McAfee reports largest malware spike in four years

The second quarter of 2012 saw the biggest increase in malware samples detected in the past four years, says security company McAfee

The second quarter of 2012 saw the biggest increase in malware samples detected in the past four years, says security firm McAfee.

Researchers detected a 1.5 million sample increase in malware since Q1 2012, according to the firm’s latest cyber threat report. The report is based on input from the McAfee Labs team of 500 multidisciplinary researchers in 30 countries.

McAfee Labs identified new threats such as mobile “drive-by downloads”, the use of Twitter for control of mobile botnets and the appearance of mobile “ransomware”.

With the malware sample discovery rate accelerating to nearly 100,000 a day, McAfee said it had identified key malware variants affecting a range of users globally.

“Over the last quarter we have seen prime examples of malware that impacted consumers, businesses, and critical infrastructure facilities,” said Vincent Weafer, senior vice-president of McAfee Labs.

“Attacks that we’ve traditionally seen on PCs are now making their way to other devices. For example, in Q2 we saw Flashback, which targeted Macintosh devices and techniques such as ransomware and drive-by downloads targeting mobile. This report highlights the need for protection on all devices that may be used to access the internet,” Weafer said.

Malware targets Google Android OS

According to McAfee, PC malware writers are transferring their skills to other popular consumer and business platforms, such as Google’s Android operating system (OS). 

After the mobile malware explosion in Q1 2012, Google Android OS malware shows no signs of slowing down, the McAfee researchers said.

Virtually all new mobile malware detected in Q2 2012 was directed at the Android OS, comprising SMS-sending malware, mobile botnets, spyware and destructive Trojans, the McAfee report said.

Ransomware is also steadily increasing quarter over quarter, the report said. Damage from ransomware ranges from loss of photos and personal files for home users, to data encryption and demands for money for large enterprises.

Botnets on the rise in 2012

Botnets – networks of compromised computers infected with malicious software and used to generate spam, send viruses or cause web servers to fail - have also taken centre stage this quarter. Botnet infections reached a 12-month high, the McAfee report said.

Researchers have uncovered methods for control, including the use of Twitter for mobile botnet command and control. This means the attacker can tweet commands with relative anonymity and all infected devices will follow them.

Thumb drive and password-stealing malware showed significant growth in Q2. At nearly 1.2 million new samples, the AutoRun worm spreads from thumb drives by executing code embedded in AutoRun files, repeating the process on any and all drives discovered, the report said.  

Password-stealing malware, at nearly 1.6 million new samples, collects account names and passwords, so an attacker can pose as the victim.

This quarter McAfee Labs recorded an average of 2.7 million new bad URLs per month. In June, these new URLs were related to about 300,000 bad domains, equivalent to 10,000 new malicious domains every day.  

Of the new bad-reputation URLs, 94.2% host malware, exploits or code designed to hijack computers.

Read more on Hackers and cybercrime prevention