2013's malware trends reveal non-Windows systems face greater threats
Threats to Mac OS X, Linux and Android systems have increased over the past year as the malware landscape has evolved.
This is among the findings of Russian antivirus company Doctor Web which has released its annual overview of threats. Other trends include an increase in the number of programs designed to display annoying ads and a surge in the number of Bitcoin and Litecoin mining trojans.
Using statistics compiled from Dr.Web CureIt! the company finds that trojans were the most common threat of the year. Amongst these the top of the table was Trojan.Hosts.6815 which modifies the hosts file to redirect the user's browser to infected web pages.
Doctor Web also monitored the activity of several botnets. Although one of these almost ceased to exist in 2013 others are still operating and their numbers are growing. In particular it highlights the Win32.Rmnet.12 botnet, which from May was gaining around 25,000 machines per day. The report also notes that the Backdoor.Flashback.39 trojan, which exploits Mac OS X systems, although declining still had a botnet of almost 29,000 infected Macs by the end of December.
As you might have gathered from our story yesterday on CryptoLocker, the big trend of 2013 is the growth in ransomware trojan encoders that encrypt files and demand a payment for their release. The report says, "During the year, the Dr.Web virus databases were supplemented by definitions for more than 200 new modifications of encoders, and the geography of these threats expanded considerably. And, the technologies used by the attackers evolved, too: above all, more sophisticated encryption was employed, making it virtually impossible to restore data affected by the actions of some Trojan.Encoder modifications."
It seems criminals have improved their victim profiling too. Malicious files were attached to forms that job applicants had to fill out to apply for an accountant post and sent out to companies offering such jobs. This increased the chances of encrypting vital accounts forms thus raising the probability that the ransom would be paid.
Advertising and mining trojans showed increased numbers of detections too and again Mac users don't escape, with the development of Trojan.Yontoo.1 which downloads and installs advertising plug-ins for the Mac versions of Safari, Chrome and Firefox. Trojans seeking to mine Bitcoin and Litecoin also showed an increase in the second half of the year with average daily income for the criminals estimate at close to $1.5 million.
Linux and Android
Linux users normally feel pretty smug about their vulnerability to malware but Doctor Web has noted a number of new threats to the open source operating system. Most notable is the Hand of Thief trojan which can operate on various distros including Ubuntu, Fedora and Debian, it also supports eight desktop environments such as GNOME and KDE. This sophisticated malware features anti-detection technologies and routines for its covert startup, does not require administrator privileges, and uses strong 256-bit encryption for communicating with the control panel. Once installed it adds a special grabber to browsers that intercepts HTTP and HTTPS sessions and transmits data entered by users in web forms.
Other programs targeted at Linux are aimed at compromising servers, by sending logins and passwords to a remote system, and organizing DDoS attacks.
There's been a further increase in Android threats too with the Dr.Web virus database receiving 1,547 new entries corresponding to malignant, unwanted and potentially dangerous programs in 2013. This means that since the first malicious Android programs were detected in 2010 their number has increased almost 94 times.
Most common Android threats are still those that seek to extract cash through premium rate SMS services. Other familiar threats are spreading to Android too though, including trojans looking to steal personal data and fake anti-malware tools. In September 2013 Doctor Web's researchers uncovered the largest known botnet of mobile devices.
The report concludes that we're likely to see further increases in encoder trojans thanks to the availability of malware construction kits. It also predicts further increases in mining as the popularity of Bitcoin-like systems grows.
If you'd like to scare yourself some more you can read the full findings on the Doctor Web site.