Conficker, AndroRAT Continue Malware Reigns of Terror

Conficker, AndroRAT Continue Malware Reigns of Terror

It was a December to remember, on the malware front: The risk of malware infection grew by 17% in the month, as the number of active malware families increased by 25%.

That’s the word from analysis by Check Point, which using its ThreatCloud World Cyber Threat Map identified more than 1,500 different malware families active during December, up from 1,200 in the previous month.

Digging into the numbers, the UK became a more attractive target than it had been. It ranked the 99th most attacked country globally, rising from 116th during November. Perhaps more interestingly, it was attacked more than the US (which placed 122nd) and Ireland (116th) but less than Germany (94th), Spain (87th) and France (59th).

Conficker meanwhile continued in its position as King of the Worms, remaining the most prevalent malware type and accounting for 25% of all known attacks during the period. Conficker is popular with criminals thanks to its focus on disabling security services to create more vulnerabilities in the network, enabling them to be compromised further and used for launching DDoS and spam attacks.

It came in well ahead of the second-place infection, Sality, a virus that allows remote operations and downloads of additional malware to infected systems by its operator. Its main goal is to persist in a system and provide means for remote control and installing further malware. Sality accounted for 9% of attacks.

In third place was the Necurs variant, which is used as a backdoor to download additional malware onto the infected machine, while disabling security services on the host to avoid detection.

The top ten malware families accounted for 60% of the total recognized attacks in December, Check Point found.

Check Point’s research also delved into the most prevalent mobile malware during December 2015, and once again attacks against Android devices significantly more common than iOS. The top three mobile malware were: Xinyin, which performs click fraud on Chinese ad sites; AndroRAT, which is able to pack itself with a legitimate mobile application and install without users’ knowledge, allowing full remote control of an Android device; and Ztorg, a Trojan that uses root privileges to download and install applications on the mobile phone without the user’s knowledge.

“The increase in active malware during December highlights the severity of the threat posed to organizations networks and sensitive data,” said Nathan Shuchami, head of threat prevention at Check Point. “As a result, organizations should be pushing cyber-security to the top of their agendas for 2016, as cyber-criminals continually find new ways to attack networks, so that they can be equally relentless in robustly securing their networks.”

Source: Information Security Magazine