Are you an android user? Then this report is going to be revealing for you, and will tell you about what is going behind your Smartphone and how your Smartphone is at risk. With the evolution of Smartphone, the malware growth is also on the rise. Here, I tried to focus on emerging techniques of malware and its growth through Fortinet 2014 threat report carried out by its FortiGuard Labs.

Fortinet is a leader in network security, and offers broad security solution in areas like anti spam, intrusion prevention, web content filtering, etc. The threat report discovered about the rising level of mobile malware in 2013 and Android OS was the dominant player in spreading mobile malware, which represented 96.5% of all mobile malware infections. While the other platforms like Symbian, Apple, Blackberry, PalmOS, and windows together shared 3.45% distribution in mobile malware.

What is report all about?

The report defined the five categories of threats including malware, mobile malware, Botnets, spam, and malicious websites. According to Axelle Apvrille, a senior mobile antivirus researcher said that FortiGuard Lab revealed about 1800 new different virus families and most of malwares targeted android platform. He also added that there is no sign of slowing android malware infections and in the year of 2014, many malware incidents are likely to happen. Due to growth in purchase of android device, attackers will have broad ground to target android users. Below is the report divided into five threat categories and out of these categories, we will reveal about malware incidents.

1. Malware:

In 2013, there was a jump in malware incidents showed a cyclic trend of new infections. In the month of May 2013, there was a 30% rise in malware incidents compare to previous months. You can see from the below graph that shows comparison of month wise malware incidents versus rise of malware incidents in millions.



The major countries covered in malware incidents. The USA with 55.69%, Australia with 33.19%, UK with 4.70%, Israel with 2.02%, and Japan with 1.95%, while the rest countries like France, Puerto Rico, Turkey, Mexico, and Kazakhstan had less malware incidents in 2013.



The report also revealed top 10 new malwares, which were responsible for millions of malware incidents recorded in the year of 2013. Below is the table showing top 10 new malware families found on the base of malware incidents happened in 2013.

W32/Kryptik Family W32/ZeroAccess Family W32/ZeuS(Zbot) Family JS/IFrame Family W32/Tepfer Family W32/Yakes.B JS/FBJack.A X97M/Agent.F PDF/Script.JS W32/Blocker Family

Top malware families versus millions of malware incidents:

2. Mobile Malware:

The rise in mobile malware especially on Android platform is due to change in the tendency of users. Users move from desktop and laptop to smart phones and if you look at past three years, you can see from the below graph that in 2013, android platform jumped amazingly. Due to open source platform, simple interface and low cost users tend to android platform. As a result, attackers targeted this booming OS with new mobile malware families. FortiGuard has collected number of samples starting from Jan 2011 to Jan 2014.

Android Growth Rate from 2011 to 2013:



Android, Symbian, window, Blackberry, IOS, PalmOS, and WinCE played a major role in spreading malware incidents. The contribution in mobile malware is as per below graph.



FortiGuard Lab also detected top 10 new mobile malware families, which were used in malicious downloads like flashlight app that influenced many mobile devices. A new malware named Android/NewyearL.B was able to change and delete the content and can remove icon of any external storage in mobile. Below is the table of top 10 new mobile malwares spotted in the report.

Android/NewyearL.B Android/Basebridge.A Android/DrdLight.D Android/Agent Family Android/DrdDream Android/AndCom.A Android/SMSSend Family Android/Lotoor Family Android/OpFake Family Android/Qdplugin.A

Top Mobile malware families versus millions of malware incidents:



Germany with 28.25%, Israel with 26.89% and Turkey with 8.05%, and USA with 31.26% have faced highest mobile malware incidents. While the rest countries like South Africa, Romania, Japan, Indonesia, Poland, Lithuania had contributed less than 2% sharing.



3. Botnets:

Despite the efforts of different organizations, Botnets were identified as a major risk in 2013. There were top 10 Botnets revealed by FortiGuard Lab, ZeroAccess was used in search engine poisoning, click fraud, and Bitcoin exploit out of total Botnets. By spreading 100,000 new infections weekly by ZeroAccess, the culprits has gained money, and paid huge amount on weekly basis to create affiliate infections. Below is the table shows new Botnets found in 2013 by FortiGuard Lab.

ZeroAccess Mariposa Andromeda Waledac Jeefo IMDDOS Smoke Mazben Morto Torpig

The contribution of each malware is described in below chart in which you can see that out of most 10 botnets, ZeroAccess with 88.65%, Andromeda with 3.76%, Jeefo with 3.58% were dominant player in spreading Botnets. While the other botnets shared small percentage.



Top 10 countries shared the highest Botnet incidents:

You can see that USA is on the top in spreading Botnet incidents while Japan, Canada, Turkey, Mexico, Malaysia, and other countries are on the subsequent positions.



4. Malicious Website:

FortiGuard Labs counted 20 million new sites and IP address for web filter purpose and amended 64 million sites. Whenever a website found vulnerable, a query is sent to FortiGuard determines the type of site and check whether the site is safe or not. Here, malicious websites means the site has hosted malicious software, collects user information, and monitors user activity, or hold data for payment. Numbers of websites classified as malicious based upon raised queries are as under.



FortiGuard lab also filtered phishing websites that were made to steal financial, personal, and other confidential data from users. The lab also identified spam URLs used in spam emails. Such sites were related with pornography, fraudulent wares, and offensive materials. Below graphs shows numbers of phishing and spam URL sites in 2013 year.





5. Spam:

Spammers have tried to entice users to click on spam mails like fake fax messages, ads, e-cards, malicious attachments, and malicious links. The half of spam messages came from Eastern Europe and Russia. However when the lab detected spam IP addresses, there was the highest spam IPs detected from India that were used to send spam mails.

Total number of Spam messages as per country:

Total IPs sending Spam messages on Average monthly basis:



FortiGuard Lab had also blocked spam messages in 2013, from the below graph you can see that in the month of May and August, the lab had detected and blocked around 700 million messages.



The research was started in 2006 and until date, FortiGuard Lab discovered 142 zero-day vulnerabilities out of them 14 remains unpatched. In 2013, the lab had detected 18 new zero-days vulnerabilities and 12 out of them vulnerabilities remained unpatched. All these vulnerabilities were critical in terms of their functionality. From the above figures, it is clear that Android devices are at highest risk and it is time to take precautions and be careful while surfing or downloading over android phones.

Image Courtesy: fortiguard.com