs was able to shut off major amounts of the zombies and command structure of this very active botnet on a global level Spam, while already at its lowest point since 2007, dropped once again as a result of this action.

In spite of the success in crippling Rustock, McAfee Labs still sees a small amount of activity from the botnet. We expect Rustock will be reseeded by cybercriminals during the coming months.

Many botnets are in position to fill the gap left by Rustock’s decline. Aside from sending spam, botnets can control a variety of cybercrime—such as denial-of-service attacks, malware distribution and installation, and hosting phishing sites. Thus the information security community must remain vigilant.
Malware Busier Than Ever
These three months turned out to be the busiest first quarter we have ever seen. McAfee Labs identified more than six million unique malware samples! This far exceeds any first quarter we have seen. Historically this period tends to be a slow quarter for malware, so it will be interesting to see how much malware we identify during the rest of the year.

Just to reinforce how significant the growth has been during the last several years, let’s take a look at the monthly incremental growth of unique malware binaries:

As the preceding graph makes plain, the last month to register fewer than one million samples was February 2010. Thus we predict more malware on a monthly and quarterly basis for a variety of reasons: more users online, more opportunities for scamming, as well as more efficient means of creating and distributing malware.
Fake anti-virus, also known as bogus or rogue security software, had a very strong quarter and its growth shows no real signs of slowing.

Generic password-stealing Trojans are showing a consistent, sustained level of usage, while AutoRun malware has leveled off a bit.

The preceding chart shows the unique password stealers discovered by McAfee and the next chart shows the unique AutoRun samples discovered by this company.


نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

مشخصات خبر

 
تاریخ ایجاد: 25 بهمن 1390

برچسب‌ها

امتیاز

امتیاز شما
تعداد امتیازها: 0