Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Mobile malware still small, but 'malnets' to rise up

Taylor Armerding | Feb. 13, 2013
With 70% of employees across corporate networks using a personal smartphone or tablet, growing attack surface too big to ignore

Mobile device operating systems are still more secure than those of desktop or laptop computers. But today's mobile spam and phishing attacks will increasingly be delivered via mobile malware networks.

Blue Coat Systems' 2013 Mobile Malware Report, released Monday, which analyzed requests from 75 million users worldwide, found that mobile threats are still a relatively small percentage of overall traffic, and mobile malware that breaks into the operating system of the phone is "still in its infancy."

But Sasi Murthy, Blue Coat's senior director of product marketing, said that as cybercriminals adapt to the behavior of mobile users, those threats will increase and become more varied.

With 70% of employees surveyed across the corporate network using a personal smartphone or tablet, according to an IDG Global Mobility Study, this is an attack surface much to big to ignore.

In particular, the report said that malnets, which are well established in the desktop world, are jumping to mobile. Malnets are built by infecting a user's computer with a Trojan. That compromised computer is used by a botnet to lure new users by various means such as spam email. That infrastructure is then used to launch wider attacks.

The report said that before 2012, "malnets primarily served malicious Java apps and made little effort to expand." But in February 2012, malnets targeting mobile users showed noticeable activity.

In 2012, mobile traffic to malnets increased to 2% of overall malnet traffic. This growth is further evidence that mobile malware is poised to make an impact in 2013," the report said.

It said the growth was driven by eight unique malnets in 2012. Three - Narid, Devox and Criban - targeted mobile devices exclusively while the others expanded to include mobile devices. "Narid and Devox are no longer active malnets. Criban continues to show a low level of activity with 83 new hosts over the past year. The maximum number of hosts used in a given day was three," the report said.

The report cited one attack in which the malicious download was recognized by only 10 of the 41 antivirus engines in VirusTotal. "During the same week that this attack occurred, one of the mobile malware malnets used 38 domain names and another used 14 domain names for(a variety of sites that were involved in attacks," it said.

The vulnerability to malware, at least according to some experts, is not due to major holes in mobile operating systems. David Rogers, a mobile security expert and owner of Copper Horse Solutions, said mobile OSs and their underlying hardware "are getting very advanced in terms of security."

Dirk Sigurdson, director of engineering for Mobilisafe at Rapid7, said that doesn't mean they are safe. "Devices are typically required to be updated by employees, since patches can't be pushed by organizations. Because of this, a high percentage of devices are running out-of-date firmware with OS-level vulnerabilities," he said.


1  2  Next Page 

Sign up for Computerworld eNewsletters.