Cybercrime Hides In QR Codes, AVG Technologies Reports

QR codes delivering malware, stolen digital certificates and the persistence of rootkits

Auckland, 27 January 2012 – The risks hidden in a QR code are just one shocking finding of AVG (AU/NZ) Pty Ltd’s “Community Powered Threat Report – Q4 2011” released today.

AVG Technologies, distributor of award-winning AVG Internet and mobile security software in Australia, New Zealand and South Pacific commissioned the report, which provides insight, background and analysis on the trends and developments in the global online security threat landscape. The report focuses on the most notable developments in the billion dollar Cybercrime industry over the last quarter.

Highlights in this quarter’s report are the risks of QR codes, stolen digital certificates bypassing security on mobile phones and the persistence of rootkits.

QR codes are becoming popular for mobile users to insert text and URLs into the mobile device without typing. Unfortunately they are also being discovered as an ideal way to distribute malware to unsuspecting victims.

This report describes in detail a technique already used by hackers, which is expected to gain momentum in 2012. Putting a malicious QR code sticker onto existing marketing material or replacing a website’s bona fide QR code with a malicious one could be enough to trick many.

“In Q4 we clearly saw the convergence between computers and mobile phones applies to malware too. As phones become more like computers, so do the risks,” said Yuval Ben-Itzhak, Chief Technology Officer, AVG Technologies. “Many sophisticated tricks of the trade from computers are now being repurposed for phones. However, as phones are often tied into billing systems the gains can be far greater.”

2011 saw a surge in both Android users and Android malware samples. In December, Google removed another 22 malicious apps from the Android Market, making the total for 2011 more than 100. 1

In another sign that mobile phones are becoming more like computers every day, the use of stolen certificates is now making its way to mobile devices. Digital certificates are often used to certify the identity of the author of an application. If a criminal can get their hands on the certificate belonging to a major software developer, their malware can circumvent security provisions.

Rootkits have been one of the more serious threats to target operating systems in recent years. Rootkits evolved from commercial and financial use to cyber warfare with a very specific target (Stuxnet, Duqu 2). The first phase of the rootkit evolution on mobile devices is seeing technology of growing sophistication being developed (CarrierIQ 3).

In this report AVG focuses on one of the latest rootkits called ZeroAccess, a very sophisticated, highly effective rootkit using advanced anti-forensic features. ZeroAccess is a kernel mode rootkit spying on users and is controlled from a remote server. Waiting for commands from the criminals behind it, the rootkit allows the criminals to use the infected machine when and how they wish.

Other key findings in the report:
• The Blackhole toolkit is currently the most active threat on the web with a share of nearly 50% of all detected instances and over 80% of all toolkits
• Around a million malicious mobile events have been detected during this quarter
• The USA is still the largest source of spam, now followed by the UK. Compared to the previous quarter, the UK jumped from fourth to second place overtaking India and Brazil.
• Brazil is not just a very active banking Trojan market 4, the report highlights Portuguese as the second most used language in spam messages

Michael McKinnon, Security Advisor at AVG (AU/NZ) said “With threats such as ID theft, phishing attacks and Trojans, cyber criminals create an environment of increased risk that puts people off going online. At AVG we believe our role is to give people the tools and peace of mind to enjoy their online experience.”

About the report
The AVG Community Powered Threat Report is based on the Community Protection Network traffic and data, collected over a three-month period, followed by analysis by AVG. It provides an overview of web, mobile devices, Spam risks and threats. All statistics referenced are obtained from the AVG Community Protection Network.
The AVG Community Protection Network is an online neighborhood watch, helping everyone in the community to protect each other. Information about the latest threats is collected from customers who choose to participate in the product improvement program and shared with the community to make sure everyone receives the best possible protection.
AVG has focused on building communities that help millions of online participants support each other on computer security issues and actively contribute to AVG’s research efforts.

# # #
Full Q4 Threat Report: http://www.avg.com.au/files/media/avg_threat_report_2011-q4.pdf

* 1 https://www.computerworld.com/s/article/9222595/Google_pulls_22_more_malicious_Android_apps_from_Market
* 2 https://www.computerworld.com/s/article/9185919/Is_Stuxnet_the_best_malware_ever_
* 3 http://www.guardian.co.uk/technology/2011/dec/15/carrier-iq-faces-us-probe
* 4 http://www.circleid.com/posts/20111123_brazil_the_newest_up_and_comer/

For the series of informative security tips, how-to and fact sheets see:
http://www.avg.co.nz/resources/security-tips/. For video tips from AVG (AU/NZ), see: www.youtube.com/user/avgaunz

Keep in touch with AVG (AU/NZ)
• For breaking news, follow AVG (AU/NZ) on Twitter at twitter.com/avgaunz
• Join our Facebook community at www.facebook.com/avgaunz
• For security trends, analysis, follow the AVG (AU/NZ) blog at resources.avg.com.au

About AVG (AU/NZ) Pty Ltd — www.avg.co.nz
Based in Melbourne, AVG (AU/NZ) Pty Ltd distributes the AVG range of anti-virus and Internet Security products in Australia, New Zealand and the South Pacific. AVG software solutions provide real-time protection against the malware, viruses, spam, spyware, adware, worms, Trojans, phishing and exploits used by cyber-criminals, hackers, scammers and identity thieves. AVG protects everything important and personal inside computers — documents, account details and passwords, music, photos and more — all while allowing users to work, bank, shop and play games online in safety.

AVG provides outstanding technical solutions and exceptional value for consumers, small to medium business and enterprise clients. AVG delivers real-time protection across desktop, and notebook PCs, plus file and e-mail servers in the home and at work in SMBs, corporations, government agencies and educational institutions.

ENDS

© Scoop Media