Usually, the quarterly malware reports from various security vendors have few surprises. You can pretty well guess what they will report if you follow security news. For instance, mobile malware continues to rise, with most of the problems based in Android apps, and the financial industry has been hit pretty hard this quarter. And Java continues to be a very serious problem.
However, this time around, there have been some interesting and new trends that have shown up, and a couple of them caught my attention. First, Kaspersky Lab’s report includes a Top 10 Vulnerabilities list. For the first time ever Microsoft was not among the vendors to appear in the list. However, Apple was with its QuickTime and iTunes programs both included. That’s huge news. It isn’t to say Microsoft is problem-free, of course, but it does point out that anyone using Apple software or applications need to pay a lot more attention.
Kaspersky Lab also pointed out how mobile malware is changing. More than half (57 percent) of all malware detected on smartphones consisted of SMS Trojans — malicious programs that steal money from victims’ mobile accounts by sending SMS messages to premium rate numbers. However, the latest data reveals that SMS Trojans are gradually being replaced by more sophisticated and versatile data-accessing and data-stealing Trojans and malicious programs, which accounted for a combined 36 percent of Android malware in Q3 2012.
Over at Kindsight, the emphasis this quarter was on the ZeroAccess botnet because of its major growth and impact this past quarter. Cybercriminals are using ZeroAccess to take over victims’ computers for ad-click fraud and bitcoin mining. The report also includes a 24-hour snapshot of how ZeroAccess mimics the human behavior of clicking on ads (to sneak past ad-click fraud detection), generating about $900,000 per day. Kevin McNamee, security architect and director, Kindsight Security Labs, said in a release:
The ZeroAccess botnet has grown significantly to become the most active botnet we’ve measured this year.
It’s easy to get complacent with the malware and vulnerability issues that are commonplace, but this particular quarter is a good reminder that the bad guys always have something new up their sleeves.