Kaspersky: SMS Trojans Account For Over Half Of Smartphone Malware6:05 PM EST Fri. Nov. 02, 2012
Amid escalating concerns around mobile phone malware, a new study suggests that SMS-based Trojans have become the favored means of gaining access to mobile devices.
According to Kaspersky's third quarter 2012 Malware Threat Report, 57 percent of all malware detected on smartphones was made up of SMS Trojans, which are designed to extract money from mobile accounts by sending SMS messages to numbers that automatically charge fees upon receipt of the message. But the company also suggests that mobile malware is continuing to advance. The report says that a new and more sophisticated breed of malware for the theft of data is already gaining momentum, accounting for approximately 35 percent of android malware sampled in third quarter 2012.
"SMS Trojan horses are really very rudimentary, but a huge problem for the Android ecosystem," said Roel Schouwenberg, senior researcher at Kaspersky Lab, via email. "Android 4.2 will introduce new mitigations to make it harder to send text messages to premium numbers silently. As the threat landscape evolves, we'll see an increasing amount and focus on more sophisticated malware. That will most likely be focused on backdoors and infostealers, most certainly targeting mobile banking/payments in the future."
The report also says that 28 percent of mobile devices hit by malware during the third quarter of this year were running Android OS version 2.3.6, which is also known as "Gingerbread." Although the platform is more than a year old, it is still one of the most widely deployed versions, representing 55 percent of all Android devices, according to Kaspersky.
"With Android, it depends on your carrier and device model when you get [security] patches," explained Schouwenberg. "Generally, there's a big delay between when Google fixes vulnerabilities and when those fixes are available for all the various devices. That means there's a big window of opportunity for the bad guys. Additionally, Google's platform is much more open than competing platforms. That means it's easier for attackers to introduce malware to the device -- be that via the market place, external medium or browser."
Looking beyond the mobility sector, the Malware Threat Report also claims that Java vulnerabilities were exploited in 56 percent of all attacks. It claims that part of the problem is due to the fact that Java updates are installed on demand rather than automatically. This extends the window of opportunity for attackers, according to Kaspersky. But the report also points to the software's multiversion compatibility with Windows, combined with its widespread deployment, as other reasons why it is so heavily leveraged by cybercriminals.
NEXT: Adobe Reader Ranks Second
"Java has been fiercely under attack for over a decade now," added Schouwenberg. "In that time, Sun [and] Oracle have made no significant security improvements to Java. This is extremely disturbing and should really worry people. The best course of action really is to uninstall Java. Most people really no longer need it."
Schouwenberg advised that "corporations that need it for internal applications should at least disable the Java browser plug-ins. Unfortunately, the plug-ins get enabled again after updating Java. So that's something to watch for."
As another alternative, he recommended that browser settings could be switched to "click to play" in order to prevent the program from running automatically.
Meanwhile, the study ranks Adobe Acrobat Reader second in vulnerable applications that were targeted by exploits during the third quarter, accounting for 25 percent of all attacks. The report also says that Adobe Reader exploits are gradually declining due to enhanced security. Automatic updates, which were introduced in the latest versions of Reader, are believed to be contributing to the decline.
Among other notes, a total of 30,749,066 vulnerable programs and files were detected during the third quarter on computers of Kaspersky Security Network users, with an average of eight different vulnerabilities on each affected computer.
"I find it very telling that over 90 percent of our web detections come from our URL blocker and related technologies," added Schouwenberg. "That means the traditional scanning technologies play a minor role here. It really proves the case that antimalware is much more than just a scanner of sorts."
Nearly one-third of US-based computers were attacked during the third quarter while the user was surfing the web.
Apple's QuickTime and iTunes came in at sixth and seventh place, with vulnerabilities showing up on 13.8 percent and 11.7 percent of computers, respectively.
Microsoft did not appear on the Top 10 vulnerabilities list, marking the first time in history that the software giant has been absent from this list. Kaspersky believes this is largely attributable to enhancements made to the automatic updates mechanism.
PUBLISHED NOV. 2, 2012