Google Android, Windows Malware Skyrockets in Q1: McAfee Report

A new report from McAfee said the amount of Android malware detected during the first quarter of 2012 shot up 1,200 percent. Malware targeting Windows PCs jumped as well, the firm reported.

Mobile malware targeting Google Android devices exploded in the first few months of 2012, according to a new report from McAfee.

Nearly 7,000 Android threats were identified and collected through the end of the 2012 first quarter, according to McAfee's threat report.

This represents a more than 1,200 percent increase when compared with the 600 Android samples identified by the company by the end of 2011. The majority of these threats originate from third-party app stores as opposed to Google Play, the security firm said.

"I€™d definitely steer clear of any third-party sites providing Android apps," said Adam Wosotowsky, messaging data architect at McAfee Labs.

"The Android marketplace is open to anyone who wants to put their app on it unless that app doesn€™t pass Google's multi-layered quality checks. So you obviously wouldn€™t want an app that couldn€™t be put onto Android€™s marketplace and I can€™t think of any good reasons why a developer would say that they don€™t want their app on the android marketplace but want it on third-party sites," Wosotowsky said.

Malware targeting Windows PCs jumped as well, reaching the highest level detected in a single quarter in four years, according to the firm. In the fourth quarter of 2011, McAfee Labs had collected more than 75 million malware samples.

In the first quarter of 2012, the company detected 83 million pieces. Driving that increase was a bump in the number of rootkits and password stealers, with the latter reaching approximately 1 million samples. The main medium for propagating highly targeted attacks is email, with nearly all targeted attacks beginning with a spear phishing message.

Earlier this year, Google announced it was improving security for Android's app marketplace with a malware detection system nicknamed "Bouncer," which analyzes new applications before they are sold in the market to see if they contain known malware.

Financial profit is the main motivator for mobile malware, according to McAfee. Overall, 8,000 total mobile malware samples were collected during the quarter.

Though Mac malware was in the news during the past two months due to growth of the Flashback Trojan, the amount of Mac malware is still relatively tiny. According to McAfee, roughly 250 new Mac malware samples were detected in the quarter.

The botnet business continues to thrive, though global spam levels dropped to approximately 1 trillion monthly spam messages by the end of March. Decreases were the most significant in Brazil, Indonesia, Brazil and Russia, while China, Germany, Spain, Poland and the U.K. saw increases.

Botnet growth increased in the first quarter, reaching nearly five million infections at its highest point. Columbia, Japan, Poland, Spain, and the United States were the areas with the largest increase in botnet activity, while Indonesia, Portugal and South Korea were regions that continued to decline. The most prevalent botnet during the quarter was Cutwail, with more than two million new infections.

The United States was found to host most botnet control servers and is the location point for the vast majority of new malicious Websites, with an average of 9,300 new bad sites recorded each day. The United States was also the primary source of SQL injection and cross-site scripting attacks during the quarter, and had the highest number of victims of both kinds of attacks, the report stated.

€œIn the first quarter of 2012, we have already detected eight million new malware samples, showing that malware authors are continuing their unrelenting development of new malware,€ said Vincent Weafer, senior vice president of McAfee Labs, in a statement.

€œThe same skills and techniques that were sharpened on the PC platform are increasingly being extended to other platforms, such as mobile and Mac; and as more homes and businesses use these platforms the attacks will spread, which is why all users, no matter their platforms, should take security and online safety precautions,€ Weafer€™s statement said.