“Trusted malware” is continuing to grow at an alarming rate, according to a new report that provides insight, background and analysis on the trends and developments in the global threat landscape by Internet and mobile security provider AVG Technologies.
In the second quarter, AVG’s Threat Labs saw an increase in the number of stolen digital certificates used to sign malware, before being distributed by hackers. An increase of more than 300 percent was identified at the start of 2011, compared with the whole of 2010. The “Community Powered Threat Report-Q2 2011” noted that the practice of trusting signed files is rapidly losing its strength.
As Macs continue to rise in popularity, they are increasingly becoming victims of cyber-crime, the report revealed. With the platform reaching crucial market share levels, it is starting to appear on the radar of cyber-criminals. “While it may be a new target platform, cyber-criminals are using tried and tested social engineering techniques to attack Mac OS users,” the report said.
Increasingly, cyber-crooks are using mobile malware to monetize using premium SMS and fake apps, according to AVG, as monetizing techniques via mobile are much easier to operate than those in use on the PC. By spamming users to download apps or simply posting them on download stores or markets, the software distribution has become easy and scalable. The AVG Threat Labs investigated the operation of 702 Command and Control servers in the first half of 2011. The research results match the geo location of the servers as well as the popularity of the various malware versions in use by each C&C. The United States holds the lead in Command and Control Servers with 30 percent of the market share, followed by Ukraine with 22 percent.
The U.S. still remains the dominant source of spam, with English as the main language used in spam messages, followed by the U.K., with Brazil coming in third. However, Brazil is rapidly closing that gap and is on course to overtake the U.K., likely in the next quarter.
The report also found 11.3 percent of malware is using external hardware devices (like flash drives) as a distribution method (AutoRun). In addition, the report said Blackhole remains the most prevalent exploit toolkit in the wild, accounting for 75.83 percent of toolkits, and exploit toolkits are responsible for 37 percent of all threat activity. Nearly 33 percent of spam messages originated from the U.S., followed by the United Kingdom with 3.9 percent.
“The World Wide Web might as well be re-branded as the World Wild Web. Our research indicates that hundreds of live servers operating around the world are active 24/7 to steal users’ credentials for online banking and other private assets,” said Yuval Ben-Itzhak, chief technology officer at AVG Technologies. “As attack techniques of hackers continue to get more advanced, users need to take action. Security products, with multilayers of protection are a must-have to protect against the potentially damaging threats that lurk on the Web. The user’s computer platform is becoming irrelevant for these cyber-criminals-Windows, Android, Mac and iOS are all targeted now.”