Spam up, worms rise up says McAfee

McAfee Threat report for Q1 2013 shows a resurgence of spam based malware, Android malware up 40% and Trojans expanding information harvesting capabilities.

McAfee is a security company and its threat report is always a good read. At last count there were 128 million malware and virus variants in the wild.

Report highlights included

SPAM

The overall trend for most countries was a reduction in spam but countries like Ukraine, United Kingdom, Vietnam, Spain, Kazakhstan, China, Columbia, Belarus, Argentina and Chile bucked the trend. Consequently worldwide spam volumes doubled to more than 1.8 trillion spams in the quarter.

Legitimate email volumes were reasonably steady at .6 trillion messages.

Certainly the email system is the preferred method of delivering malware, phishing and other targeted attacks. Cheap Viagra, lonely women, hot stock tips, on-line gambling, job offers, newsletter subscription offers, replica products and antivirus spams lead the list. Enough fools fall for this and end up having their identity stolen and credit cards milked.

Social Media

You may not have heard of Koobface but it’s a Trojan worm that targets Facebook, Twitter and social networks. Although around since 2008 its incidence tripled in Q1. Social media users are easy targets apparently.

Mobile attacks

There were 50,926 mobile malware samples in the wild – 28% of these arriving in Q1. McAfee says “it will be another eye-catching and record year” for Android attacks. It only counts unique malware families – there could easily be more than a million variants.

Android is the attack vector and users must have protection. Sensible users that stick to the Google Play store (although this is not perfect either) and don’t install unsolicited pop-ups should be relatively unaffected but not safe.

There is no formal malware for Apple iOS, BlackBerry or Windows Phone 8 as yet.

Malware for desktop OS

Autorun malware that activates on insertion of USB drives or infected CD/DVD is also on the rise. As perimeter security gets better it makes sense to infect from within and the amount of corporate exposure to malware via ‘promotional’ USB drives (given away at events) is staggering.

The growth rate in the volume of password stealers, ransomware, fake antivirus, and rootkit discoveries were relatively flat in the first quarter. All of these threats continue to increase in absolute count.

McAfee suspects that the cybercriminal community is simply becoming smarter and more disciplined as it develops a preference for targeted attacks aimed at specific communities or geographies.

Windows is the main target but Mac OS is not immune and over 200 new Mac based malware varieties were discovered in Q1.

Ransomware

More than 250,000 types of ransomware are in the wild. One reason for its growth is that it is a very efficient means for criminals to earn money because they use various anonymous payment services. Another reason is that an underground ecosystem is already in place to help with services such as pay-per-install on computers that are infected by other malware, such as Citadel, and easy-to-use crime packs are available in the underground market. Criminals can buy kits like Lyposit – this malware pretends to come from a local law enforcement agency (based on the computer’s regional settings) and instructs victims to use payment services in a specific country - for just a share of the profit instead of for a fixed amount.

McAfees call - the problem of ransomware will not disappear anytime soon.

Web threats

McAfee tracks over 64.3 million infected web sites, up 12% since last quarter.

94% of these suspicious URLs host malware, exploits, or code that has been specifically designed to compromise computers i.e. drive by infections just by viewing them.

The domains associated with newly suspect URLs are mainly located in North America, Europe and the Middle East. This trend is not new.

Phishing

Sending an email that appears to be legitimate to launch malware. ANZ and Westpac are amongst the most phished or spoofed addresses in Australia.

But of more concern is the growing trend to paying people to ‘watch’ companies to find weaknesses that can be used for phishing attacks by organised crime.

JAVA

 Remains the vulnerability of choice. Disable is unless you absolutely have to use it.

Cyberarmies

The report lists a number of Hacktivists and the list of cyberarmies grows alarmingly. I quote

One person’s view of totalitarianism varies from another’s, just as one view of democracy varies from another. So let’s choose a standard: If we use the ‘Reporters Without Borders’ World Press Freedom Index, we find that the freest country is Finland, at No. 1, and the least free, Eritrea, is ranked No. 179.36 With the exception of Armenia, all of the countries hosting cyberarmies are ranked above 100, and nine of 13 fall between numbers 138 and 176. Nations that offer many freedoms to their citizens are not “represented” by cyberarmies.

Cyberarmies fight on the cyber front to bring down network, infect companies and gather information. Their methods include external hacks but increasingly subversion of the target organisations staff.

itwire.com