The firm’s most recent Threat Report showed that the Conficker worm came in second, with 20%.
Meanwhile, the three most common exploits detected during the period were all Java-related, led by Majava and those that targeted the CVE-2013-2471 and CVE-2013-1493 vulnerabilities. If the percentages of these three are combined (19%, 4% and 3%, respectively), Java-related exploits make up the second-most reported threat type in H2 2013, with most reports coming in from the US, France, Germany and Finland.
This is, however, actually a decline in the amount of Java-related exploits compared to the previous half of 2013, which may be attributed to the October arrest of Paunch, the alleged creator of the BlackHole and Cool exploit kits, which were responsible for enabling a sizeable portion of the attacks against Java.
“Since the arrest, the number of reported detections we’ve seen for BlackHole and Cool have sharply declined,” the report noted. “Unfortunately, this seems to have simply left a void that new contenders are now squabbling to fill, with other exploit kits such as the Angler exploit kit rapidly gaining momentum and market share.”
Mac malware continues a slight but steady increase, with 51 new families and variants detected in the year.
A persistent theme in general is that of opportunistic threats out for monetary gains.
“A good example seen in H2 2013 is the reported targeted attack on a professional poker player’s laptop, which had a Remote Access Trojan (RAT) planted on it in order to view his hand during online poker tournaments,” said F-Secure in the report. “Such attacks on players colloquially known as card sharks are, appropriately enough, known as sharking.”
And, on the mobile front there was no surprise: threats targeting Android accounted for 97% of mobile attacks for the whole year. The platform racked up 804 new families and variants (compared to 238 new Android threats in 2012). The other 3% (23) were directed at Symbian. No other platforms had any threats, according to F-Secure's data.
The top 10 countries reporting Android threats saw a little over 140,000 Android malware detections. About 42% of the reported detections came from Saudi Arabia and 33% from India. European countries accounted for 15%, and the US came in with 5%.
“As the Android platform itself has relatively few vulnerabilities, the main distribution method is still shady apps downloaded via third-party app stores,” the report noted.
It added, “Unlike desktop-targeted malware, to date only a handful of Android malware we’ve seen target actual vulnerabilities in the operating system, most notably the so-called Masterkey vulnerability that was publicly announced in early 2013. Though a handful of programs were later found in third-party app sites which included an exploit for this vulnerability, they have so far been an exception to the rule.”