Cyber-criminals kicked off 2011 with a bang with more than six million unique malware samples and a surge in fake antivirus and mobile malware attacks.
Cyber-criminals were busy during the first quarter of 2011,
as there were more unique malware samples circulating during this time period,
Attacks surged in the first quarter of 2011, as researchers
counted six million unique malware samples, McAfee said in its first quarter Threat
, released June 1. There were 2.75 million new malware samples in
February, McAfee found. McAfee specifically highlighted mobile malware as the
"new frontier of cyber-crime" in its report.
Criminals are actively pursuing alternate attack vectors,
said Vincent Weafer, senior vice president of McAfee Labs. For example, McAfee
security experts found that the most recent version of SpyEye
can "thrive" on
more than 150 different "modules," including USB thumb drives, instant
messaging and Firefox certificates.
Mobile devices are increasingly targeted by attackers, the
report found. Google's Android mobile operating system became the second most
popular target for malware, after Symbian, which accounted for nearly
three-quarters of all mobile malware, according to the report.
McAfee Labs also released a white paper, "Downloading
from Mobile App Stores is Risky Business
," which focuses on the rise of mobile malware and the security risks of
mobile app stores, especially alternative third-party markets. As users can
download and install apps from other sources than just the official Android
Market, there is no central clearinghouse where Google can check every single
Android app, according to the McAfee Labs white paper.
Google yanked apps infected with DroidDream malware from the
Android Market in March, and again a few days ago when DroidDream Light
discovered in more than 20 apps. DroidDream uses two exploits, Exploit/LVedu and
Exploit/DiutesEx, which were initially used by users to gain root access to
their own devices. McAfee Labs also highlighted Android/Drad in its white paper,
which is also distributed via maliciously modified apps. The Drad malware
listens for commands from a centralized server and can download additional
software, although "it stops short of being a full-fledged mobile botnet,"
McAfee Labs said.
The criminals behind the Zeus crimeware toolkit have also
targeted mobile devices, creating new versions of Zitmo mobile malware
Symbian and Windows Mobile systems to steal user bank account information,
according to McAfee.
While PC malware often rely on known software and operating
system vulnerabilities to trigger drive-by downloads that infect machines
visiting specially designed or compromised Websites, most mobile malware
malware has required user interaction, the researchers wrote. "In the near
future mobile exploits will certainly allow automatic malware installation,"
The company noted that fake antivirus scams were also
prolific during the quarter, with 350,000 unique fake-alert samples being
detected in March 2011. The recent spate of rogue scareware for the Mac
hit in May, too late to be included in McAfee's report.
While month-to-month numbers haven't really shown a dramatic
decline in spam traffic, the shutdown of Rustock did significantly reduce the
volume of Internet spam. Spam levels dropped down to 2007 levels, at about 1.5
trillion messages per day, in this quarter, McAfee said. However, spam
continues to outnumber legitimate email by a ratio of three to one, and there
are plenty of other botnets, such as Maazben, Bobaz, Lethic, Cutwal and Grum,
that are poised to "fill the gap."
Even with the decline in overall spam volume,
cyber-criminals still rely on popular "lures" to trick users into opening
malicious attachments or clicking on dangerous links. Spam promoting phony or
real products was the most popular form used by attackers, such as drug spam in
Russia and South Korea, and fake delivery status notifications in Australia and
China. Zeus Trojans and other banking malware also used spam messages
purporting to be from UPS, FedEx, United States Postal Service and the Internal
McAfee Labs also saw significant spikes in malicious Web
content corresponding with the Japanese earthquake and tsunami. There was an
average of 8,600 new bad sites per day in the first quarter, and nearly half of
the top 100 results of the daily top search terms led to malicious sites.