Mobile Malware Still Small, But 'Malnets' to Rise Up

With 70% of employees across corporate networks using a personal smartphone or tablet, growing attack surface too big to ignore.

By Taylor Armerding
Tue, February 12, 2013

CSO

mobile malware
Mobile device operating systems are still more secure than those of desktop or laptop computers. But today's mobile spam and phishing attacks will increasingly be delivered via mobile malware networks.

Mobile Malware: Beware Drive-by Downloads on Your Smartphone

How to Defend Against Malnets

Blue Coat Systems' 2013 Mobile Malware Report, released Monday, which analyzed requests from 75 million users worldwide, found that mobile threats are still a relatively small percentage of overall traffic, and mobile malware that breaks into the operating system of the phone is "still in its infancy."

But Sasi Murthy, Blue Coat's senior director of product marketing, said that as cybercriminals adapt to the behavior of mobile users, those threats will increase and become more varied.

With 70% of employees surveyed across the corporate network using a personal smartphone or tablet, according to an IDG Global Mobility Study, this is an attack surface much to big to ignore.

In particular, the report said that malnets, which are well established in the desktop world, are jumping to mobile. Malnets are built by infecting a user's computer with a Trojan. That compromised computer is used by a botnet to lure new users by various means such as spam email. That infrastructure is then used to launch wider attacks.

The report said that before 2012, "malnets primarily served malicious Java apps and made little effort to expand." But in February 2012, malnets targeting mobile users showed noticeable activity.

In 2012, mobile traffic to malnets increased to 2% of overall malnet traffic. This growth is further evidence that mobile malware is poised to make an impact in 2013," the report said.

It said the growth was driven by eight unique malnets in 2012. Three - Narid, Devox and Criban - targeted mobile devices exclusively while the others expanded to include mobile devices. "Narid and Devox are no longer active malnets. Criban continues to show a low level of activity with 83 new hosts over the past year. The maximum number of hosts used in a given day was three," the report said.

The report cited one attack in which the malicious download was recognized by only 10 of the 41 antivirus engines in VirusTotal. "During the same week that this attack occurred, one of the mobile malware malnets used 38 domain names and another used 14 domain names for(a variety of sites that were involved in attacks," it said.

The vulnerability to malware, at least according to some experts, is not due to major holes in mobile operating systems. David Rogers, a mobile security expert and owner of Copper Horse Solutions, said mobile OSs and their underlying hardware "are getting very advanced in terms of security."

Continue Reading

Originally published on www.csoonline.com. Click here to read the original story.
Our Commenting Policies