Mobile malware still small, but 'malnets' to rise up

Today's mobile spam and phishing attacks will increasingly be delivered via mobile malware networks

Mobile device operating systems are still more secure than those of desktop or laptop computers. But today's mobile spam and phishing attacks will increasingly be delivered via mobile malware networks.

Blue Coat Systems' 2013 Mobile Malware Report, released Monday, which analyzed requests from 75 million users worldwide, found that mobile threats are still a relatively small percentage of overall traffic, and mobile malware that breaks into the operating system of the phone is "still in its infancy."

But Sasi Murthy, Blue Coat's senior director of product marketing, said that as cybercriminals adapt to the behavior of mobile users, those threats will increase and become more varied.

With 70% of employees surveyed across the corporate network using a personal smartphone or tablet, according to an IDG Global Mobility Study, this is an attack surface much to big to ignore.

In particular, the report said that malnets, which are well established in the desktop world, are jumping to mobile. Malnets are built by infecting a user's computer with a Trojan. That compromised computer is used by a botnet to lure new users by various means such as spam email. That infrastructure is then used to launch wider attacks.

The report said that before 2012, "malnets primarily served malicious Java apps and made little effort to expand." But in February 2012, malnets targeting mobile users showed noticeable activity.

In 2012, mobile traffic to malnets increased to 2% of overall malnet traffic. This growth is further evidence that mobile malware is poised to make an impact in 2013," the report said.

It said the growth was driven by eight unique malnets in 2012. Three - Narid, Devox and Criban - targeted mobile devices exclusively while the others expanded to include mobile devices. "Narid and Devox are no longer active malnets. Criban continues to show a low level of activity with 83 new hosts over the past year. The maximum number of hosts used in a given day was three," the report said.

The report cited one attack in which the malicious download was recognized by only 10 of the 41 antivirus engines in VirusTotal. "During the same week that this attack occurred, one of the mobile malware malnets used 38 domain names and another used 14 domain names for(a variety of sites that were involved in attacks," it said.

The vulnerability to malware, at least according to some experts, is not due to major holes in mobile operating systems. David Rogers, a mobile security expert and owner of Copper Horse Solutions, said mobile OSs and their underlying hardware "are getting very advanced in terms of security."

Dirk Sigurdson, director of engineering for Mobilisafe at Rapid7, said that doesn't mean they are safe. "Devices are typically required to be updated by employees, since patches can't be pushed by organizations. Because of this, a high percentage of devices are running out-of-date firmware with OS-level vulnerabilities," he said.

But Rogers said the major problem is that developers need to be better trained in how to develop secure software. "In most cases the tools and libraries they use are not designed to help them make the right security decisions, resulting in very basic flaws which have serious security consequences," he said.

[Also see: Malnets lead the cyberattack pack]

The result is that users have a tougher time spotting classic mobile threats. The Blue Coat report notes that, on mobile devices, URLs are not fully displayed, that users are taught to expect mobile websites to look different than the desktop versions, and that mobile versions of websites are often developed and hosted by third parties. Given this, users are conditioned to going to strange URLs.

The report noted the problem is worse on Android devices because of "the unregulated apps market and diversity of Android-based devices."

Eric Maiwald, research vice president, security and risk management at Gartner, called it an "ecosystem problem," noting that Apple's iOS devices are deployed, "within an ecosystem that includes a single, central, app store."

The user is not always helpless, however. Some of the problem is because convenience trumps security. "If logging into a VPN is cumbersome or provides poor performance, a user will find another way to send out documents. That method won't always be secure or even compliant with regulations," the report said.

Changing that behavior is difficult to impossible, Maiwald said. "You can provide incentives and disincentives, but without some drastic actions, users can still behave in ways that circumvent security controls in many cases."

Rogers said some of the responsibility for that lies with developers, who he said"should not just consider the technical security of an application but make security as friendly and seamless as possible from the user's perspective."

Murthy said the key is to deploy security software that blocks threats at the source. She said mobile users should expect attacks to increase, particularly with the use of malnets.

"We're not seeing a lot of mobile exploit kits yet, but when they put them together, the infrastructure is in place," she said, adding that malnets can become active and then shut down to escape notice, "almost like sleeper cells."

Read more about wireless/mobile security in CSOonline's Wireless/Mobile Security section.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags mobile securitysoftwaredata protectionapplicationsBlue Coat SystemsData Protection | Wirelessmobile malnet

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Taylor Armerding

Show Comments

Brand Post

PC World Evaluation Team Review - MSI GS75

As the Maserati or BMW of laptops, it would fit perfectly in the hands of a professional needing firepower under the hood, sophistication and class on the surface, and gaming prowess (sports mode if you will) in between.

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Jack Jeffries


As the Maserati or BMW of laptops, it would fit perfectly in the hands of a professional needing firepower under the hood, sophistication and class on the surface, and gaming prowess (sports mode if you will) in between.

Taylor Carr


The MSI PS63 is an amazing laptop and I would definitely consider buying one in the future.

Christopher Low

Brother RJ-4230B

This small mobile printer is exactly what I need for invoicing and other jobs such as sending fellow tradesman details or step-by-step instructions that I can easily print off from my phone or the Web.

Aysha Strobbe

Microsoft Office 365/HP Spectre x360

Microsoft Office continues to make a student’s life that little bit easier by offering reliable, easy to use, time-saving functionality, while continuing to develop new features that further enhance what is already a formidable collection of applications

Michael Hargreaves

Microsoft Office 365/Dell XPS 15 2-in-1

I’d recommend a Dell XPS 15 2-in-1 and the new Windows 10 to anyone who needs to get serious work done (before you kick back on your couch with your favourite Netflix show.)

Maryellen Rose George

Brother PT-P750W

It’s useful for office tasks as well as pragmatic labelling of equipment and storage – just don’t get too excited and label everything in sight!

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?