- 11 February 2013 15:38
New AVG Technologies Threat Report reveals pre-teen children developing malicious code
Pre-teens turning to malware?
In a world filled with laptops, tablets and smartphones, today’s children become digitally fluent far earlier than previous generations. Now, AVG has found evidence that pre-teens are writing malware designed to steal login details from online gamers, both young and old.
While stealing someone’s game logins may at first seem a minor problem, online gaming accounts are often connected to credit card details to enable in-game purchases, and may also have virtual currency attached to them amounting to hundreds of dollars. Furthermore, many gamers unfortunately use the same login details for social networks such as Facebook and Twitter, potentially putting the victim at risk of cyber-bullying, in addition to identity theft and major inconvenience.
“We have now seen a number of examples of very young individuals writing malware, including an 11-year-old from Canada,” said Yuval Ben-Itzhak, Chief Technology Officer at AVG Technologies. “The code usually takes the form of a basic Trojan written using the .NET framework, which is easy to learn for beginners and simple to deploy via a link in an email or posted on a social media page.
“We believe these junior programmers are motivated mainly by the thrill of outwitting their peers, rather than financial gain, but it is nevertheless a disturbing and increasing trend. It is also logical to assume that at least some of those responsible will be tempted to experiment with much more serious cyber-crimes.” (Find more information on page 19 of the report).
Mobile threats continue to rise
The Q4 Threat Report also highlights the dramatic and ongoing increase in mobile malware, particularly of code designed to target Google’s hugely popular Android operating system. During the course of 2012, AVG Threat Labs reported on the First Android Rootkit, examples of mobile banking being targeted for attack, malicious apps that send text messages to premium rate services, and Trojan-infected versions of popular games on unofficial app stores, including bestseller Angry Birds Space.
Mobile threats also feature in the Threat Report’s predictions for 2013, notably in the form of increased MITMO (Man-In-The-Mobile) attacks that target PC and mobile Internet banking apps. Such threats might benefit from the growing BYOD trend, where workers connect their personal mobile devices to company networks.
Alongside the rise in mobile malware, the Threat Labs found exploit toolkits continue to dominate when it comes to online threats. Almost 60 per cent of all threat activity online was performed by exploit toolkits in 2012. The use of such kits is believed to be the result of established cyber-criminals realising that they can create and sell commercial toolkits at a premium to less technically savvy peers eager to get into the market. One example of a new exploit toolkit which emerged during the last quarter of 2012, and bore a remarkable resemblance to the Blackhole Exploit Kit, was the Cool Toolkit. This new toolkit accounted for 16 per cent of the top web threats in Q4 2012, topped only by Blackhole at 40 per cent.
About the report:
The AVG Community Protection Network is an online neighborhood watch, where community members work to protect each other. Information about the latest threats is collected from customers who participate in the product improvement program and shared with the community to make sure everyone receives the best possible protection.
The AVG Community Powered Threat Report is based on the Community Protection Network traffic and data collected from participating AVG users over a three-month period, followed by analysis by AVG. It provides an overview of web, mobile devices, spam risks and threats. All statistics referenced are obtained from the AVG Community Protection Network.
AVG has focused on building communities that help millions of online participants support each other on computer security issues and actively contribute to AVG’s research efforts.
# # #
About AVG — www.avg.com.au
AVG Technologies’ mission is to simplify, optimise and secure the Internet experience, providing peace of mind to a connected world. AVG’s powerful yet easy-to-use software and online services put users in control of their Internet experience. By choosing AVG’s software and services, users become part of a trusted global community that benefits from inherent network effects, mutual protection and support. AVG has grown its user base to 143 million active users as of September 30, 2012 and offers a product portfolio that targets the consumer and small business markets and includes Internet security, PC performance optimisation, online backup, mobile security and identity protection.
AVG Media Contacts:
Michael McKinnon AVG 03 9581 0845 firstname.lastname@example.org
Shuna Boyd BoydPR 02 9418 8100 email@example.com
Sign up now »
Run your mission-critical applications in a secure and compliant virtual datacenter, or private cloud.
Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).
- Have an incident response plan.
- Pre-define your incident response team
- Define your approach: watch and learn or contain and recover.
- Pre-distribute call cards.
- Forensic and incident response data capture.
- Get your users on-side.
- Know how to report crimes and engage law enforcement.
- Practice makes perfect.
I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.