Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more

Web-loving Malware Doubles in 2013

Web-based attacks, which typically involve techniques that redirect the browser to malicious sites, were the most commonly reported type of attack for the last half of 2013
Web-based attacks, which typically involve techniques that redirect the browser to malicious sites, were the most commonly reported type of attack for the last half of 2013

The firm’s most recent Threat Report showed that the Conficker worm came in second, with 20%.

Meanwhile, the three most common exploits detected during the period were all Java-related, led by Majava and those that targeted the CVE-2013-2471 and CVE-2013-1493 vulnerabilities. If the percentages of these three are combined (19%, 4% and 3%, respectively), Java-related exploits make up the second-most reported threat type in H2 2013, with most reports coming in from the US, France, Germany and Finland.

This is, however, actually a decline in the amount of Java-related exploits compared to the previous half of 2013, which may be attributed to the October arrest of Paunch, the alleged creator of the BlackHole and Cool exploit kits, which were responsible for enabling a sizeable portion of the attacks against Java.

“Since the arrest, the number of reported detections we’ve seen for BlackHole and Cool have sharply declined,” the report noted. “Unfortunately, this seems to have simply left a void that new contenders are now squabbling to fill, with other exploit kits such as the Angler exploit kit rapidly gaining momentum and market share.”
Mac malware continues a slight but steady increase, with 51 new families and variants detected in the year.

A persistent theme in general is that of opportunistic threats out for monetary gains.

“A good example seen in H2 2013 is the reported targeted attack on a professional poker player’s laptop, which had a Remote Access Trojan (RAT) planted on it in order to view his hand during online poker tournaments,” said F-Secure in the report. “Such attacks on players colloquially known as card sharks are, appropriately enough, known as sharking.”

And, on the mobile front there was no surprise: threats targeting Android accounted for 97% of mobile attacks for the whole year. The platform racked up 804 new families and variants (compared to 238 new Android threats in 2012). The other 3% (23) were directed at Symbian. No other platforms had any threats, according to F-Secure's data.

The top 10 countries reporting Android threats saw a little over 140,000 Android malware detections. About 42% of the reported detections came from Saudi Arabia and 33% from India. European countries accounted for 15%, and the US came in with 5%.

“As the Android platform itself has relatively few vulnerabilities, the main distribution method is still shady apps downloaded via third-party app stores,” the report noted.

It added, “Unlike desktop-targeted malware, to date only a handful of Android malware we’ve seen target actual vulnerabilities in the operating system, most notably the so-called Masterkey vulnerability that was publicly announced in early 2013. Though a handful of programs were later found in third-party app sites which included an exploit for this vulnerability, they have so far been an exception to the rule.”

What’s Hot on Infosecurity Magazine?