RSA Europe 2012: Symantec reports on trends, malicious server admin, and another Android trojan

Spam is up. It rose 2 percentage points to 75% in September – 75% of all emails, that’s one in every 1.33 emails, is spam. Scary though this is, it’s actually considerably less than it has been in the past. The top two spam subjects remain sex/dating and pharma, with the former increasing from 42.51% to 47.93%, and the latter decreasing from 32.61% to 27.64%. 

Phishing is up. One in 245.4 emails is a phish. Malware is up: one in 211 emails contains malware. Malicious websites, however, are down by almost 30% from August to a mere 780 websites blocked by Symantec each day in September.

But perhaps the most fascinating parts of this report are the insight into how criminals administer compromised servers, and another Android trojan that pretends to be a solar-powered battery charger. Compromised servers are used by criminals to deliver both spam and malware. Symantec spotted a server in Kazakhstan that had been compromised with a PHP-based shell application it names as BOFF, and the report describes its functionality and capabilities. It gives them “almost full control of the server through a convenient Web interface.”

“The tool can run arbitrary PHP code,” said Paul Wood in an associate blog post, “brute force file transfer and database accounts, and even allows quick access to Web server configuration files so that the attacker can edit them in order to suit their malicious needs.” It’s interesting, continues the report, that “the gang controlling this Web server is promoting both spam and malicious links. Perhaps compromising machines is more profitable than spam, or perhaps it allows spammers to infect more machines with spam-sending botnet software.”

The Android app promises to convert the screen into solar panels able to recharge the device’s battery. Since the fear of battery failure at a critical moment during a heavy day’s usage is ever-present, it is an attractive lure. In fact Symantec points out that there are ‘legitimate’ joke apps that pretend to do similar. “These are joke applications at best, in some cases even including small print on the application description page denying it has the ability to actually charge the phone,” says Symantec. This one, however, Android.Sumzand, doesn’t charge your battery but instead steals your contact data. 

“Until real solar panels are actually installed on phones, it’s best to just continue charging your phone the old-fashioned way: plugging it in to a wall socket or USB port,” suggests Symantec.

What’s Hot on Infosecurity Magazine?