The malware threats of Q3 analyzed

Other headline findings suggest that Kaspersky Lab detected and neutralized 1,347,231,728 threats in Q3 2012, and that it detected 91.9 million URLs serving malicious code. 

Android malware continues to increase, with more than 9000 new malicious files added to the Kaspersky collection. The older Gingerbread OS version is the most targeted, accounting for 28% of all blocked attempts to infect Android devices, and 48% of successful infections. The latest version, Ice Cream Sandwich, accounts for fewer infections (43%); but because of the fragmentation of the Android market is still less prevalent than Gingerbread.

More than half of mobile malware are SMS trojans, “malicious programs that steal money from victims’ mobile accounts by sending SMS messages to premium rate numbers,” says the report.

Another feature noted by Kaspersky is the continued growth of cyber-espionage. “Q3 saw a plethora of espionage-related incidents,” says Kaspersky. “The most significant of these were related to the activity of Madi, Gauss and Flame malware, which were distributed primarily in the Middle East.”

Flame, whose C&C server development began as early as 2006, is one of the malware systems that has been extensively analyzed by Kaspersky. “Judging by the comments left in the source code,” it says, “the project was developed by at least four programmers. The C&C code supports three communication protocols. A major finding is that it handles requests from four malicious programs, codenamed by the authors as SP, SPE, FL and IP.” Of these, only Flame and SPE (ie, MiniFlame) have so far been identified. As a result, says the report, “we can state that the cyber-espionage story looks set to continue in the near future.”

While the threat content simply increases, the threat geography has changed. For example, two European countries (Spain and Italy) have for the first time entered the top 20 countries where users are most at risk of infection. Tajikistan has overtaken Russia as the riskiest country: during Q3, 61.1% of users in Tajikistan encountered malware, while 58% of Russian users did so.

Russia, however, has now overtaken the US as the greatest source of online malware. “There is a new leader among countries hosting malicious content: Russia (23.2%) has overtaken the USA (20.3%),” states the report. While the proportion of malicious hosts in Russia has increased by 8.6%, there has been a similar fall (9.7%) in the US. The Netherlands remains third in the table, and the three countries together account for 60% of all online malicious content. There was no significant change among the other countries, “apart from the UK’s share falling by 2.6 percentage points.”

What’s Hot on Infosecurity Magazine?