Malware Grows, Cyber-Thieves Are More Aggressive

By Samuel Greengard

The rise of mobility and cloud computing has further complicated an already daunting cyber-security picture. Worse, criminals are finding new and innovative ways to extract money from victims.

New research from network security firm Fortinet confirms that the malware plague is worsening, and it’s spreading to mobile devices.

During the last quarter (October 1 through December 31), Fortinet identified four malware components that have emerged as major threats. These include:

  • Simda.B: This malware poses as a Flash update in order to trick a user into granting full installation rights. Once installed, Simda.B steals passwords, thus allowing thieves to infiltrate the victim’s email and social networking accounts in order to spread spam and malware. It also accesses Website admin accounts and siphons money from online payment system accounts.
  • FakeAlert.D: Arriving via an email attachment or a Web link, FakeAlert.D uses a bogus antivirus alert to inform a user that his or her computer is infected with viruses. For a fee, the phony antivirus software promises to remove the alleged malware from the system.
  • Ransom.BE78: A user cannot access personal data on a computer that is infected with Ransom.BE78. The malware typically prevents a user from booting the PC, or it encrypts data and then demands payment for decrypting it. Unlike fake antivirus malware, ransomware doesn’t present the victim with the option of installing the software. It does so automatically and then demands payment to be removed.
  • Zbot.ANQ: This Trojan intercepts a user’s online bank login attempts and then uses social engineering to trick a victim into installing a mobile component of the malware on a smartphone. With the mobile malware in place, cybercriminals can intercept bank confirmation SMS messages and subsequently transfer funds to a money mule’s account.

Among other things, Fortinet found that the underlying malware environment is changing. “While methods of monetizing malware have evolved over the years, cyber-criminals today seem to be more open and confrontational in their demands for money,” notes Guillaume Lovet, senior manager of the Threat Response Team at FortiGuard Labs.

The research also detected a surge in ad kits on the Android platform—many of them inspired by so-called Plankton malware. These kits typically embed a malware toolset on a user’s device and then deliver unwanted advertisements. They also track user activity and drop unwanted icons onto the device.

Another growing risk is ZmEu, a piece of malware developed by Romanian hackers to scan Web servers running vulnerable versions of MySQL administration software. The hackers use the malware to take down servers. Since last September, ZmEu activity has risen nine-fold, according to the report.

Lovet says this spike in ZmEu activity suggests hacktivist groups are becoming more aggressive about promoting protests and activist movements around the world. “We expect such scanning activity to remain high as hacktivists pursue an ever-increasing number of causes and publicize their successes,” he explains.

Not surprisingly, the best defense for malware threats is to install security solutions on servers and PCs, update software and patches regularly, run regular malware scans, and educate employees about common social engineering techniques and how to avoid them. What’s more, “Android users are highly targeted and thus should be especially vigilant when downloading apps to their smartphones,” Lovet warns.