Malware Surged in 2013

Malware, short for malicious software, is a general term for hostile or intrusive software that is used to disrupt computer operations, gather sensitive information, or gain access to computer systems.

According to industry sources, 20 percent of all of the malware that’s ever existed was created in 2013. That is, 30 million new threats were created in just one year or about 82,000 a day. This represents a dramatic malware surge over previous years.

A threat is any new release of malware. This may be a totally new threat or a variation on an existing piece of malware. A very minor change to the code of an existing threat is counted as a new threat because the change will probably have been devised to get around anti-virus or other security systems.

Here’s a summary of the malware that was created in 2013:

Total threats… 30 million (100%)

Trojans… 21 million (70.0%)

Viruses… 2.5 million (8.5%)

Worms… 4 million (13.3%)

Adware / spyware… 2 million (6.9%)

Other… 0.5 million (1.3%)

A Trojan is a hacking program that gains access to your computer’s operating system by offering something desirable such as a free app which, when you download it, includes malicious code.

A virus is a program that infects executable files (in which the name ends in.exe) such as an app. A worm is a standalone program that actively transmits itself to other computers.

Adware shows advertisements automatically. Spyware gathers your information, such as internet surfing habits, user logins, and banking or credit card information, without your knowledge.

As regards actual infections, Trojans accounted for nearly 80% of infections detected in 2013.

The most infected country was China with 54 percent of the total infections. This may be because China has the highest percentage of users running Windows XP, which is considered to be a very vulnerable operating system.

Targeted attacks

While the sheer volume of malware created last year is extremely worrying, the most disturbing aspect of Internet security in 2013 was the successful assaults on Twitter, Facebook, Apple and Microsoft. These are major tech companies whose security systems should be unbreachable. So, if the experts are vulnerable, what about the rest of us?

Starting with Twitter in February, these four companies were targeted in sophisticated attacks that exploited an unpatched vulnerability in Java. Unpatched is geek-speak for “not fixed yet”.

The attack on Adobe was one of the worse incidents in 2013. Source code for some of company’s products was compromised, and the usernames and passwords of more than 38 million users were lifted.

The attacks on Twitter were laughable in a way but could have had deadly serious effects. Hackers used the Associated Press’ Twitter account to send out fake news alerts claiming that bombs had been detonated at the White House and that President Obama had been injured.

The Twitter account of Burger King was also hacked. The attackers changed the site’s images to images lifted from McDonalds and tweeted that Burger King had been taken over by its rival. It would be interesting to see who bought and sold shares in both those companies on that day.

Passwords… lessons learned?

The breach at Adobe revealed the extent of users’ laxity when it comes to passwords.

An analysis of what happened at Adobe reveals that nearly two million account-holders (about five percent of the total) used the extremely insecure password “123456”, even though this type of password has been shown to be easy breachable in the past.

Another half million users relied on “123456789,” while nearly 350,000 accounts simply used the term “password” as the password.

It seems that the message security experts have been pumping out for years – to use complex and therefore more robust passwords – is being steadily ignored by users.

Threats to mobile banking

The number of new or modified malicious programs tailored for smartphones and tablets more than doubled to nearly 100,000 in 2013. The vast majority were focused on users’ banking details and hence their money.

Mobile users in Russia were particularly hard hit, accounting for 40 percent of all attacks, well ahead of India (8 percent), Vietnam (4 percent), the Ukraine (4 percent) and the UK (3 percent).

It’s probably correct to say that the hackers were testing and refining their mobile malware in Russia which is said to be less security conscious and therefore more vulnerable. So it’s only a matter of time before cyber-thieves move on to more lucrative mobile banking in the West.

It seems that this move is already occurring. At the end of 2012, there were only 64 known mobile banking Trojans, but by the end of last year, that number had multiplied by 20 to more than 1,320.

According to the industry, 98 percent of all of last year’s mobile malware were targeting Android devices. Android is an operating system (OS) designed primarily for touchscreen devices such as smartphones and tablets. It enables users to use swiping, tapping, pinching and reverse pinching to manipulate on-screen objects quickly and easily. It’s no surprise than that, in most markets, Android-powered phones are the most popular, comprising more than half of all smartphone sales. There are at least one billion Android devices in use.

Android is owned by Google which releases the source code under a free licence, making it a favourite among app developers. Android’s share of the global smartphone market exceeds 80 percent and there are over 1 million apps available for this operating system.

According to security experts, vulnerabilities in the Android OS architecture as well as the devices’ popularity, account for the surge in Android banking Trojans last year. Being Trojans, this malware gets into smartphones bundled with some innocent-looking app.

The takeaway:

As you can see, the Internet is getting more dangerous year by year and mobile banking is now becoming the target of choice for sophisticated hackers. The chances that your system will be compromised in 2014 are extremely high.

Nevertheless, there are plenty of things you can do to protect yourself from malware:

1) Keep updated… make sure your operating system and other software is updatedregularly as the latest versions will contain patches for security vulnerabilities.

2) Install anti-virus software… to guard against viruses, worms, spyware and trojans. This software should scan files are they are being downloaded and block the activities of malware components. It should also intercept attempts to install start-up items or modify browser settings.

3) Scan… your computer regularly for malware, at least once every month, to detect and remove malware that has already been installed on your computer.

4) Be careful… when following links on the internet. Be especially cautious on social networking sites… images and videos that go viral can infect huge numbers of computers very quickly indeed.

5) Don’t install unknown software… some websites offer you free software. Before you download, ask yourself: ‘why would anyone give away software for free?’ More than likely there’s a catch, such as an unwelcome piece of malware hidden within the freebee.

6) Don’t click on pop-up windows… many malicious websites try to install malware on your system by making images look like pop-up windows.

7) Perform regular back-ups… to an external hard-disk or other media so that, if the worse comes to the worst and the only way to get rid of malware is to format your hard disk and reinstall your operating system, you don’t lose your files.

8) Be ultra-cautious when using mobile banking… It might be best not to use the same smartphone for mobile banking as you use for other online activities such as telephoning, texting and messaging etc.