Tag Archives: gdata

Mobile Malware Rises

With the rise of smartphones and tablets, it’s not exactly unsurprisingly that they’ve increasingly become a target for cyber criminals and other unscrupulous individuals. In the first half of this year, malware for portable devices increased by 273% compared with 2010.

Cross-platform Trojans are the main source of the growth and most of these viruses are designed to enable spamming or other criminal activities. “With mobile malware, cyber criminals have discovered a new business model,” explains Eddy Willems, Security Evangelist at G Data. “At the moment, the perpetrators mainly use backdoors, spy programs and expensive SMS services to harm their victims. Even though this special underground market segment is still being set up, we currently see an enormous risk potential for mobile devices and their users. We are therefore expecting another spurt of growth in the mobile malware sector in the second half of the year.

If you think that it’s just hyperbole, think again. Zsone, an Android app in the Google Android Market sent subscriptions to Chinese premium SMS numbers and then intercepted the confirmations. The only way the user knew they’d been scammed was when the bill came in.

PC malware is on the rise too with a nearly 16% rise in the last six months. The graph below shows the rise of new malware each year since 2006 and if the growth continues, there will be more new malware in 2011 than 2006-09 combined.

It’s a bad world out there, so be careful no matter what platform you are on. Just because it’s a phone and not a PC, it doesn’t make you invulnerable.

Malware Myths

GData has found that many people’s preconceptions about malware are wrong and are putting them at risk of malware infection. The vectors for viruses and trojans have significantly changed in the past couple of years and infections now mainly come from websites rather than emails and USB sticks. The growth of malware in the past five years has been phenomenal and since 2005, over 2 million malware threats have been identified.

GData surveyed nearly 16,000 web users in 11 countries regarding their views on internet threats. People are generally more knowledgeable now, with only 4% admitting to having no antivirus software on their computer, although 5% didn’t know. 48% of those questioned have free AV software and 41% have paid software. The survey is not entirely clear if it was Windows PCs only or any computer, including OS X and Linux.

GData identified 11 malware myths that can lead to a higher risk of infection. Here they are.

Myth 1: When my PC is infected, I will notice in one way or another (93%)
No, modern malware writers are smart and code their viruses and trojans to make sure that they work stealthily and unnoticed in the background.

Myth 2: Free AV software offers the same elements of security as paid for packages (83%)
Anyone who has bothered to compare the feature sets of free v. paid versions of security software from nearly any company will know that this isn’t true. Usually the free ones are missing features such as firewalls or anti-spam filters.

Myth 3: Most malware is spread through e-mail (54%)
As mail spam and antivirus filters have got better, malware in attachments has become rarer as it has become less effective. Consequently most spam / malware emails now only come with links to infected websites rather than payloads.

Myth 4: You can’t get infected just by loading an infected website (48%)
Sadly not true. Websites loaded with malware that take advantage of vulnerabilities in the browser and operating system can infect a PC even when the user is “just looking”.

Myth 5: Most malware is spread through downloads at peer2peer and torrent sites (48%)
Undoubtedly some malware is passed on via peer-to-peer but today websites are the prime source of infection.

Myth 6: It is more likely to encounter malware at a porn site that at a horseback riding site (37%)
Much as we might like this myth to be true, serious adult sites are professional and run to a high standard. The web site is key to their business and they make sure the sites are secured and up-to-date with patches. On the other hand, hobby websites are run by enthusiasts who are rarely IT experts and these websites are easily compromised by criminals who then upload malicious code to the site which subsequently infects visitors.

Myth 7: My firewall can protect my PC from drive-by-download attacks (26%)
Sadly, not true. Firewalls are a useful security component but because much malware is web-based and web traffic is generally allowed (because you couldn’t access websites if you didn’t), firewalls provide only limited protection against them.

Myth 8: I don’t visit risky sites, so I am safe from drive-by-downloads (13%)
This is much the same as Myth 6, but the point to take is that your trust in the website brand does not have a direct correlation to the likelihood of being infected. In the recent past, a couple of high-profile trusted sites have become vectors for malware without the owner’s knowledge.

Myth 9: If you don’t open an infected file, you can’t get infected (22%)
The emphasis in this myth is on the “you”. In a perfect world this might be true, but modern PCs and operating systems are so complex and do so much in the background that it’s possible for a malicious file to infect a PC regardless of what the user actually does.

Myth 10: Most malware is spread through USB sticks (13%)
In the past a large proportion of viruses and trojans would have been passed on using USB memory sticks and while they can still be a vector (Conficker!), now more malware is spread by websites.

Myth 11: Cyber criminals aren’t interested in the PC’s of consumers (8%)
As most people recognised, consumer PCs are definitely of interest to consumers, either to form part of a botnet or else to monitor for passwords for on-line services.

There is a natural assumption amongst Internet users that pornography sites are more dangerous than other leisure sites. This is a myth. Amateur hobby/leisure sites are often not professionally run like many pornography sites, making them much easier prey for hackers,” says Eddy Willems, G Data Security Evangelist. “In the past, malware was written by developers who wanted to show off their technical skills, meaning it was visible to infected users. Now cyber criminals design, sell and make use of malware that enables them to take control of PCs’ computing powers in such a way that users do not notice the infection. This covert approach not only puts users’ data at risk, but also allows cyber criminals to send spam e-mails and malware, and participate in DDoS attacks. Internet users must correct their misconceptions in order to stay safe online.

You can download the full report (.pdf) if you want more information on the survey itself and the myths.

So stay sharp out there. The bad guys are out to get you.

G Data InternetSecurity 2012 Review

G Data’s 2012 range of security products cover basic antivirus through to specialised protection for laptops and notebooks. Depending on the version purchased, the features build-up from antivirus and safe surfing, through firewalls and spam protection, to backup and data recovery, with additional features in the notebook versions.

On test here is InternetSecurity 2012 which sits between AntiVirus and TotalCare and the main features are antivirus, firewall, safe surfing and spam protection. Parental controls and file shredder are included too. The graphic here shows the main differences between each version.

The software can be purchased and downloaded directly from G Data but in this instance, it was the boxed retail product. Not unexpectedly, the main contents of the box are a CD and a user manual, which generally explains the software quite clearly and simply. A bonus for people who aren’t familiar with security software and as the licence key is stuck on the back cover, it’s easier to keep safe.

A further benefit of the boxed copy is that the install disk also doubles as an emergency disk which can be booted from. This is great for those really nasty viruses which block AV software and being able to boot outside of Windows to get at them is great. If you downloaded the software rather than buying the boxed copy, there’s an option in the SecurityCenter application to create a boot disk but it’s an extra step you’ll probably forget to do.

Installation is straightforward and it’s by the numbers with clear prompts. During the install, G Data clearly explains its privacy policy when it requests permission to send data back for analysis: nothing is hidden away in the EULA. As usual, you have to register with G Data, but the software offers a quick registration of just name and email address. There’s still the option to enter fuller details if you want. As you’d expect, the installation finishes with a reboot.

On rebooting, the G Data icon is now sitting pretty in the system tray and initially InternetSecurity contacts its servers and starts downloading fresh AV signatures. This takes a few minutes but once done, you can go into the main SecurityCenter overview to see the status of the main features.

As you might imagine, each section in the SecurityCenter has further actions and settings. For example, in Virus Protection you can request scans for specific folders or drives. Or you can go into the Settings and change which of the two scanning engines are in use. Without going into every section and being thoroughly boring, all I can say is that the options are comprehensive and give the opportunity for tweaking to your particular circumstances. All of the G Data security products are available as trial downloads so you can check whether they fit your needs before buying.

Performance-wise, InternetSecurity did not seem to have a significant impact on the computer. One touch that I did like was that virus signature updates are scheduled for a particular time rather than automatically updating as soon as you log into Windows. On older computers, this allows you to get using your computer faster than you might with other competing AV products.

Not having a set of viruses handy, I wasn’t able to actually test the AV features of the product but when I did a scan of my local disk, it did pick up a trojan that I wasn’t aware of in some downloaded files. With two antivirus engines built into the product, you’d expect it to catch most of the nasty stuff as each engine takes a different approach to detecting viruses

Overall, G Data InternetSecurity is a comprehensive and competent product with lots of features and a couple of value-adds, such as parental controls. I’d be perfectly happy to entrust my on-line security to this tool.

Prices are £30 for AntiVirus, £35 for the version tested here InternetSecurity and £40 for TotalCare. There are also specialised versions for notebooks and if you have an Android phone, you get AV protection for free with any of these products. All the details are on G Data’s website.


Trojan Toolkit For Sale

GData LogoGerman security firm G Data put out an interesting press release last month regarding the expected successor to the Zeus trojan, which infected millions of PCs and captured bank account details.  The new trojan, Ares, has a similar modular design, allowing it to be easily configured for a range of target activities.

Malware is big business and a software development kit for Ares is already available to buy on-line, either for an upfront payment of $6,000 or else on a licensing model for when modules are subsequently sold on.  There’s even a cut-down version at $850.

The developer of Ares talked about the new malware in an underground forum. According to the author,  Ares is “not focused on banking. Every copy of Ares is unique to its customer and it has the same banking capabilities as Zeus & SpyEye which can be added provided the customer wants it. I actually consider this more of a platform which is customized to each buyers liking.”

Ares Interface

Without a doubt, malware and virus writing is no longer the domain of the insecure nerd trying to prove his expertise to his peers.  This is now business, criminal business, with significant money involved. And when they catch the writer, I hope that the penalties will be commensurate.

Unless you want to be a victim, make sure you have virus and malware protection in place and keep it updated.