The data for the report is collected by AVG’s Threat Labs from the AVG Community Protection Network. It is an online neighborhood watch, helping everyone in the community to protect each other. Information about the latest threats is collected from customers who choose to participate in the product improvement program and shared with the community to make sure everyone receives the best possible protection.
This report takes a look at the last quarter of last year, 2011 and while the full report can be downloaded here, this article will take a look at some of the more poignant discoveries.
Arrival of Printed Malware
Most importantly, Q4 2011 saw the arrival of printed malware through the abuse of QR symbols. QR symbols are becoming popular for mobile users to insert text and URLs into the mobile device without typing, malware included. The report reviews this emerging phenomenon and predicts that this new technique is expected to gain momentum in 2012 and beyond, as the user does not know what lies behind the QR code until the malware is already installed and running.
Fake Antivirus continues to spread.
Q4 2011 saw no abating in the success of fake antivirus products. They have, however, become more sophisticated. The difference lies in the infection method. In this report, we cover an infection method called ‘2nd click redirection mechanism’ which eventually redirects to a Fake AV scanner (Rogue AV) page that tries to lure users into downloading and paying for an AV scanner which “removes” fictitious malware.
PC Threats – Rootkits are getting smarter and smarter.
If you think that rootkits are history, think again. Rootkits are alive and kicking. They are evolving to be much more sophisticated, and some interesting samples show up every few months. Rootkits evolved from commercial use (SONY DRM) through to financial use (Greek wiretapping case) to cyber warfare with a very specific target (Stuxnet, Duqu).
Rapid growth of Mobile Threats.
Throughout 2011, we often reported on the rapid growth of malware targeting Android devices; we presented various examples of malicious code and infection methods. This trend continues to grow, against a backdrop of enormous growth of activated Android devices in the past 6 months, from 100 Million devices (May 2011) to 200 million devices (Nov 2011) and over 550,000 activations daily.
- It has become evident that the ‘underworld’ of cyber crimes is organized.
- Malicious websites do not only share traffic, they also share owners.
- Stolen digital certificates have been discovered on the Android mobile platform.