McAfee Labs researchers today announced a surge in malware samples this year – particularly threats that take advantage of mobile networks to launch drive-by downloads, control botnets using Twitter and spread ransomware that locks down infected machines and demand payments from users.
The Santa Clara-based company released its Q2 Threat Report, in which its researchers say they’ve unearthed 1.5 million new pieces of malware this year, or an average of nearly 100,000 malware samples a day. More and more malicious code is targeting Google’s Android OS, though Apple users are far from immune too. More than 100 new Mac-oriented samples were discovered last quarter.
“Attacks that we’ve traditionally seen on PCs are now making their way to other devices. For example, in Q2 we saw Flashback, which targeted Macintosh devices and techniques such as ransomware and drive-by downloads targeting mobile,” said the Labs’ senior vice president, Vincent Weafer, in a prepared statement.
The findings in today’s report come from McAfee Labs’ 350 researchers scattered across 30 countries.
Among the emerging threats gaining traction is “signed malware,” in which attackers attempt to evade detection and encourage open rates by using digital signatures from stolen certificates. “In our 2012 Threats Predictions we predicted that this technique, likely inspired by the success of Duqu and Stuxnet, would rise in 2012. That opinion seems to be a successful example of crystal-ball gazing,” researchers wrote in the quarterly report.
The past quarter was also the busiest ever for ransomware, which holds part or all of a victim’s data hostage and demands anonymous payment methods to restore it.
“Ransomware is particularly problematic because the damage is instant and commonly a machine is rendered completely unusable. So not only is the victim’s data destroyed, but some of the victim’s money is also gone if he or she attempts to pay the attacker’s ransom. And although it is a personal disaster for a home user to lose years’ worth of data, pictures, and memories, the situation can be much worse in an enterprise if the malware encrypts all the data that a victim has write-access to on a corporate network,” the report states. The authors advise users to be be careful opening file attachments and back up systems regularly. Enterprise-level admins should consider establishing access protection rules in their security products.
Botnets reached a 12-month high last quarter, with more attackers using Twitter to send out commands and get all infected devices to follow them. Additionally, thumb drives containing malware – particularly password-stealing code – remain a popular conduit to infect machines.
Spams growth rate slowed in most parts of the world, with the exceptions being Columbia, Japan, South Korea and Venezuela. Among those with more than 10 percent growth in spam, social media proved a useful channel to peddle adult products, drugs, lonely women and phish scams.
More Web sites that host malware are gaining bad reputations. “Reputations can be based on full domains and any number of subdomains, as well as on a single IP address or even a specific URL. Malicious reputations are influenced by the hosting of malware, potentially unwanted programs, or phishing sites. Often we observe combinations of questionable code and functionality. These are several of the factors that contribute to our rating of a site’s reputation. By the end of June, the total number of bad URLs referenced by our labs overtook 36 million! This is equivalent to 22.6 million domain names.”
The authors note that their figure is at odds with the 9,500 new malicious web sites Google announced in a June blog post.