April 19, 2014

McAfree has detected 1.5 million new malware samples in the last three months

(LiveHacking.Com) – The amount of malware software (including viruses and trojans) has seen its single biggest increase in that last four years according to the new  McAfee Threats Report: Second Quarter 2012.  McAfee Labs says it has detected a 1.5 million increase in malware in the last three months and has seen malware writers becoming more sophisticated with the appearance of new threats such as mobile drive-by downloads, the use of Twitter to control of mobile botnets, and the appearance of mobile ‘ransomware’.

This means that there are 100,000 new bits of malware discovered every day and McAfee predicts that at this rate it will almost certainly see 100 million samples by next quarter and possibly the first 10-million-sample quarter.

“Over the last quarter we have seen prime examples of malware that impacted consumers, businesses, and critical infrastructure facilities,” said Vincent Weafer, senior vice president of McAfee Labs. “Attacks that we’ve traditionally seen on PCs are now making their way to other devices. For example, in Q2 we saw Flashback, which targeted Macintosh devices and techniques such as ransomware and drive-by downloads targeting mobile. This report highlights the need for protection on all devices that may be used to access the Internet.”

Android continue to be a popular target for malware writers. Virtually all new mobile malware detected in the last three months was written for Android. Mobile malware is growing in its sophistication and the full gamut of malware types now exists including SMS-sending malware, mobile botnets, spyware and destructive Trojans.

Other types of popular malware, this time aimed at the PC, include Fake Anti Virus (bogus security software), AutoRun, and password-stealing Trojans. The number of Fake AV malware grew slightly but the overall trend is still down. However AutoRun and password-stealing malware showed significant growth this quarter.

There were nearly 1.2 million new AutoRun samples the quarter and nearly 1.6 million new Password-stealing malware samples. AutoRun worms spread via USB flash drives by executing code embedded in AutoRun files, while Password-stealing malware is designed to collect account names and passwords, so an attacker carry out identity fraud.

You learn more about the rise in malware in the full copy of the McAfee Threats Report: Second Quarter 2012

McAfee protects the Department of Homeland Security as it protects America

(LiveHacking.com) — The Department of Homeland Security, which was created in response to the September 11 attacks and is tasked with protecting the USA from terrorist attacks, has awarded McAfee (which is a wholly owned subsidiary of Intel) a multi-year Enterprise Level Agreement contract with a potential value of up to $12 million.

The contract is for the world’s largest dedicated security technology company to provide the DHS with a broad variety of enterprise wide network and system security support, products, and services. This new agreement follows on from a blanket purchase agreement contract McAfee was awarded last year by the same department. These two contracts mark a significant departure in the way federal agencies source security services.

“This deal is a reflection of the advanced level of collaboration that is going on within the Department of Homeland Security,” McAfee Regional Director for Federal Civilian Sales James Yeager said. “DHS is leading the way in terms of how a government agency can collaborate internally in order to craft a holistic, enterprise-wide approach to security, rather than a patchwork, which can leave agencies spending too much for what is ultimately substandard protection.”

To receive the contract, multiple Chief Information Officers within the DHS supported the decision. Since McAfee has served DHS since the department’s inception in 2003, continuing to work with McAfee reflects well on the company.

The deal expands and extends the DHS’s continuous monitoring and security capabilities and provides the department with an enterprise-wide framework to meet current and future security requirements. There are also significant short- and long-term savings on maintenance.

Scammers targeting London Olympics

(LiveHacking.Com) – As the countdown to the 2012 London Olympics continues security researchers at McAfee have re-iterated their call for vigilance as spammers and scammers attempt to trick unsuspecting users with Olympic related emails and offers. McAfee has collected a large sample of Olympic related lottery and sweepstakes spam message which tempt users to pass over private and confidential information in return for cash prizes. The scammers ask for details such as passport information, national ID numbers, or driver’s license details. Once this personal information has been collected, identity theft is almost guaranteed.

“These mails inform the recipients that they have won a substantial amount of money. After contacting the lottery manager, the victims of these rip-offs will be asked to pay ‘processing fees’ or ‘transfer charges’ so that the winnings can be distributed,” wrote Francois Paget.

It is expected that the number of attacks and volume of spam will increase as the opening ceremony draws near. As well as identity theft these schemes can also be used to spread malware, especially banking trojans. All email users should exercise caution when following links in Olympic related emails.

Here is a sample of the emails collected by McAfee:

One in Six PCs Without Basic Security Software

(LiveHacking.Com) – A recent study has shown that world-wide 17% of all the computers have no anti-virus software installed and surprisingly the USA is one of the worse countries. Ranked in the bottom 5, 19.32% of USA consumers have no basic security software, of any kind, installed. This compares to the top ranked country of Finland where only 9.7% of consumer PCs are unprotected.

The study, which was conducted by McAfee, used a free diagnostic tool for Windows called McAfee Security Scan Plus. It is able to detect the majority of security programs available for Windows and also checked the computer being scanned for threats, anti-virus software and firewall protection. Data was collected from computers in 24 countries, and analyzed an average of 27 million PCs each month. This allowed McAfee to determine a global estimate of the number of consumers who have basic security software.

What is even more interesting is that in countries like Singapore, Canada, the USA and the UK upto 11% of the PCs scanned actually had some form of security software installed but it was disabled! Since basic security software is available for free from the likes of Microsoft, AVG and avast! it is extraordinary that users are running PCs without them. According to McAfee, many consumers still believe that by only visiting known “safe” sites, they’ll be protected from all forms of malicious content.

“The freedom to browse the Internet comes with the added risk of unwanted exposure, and cybercriminals are preying on unsuspecting victims,” says Steve Petracca, SVP and GM of consumer, small business and mobile at McAfee. “With the increasing number of global cyber-attacks affecting consumers, it is critical that the 17% of consumers that are unprotected update their virus protection before it’s too late.”

Recently, McAfee released its quarterly threats report for Q1 2012, which showed that PC-based malware hit a new high during the quarter and showed the largest single jump in malware numbers in the last four years.

McAfee Says Malware Surpassed 75 Million Samples in 2011

(LiveHacking.Com) – McAfee has released its Q4 2011 Threat Report (a PDF) and it shows that last year McAfee collected over 75 million unique malware samples! It also shows that 2011 was by far the busiest periods for mobile malware with Android the number one target for writers of mobile malware.

The most common type of Android malware is the for-profit SMS-sending Trojans, which earn cyber-criminals significant amounts of money by sending messages to premium services. The rooting Android devices is getting easier and easier and there are now apps which combine vulnerability exploits to root phones with the click of a button. However the downside of this is that malware writers can repackage the very same root exploits apps with malware.

There is a sliver of good news in that the overall growth of PC malware is on the decline and is much lower that this time last year. The report also noted a continued decline in Fake AV malware with AutoRun and password-stealing Trojan malware showing only slight declines. However the context of this is that McAfee’s cumulative number of unique malware samples exceeded the 75 million samples.

In Q4 2011, the most common type of remote attack was via vulnerabilities in Microsoft Windows remote procedure calls. This was followed by a very close race between SQL-injection and cross-site scripting attacks. The result is that the number of reported data breaches has more than doubled since 2009 with more than 40 breaches publicly reported in Q4 alone.

“Although the release of new malware slowed a bit in Q4, mobile malware continued to increase and recorded its busiest year to date,” Dave Marcus, Director, Security Research at McAfee said in a blog post.

DDoS Attack Tool Comes to Android

(LiveHacking.Com) – McAfree has reported that the common Low Orbit Ion Cannon (LOIC) denial of service (DoS) tool has been ported to Android. ‘Ported’ might be too strong of a word as this mobile device version is in fact a wrapper around the Javascript version. Nonetheless, this is an interesting advancement in the ubiquity of hacking tools.

Hacktivism (hacking as political or social protest) is becoming increasingly popular with groups like Anonymous using hacking tools to launch distributed denial of service attacks on organizations all over the world. LOIC, one such tool used by the hackers, was originally developed to stress-test websites, however it has now been effectively used by hackers to take websites offline by sending a flood of TCP/UDP packets which overwhelms the server and makes it inaccessible.

Originally written in C#, LOIC inspired the creation of an independent JavaScript version. This version allowed a DoS attacked to be launched from a web browser. In conjunction with PasteHTML, which allows anyone to post HTML onto the web anonymously (no pun intended), and the free AppsGeyser service, which converts web pages into an App, an Android App has been created which encapsulates the Javascript version of LOIC in an Android app. Specifically, the version spotted by McAfee, targets the Argentinian government, but theoretically an Android app can be created to attack any web site. When the app is launched a WebView component is used to run the JavaScript that sends 1,000 HTTP requests with the message “We are LEGION!” as one of the parameters.

“Creating Android applications that perform DoS attacks is now easy: It requires only the URL of an active web LOIC–and zero programming skills–thanks to automated online tools,” wrote Carlos Castillo for McAfee.

McAfee to Patch Two Vulnerabilities in its SaaS for Total Protection

(LiveHacking.Com) – Two vulnerabilities have been found in McAfee’s SaaS for Total Protection, one of which allows a customer’s system to be used as a spam relay. The problem, which was exposed on British art firm Kaamar Limited’s blog earlier this week, has been gaining more and more public attention and now McAfee has started to release information about the issues and details of patches.

As spammers have started to exploit the flaw a number of McAfee’s customers have had their emails blocked after their IP addresses were blacklisted by anti-spam services. “It is believed that thousands of computers have been compromised so far, with more being affected every day,” said Kaamar in its original blog.

“The second issue has been used to allow spammers to bounce off of affected machines, resulting in an increase of outgoing email from them. Although this issue can allow the relaying of spam, it does not give access to the data on an affected machine. The forthcoming patch will close this relay capability,” wrote David Marcus Director, Security Research at McAfee.

According to an update on McAfee’s blog, the the patch for the spam issue is now rolling out to customers, and everyone should have the update shortly.

Android Now Most “Popular” Platform for New Malware

(LiveHacking.Com) - McAfee have released their Third Quarter 2011 Threats Report and it shows that Android is now the most “popular” platform for new malware. Android targeted malware grew by nearly 37 percent since last quarter and stunningly nearly all new mobile malware in Q3 was targeted at Android.

The most common method for spreading Android malware continues to be maliciously modified apps. One of the most lucrative (for the malware author) forms of malware are the premium-rate SMS-sending Trojans. According to McAfee the Android/Wapaxy, Android/LoveTrp, and Android/HippoSMS families are new versions of premium-rate SMS Trojans that sign up victims to subscription services. These Trojans are also getting smarter as they delete all the subscription confirmation messages received. This menas that the victim remains unaware of the what the malware is doing.

The Symbian OS (for Nokia handsets) still remains the platform with the all-time greatest number of malware, but Android gaining fast.

Apart from the increase in Android malware, McAfee also noted the following trends:

  • Fake Anti-Virus (AV), AutoRun and password-stealing Trojans have bounced back strongly from previous quarters.
  • Mac malware also continues to grow, following a sharp increase in Q2.
  • Web sites are still a common way for attackers to spread malware, however the number of dangerous site dropped slightly, from an average of 7,300 new bad sites in Q2 to 6,500 new bad sites in Q3. The vast majority of new malicious sites are located in the United States.

With regards to the increase in OS X threats, McAfee point out that as OS X grows in popularity, malware authors will increasingly make use of it to target victims.

From a global point of view the top 5 malware threat are:

  1. Malicious Iframes
  2. Malicious Windows Shortcut Files
  3. Parasitic File Infector
  4. USB-Based AutoRun Parasitic Malware
  5. Web-Based File Infectors

“This has been a very steady quarter in terms of threats, as both general and mobile malware are more prevalent than ever,” said Vincent Weafer, senior vice president of McAfee Labs. “So far this year, we’ve seen many interesting yet challenging trends that are affecting the threat landscape, including heightened levels of sophistication and high-profile hacktivist attacks.”

Intel and McAfee Unveil DeepSAFE

(LiveHacking.Com) – As part of the Intel Developer Forum in San Francisco, Intel and McAfee have unveiled DeepSAFE, a new technology that is sandwiched between the OS and the CPU allowing anti-malware programs to gain an additional vantage point in the computing stack to better protect systems.

With DeepSAFE, McAfee and Intel are working to combine the power of hardware and software to create more sophisticated ways to prevent attacks. The new technology was demonstrated on stage. A system running the DeepSAFE technology was able to detect and stop a zero-day (i.e. a previously unknown) rootkit called Agony from infecting a system in real time. This technology is expected to launch in products later in 2011.

Todd Gebhart, co-president of McAfee said:

“This is a tremendous shift for McAfee and one of the biggest innovations in the security industry’s history. McAfee DeepSAFE uses hardware features already in the Intel processors to provide security beyond the OS. From this unique vantage point, DeepSAFE can apply new techniques to deliver a whole new generation of protection in real time to prevent malicious activity and not just detect infections.”

Two-thirds of All New Mobile Malware Targets Android

(LiveHacking.Com) - McAfee has published its Threats Report for the second quarter 2011 and has found that two-thirds of all new malware is targeting the Android smartphone platform.

In the last three months the number of new Android-specific malware has risen sharply. In comparison, J2ME (Java Micro Edition) suffered only a third as much malware.

According to the report, “This quarter Android OS-based malware became the most popular target for mobile malware developers. That’s a rapid rise for Android, which outpaces second place Java Micro Edition threefold.”

Intentionally modifying popular apps to carry malware is still a popular way of infecting devices. By corrupting a legitimate app or game unsuspecting users will download and install malware on their smart phones by themselves without the attacker needing to find an exploit in the underlying OS.

“This increase in threats to such a popular platform should make us evaluate our behavior on mobile devices and the security industry’s preparedness to combat this growth,” says the report.

The “open” aspects of the Android ecosystem with its multiple app stores is the main reason this type of malware infection can happen. Although Apple’s app store admission policies are often seen as restrictive and draconian, its closed and moderated nature means that it is very hard for malware writers to get infected aplications into the app store.