Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

6/22/2011
02:46 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

AVG Q2 Threat Report Reveals Mobile App Monetization; Mac Malware

Q2 Community-Powered Threat Report outlines new trends and threats

LONDON AND AMSTERDAM, 21 June, 2011 – AVG Technologies, a leading provider of internet and mobile security, today presents “AVG Community Powered Threat Report – Q2 2011”, providing insight, background and analysis on the trends and developments in the global threat landscape.

‘Trusted malware’

The report unearths how ‘trusted malware’ is continuing to grow at an alarming rate. In Q2, AVG’s Threat Labs have seen an increase in the number of stolen digital certificates used to sign malware, before being distributed by hackers. A significant increase of over 300% was identified at the start of 2011, compared to the whole of 2010. The practice of trusting signed files is rapidly losing its strength.

Mac attack

As Macs continue to rise in popularity, they are increasingly becoming the latest victims of cyber crime, the report reveals. With the platform reaching crucial market share levels, it is starting to appear on the radar of cyber criminals. While it may be a new target platform, cyber criminals are using tried and tested social engineering techniques to attack Mac OS users.

Mobile malware

Increasingly, cyber crooks are using mobile malware to monetize using premium SMS and fake apps. Monetizing techniques via mobile are much easier to operate than those in use on PC. By spamming users to download apps or simply posting them on download stores or markets, the software distribution is easy and scalable.

An eye on SpyEye

The report provides insight into the most prevalent malware targeting online banking in the past few years – SpyEye. The rise in SpyEye means that users of internet banking need to be extra vigilant, especially as victims of cyber attacks are increasingly considered to be accountable.

A recent court ruling in the US concluded that it was in fact the victim’s responsibility to protect their account credentials, rather than the bank – namely via the use of internet security and identity protection tools.

The AVG Threat Labs investigated the operation of 702 Command and Control servers in the first half of 2011. The research results match the geo location of the servers as well as the popularity of the various malware versions in use by each C&C. The US holds the lead in Command and Control Servers with 30% of the market share, followed by Ukraine with 22%.

Brazil

The United States still remains the dominant source of spam with English as the main language used in spam messages, followed by the UK with Brazil only just coming third. However, Brazil is rapidly closing that gap and is on course to overtake the UK, likely in the next quarter.

World Wild Web

“In Q2 cybercriminals have clearly been shifting their focus to new markets, with a clear goal on increasing revenue from their operations,” said Yuval Ben-Itzhak, Chief Technology Officer, AVG Technologies.

“The World Wide Web might as well be re-branded as the World Wild Web. Our research indicates that hundreds of live servers operating around the world are active 24/7 to steal users’ credentials for online banking and other private assets. As attack techniques of hackers continue to get more advanced, users need to take action. Security products, with multi-layers of protection, are a must have to protect against the potentially damaging threats that lurk on the web. The user’s computer platform is becoming irrelevant for these cyber criminals – Windows, Android, Mac and iOS are all targeted now.”

Other key findings include:

11.3% of malware are using external hardware devices (e.g. flash drives) as a distribution method (AutoRun)

Blackhole remains the most prevalent exploit toolkit in the wild, accounting for 75.83% of toolkits

Exploit Toolkits are responsible for 37% of all threat activity

32.9% of Spam messages originated from the USA followed by the United Kingdom with 3.9%

About the report The AVG report is based on the Community Protection Network traffic and data followed by research from AVG, over a three-month period. It provides an overview of web, mobile devices, Spam risks and threats.

The statistics referenced are obtained from the AVG Community Protection Network.

AVG Community Protection Network is an online neighborhood watch, helping everyone in the community to protect each other. Information about the latest threats is collected from customers who choose to participate in the product improvement program and shared with the community to make sure everyone receives the best possible protection.

With more than 110 million users using AVG’s various solutions, AVG provides powerful community protection. Each new user who chooses to participate increases the security level of the community as a whole.

AVG is focused on building communities that help multiple-millions of online participants support each other on computer security issues and actively contribute to AVG’s research efforts.

Full Threat Report: www.avg.com/filedir/press/AVG_Community_Powered_Threat_Report_Q2_2011.pdf

Interview with Yuval-Ben-Itzhak, Chief Technology Officer, AVG Technologies: http://www.youtube.com/watch?v=r5c4pKDLRTU

About AVG

www.avg.com

AVG is a global security software maker protecting more than 110 million consumers and small businesses in 170 countries from the ever-growing incidence of Web threats, viruses, spam, cyber-scams and hackers on the Internet. AVG has nearly two decades of experience in combating cyber crime and one of the most advanced laboratories for detecting, pre-empting and combating Web-borne threats from around the world. Its free, downloadable software allows novice users to have basic anti-virus protection and then easily upgrade to greater levels of safety and defense when they are ready. AVG has nearly 6,000 resellers, partners and distributors globally including Amazon.com, CNET, Ingram Micro, Play.com, Wal-Mart, and Yahoo!

Source: http://www.avg.com/press-releases-news

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Manchester United Suffers Cyberattack
Dark Reading Staff 11/23/2020
As 'Anywhere Work' Evolves, Security Will Be Key Challenge
Robert Lemos, Contributing Writer,  11/23/2020
Cloud Security Startup Lightspin Emerges From Stealth
Kelly Sheridan, Staff Editor, Dark Reading,  11/24/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-27218
PUBLISHED: 2020-11-28
In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.alpha0 to 10.0.0.beta2, and 11.0.0.alpha0 to 11.0.0.beta2, if GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection, and if an attacker can send a request with a body that is ...
CVE-2020-29367
PUBLISHED: 2020-11-27
blosc2.c in Blosc C-Blosc2 through 2.0.0.beta.5 has a heap-based buffer overflow when there is a lack of space to write compressed data.
CVE-2020-26245
PUBLISHED: 2020-11-27
npm package systeminformation before version 4.30.5 is vulnerable to Prototype Pollution leading to Command Injection. The issue was fixed with a rewrite of shell sanitations to avoid prototyper pollution problems. The issue is fixed in version 4.30.5. If you cannot upgrade, be sure to check or sani...
CVE-2017-15682
PUBLISHED: 2020-11-27
In Crafter CMS Crafter Studio 3.0.1 an unauthenticated attacker is able to inject malicious JavaScript code resulting in a stored/blind XSS in the admin panel.
CVE-2017-15683
PUBLISHED: 2020-11-27
In Crafter CMS Crafter Studio 3.0.1 an unauthenticated attacker is able to create a site with specially crafted XML that allows the retrieval of OS files out-of-band.