McAfee Q3 2011 Threats Report: Android - Primary Target for New Mobile Malware

November 22, 2011

The McAfee Threats Report: Third Quarter 2011 showed that the Android mobile operating system solidified its lead as the primary target for new mobile malware. The amount of malware targeted at Android devices jumped nearly 37 percent since last quarter, and puts 2011 on track to be the busiest in mobile and general malware history. Nearly all new mobile malware in Q3 was targeted at Android.

McAfee Threats Report: Third Quarter 2011 PDF

“This has been a very steady quarter in terms of threats, as both general and mobile malware are more prevalent than ever,” said Vincent Weafer, senior vice president of McAfee Labs. “So far this year, we’ve seen many interesting yet challenging trends that are affecting the threat landscape, including heightened levels of sophistication and high-profile hacktivist attacks.”

2011 Expected to Exceed Malware Estimates

At the end of 2010, McAfee Labs predicted that malware would reach the 70 million unique samples by the end of 2011. Because of the rapid proliferation of malware this year, McAfee Labs has increased this prediction to 75 million unique malware samples reached by year’s end, the busiest in malware history.

Malware authors are capitalizing on the popularity of Android devices, as demonstrated by the fact that the Android platform was the only mobile operating system for all new mobile malware in Q3. One of the most popular forms of trickery in Q3 was SMS-sending Trojans that collect personal information and steal money. Another new method of stealing user information is malware that records phone conversations and forwards them to the attacker.

Commonplace Attacks Holding Steady

Fake Anti-Virus (AV), AutoRun and password-stealing Trojans have bounced back strongly from previous quarters, while AutoRun and passwords stealers remain at relatively constant levels. Mac malware also continues to grow, following a sharp increase in Q2. Although the increase in Q3 was not as significant, McAfee Labs warns that as certain platforms grow in popularity for both consumer and business use, such as the Mac operating system, malware authors will increasingly use theses platforms to target victims.

Web threats are also a common way for attackers to prey on unsuspecting victims. Websites have bad or malicious reputations for a variety of reasons, and are often influenced by the hosting of malware of phishing sites. The number of “bad sites” dropped a bit, from an average of 7,300 new bad sites in Q2 to 6,500 new bad sites in Q3.

Spam and Messaging Threats Differ by Region

While spam still remains at its lowest levels since 2007, spearphishing, or targeted spam, is at its greatest development in years. While not prominent, spearphishing is still highly sophisticated and effective, resulting in an elevated threat level. While overall botnet infections dropped slightly in Q3, they seemed to have shown a significant increase in Argentina, Indonesia, Russia and Venezuela. As for the botnets that were the most damaging, Cutwail, Festi and Lethic lead the pack, while previous frontrunners Grum, Bobax and Maazben declined.

Social engineering is also a lure used in targeted attacks that depend greatly on geography and language. Attackers show remarkable insight into what works in different cultures and regions – not just globally but also seasonally, and can vary by month, season or holiday. In the United States, “Delivery Service Notifications” (or fake error messages) are the most popular, while in the United Kingdom “419 scams” reign supreme. In France, phishing scams dominate, while drug spam is the most popular lure in Russia.

Hacktivism Becomes Less Defined

Hacktivist attacks were primarily launched by Anonymous in Q3. One clear differentiator from past quarters is that the goals were not as abundantly transparent as in previous quarters. The report highlights hacktivist activity from Q3, with at least 10 high-profile attacks at the hands of Anonymous, including attacks against the Arizona Fraternal Order of Police, Booz Allen Hamilton, Bay Area Rapid Transit, Austrian Police and Goldman Sachs.