Old malware still threaten in Malaysia, thanks to legacy systems and pirated OSes

• Microsoft issued patch for Conficker in 2008, but many IT admins and users still have not applied patch
• 358 new families, variants of Android malware discovered in H1 2013, nearly double the total ever discovered

THE prevalence of pirated versions of Windows XP and legacy systems that prevent operating systems (OS) upgrades has led to a continued rise of the computer worm WIN32/Downadup affecting old platforms, especially unpatched Windows XP systems.
 
According to F-Secure’s latest Threat Report H1 2013, published recently, more than 20,000 attacks related to the Downadup worm were detected in Malaysia between January and September 2013.
 
The report also found that mobile malware is becoming increasingly widespread among Malaysian mobile users, owing to the growing popularity of the Android platform.
 
The number of Android malware has doubled each year since 2011, and about 77% of the new mobile malware is profit-motivated, F-Secure said in a statement.
 
The continued increase of threats from WORM:WIN32/Downadup, also known as Conficker, in Malaysia points to two possibilities, according to F-Secure Malaysia security advisor Goh Su Sim (pic).
 
“This five-year-old virus, which spreads through the Windows system, is still prevalent today and affects older platforms, especially Windows XP systems that are unpatched,” said Goh.
 
“This means two things: One, pirated versions of Windows XP are widely available in Malaysia. Of course, when you use non-original versions, you most likely cannot connect to the latest updates to update your system and this can result in your system being vulnerable to attacks.
 
“Two, there are a lot of legacy applications running for example in banks, which prevents OS upgrades,” he said.
 
Goh said that the top 10 most infected cities/ regions in Malaysia are Kajang, Kuala Lumpur and Batu Caves.
 
While the Conficker worm is known to wreak havoc on the OS, Goh noted that the solution was relatively simple: Patch the system to avoid potential disasters.
 
“Microsoft issued a patch for the threat in 2008 when it detected the vulnerability in its software. Unfortunately, a lot of IT administrators and personnel here are not doing enough patching to keep their servers or systems up to date.
 
“Hackers are quick to take advantage of these loopholes. It’s like having a door with a lock that doesn’t work, and you know it’s not been working for the past five years, but you haven’t done anything to fix it,” he said.

In addition to updating the patches, Goh suggested minimising the attack surface. For example, because of the high vulnerability of Java plug-ins, users are recommended to disable or uninstall Java if they do not use it, as not all programs require Java to run.
 
Mobile malware
 
Hackers are starting to turn their focus to mobile devices as there is now money to be made from hacking smartphones.
 
According to F-Secure’s Threat Report, Android malware has been doubling year on year since 2011, and doubled further in H1 2013 over the previous year.
 
“This reflects the speed of which people have started adopting Android platforms and in tandem, how fast viruses are being written for them,” said Goh.
 
“It’s not so much about which platform is safer; rather, because more than 70% of the market is now made up of Android users, hackers tend to focus on the larger share of the pie,” he added.
 
F-Secure Labs discovered 358 new families and variants of Android malware in H1 2013, nearly double the total number of malware the Labs has ever discovered, to 793.
 
This was followed by the Symbian platform, with 16 new families and variants discovered, while no new families or variants were discovered on other mobile platforms.
 
Goh said that about 77% of the new malware for smartphones have been found to be profit-motivated.
 
“Malaysian mobile users are [being] hit by potentially unwanted applications such as adware and money-stealing viruses known as premium SMS malware.
 
“Your smartphone today contains more information than your PC – it knows your lifestyle and habits, and marketing companies love this information. There are viruses that track all your information and sell it to marketing companies,” he said.
 
APTs and Mac malware
 
In the first six months of 2013, there were 33 new families or variants of malware detected on the Mac OS platform.
 
This is largely due to the growing popularity of the Mac OS in the market, as well as Mac users being over-confident and believing that Macs are immune to viruses, F-Secure said. About 57.6% of Mac malware were backdoors, while 36.4% were trojans.
 
Advanced Persistent Threats (APTs) have also become a major talked-about threat to the data security of organisations and industries. F-Secure Labs has constructed a rough overall picture of the kind of victims APT attackers are targeting.
 
For details on that study plus the latest in Mac malware, phishing, and more, refer to the complete Threat Report H1 2013.
 
Note: F-Secure Labs focuses on counting the numbers of families and variants of malware rather than the number of unique samples. To attempt to avoid detection of their malware, cybercriminals use automation that makes slight changes to malware code, resulting in new malware samples that are fundamentally still the same malware family or variant. Counting families and variants rather than samples provides a more realistic measurement of threats.
 
Related Stories:
 
Java exploits on the rise, Android malware break out of app stores
 
‘Apple has its head in the sand’
 
Are Apple developers on the hacker hit list?
 
Juniper: Mobile threats more rampant as attackers become more ‘entrepreneurial’
 
 
For more technology news and the latest updates, follow @dnewsasia on Twitter or Like us on Facebook.