McAfee: New malware is proliferating

McAfee: New malware is proliferating

The number of new malware detected has jumped from less than 70,000 instances in 2009 to close to 90,000

Instances of malware continue to increase steadily, with the number of new threats reaching the highest point since 2009, McAfee says.

The number of new malware detected jumped from less than 70,000 instances to near 90,000 over that period, according to "McAfee Threats Report: Second Quarter 2012," with attacks against Android mobile devices representing the largest new threat category in the quarter.

MORE ANDROID: Cybercriminals take advantage of Android Flash Player gap

That the Android outbreak parallels historical attacks against PCs should be expected, McAfee says. "If much of Android malware seems familiar to PC malware, it should come as no surprise," the report says. "Malware writers leverage the expertise they honed during the years of writing malware for other platforms."

This new code is not just proof-of-concept attempts. "It is fully functional and mature, and mobile malware writers know what they are looking for: consumer and business data," McAfee says.

Android attacks are highlighted by a new attack method -- drive-by downloads for Android smartphones where visiting a site infects the phone. One difference with drive-bys carried out against PCs is that the mobile malware requires victims to install the code. But as the McAfee report notes, "when an attacker names the file Android System Update 4.0.apk, most suspicions vanish."

In addition to drive-bys, a botnet is now trying to enroll Android phones as zombie machines that take orders from Twitter accounts that are controlled by attackers. Commands for the bots are tweeted, and infected devices retrieve and follow them. The new botnet client is called Android/Twikabot.A.

"Using a service such as Twitter allows an attacker to leverage the resources of others without paying for a dedicated server or stealing one that belongs to a victim," the McAfee report says. "Internet relay chat servers have been exploited in the past for similar reasons, but using the web service gives attackers a small measure of anonymity."

Creators of an Android Trojan horse have apparently upgraded Android/Moghava.A to a new version called Android/Stamper.A, both of which corrupt photos on SD cards. Both pieces of malware use the same code for corrupting victims' phones, but the photo used to lure victims is different. The new version attracts people targets fans of a Japanese singing group with the promise of a look at fan election results. Instead they get a photo from a "What would your baby look like" competition that corrupts the phone.

The report says Mac users should beware. Over the past four quarters the number of Mac malware instances has steadily increased, but compared to the number for Windows, it's small.

One bit of good news is that one specific type of attack -- phony antivirus software aimed at Mac users -- is on the decline.

Tim Greene covers Microsoft for Network World and writes the Mostly Microsoft blog. Reach him at and follow him on Twitter @Tim_Greene.

Read more about wide area network in Network World's Wide Area Network section.

Follow Us

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.


Show Comments