Malware reaches New Highs, Spam Dips; Mobile Malware New Frontier

The first quarter of 2011

Three key takeaways from the newly released McAfee Threats Report: First Quarter 2011 provide a glimmer of hope on the Spam front, but sobering news for the overall consumer security landscape.

First, the good news. A welcome dip in spam volumes is the result of the takedown of the Rustock botnet that took the volume down to its lowest levels since 2007.

Though you may not have noticed the drop in spam levels, the last year has seen a significant decrease.

To see just how much these levels have dropped, look at the numbers in this chart from Spamcop. In addition to the overall downward trend over the last year, note the dramatic drop showing the dramatic impact of the Rustock takedown.

Unfortunately, this decline in spam volumes doesn’t indicate a kinder, gentler cybercriminal world; they’ve just moved to greener pastures. McAfee recorded six million unique samples of malware, making Q1 2011 the most active first quarter in malware history. To put that into perspective, that equals the dissemination of more than 66.6k new malware exploits every single day during the quarter. Pause to reflect on how many criminals it takes to generate that volume of malware. aDD TO THIS the tens of thousands of creepers, bullies, stalkers, pedophiles, and other human-on-human exploiters, working to cause harm online and you’ll begin to grasp the size of the army fighting against the decent citizens of the internet.

Symbian and Android are the most popular mobile malware environments

It should come as no surprise that Android, now the leader in smartphone market share (36.4% as of the end of April), has rocketed up to be the second most popular environment for mobile malware behind Symbian OS during the first three months of the year. What makes Android devices particularly tempting is the lack of safety testing of applications built to run on the platform. Unlike Apple’s model, Google’s Android devices allow “side-loading’ of apps so users aren’t restricted to getting apps through a centralized app store so there  is no centralized place where Google can check all apps for suspicious behavior. I highlighted this problem in a blog last week – see Twenty-Five New Malicious Apps on Android; 30,000 to 120,000 Users Affected.

McAfee’s threat report also notes that the cybercriminals behind the Zeus crimeware toolkit have also directed attacks toward the mobile platform, creating new versions of Zitmo mobile malware for both Symbian and Windows Mobile systems to steal user bank-account information.

Defend Your Phone

This onslaught against mobile devices means you must stay vigilant when downloading apps. Always check to see who has developed an app and what their reputation is. Look at reviews they’ve received and only download apps from sources that have a strong history and trust rating. Then, check the permissions the app is requesting if it is overreaching the needs of the app, don’t download. Stay on the lookout for any unusual behavior on your phone, and install a mobile security app. To see a listing of top mobile security products, and gain a deeper understanding of mobile malware risks, see my blog It’s No Accident – Mobile Money and Mobile Malware Set to Go Big in 2011.

Don’t be fooled by scammers

People still fall for online scams in spite of the fact these are easily detectable and avoided. The most common spam scams in the first quarter of this year  included promotions for phony or real products, drug spam, and fake delivery status notifications such as faked notices appearing to be from UPS, FedEx, USPS or the IRS. If you aren’t 100% sure you can spot and avoid these, practice on the examples and steps I’ve written up in my website section Spot the Spam.

The other surefire malware delivery system is luring people onto websites on hot news topics that have malicious downloads. McAffee found an average of 8,600 new bad websites per day covering topics like the Japanese earthquake and tsunami, and major sporting events. In fact, the research found that within the top 100 results of each of the daily top search terms, nearly 50% led to malicious sites.

There is absolutely no excuse for landing on a malicious website. There are several FREE services I’ve recommended consumers install that will notify them if a website is malicious, and failure to use one of these services is playing Russian roulette with not one, bub half the chambers loaded with bullets. If you don’t use a web testing service, read my blog Criddle Explains to Komo TV how Free Tools Help Spot Problem Websites Before You Click, and act NOW.

For all the amazing benefits the internet provides, we are falling further behind on the vision of a safe online environment where consumers and companies can reap the full benefits the internet can offer.

The only way to stay safer is to leverage technology tools – antivirus, antimalware and web testing tools, learn the skills you need to avoid falling victim to a scam, and be selective when choosing those with whom you will interact.



Comments are closed.

%d bloggers like this: