Security company McAfee released its second quarter threat report today and the language in it is quite frank: “The security industry may need to reconsider some of its fundamental assumptions, including ‘Are we really protecting users and companies?'” With malware at its highest levels ever, the escapades of LulzSec and Anonymous continuing unhindered and new varieties of spam being created almost every minute, it is a pertinent question.
Android is now far and away the leader is mobile malware. For-profit mobile malware has also grown significantly, with SMS-sending Trojans and other complex Trojans compromising smartphones. Rootkit malware that takes over the operating kernel of a computer or a smartphone is also becoming popular among malicious programmers. As McAfee notes, “The second quarter of the year was clearly a period of chaos, changes and new challenges.”
Android mobile malware has become a persistent threat. Earlier in the year the press covered every new iteration of Android malware, starting with DroidDream and jumping every time a smartphone sneezed. Now, just as with PC malware, Android malware is a usual occurrence. Some of the top Android malware Trojans and viruses out there are derivates of DroidDream. That makes a lot of sense as malware is known to morph significantly when it is out in the wild as new programmers get their hands on it and change it to their specific needs (or, just enough to slip through security applications). Security programmers should look out for Android malware in the DroidKungFu family, the DrdDreamLite family and Tcent, which sends text messages to premium services.
As for traditional email spam, the price for a block of email addresses is relatively cheap. In Russia, the United States, Germany and Australia, 1 million email addresses will run you $25; upwards of 8 million addresses will cost about $200. As with legitimate software companies, malware programmers license their tools. The Eleonore, a long-time tool for malicious programming, now goes for $2,000 for a latest versions.
Earlier in the year the press covered every new iteration of Android malware, starting with DroidDream and jumping every time a smartphone sneezed.
For the first half of 2011, malware is at its highest rate ever. Though, if you just take the second quarter into account, it is a touch behind the pace of 2010. Overall this year malware is up 22%. McAfee’s library of malware will reach 75 million entries by the end of the year.
One of the most common targets has been Adobe, which now outpaces Microsoft in attracting exploits. That is another knock to Adobe, which has been struggling in the market to create new products that actually run effectively on computers and mobile devices.
McAfee’s report covers a sprawl of different types of malware, spam, phishing and social engineering, mobile viruses and malware, and botnets. Reading through the report, it is no wonder that the security companies should be beginning to question themselves and whether or not they can keep up with the flood of malicious activity on the Internet. On one hand, the popular refrain is always “exercise common sense and you will be secure”, but motivated hackers have almost no trouble isolating people and companies if they really want to get their information.
The question has to be asked: Is the security industry failing us?