Home Networks, Including Mac Systems, Rife With Bots

 
 
By Robert Lemos  |  Posted 2013-02-17
 
 
 

A wide variety of North American consumers, from everyday Windows users to mobile workers and Mac users, have a hitchhiker on their computer systems when they go online, according to the latest malware report by security-service provider Kindsight.

One in every eight households harbors malicious software on one of their computer systems, the company stated in its 2012 Malware Report. About half that number—about one in 14 home networks—has a system that has been compromised by more dangerous malware, such as Trojans and botnet software. Kindsight helps service providers detect infected computers and devices in their networks—mostly those systems owned by consumers.

"Consumers need to understand the issues here and take action," said Kevin McNamee, security architect and director of Kindsight Security Labs. "Antivirus on a device is not enough. Service providers provide the network bandwidth, and they can run the additional detections through their network. "

On the whole, 2012 showed signs of fewer infections, but not by much. The ZeroAccess click-fraud botnet dominated the list of popular malware, infecting about 17 percent of all networks. The TDSS botnet came in second place, resident in about 10 percent of networks.

The Mac Flashback Trojan, which used a flaw in Java to infect Apple's Mac OS X, is found in more than 1 percent of computers in households in April 2012. Based on the Apple's 10 percent market share, Kindsight estimated that one in 10 Mac households had been infected with the Trojan. By the end of the year, the fraction of infection Mac systems dropped by half, but Flashback remained in the top-5 network infections for the year.

Mobile malware was a new addition to the company's top-20 list of malicious programs. Kindsight saw a 5.5-fold increase in the fourth quarter compared to the same quarter the previous year. While most of mobile malware steals information from the phone, the company warned that spyware could be used to steal corporate secrets.

"In the BYOD (bring your own device) context these spyware applications pose a huge threat because they can be installed surreptitiously on an employee’s phone and used for industrial or corporate espionage," the company stated in the report. "It is fairly easy to add the ability to activate the phone’s microphone and camera without the user knowing and stream the output through the Internet in real time to a remote command and control server. This gives the attacker the ability to monitor and record business meetings."

Computer scientists at the University of Indiana at Bloomington and the Crane Division of the Naval Surface Warfare Center (NSWC) demonstrated just such a program in September. Dubbed PlaceRaider, the software co-opted an infected mobile phone's camera to secretly take surreptitious of its surroundings, cull through the images, and send the best to an attacker, who then created a 3D model of the victim's surroundings.

Despite the rise in Android malware, the overall infection rate remains low, about 0.5 percent of all devices in the fourth quarter.

Rocket Fuel