As an IT Security Professional and a Certified Ethical Hacker (C|EH) one thing I have noticed is malware is on the rise. The complexity and the growth of malware have more than just tripled in the last six months. What we have witnessed and will be witnessing is a change in the threat landscape. Clever new ways have cropped up to compromise new devices of which, fake antivirus are on the rise and password stealing malware are showing a sudden surge in the level of activity. Their ability to adapt to avoid detection is one aspect that needs to be taken into consideration.

Smartphone malware is hardly a new concept, but the tools being used by hackers to crack smartphones are new and more clever than ever. As apps developed for phones become more platform neutral (able to operate on android, windows 7 etc and able to run HTML, XML, Flash etc), there is increased likelihood that web-based worms will rise up and start to be more of an issue as the hosts which they can spread to become more numerous.

The SpyEye hacker application is but one example. SpyEye seeks to intercept bank issued SMS codes (for the purposes of online banking) and redirect them to the hacker without the knowledge of the phone’s owner. SpyEye which is often installed unknowingly by a user when they download other apps. Quite often it sits dormant, waiting for the right flags to be triggered before engaging. Infosecland.com recently reported that:

“SpyEye is known to be one of the more powerful data-sniffing Trojans ever developed, and the release of the source code means the likelihood that there will be a dramatic increase in its application is a very real scenario”

McAfee Q2 2011 Threats Report Shows Significant Growth for Malware on Mobile Platforms

Report Shows Record Growth for Malware and Rootkits; Major Hacktivist Activity

SANTA CLARA, Calif.–(BUSINESS WIRE)–McAfee today released the McAfee Threats Report: Second Quarter 2011, showing that the amount of malware targeted at Android devices jumped 76 percent since last quarter, to become the most attacked mobile operating system. 2011 has also resulted in the busiest ever first half-year in malware history, including a first-ever appearance of Mac fake AV and a significant uptick in rootkits, suggesting that McAfee’s comprehensive malware “zoo” collection will reach a record 75 million samples by the year’s end.

“This year we’ve seen record-breaking numbers of malware, especially on mobile devices, where the uptick is in direct correlation to popularity”

“This year we’ve seen record-breaking numbers of malware, especially on mobile devices, where the uptick is in direct correlation to popularity,” said Vincent Weafer, senior vice president of McAfee Labs. “Overall attacks are becoming more stealth and more sophisticated, suggesting that we could see attacks that remain unnoticed for longer periods of time. High-profile hacktivist groups have also changed the landscape by drawing a line between attacks for personal gain and attacks meant to send a message.”

The report also details specific activity shaping the way cybercriminals operate, such as cybercrime “pricebooks” that determine the going rate for large email address lists, and acts of hacktivism and cyberwar.

2011 On Track to Reach Record “Malware Zoo”

With an approximate 12 million unique samples for the first half of 2011, a 22 percent increase over 2010, this has been the busiest first half-year in malware history. With the addition of Q2’s numbers, the grand total of total malware samples in McAfee’s database has reached approximately 65 million, and McAfee researchers estimate that this “Malware Zoo” will reach at least 75 million samples by the year’s end.

Android Nabs Top Spot for Most Mobile Malware

With the vast amount of personal and business data now found on user’s mobile phones, mobile malware is steadily increasing, often mimicking the same code as PC-based threats. In the second quarter of 2011, Android OS-based malware surpassed Symbian OS for the most popular target for mobile malware developers. While Symbian OS and Java ME remain the most targeted to date, the rapid rise in Android malware in Q2 indicates that the platform could become an increasing target for cybercriminals – affecting everything from calendar apps, to comedy apps to SMS messages to a fake Angry Birds updates.

Fake Anti-Virus for Apple, Rootkits and Stealth Malware Reach New Terrain

There are more Mac users than ever before, and as organizations increasingly adopt Macs for business use, Apple now has become more a target for malware authors. Though historically the Apple platform has been unaffected by fake anti-virus (fake AV) software, activity in Q2 indicates that it is now being affected. Although this type of fake AV is the first of its kind, McAfee Labs does expect fake AV in general will drop off over time.

Another malware category that is demonstrating recent steady growth is stealth malware. The tactic of hiding malware in a rootkit is used by cybercriminals to make malware stealthier and more persistent, and has seen this type of attack gain in prominence over the past year, with high-profile attacks such as Stuxnet. Stealth malware has increased more rapidly in the last six months than in any previous period, up almost 38 percent over 2010.

Acts of Hacktivism and Cyberwar Make Their Mark

Acts of hacktivism, primarily from the groups Anonymous and LulzSec, were among some of the most prominent cyber news generators for Q2. The report details hacktivist activity from Q2, with at least 20 global attacks reported in Q2 alone, and with the majority allegedly at the hands of LulzSec. The report also outlines acts of cyberwar that occurred in Q2, including attacks on United States’ Oak Ridge National Laboratory, and an attack on South Korea’s National Agricultural Cooperative Federation.

Email “Black Market” for Spammers

Though spam is still at historic low levels, due in part to the Rustock takedown, McAfee Labs still expects to see a sharp rise in activity over the coming months. A common method for cybercriminals to increase their volume of spam activity is to purchase a bulk list of emails in order to flood as much spam as possible to a widespread group of people. Whether it’s a botnet or a rental service, prices vary for such enterprises, often by location. For instance, in the United States, the going rate for 1 million emails is $25, whereas in England 1.5 million emails are worth $100.

For more information on trends related to hacktivism, cyberwar, web threats and malware, please download a full copy of the McAfee Threats Report: Second Quarter 2011 at http://www.mcafee.com/us/resources/reports/rp-quarterly-threat-q2-2011.pdf

As PPCGeek tries to protect it’s users I bring you this important message for Android users. It seems that a company has found over 26 more mal-ware programs in the Android Marketplace. It is suspected of infecting over 100,000 Android users. Lookout Mobile Security made the discovery over the weekend, and believes that the rogue software was likely created by the same persons who created the ‘DroidDream’ malware that was discovered in dozens of Android apps a couple of months back.

The security firm followed tips from legitimate developers who noticed that their apps were being redistributed with modified code. This discovery lead to a new stripped-down version of the original ‘DroidDream” malware, the new name is ‘Droid Dream Light’

Google has been notified and  has already resulted in the offending apps being withdrawn from the Market.

According to Lookout, once installed on a user’s device, the user doesn’t even have to open the apps for their device to be at risk; the code can be activated by an external triggering event, such as an incoming voice call, which then prompts the device to send data to a remote server, such as the IMEI number and information about installed programs.

Google now may be forced with using that “app kill switch” to remove it from hundreds of thousands of users devices. But considering the alternative – I would rather have it removed than have it stay on my phone spreading who knows what to where!

The list of infected apps includes:

Magic Photo Studio

• Sexy Girls: Hot Japanese
• Sexy Legs
• HOT Girls 4
• Beauty Breasts
• Sex Sound
• Sex Sound: Japanese
• HOT Girls 1
• HOT Girls 2
• HOT Girls 3

Mango Studio

• Floating Image Free
• System Monitor
• Super StopWatch and Timer
• System Info Manager

E.T. Tean

• Call End Vibrate

BeeGoo

• Quick Photo Grid
• Delete Contacts
• Quick Uninstaller
• Contact Master
• Brightness Settings
• Volume Manager
• Super Photo Enhance
• Super Color Flashlight
• Paint Master

DroidPlus

• Quick Cleaner
• Super App Manager
• Quick SMS Backup

source: neowin.net

“The interesting thing is that when she plugged the phone to her PC via USB her Panda Cloud Antivirus went off, detecting both an autorun.inf and autorun.exe as malicious. A quick look into the phone quickly revealed it was infected and spreading the infection to any and all PCs that the phone would be plugged into.
A quick analysis of the malware reveals that it is in fact a Mariposa bot client. This one, unlike the one announced last week which was run by spanish hacker group “DDP Team”, is run by some guy named “tnls” as the botnet-control mechanism shows…”

You must take this article with a grain of salt though, because the source of the article was a Panda Security employee and it was first posted on a Panda Security Research Blog.

Vodaphone released the following statement:

“Vodafone takes the security and privacy of its customers extremely seriously and launched an immediate investigation into this incident
Following extensive Quality Assurance testing on HTC Magic handsets in several of our operating companies, early indications are that this was an isolated local incident
Vodafone keeps its security processes under constant review as new threats arise, and we will take all appropriate actions to safeguard our customers’ privacy.”

Source: Phandroid (Thanks for the tip Mordy)