Security Experts:

Kaspersky: Android Has a Monopoly on Mobile Malware, 200,000 New PC Malware Samples Found Daily

Moscow-based Kaspersky Lab on Monday released its annual security bulletin, a report that reveals statistics on malware and cyber-threats detected by its Kaspersky Security Network (KSN) throughout the year.

Kaspersky’s 2012 summary proved to be another report validating the explosive growth in malware targeting mobile devices running on Google’s Android platform, and the increase in threats targeting Mac OS users.

Kaspersky Security Bulletin 2012Windows-based Malware Still Dominates

While the threat of malware targeting Mac OS-based systems has risen in recent years, it still represents a tiny fraction of the number of new threats that are discovered each day that target Windows PCs. With that said, Kaspersky Lab said its antivirus experts added 30 percent more signatures to detect various Mac Trojans in 2012 compared to 2011. But 30 percent of a small number is still a small number. However, Mac OS users are not invincible and should take precautions.

While most security experts I speak with still do not use an anti-malware product on their OS X-based systems, there are measures that many take to help protect against threats targeting Mac OS, the most important being to disable Java support in Web browsers, or removing it completely from a system if its not absolutely needed. Another popular measure is to reduce exposure to script-related attacks by using a Web Browser plug-in such as noscript which helps protect against things such as Java, XSS, and Clickjacking attacks. (Noscript is available for both Macs and PCs for popular Web browsers)

The biggest Mac OS threat during the year was Flashback, the botnet of 700,000 infected computers running Mac OS X. There was also a handful of incidents where Mac OS X computers were victims of targeted attacks, including ones against Uyghur activists in June, and a web site associated with the Dalai Lama earlier this month.

“The main reason for this is that Apple products are popular with many influential politicians and prominent businessmen, and the information stored in the devices owned by these people is of interest to a certain category of cybercriminals,” Kaspersky Lab explained in a statement.

There were several other minor incidents over the year related to Mac OS specific threats, but still these numbers are not even close to the number of threats that targeting Windows-based systems on a daily basis.

200,000 Served Up Daily

Kaspersky Lab said that it currently detects approximately 200,000 new malicious programs each day, most of which target Windows-based computers. That figure represents a spike from the first half of 2012 when the firm was finding about 125,000 new malware programs daily.

All totaled, Kaspersky said that it detected and blocked more than 1.5 billion web-based attacks and more than 3 billion infected files through its various installed software products during 2012. In total, 2.7 million "unique modifications of malware and potentially unwanted programs" attempting to launch on users’ computers were detected during these incidents, the company said.

Mobile Malware: Android Has Near Monopoly

Headlines about malware targeting Android are nothing new, but the percentage of mobile malware that was found targeting Android vs. other mobile platforms was astounding. According to Kaspersky’s numbers, in 2012, 99% of all mobile malware detected was designed for the Android platform.

In total, Kaspersky Lab said it found more than 35,000 malicious Android programs in 2012—about six times more than they saw in 2011. In October 2012, security vendor Trend Micro also issued a report noting that Android was “under siege”.

Earlier this year, Kevin McNamee, security architect and director at Kindsight Security Labs explained to SecurityWeek how easy it was to build Android malware with readily available tools.

Despite attempts by Google to introduce its own anti-malware technology, malicious applications continue to appear in the official Google Play store, Kaspersky Lab sad.

In fact, just this week, a security researcher at North Carolina University shared his discovery that the app verification service used by Google to determine whether a particular Android application is malicious is "fragile and can be easily bypassed." 

Android Malware Growth

In July, a sneaky iOS app called “find and Call” was discovered in Apple's App Store that collected used address book data and sent spam. Most iOS related concerns seem to be over privacy issues vs. being outright malicious programs.

“Just like traditional PCs, mobile devices are now targeted with high-profile cybercriminal operations, including targeted attacks and creating mobile botnets,” Kaspersky researchers noted.

Other key statistics pulled from Kaspersky’s Security Bulletin 2012 include:

• Java was the most popular vulnerable software targeted by cybercriminals in 2012. Java accounted for 50% of all detected exploit-based attacks targeting vulnerabilities. Adobe Reader ranked second and accounted for 28% of all incidents.

• Top 5 malware hosting countries: United States, Russia, The Netherlands, Germany and the United Kingdom

• Top 5 countries with the highest frequency of web attacks: Russia, Tajikistan, Azerbaijan, Armenia, Kazakhstan

• Top 5 countries where infected files are most frequently discovered: Bangladesh, Sudan, Malawi, Tanzania, Rwanda

• Top 5 countries with lowest infection rates: Denmark, Japan, Finland, Sweden, Czech Republic

“What 2012 has shown is the strong inclination of cybercriminals to steal data from all devices used by consumers and businesses, be it a PC, Mac, smartphone or tablet,” commented Costin Raiu, Director of Global Research & Analysis Team 
Kaspersky Lab
 in a statement. “We are also observing a strong increase in the overall number of threats, affecting all popular software environments,” Raiu said.

view counter
For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.