Mobile, BIOS cyberthreats on the rise

Threats to mobile devices and infections to computers' basic input-output systems (BIOS) continued to go up in September, a computer security firm said. In its September malware statistics report, Kaspersky Labs noted 559 of 680 new malware programs “in the wild" targeted devices using Google's Android OS. “It was obvious that sooner or later the majority of malicious programs for mobile devices were going to make extensive use of the Internet for such things as connecting to remote servers to receive commands," said Kaspersky Lab security expert Alexander Gostev. He noted that of the 559 malware for Android, 182 had backdoor functionality, allowing malware authors to remotely control the infected devices. mTAN threat Among the recent mobile Trojans are ZitMo and SpitMo, which can capture text messages with mobile transaction authentication numbers (mTANs). ZitMo can work with the PC-based Trojan ZeuS, allowing authors to extend the effectiveness of capturing financial transactions on PCs. “ZitMo leads the way in terms of the number of platforms it can infect, although September saw SpitMo add a version capable of working on Android. SpitMo and its partner in crime, SpyEye, operate in virtually the same way as the ZitMo-Zeus duo," Gostev said. BIOS attacks Kaspersky also noted a new attack targeting a computer's BIOS, the first firmware that a computer runs before it can load any operating system. It said one such BIOS malware is the Rootkit.Win32.Mybios.a, designed to make sure that an infected backup file is loaded in memory and can be restored if removed by an antivirus program. In effect, the PC will continue to be re-infected even if the master boot record is cleaned. But Gostev said BIOS infection remains a proof-of-concept as different PCs use different BIOSes, making it difficult for a virus author to conduct massive attacks. In September's case, he said the malware was designed to infect only the BIOS made by a particular manufacturer. “The rootkit detected in September is designed to infect BIOS manufactured by Award and appears to have originated in China. The Trojan’s code is clearly unfinished and contains debug information, but we have verified its functionality and it works," he said. Skype attacks Kaspersky also noted videoconferencing software Skype is also becoming a popular platform for malware distribution. It involves making fake phone calls to Skype users that do not have call restrictions, and warn them of infection on their PCs unless they visit a specific website. The website to be visited is infected and will download malware on the victim PCs. The malware authors would then tell the Skype users to pay a certain amount to activate security on their computers. Gostev says they have reported an increased number of attacks using Skype in September. He advised Skype users to configure their settings to only receive phone calls from those in their Skype contact lists. QR code attacks By end-September, Kaspersky recorded the first attempted malicious attacks using QR codes, which some websites display so smartphones can automatically download an app by scanning the code. Kaspersky analysts detected several malicious websites containing QR codes for mobile apps such as Jimm and Opera Mini, which included a Trojan capable of sending text messgaes to premium-rate numbers. By early October, Kaspersky Lab had detected QR codes linked to malware for Android and J2ME -- the cybercriminals’ favorite mobile platforms. Mitsubishi attack Meanwhile, September would be remembered also for hackers' attack on Japanese corporation Mitsubishi. However, research by Kaspersky Lab suggests that it was most probably launched as far back as in July and entered its active phase in August. Citing media reports, Kaspersky said about 80 computers and servers were infected at plants manufacturing equipment for submarines, rockets and the nuclear industry. Malware was also detected on computers at the company headquarters. “It is safe to say that the attack was carefully planned and executed," said Gostev. The malware appeared to spread after a number of Mitsubishi employees received emails from cybercriminals with a PDF file that contained an exploit for a vulnerability in Adobe Reader. Statistics The following statistics were compiled in September using data collected from computers running Kaspersky Lab products:

• 213,602,142 network attacks were blocked;
• 80,774,804 web-borne infections were prevented;
• 263,437,090 malicious programs were detected and neutralized on user computers;
• 91,767,702 heuristic verdicts were registered.