Malware growth maintains rapid pace as mobile threats surge

The number and complexity of cyber-attacks, especially those targeting mobile devices, grew at an alarming pace in the second quarter, security technology company McAfee Labs said in its latest Threats Report.  

McAfee identified more than 8 million previously undiscovered samples of malicious software, or malware,   during the three months that ended June 30th. The number of new malware samples grew by more than 1.5 million from the first quarter to the second quarter.  

With nearly 100,000 new threats identified every day, the total number of unique malware samples tracked by McAfee climbed above the 90 million mark.

“Through forecasting and trending, we knew that 2012 would likely host a greater number of new malware samples than 2011, but the data from Q2 blew us away,” Pat Calhoun, McAfee’s senior vice president and general manager for network security, wrote in a blog entry discussing the latest report.
Hackers continued to produce malware for mobile devices at a rapid clip. The number of unique mobile malware samples soared from less than 2,000 in 2011 to more than 12,000 in 2012. Google’s Android operating system is the primary target. Nearly all the newly discovered mobile malware in the second quarter was written for Android.

Malware writers are leveraging their experience in producing malicious software for the PC to develop mature, fully functional mobile malware designed to access consumer and business data. The most notable new mobile threats are mobile “drive-by downloads” and the use of Twitter for control of global botnets, the report said.

Drive-by attacks download malware to mobile devices that visit websites set up by hackers. The attack is similar to the PC version, in which simply visiting a drive-by site would infect a computer. With the mobile version, the device’s user must still install the downloaded malware, but the use of file names such as “Android System Update 4.0.apk” often persuade the victim to run the installation.

Botnets are networks of computers or mobile devices infected with malicious software that hackers use to take control of the devices and leverage them to produce spam, send viruses or cause web servers to fail. The new malware leveraging Twitter to command mobile botnets saves criminals the expense and trouble of having to set up and maintain botnet control servers. Criminals can use Twitter to tweet commands to all infected devices while maintaining relative anonymity.

Calhoun, in his blog entry, pointed to three main points that companies should take from the report. 

  1. Cyber-attacks are growing more sophisticated, as evidenced by the rapid growth of signed malware, which uses stolen or falsified security certificates to pose as legitimate software. The use of certificates makes signed malware difficult to detect and even harder to stop. Even if a signed malware programme is discovered, companies must consider whether blocking or revoking the malware’s security certificate would block legitimate software that uses the same certificate.

  2. The emergence of sophisticated, network-based cyber-attacks poses risks not only to companies, but also to infrastructure and even national security. Whereas critical systems such as electric grids and phone and transportation networks used to operate as isolated silos, most of these systems today have internet and network connections, making them potential targets for cybercriminals.

  3. Hackers are capitalising on the growth of bring your own device (BYOD) policies to gain access to consumer and corporate information. “With years of experience attacking the traditional operating system, malware writers are using these mature skills to infiltrate the immature BYOD playing field,” Calhoun wrote. “In defense, organizations must deploy a combination of best practices and process controls – from the network all the way down to the application level.”

Among the report’s other findings:   

  • “Ransomware” emerged as a popular form of malicious software during the second quarter. The malware takes computers and/or data “hostage” by encrypting them and then demanding money to restore the computer and/or data.

    The approach uses anonymous payment methods that allow criminals to avoid having to process the credit card numbers stolen in other attacks, such as Fake AV (bogus security software). Because Ransomware inflicts damage immediately on the computers and mobile devices it infects, it poses a particular threat to businesses because the malware could use an employee’s infected computer or mobile device to encrypt all data in the network that the employee has access to change.

    McAfee recommends that companies regularly back up data, in addition to advising employees to take care with file attachments or links in email and online.

  • The number of password-stealing Trojans rose substantially during the quarter. 

  • Malware for Apple’s Mac continued to grow steadily, but the threat remained relatively mild when compared with PC malware.

  • The number of “bad” URLs continued to climb, topping 36 million. More than 90% of the URLs host malware or other code designed to hijack computers.

  • The United States appears to be the largest source and victim of network cyber-attacks.

Jeff Drew ( is a CGMA Magazine senior editor.