Mobile malware still small, but 'malnets' to rise up

Today's mobile spam and phishing attacks will increasingly be delivered via mobile malware networks

Mobile device operating systems are still more secure than those of desktop or laptop computers. But today's mobile spam and phishing attacks will increasingly be delivered via mobile malware networks.

Blue Coat Systems' 2013 Mobile Malware Report, released Monday, which analyzed requests from 75 million users worldwide, found that mobile threats are still a relatively small percentage of overall traffic, and mobile malware that breaks into the operating system of the phone is "still in its infancy."

But Sasi Murthy, Blue Coat's senior director of product marketing, said that as cybercriminals adapt to the behavior of mobile users, those threats will increase and become more varied.

With 70% of employees surveyed across the corporate network using a personal smartphone or tablet, according to an IDG Global Mobility Study, this is an attack surface much to big to ignore.

In particular, the report said that malnets, which are well established in the desktop world, are jumping to mobile. Malnets are built by infecting a user's computer with a Trojan. That compromised computer is used by a botnet to lure new users by various means such as spam email. That infrastructure is then used to launch wider attacks.

The report said that before 2012, "malnets primarily served malicious Java apps and made little effort to expand." But in February 2012, malnets targeting mobile users showed noticeable activity.

In 2012, mobile traffic to malnets increased to 2% of overall malnet traffic. This growth is further evidence that mobile malware is poised to make an impact in 2013," the report said.

It said the growth was driven by eight unique malnets in 2012. Three - Narid, Devox and Criban - targeted mobile devices exclusively while the others expanded to include mobile devices. "Narid and Devox are no longer active malnets. Criban continues to show a low level of activity with 83 new hosts over the past year. The maximum number of hosts used in a given day was three," the report said.

The report cited one attack in which the malicious download was recognized by only 10 of the 41 antivirus engines in VirusTotal. "During the same week that this attack occurred, one of the mobile malware malnets used 38 domain names and another used 14 domain names for(a variety of sites that were involved in attacks," it said.

The vulnerability to malware, at least according to some experts, is not due to major holes in mobile operating systems. David Rogers, a mobile security expert and owner of Copper Horse Solutions, said mobile OSs and their underlying hardware "are getting very advanced in terms of security."

Dirk Sigurdson, director of engineering for Mobilisafe at Rapid7, said that doesn't mean they are safe. "Devices are typically required to be updated by employees, since patches can't be pushed by organizations. Because of this, a high percentage of devices are running out-of-date firmware with OS-level vulnerabilities," he said.

But Rogers said the major problem is that developers need to be better trained in how to develop secure software. "In most cases the tools and libraries they use are not designed to help them make the right security decisions, resulting in very basic flaws which have serious security consequences," he said.

[Also see: Malnets lead the cyberattack pack]

The result is that users have a tougher time spotting classic mobile threats. The Blue Coat report notes that, on mobile devices, URLs are not fully displayed, that users are taught to expect mobile websites to look different than the desktop versions, and that mobile versions of websites are often developed and hosted by third parties. Given this, users are conditioned to going to strange URLs.

The report noted the problem is worse on Android devices because of "the unregulated apps market and diversity of Android-based devices."

Eric Maiwald, research vice president, security and risk management at Gartner, called it an "ecosystem problem," noting that Apple's iOS devices are deployed, "within an ecosystem that includes a single, central, app store."

The user is not always helpless, however. Some of the problem is because convenience trumps security. "If logging into a VPN is cumbersome or provides poor performance, a user will find another way to send out documents. That method won't always be secure or even compliant with regulations," the report said.

Changing that behavior is difficult to impossible, Maiwald said. "You can provide incentives and disincentives, but without some drastic actions, users can still behave in ways that circumvent security controls in many cases."

Rogers said some of the responsibility for that lies with developers, who he said"should not just consider the technical security of an application but make security as friendly and seamless as possible from the user's perspective."

Murthy said the key is to deploy security software that blocks threats at the source. She said mobile users should expect attacks to increase, particularly with the use of malnets.

"We're not seeing a lot of mobile exploit kits yet, but when they put them together, the infrastructure is in place," she said, adding that malnets can become active and then shut down to escape notice, "almost like sleeper cells."

Read more about wireless/mobile security in CSOonline's Wireless/Mobile Security section.

Join the PC World newsletter!

Error: Please check your email address.

Tags applicationssecuritymobile malnetmobile securitysoftwareData Protection | WirelessBlue Coat Systemsdata protection

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Taylor Armerding

Show Comments

Most Popular Reviews

Latest News Articles


PCW Evaluation Team

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre x360

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga 910

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?