Security Experts:

McAfee Sees Biggest Increase In Malware Attacks in the Last Four Years

Malware attacks are at an all-time high for the past four years as attackers adapt their attack methods to various platforms, McAfee Labs researchers said in a quarterly threats report.

McAfee Labs identified more than eight million new kinds of malware in the second quarter of 2012, an increase of 23 percent, or 1.5 million, malware samples over the first quarter, according to the company's most recent threat analysis report. The McAfee Threats Report for the second quarter for 2012 also identified new threats such as mobile "drive-by-downloads," the use of Twitter to control mobile botnets, and the appearance of "ransomware" for mobile devices.

There are now more than 90 million unique strands of malware in the wild, and while Windows PCs remain the largest target, attackers are increasingly expanding their focus to include other platforms, according to McAfee. The Flashback Trojan which affected Mac OS X systems earlier in the quarter exploiting an unpatched Java vulnerability is just one example of how PC techniques have been adapted for new platforms.

"Attacks that we've traditionally seen on PCs are now making their way to other devices," said Vincent Weafer, head of McAfee Labs.

Virtually all new mobile malware detected in the second quarter targeted Android, and included SMS-sending malware, mobile botnets, spyware, and other destructive Trojans, according to the report. McAfee researchers have found about 13,000 different kinds of mobile malware so far in 2012, compared to less than 2,000 in 2011.

"Android malware shows no signs of slowing down, putting users on high alert," the company said.

Researchers also detected an increase in ransomware apps on mobile devices, with an all-time high in the number of new ransomware apps this quarter. Ransomware is a class of malicious applications that somehow takes control of the user's device and data, such as by changing passwords or encrypting the data, and demands a ransom from the victim before restoring access.

Ransomware has become a "popular avenue" for criminals, and damages range from loss of personal documents and photos for home users to data hostage and blackmail demands for large enterprises, McAfee said.

Drive-by downloads are another attack vector that traditionally targeted PCs but are now seen on other platforms. McAfee found the first instance of mobile drive-by downloads in the past quarter, where visitors browsing malicious websites were infected with malware.

"A victim still needs to install the downloaded malware, but when an attacker names the file 'Android System Update 4.0.apk,' most suspicions vanish," the report said.

Despite several takedown efforts, botnets continued to grow over the quarter, with infection rates reaching a 12-month high, McAfee found. Researchers also uncovered new methods being used to control botnets, such as using Twitter. In a mobile botnet, attackers can post commands on the micro-blogging service and infected devices would follow the instructions as they appear in the Twitter stream.

There were nearly 1.2 million new samples of the AutoRun worm, which spreads from thumb drives onto all attached drives on the system. There were 1.6 million new samples of password-stealing malware, which are capable of collecting account names and passwords and transmitting them to a remote server under the attacker's control.

McAfee also recorded an average of 2.7 million new bad URLs per month during the second quarter. In June, new URLs were related to about 300,000 bad domains, according to the report. Of the new bad-reputation URLs, 94.2 percent hosted malware, exploits or code that have been specifically designed to hijack computers.

view counter
Fahmida Y. Rashid is a Senior Contributing Writer for SecurityWeek. She has experience writing and reviewing security, core Internet infrastructure, open source, networking, and storage. Before setting out her journalism shingle, she spent nine years as a help-desk technician, software and Web application developer, network administrator, and technology consultant.