Top 5 Stories


Web-loving Malware Doubles in 2013

05 March 2014

When it comes to the malware threatscape, it turns out that web-based attacks, which typically involve techniques that redirect the browser to malicious sites, were the most commonly reported type of attack for the last half of 2013, making up 26% of detections by F-Secure. In all, web-based malware attacks doubled in the second half of 2013 in comparison to the first half.

The firm’s most recent Threat Report showed that the Conficker worm came in second, with 20%.

Meanwhile, the three most common exploits detected during the period were all Java-related, led by Majava and those that targeted the CVE-2013-2471 and CVE-2013-1493 vulnerabilities. If the percentages of these three are combined (19%, 4% and 3%, respectively), Java-related exploits make up the second-most reported threat type in H2 2013, with most reports coming in from the US, France, Germany and Finland.

This is, however, actually a decline in the amount of Java-related exploits compared to the previous half of 2013, which may be attributed to the October arrest of Paunch, the alleged creator of the BlackHole and Cool exploit kits, which were responsible for enabling a sizeable portion of the attacks against Java.

“Since the arrest, the number of reported detections we’ve seen for BlackHole and Cool have sharply declined,” the report noted. “Unfortunately, this seems to have simply left a void that new contenders are now squabbling to fill, with other exploit kits such as the Angler exploit kit rapidly gaining momentum and market share.”
Mac malware continues a slight but steady increase, with 51 new families and variants detected in the year.

A persistent theme in general is that of opportunistic threats out for monetary gains.

“A good example seen in H2 2013 is the reported targeted attack on a professional poker player’s laptop, which had a Remote Access Trojan (RAT) planted on it in order to view his hand during online poker tournaments,” said F-Secure in the report. “Such attacks on players colloquially known as card sharks are, appropriately enough, known as sharking.”

And, on the mobile front there was no surprise: threats targeting Android accounted for 97% of mobile attacks for the whole year. The platform racked up 804 new families and variants (compared to 238 new Android threats in 2012). The other 3% (23) were directed at Symbian. No other platforms had any threats, according to F-Secure's data.

The top 10 countries reporting Android threats saw a little over 140,000 Android malware detections. About 42% of the reported detections came from Saudi Arabia and 33% from India. European countries accounted for 15%, and the US came in with 5%.

“As the Android platform itself has relatively few vulnerabilities, the main distribution method is still shady apps downloaded via third-party app stores,” the report noted.

It added, “Unlike desktop-targeted malware, to date only a handful of Android malware we’ve seen target actual vulnerabilities in the operating system, most notably the so-called Masterkey vulnerability that was publicly announced in early 2013. Though a handful of programs were later found in third-party app sites which included an exploit for this vulnerability, they have so far been an exception to the rule.”

This article is featured in:
Application Security  •  Data Loss  •  Industry News  •  Internet and Network Security  •  Malware and Hardware Security  •  Wireless and Mobile Security


Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×