Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Mobile leads in malware resurgence for 2012

Taylor Armerding | May 31, 2012
McAfee finds PC malware back after hiatus, but mobile malware shows biggest percentage gain -- and Android is the target

Apple users remain less of a target than those with PCs, but attacks on Macs are increasing. It is not just the Flashback Trojan -- McAfee reported about 250 new malware samples for the Mac, plus 150 fake anti-virus malware samples.

How should enterprises confront the threat? David Marcus, research director at McAfee and one of the authors of the report, says it comes down to training and tools. "[Companies should] make sure their teams are staying current with the overall trends of the threat landscape and have training, tools and processes that allow them to react with agility," Marcus said.

Paganini said mobile devices in particular "represent a projection of the company to the outside world and therefore require the application of all security measures necessary to protect the enterprise and the information it manages."

Kevin McAleavey, cofounder and chief architect at the KNOS Project, said that should be obvious to CSOs. "Given that the viruses that they're naming have been around for ages, I'd be wondering why those viruses are still out there," he said.

McAleavey said most criminals are outsmarting current antivirus software. "Antiviruses have 'heuristics' these days, which spot an 'unknown file.' If it isn't on their whitelist, then it must be 'suspicious,'" he said. "What happens then is that they waste the user's bandwidth uploading every 'suspicious' -- that's how they get those astronomical counts."

"Until a file is identified one way or another in their lab, then multiple 'suspicious' keep getting dumped into that bitbucket until it's identified and either whitelisted or detected,"

I'd be wondering why those viruses are still out there," he said.

"But what happens in the real world is that virus writers keep obfuscating the same old file until it's no longer detected. They can do this with encrypting, repacking -- dozens of other ways to make it no longer match the AV signatures," McAleavey said. "Once they submit the file to a testing site and it comes back not detected, then they pass it along to victims."

Turrentine said mobile protection is weak because "they can only effectively run with the same permissions as any other app. Though they can detect a degree of suspicious activity, this is still a big disadvantage.

[See also: Android hackers honing skills in Russia]

Malware designed to jailbreak or root a smartphone OS, "always has a leg up on the mobile McAfees of the world," he said. "The malware is being packaged with these capabilities. It can neuter/bypass the limited 'security' apps easier based on the fact that if it is successful in gaining root level access to the system, it can override capabilities the lower privileged, sandboxed apps have."


Previous Page  1  2  3  Next Page 

Sign up for CIO Asia eNewsletters.