Report: Bandwith-Burning Malware Among Biggest Consumer Threats
A new malware report indicates Android malware samples grew three-fold last quarter and that one in every 140 devices connected to mobile networks was infected at some point.
Closer to home, about 14 percent of household networks were hit by malware this spring, with a 50 percent increase in high-level bots, Trojans and backdoors, according to the Q2 2012 Malware Report from Kindsight Security Labs.
Among the biggest threats to consumers was the ZeroAccess botnet, which grew to more than 1.2 million super nodes resulting in ad-click fraud that at one point burned through bandwidth equivalent to 45 monthly movie downloads per subscriber.
"In recent months, we've seen the ZeroAccess botnet update its command and control protocol and grow to infect more computers while connecting to over one million computers globally," Kevin McNamee, a security architect and director for Kindsight Security Labs said in a statement. "The concern with ZeroAccess is that it is using the subscriber's bandwidth maliciously which will cost them money as they exceed bandwidth caps. And, once the computer is compromised, it can also spread additional malware or launch new attacks."
The Mountain View, Calif. company's findings are based on malicious network communications traffic detected at the service provider level.
During the three-month period, the top home network infections as ranked by Kindsight security researchers were Hijacker.MyWebSearchToolbar, Spyware.SCN-ToolBar, Hijacker.StartPage.KS, Adware.GameVance and Mac.Bot.Flashback.K/I. The Mac Flashback bot finished at the top of all high-level threats for the quarter, staying in the No. 1 spot for four weeks in a row in April.
Next in ranking were the ZeroAccess botnet and NineBall/Gumblar. DNSChanger, which received a lot of doomsday-like publicity as a deadline to pull servers tied to infected users drew near, ranked eighth on the list.
The ZeroAccess/Sirefef bot earlier this year modified its command-and-control protocol to evade detection and quietly distribute fraud-laced malware. By the end of June, Kindsight researchers found 3,321 infected computers actively communicating with more than 1.2 million Internet peers - nearly 2.5 times the number of infected machines from the same time the quarter before. India (18 percent) and the United States (10 percent) led nations with infected peers.
I get the feeling that if some of these Botnets where used as distributed computing setups that they would have enough raw compute power to crack the strongest firewalls the CIA, NSA and even Google could imagine. -- [65 Arcanist]Filan(High Elf) Zone: Broadband Reports
I get the feeling that if some of these Botnets where used as distributed computing setups that they would have enough raw compute power to crack the strongest firewalls the CIA, NSA and even Google could imagine.
Who's to say some of these botnets are not run by said TLA's?
Also, I looked at the report and investigated the top 10 Android malware samples. All of them but one needed to be installed from shady third party markets (the one exception was promptly removed from Google Play). The banking trojan requires that the user's Windows PC be infected as well.
Stick with the official market, folks. While a few rare samples will penetrate the official market here and there, by far the biggest threat are third party markets. AV software is not needed if you follow that advice.
-- Getting people to stop using windows is more or less the same as trying to get people to stop smoking tobacco products. They dont want to change; they are happy with slowly dying inside. -- munky99999
there is not really any new information in the video but i enjoyed watching it, and it is good to know that AT&T is tracking the malware situation, and they say that they intend to try to do something about it..
Yesterday I posted a post mortem on an outage we had Saturday. The outage was caused when we applied an overly aggressive rate limit to traffic on our network while battling a determined DDoS attacker. In the process of writing it I mentioned that we'd seen a 65Gbps DDoS earlier on Saturday. I've received several questions since that all go something like: "65Gbps DDoS!? Who launches such an attack and how do you defend yourself against it?!" So I thought I'd give a bit more detail. What Constitutes a Big DDoS? A 65Gbps DDoS is a big attack, easily in the top 5% of the biggest attacks we see. The graph below shows the volume of the attack hitting our EU data centers (the green line represents inbound traffic). When an attack is 65Gbps that means every second 65 Gigabits of data is sent to our network. That's the equivalent data volume of watching 3,400 HD TV channels all at the same time. It's a ton of data. Most network connections are measured in 100Mbps, 1Gbps or 10Gbps so attacks like this would quickly saturate even a large Internet connection.
Complex ZeroAccess Rootkit Installed More Than 9 Million Times, Says Sophos
Our research has discovered that the ZeroAccess botnet is currently being used for two main purposes: Click fraud and Bitcoin mining. If running at maximum capacity the ZeroAccess botnet is capable of making a staggering amount of money: in excess of $100,000 a day.