Report: Malware Poisons One-Third of World’s Computers

Nearly one-third of the world’s computers could be infected with malware, suggests a report released last week by the Anti-Phishing Working Group.

Malicious apps invaded 32.77 percent of the world’s computers, a more than 4 percent jump from the previous quarter’s 28.39 percent, the report estimates.

The increase in infected computers has come hand-in-hand with a jump in the appearance of malware samples, said Luis Corrons, technical director of PandaLabs, the research arm of Panda Security, one of the sponsors of the APWG report.

“The creation of malware samples is skyrocketing,” Corrons told TechNewsWorld. “It has doubled from the last quarter to the first quarter of this year.”

In the last quarter of 2013, some 80,000 malware samples a day were discovered by Panda researchers. In the first quarter of 2014, that number jumped to 160,000.

Hiding in Numbers

By far, most of the new malware strains (71.85 percent) and malware infections (79.70 percent) are Trojans. Less than a quarter of new malware strains (22.70 percent) and malware infections (12.77 percent) are viruses and worms.

“At the end of the day, malware is created to steal information,” Carrons explained. “Trojans are the most suitable malware to do that.”

The primary motivation behind creating so many new malware strains is to avoid detection by antivirus programs. Those programs use signatures to identify malicious software. Since each new bad app strain contains a new signature, constantly introducing new strains extends the time a malicious app can remain virulent.

“In the old days, they might be able to infect 1,000 users with a Trojan,” Corrons said. “It was easy for antivirus to catch that. Now you’ll have 1,000 users infected with 1,000 different Trojans.”

The number of phishing sites in the world increased quarter-over-quarter by 10.7 percent, from 111,773 to 125,215 — the largest site total for a quarter seen since 2012, the APWG report noted.

A slight uptick in brands targeted by phishers also was spotted by APWG researchers — from 525 in the fourth quarter of 2013 to 557 in the first quarter of this year.

The Dragonfly Campaign

An international gang of hackers has been surreptitiously planting Remote Access Trojans on the systems of energy companies in Spain, the United States, Japan, France, Italy and Germany, security researchers and CERT’s ICS team revealed last week.

The campaign, called “Dragonfly” by Symantec, could pose grave risks to a nation’s energy infrastructure.

“Depending on how deep the attackers can get into the energy infrastructure, the damage could be great,” Adam Kujawa, head of malware intelligence at Malwarebytes, told TechNewsWorld.

“Intelligence gained from cyberespionage could be very useful in the right hands — and if passwords, IP addresses and user names have been pulled from infected systems, that could allow attackers onto more secure networks and obtain direct control of energy resources,” he said. “The damage done would be very serious.”

Dragonfly is a painful reminder of a dilemma every nation is facing.

“There is a nasty convergence happening as we speak: Our lives are getting ever more dependent on reliable and available energy, but at the same time, the infrastructure of energy companies is getting more complicated,” RedSeal Networks CTO Mike Lloyd told TechNewsWorld.

“This complexity adds weakness and multiplies the pathways attackers can exploit,” he added.

Android KeyStore Flaw

A flaw in the way Android stores its encryption keys could be exploited by hackers on phones using version 4.3 of the mobile operating system.

The vulnerability was revealed by IBM researchers last week after Google released a patch for the flaw.

If left unpatched by a user, the flaw can be exploited to leak a device’s lock credentials, leak decrypted or encrypted master keys, and perform crypto operations such as signing data on behalf of phone’s user.

However, exploiting the flaw is by no means a cakewalk.

“You need to know what you’re doing as an attacker,” Diana Kelley, executive security advisor for IBM Security Systems, told TechNewsWorld.

“It’s not trivial to exploit this, but I wouldn’t write this off,” she said. “As we’ve seen in the past, attackers do find ways to exploit even difficult attacks.”

Moreover, “as we’ve seen again and again in these kinds of attacks, once they get into the wild, somebody will create an exploit kit that anyone can download and that allows anyone to exploit it,” she added.

Breach Diary

  • June 29. Butler University notifies 163,000 students, alumni and faculty their personal information is at risk after being alerted by California authorities that they’d arrested an identity thief with a flash drive containing birth dates, Social Security numbers and some back account information of university employees.
  • June 30. U.S. Director of National Intelligence James Clapper in response to information request from Sen. Ron Wyden, D-Ore., reveals CIA and FBI, as well as NSA, performed backdoor searches using U.S. identifiers.
  • July 1. Electronic Frontier Foundation files Freedom of Information lawsuit against U.S. Director of National Intelligence office to gain access to documents showing how intelligence agencies choose whether to disclose zero-day vulnerabilities in software.
  • July 1. The Register reports UK and Irish authorities are investigating Facebook’s failure to obtain consent from its European users when conducting study two and a half years ago of the impact of News Feed content on its members’ emotional states.
  • July 1. National Consumers League releases survey finding 61 percent of data breach victims say their breached information was used to commit fraud against them; 49 percent did not know where the information used to defraud them was compromised.
  • July 1. Facebook accidentally sends some advertisers billing information for other advertisers’ ads. Company says problem fixed in two hours.
  • July 1. FTC accuses T-Mobile of making hundreds of millions of dollars by allowing known scammers to bill consumers with fraudulent unauthorized charges for text-message services.
  • July 1. Trend Micro launches IOE Threat Intelligence Resource, an educational website focusing on emerging threats to the Internet of Things.
  • July 1. Microsoft announces it’s adding encryption to data stored on its and OneDrive websites.
  • July 2. Goldman Sachs Group asks state court judge to order Google to delete confidential emails accidentally sent to the wrong Gmail account by a contractor with the company.
  • July 2. RSA researchers reveal Brazilian cybercrime scheme that has put US$3.75 billion in transactions within that country at risk.
  • July 2. Privacy and Civil Liberties Oversight Board releases report saying the National Security Agency’s Internet spying on foreign targets in the United States has been legal, effective and subject to rigorous oversight to protect the rights of Americans.
  • July 2. Seven Internet Service Providers and communications companies from the United Kingdom, United States and Germany file lawsuit against British spy agency GCHQ seeking to stop it from snooping on the companies’ customers.
  • July 2. Russian Duma approves law requiring personal data of all its citizens be stored inside the country.
  • July 2. Ruby On Rails developers release patches to address SQL injection vulnerabilities in the web framework software.
  • July 3. The Electronic Privacy Information Center files a complaint and request for investigation with FTC over Facebook study two and a half years ago on the impact of News Feed content on members’ emotional states.
  • July 3. Security researchers, after study of an NSA spy tool, conclude there is a whistle-blower in the agency, other than Edward Snowden, leaking information about its worldwide surveillance activities.
  • July 3. Electronic Frontier Foundation reports flaw in phones running Android that broadcasts their location history to anyone within WiFi range of the device.
  • July 3. Oracle announces it will stop making versions of Java for Windows XP starting with version 8.
  • July 3. Symantec reports Dailymotion website compromised and redirecting its visitors to a website containing the Sweet Orange Exploit Kit, which exploits known vulnerabilities in Microsoft Internet Explorer, Oracle Java and ADobe Flash.

Upcoming Security Events

  • July 19. B-Sides Cleveland. B side Liquor Lounge & The Grog Shop, 2785 Euclid Heights Blvd., Cleveland Heights, Ohio. Free.
  • Aug. 2-7. Black Hat USA. Mandalay Bay, Las Vegas. Registration: through June 2, $1,795; through July 26, $2,195; after July 26, $2,595.

  • Aug. 5-6. Fourth Annual Cyber Security Training Forum. Double Tree Hilton Hotel, Colorado Springs,Colo.
  • Aug.5-6. B-Sides Las Vegas. Tuscany Suites and Casino, Las Vegas. Free.
  • Aug. 7-10. Defcon 22. Rio Hotel & Casino, Las Vegas. Registration: $220.
  • Aug. 16-17. B-Sides Dubai. Dubai World Trade Center. Free.
  • Aug. 23. B-Sides Minneapolis-St. Paul. Nerdery! Free with registration.
  • Aug. 29-30. B- Sides Hyderabad. Hyderabad International Convention, India. Free with Registration.
  • Sept. 6-7. B-Sides Dubai. Move n Pick Jumeirah Hotel, Dubai. Free.
  • Sept. 13. B-Sides Memphis. Southwest Tennessee Community College, 5983 Macon Cove, Memphis, Tenn. Free.
  • Sept. 13. B-Sides Augusta. Georgia Regents University, Science Hall, 2500 Walton Way, Augusta, Ga.
  • Sept. 17-19. International Association of Privacy Professionals and Cloud Security Alliance Joint Conference. San Jose Convention Center, San Jose, Calif.
  • Sept. 18. Cyber Security Summit. The Hilton Hotel, New York City. Registration: $250; government, $50.
  • Sept. 29-Oct. 2. ISC2 Security Congress 2014. Georgia World Congress Center, Atlanta. Registration: through Aug. 29, member or government, $895; non-member, $1,150. After Aug. 29, member and government, $995; non-member, $1,250.
  • Sept. 29-Oct. 3. Interop New York. Jacob Javits Convention Center, New York City. Expo: free. Total Access: early bird (July 1-Aug. 15) $2,899; regular rate (Aug. 16-Sept. 26), $3,099; Sept. 27-Oct. 3, $3,299.

John Mello is a freelance technology writer and contributor to Chief Security Officer magazine. You can connect with him on Google+.

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

More by John P. Mello Jr.
More in Malware

Technewsworld Channels