Bandwith Burning Malware Grows

Monday, July 23, 2012 @ 01:07 PM gHale

Android malware samples grew three-fold last quarter and that one in every 140 devices connected to mobile networks suffered an infection at some point, a new malware report said.

With the increase in malware about 14 percent of household networks suffered from a hit by malware this spring, with a 50 percent increase in high-level bots, Trojans and backdoors, according to the Q2 2012 Malware Report from Kindsight Security Labs. That also could mean home networks are suffering hits and anyone bringing work home could be inadvertently adding malware onto their system.

Malware Explosion: Android Skyrockets
Android Malware Broadcasts Location
Android Trojan Hits China
No Android Botnet, Just a Simple Flaw

Among the biggest threats to consumers was the ZeroAccess botnet, which grew to more than 1.2 million super nodes resulting in ad-click fraud that at one point burned through bandwidth equivalent to 45 monthly movie downloads per subscriber.

“In recent months, we’ve seen the ZeroAccess botnet update its command and control protocol and grow to infect more computers while connecting to over one million computers globally,” said Kevin McNamee, a security architect and director for Kindsight Security Labs. “The concern with ZeroAccess is that it is using the subscriber’s bandwidth maliciously which will cost them money as they exceed bandwidth caps. And, once the computer is compromised, it can also spread additional malware or launch new attacks.”

The Mountain View, CA, company’s findings come from malicious network communications traffic detected at the service provider level.

The ZeroAccess/Sirefef bot earlier this year modified its command-and-control protocol to evade detection and quietly distribute fraud-laced malware. By the end of June, Kindsight researchers found 3,321 infected computers actively communicating with more than 1.2 million Internet peers, nearly 2.5 times the number of infected machines from the same time the quarter before. India (18 percent) and the United States (10 percent) led nations with infected peers.

“The traffic generated by the ad-click fraud can burn through your bandwidth cap. We have been following a number of bots such as ZeroAccess whose primary function is ad-click fraud. These bots receive instructions from a controller directing them to click on ads on specific web sites. The web site owner gets paid by the advertiser on a per click basis usually through the intermediary of an ad network. The advertisers and ad network operator have a number of safeguards in place to protect against click fraud,” the report said.

On the mobile front, most malware involved “trojanized” apps that steal information about the phone or send SMS messages. However, a banking Trojan that intercepts access tokens and two spyware applications also made the Top 20 list.

Leave a Reply

You must be logged in to post a comment.