Perimeter
Guest Blog // Selected Security Content Provided By Sophos
What's This?
12/31/2012
04:52 PM
Dark Reading
Dark Reading
Security Insights
50%
50%

Advisory: As New Year Approaches, Android Malware Detection Growing

As 2012 comes to a close, cybercriminals are taking advantage of your Android app purchases with mobile malware. Be on high alert after you install new Android apps from third-party markets and Google's

As 2012 becomes 2013, there has been a lot going on for the holidays and upcoming New Year, both in and out of cyberspace. This type of hustle and bustle is the perfect opportunity for cybercriminals to take advantage of our hurried lives.

When you are preoccupied, your guard is down for malware authors to strike.

SophosLabs has been extra busy during the holidays, as well. While I don't work in SophosLabs, I do have limited insights to some of its activities. The Android platform is the primary focus for cybercriminals to deliver mobile malware to you via the third-party markets and even Google Play.

Apple released version 6.0.2 for iOS on Dec. 18, which only had a fix for a Wi-Fi bug. That got the Apple forums abuzz with several reports of reduced battery life. No security updates? I searched the CVE database and the last three reported vulnerabilities were patched in security update 6.0.1 on Nov. 1. Nice job, Apple!

In the context of mobile malware, does that make iOS a more secure platform than Android?

What Is Old Is New Again
There appears to be a recycling of some of the malware attacks used last year, mainly stealing data and opening backdoors. SophosLabs' detection of apps such as Andr/NewYearL-B (also known as CounterClank) over the past couple of weeks has spiked. On Dec. 11, SophosLabs detected 3,687 instances of NewYearL-B malware/Potentially Unwanted Application (PUA) over a six-month period with daily updates to the report. Over the next 20 days, Andr/NewYearL-B has been detected a total of 7,158 instances in the same report. That's a 94.14 percent increase.

Compare that to the next most active malware, Andr/BatteryD-A, in the same period with 966 detected instances. That is a 641 percent difference.

Android Malware Comparison chart

Looking at other Android malware, Andr/Boxer-A and Andr/Gmaster-A, compared to Andr/BatteryD-A, appears to be a competition of who can successfully deliver the most mobile malware.

Looking at the graphic below, earlier in December Andr/BatteryD-A (476 detections) doesn't have nearly as much success as its closest competitors. Just before the Christmas holiday, Andr/BatteryD-A starts to pick up momentum with 648 detections.

Android Malware Detections chart

How To Protect Yourself And Your Users
As the mobile malware detection market matures, you still need to rely on your own gut feel. If it doesn't feel right, it isn't.

First off, before downloading anything, read the reviews and check the reputation of the app in the Google Play marketplace.

Next, avoid third-party markets.

Third, don't root your device unless you really know what the hell you are doing.

Last, use a mobile security solution to scan your device and its apps. There are some very good, free Android Mobile Security apps available at Google Play store. You just need to see for yourself.

Let's all put some protection on our Android smart devices and ring in the new year without any malware.

No security, no privacy. Know security, know privacy.

David Schwartzberg is a Senior Security Engineer at Sophos, where he specializes in latest trends in malware, web threats, endpoint and data protection, mobile security, cloud and network security. He is a regular speaker at security conferences and serves as a guest blogger for the award winning Naked Security blog. David talks regularly with technology executives and professionals to help protect their organizations against the latest security threats. Follow him on Twitter @DSchwartzberg

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Flash Poll
Title Partner’s Role in Perimeter Security
Title Partner’s Role in Perimeter Security
Considering how prevalent third-party attacks are, we need to ask hard questions about how partners and suppliers are safeguarding systems and data.
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-7286
Published: 2014-12-22
Buffer overflow in AClient in Symantec Deployment Solution 6.9 and earlier on Windows XP and Server 2003 allows local users to gain privileges via unspecified vectors.

CVE-2014-8896
Published: 2014-12-22
The Collaboration Server in IBM InfoSphere Master Data Management Server for Product Information Management 9.x through 9.1 and InfoSphere Master Data Management - Collaborative Edition 10.x through 10.1, 11.0 before FP7, and 11.3 and 11.4 before 11.4 FP1 allows remote authenticated users to modify ...

CVE-2014-8897
Published: 2014-12-22
Cross-site scripting (XSS) vulnerability in the Collaboration Server in IBM InfoSphere Master Data Management Server for Product Information Management 9.x through 9.1 and InfoSphere Master Data Management - Collaborative Edition 10.x through 10.1, 11.0 before FP7, and 11.3 and 11.4 before 11.4 FP1 ...

CVE-2014-8898
Published: 2014-12-22
Cross-site scripting (XSS) vulnerability in the Collaboration Server in IBM InfoSphere Master Data Management Server for Product Information Management 9.x through 9.1 and InfoSphere Master Data Management - Collaborative Edition 10.x through 10.1, 11.0 before FP7, and 11.3 and 11.4 before 11.4 FP1 ...

CVE-2014-8899
Published: 2014-12-22
Cross-site scripting (XSS) vulnerability in the Collaboration Server in IBM InfoSphere Master Data Management Server for Product Information Management 9.x through 9.1 and InfoSphere Master Data Management - Collaborative Edition 10.x through 10.1, 11.0 before FP7, and 11.3 and 11.4 before 11.4 FP1 ...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Join us Wednesday, Dec. 17 at 1 p.m. Eastern Time to hear what employers are really looking for in a chief information security officer -- it may not be what you think.