McAfee: New malware is proliferating

The number of new malware detected has jumped from less than 70,000 instances in 2009 to close to 90,000

Instances of malware continue to increase steadily, with the number of new threats reaching the highest point since 2009, McAfee says.

The number of new malware detected jumped from less than 70,000 instances to near 90,000 over that period, according to "McAfee Threats Report: Second Quarter 2012," with attacks against Android mobile devices representing the largest new threat category in the quarter.

MORE ANDROID: Cybercriminals take advantage of Android Flash Player gap

That the Android outbreak parallels historical attacks against PCs should be expected, McAfee says. "If much of Android malware seems familiar to PC malware, it should come as no surprise," the report says. "Malware writers leverage the expertise they honed during the years of writing malware for other platforms."

This new code is not just proof-of-concept attempts. "It is fully functional and mature, and mobile malware writers know what they are looking for: consumer and business data," McAfee says.

Android attacks are highlighted by a new attack method -- drive-by downloads for Android smartphones where visiting a site infects the phone. One difference with drive-bys carried out against PCs is that the mobile malware requires victims to install the code. But as the McAfee report notes, "when an attacker names the file Android System Update 4.0.apk, most suspicions vanish."

In addition to drive-bys, a botnet is now trying to enroll Android phones as zombie machines that take orders from Twitter accounts that are controlled by attackers. Commands for the bots are tweeted, and infected devices retrieve and follow them. The new botnet client is called Android/Twikabot.A.

"Using a service such as Twitter allows an attacker to leverage the resources of others without paying for a dedicated server or stealing one that belongs to a victim," the McAfee report says. "Internet relay chat servers have been exploited in the past for similar reasons, but using the web service gives attackers a small measure of anonymity."

Creators of an Android Trojan horse have apparently upgraded Android/Moghava.A to a new version called Android/Stamper.A, both of which corrupt photos on SD cards. Both pieces of malware use the same code for corrupting victims' phones, but the photo used to lure victims is different. The new version attracts people targets fans of a Japanese singing group with the promise of a look at fan election results. Instead they get a photo from a "What would your baby look like" competition that corrupts the phone.

The report says Mac users should beware. Over the past four quarters the number of Mac malware instances has steadily increased, but compared to the number for Windows, it's small.

One bit of good news is that one specific type of attack -- phony antivirus software aimed at Mac users -- is on the decline.

Tim Greene covers Microsoft for Network World and writes the Mostly Microsoft blog. Reach him at and follow him on Twitter @Tim_Greene.

Read more about wide area network in Network World's Wide Area Network section.

Join the CSO newsletter!

Error: Please check your email address.
Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Tim Greene

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place