Kindsight Security report on the growth of malware diffusion

Today I had the opportunity to analyze the a majority-owned subsidiary of Alcatel-Lucent, that shows a worrying scenario, around 14 percent of home networks were infected with malware in the period between  April and June 2012.

Researchers declared:

“We saw an increase in the number of home networks infected as compared to first quarter 2012,”

One of the main vector to spread the malicious agents is still the email, unsuspecting users are daily hijacked on infected website that compromise their machines with various type of malware.

According the proposed statistics 9 percent of residential households were infected by high-threat malware, such as a botnet, rootkit, or a banking Trojan, meanwhile approximately 6 percent were infected with moderate-threat malware such as spyware, browser hijackers, and adware.

Of course in many cases user’s machine is compromised by several malware.

The report dedicates a specific session to the botnetsand in particular to ZeroAccess botnet whch grew to over 1.2 million nodes over the second quarter.

Director of Kindsight Security Labs, Kevin McNamee said on the botnet:

“In recent months, we’ve seen the ZeroAccess botnet update its command and control protocol and grow to infect more computers while connecting to over one million computers globally,”

“The concern with ZeroAccess is that it is using the subscriber’s bandwidth maliciously which will cost them money as they exceed bandwidth caps. And, once the computer is compromised, it can also spread additional malware or launch new attacks,”

The particularity of the ZeroAccess botnet is the peer-to-peer protocol of communication used, in my previous article I described the efficiency of this type of botnet really difficult to decapitate.

Compromised machines receive orders from a command-and-control server directing them to click on ads on specific websites, meanwhile the website master collects per-click fees from the advertiser after generating fraudulent clicks using the botnet.

The following chart report that the infected peers are widely distributed throughout the Internet with almost 18% in India and 10% in the United States.

The report shows also the impact of malware on the MAC world, Flashback Trojan infected 10 percent of homes that owned at least one Mac in April 2012.

Great concerns are also related mobile environment, the report estimates that one out of every 140 devices on mobile networks was infected, 0.7% of all devices on mobile scenario, in the recent months in particular it has been observed an impressive growth of number of malware developed for Android OS (increased by 300 percent over the past three months).  Nobody is immune, also Apple mobile has been hit during the second quarter by the first trojan deployed on iOS named “Find and Call”.

What to expect from the future?

The trend is to a constant growth of number of malware in particular for the mobile sector, the data confirms that in Q3, especially for Android, is expected a sensible increase of the cyber threats.

The main reason behind the phenomenon are the lack of awareness on the cyber threat and the large diffusion of mobile devices, many statistics have in fact highlighted that mobile users don’t use any kind of protection for their devices with dramatic consequences.

Pierluigi Paganini