AhnLab Highlights Top 10 Security Threats in the First Half 2011

By Ahnlab Inc., PRNE
Wednesday, July 27, 2011

SEOUL, South Korea, July 28, 2011 -

- Social networking service to be malware path

- Increased threat to Mac OS users

- Growing menace to online banking

- Smarter online game hacking

AhnLab, a leading provider of integrated security solutions, today unveiled its Top 10 Security Threats in the first half of 2011: Malware paths in social networking sites; an increased threat to Mac OS users; growing menaces to online banking; and more sophisticated online game hacking are among these highlighted threats.

“Threats to mobile and online security are constantly becoming more sophisticated,” said Mr. HongSun Kim, CEO of AhnLab. “Therefore, it is essential to remain alert and aware of growing online trends and threats. AhnLab provides insight into the latest online threats so that all stakeholders can take measures for protection.”  

Social Network Services as Malware Path

In its findings, AhnLab emphasizes that 2011 is the year of social networking services. These services are considered a useful and popular means to connect with networks and relay messages to broad audiences. In the same vein, these sites have proven beneficial to malware paths. More specifically, a trend whereby attackers distribute malware through dominant social networking sites, such as Twitter and Facebook, has become more prominent. Attackers tend to disseminate malware by using shorted URLs connected to popular issues such as the tsunami in Japan and Osama Bin Laden’s death.

Malicious Codes Hacking Corporations

Attacks aimed at corporations were also seen on the rise during the first half of 2011. These types of attacks are known as advanced persistent threats, or APT. APTs were observed in February of 2011 when oil and energy companies were targeted and attacked by the cyber threat, ‘Night Dragon.’ In April of this year there was a conflict between hacker groups including LulzSec and Anonymous, companies targeted included: Sony, Lockheed Martin, and even the FBI. AhnLab also notes that attackers have recently tended to express their political and social opinions through their hacking, and this movement has been called ‘Hacktivism’.

Growing Menace to Online Banking

As the main objective of most malware attackers is in increasing profit, the rising risk to online banking was also among the AhnLab’s top 10 security threats. More specifically, AhnLab observed in the first half of 2011 an increase in the stealing of financial information. Account number and password theft during banking transactions was particularly rampant during this period. There were two developments with Trojan malware in the first half of the year: Banker Trojan and Zeus Trojan. In May, Banker Trojan malware, which is designed to export financial data during online banking, was identified in Korea. Additionally, the Zeus Trojan source code, the most severe online banking malware created, was leaked. With this leaked source code, attackers generated many Zeus variants.

Increased Mobile Malware

AhnLab also highlights an increase in the number and sophistication of mobile malware. In the first half of 2011, a premium rate calling Android malware was identified. More specifically, this malware sent SMS to other phone numbers. Additionally, Zft, forced rooting tool, KidLogger (which steals calls, texts and internet history), DroidKungFu (which remote controls the victimized cell phone) were also found. These malware proved difficult to identify, as they are repacked with other apps by third parties that users download. While the application may appear to work properly, AhnLab warns that the installed malware performs tasks given by the attackers, and attackers will continue to find more ways to infect mobile devices.

Fake Antiviruses Become Harder to Identify

AhnLab notes that fake antivirus software has become more difficult to identify. In January of 2011 ASEC reported the fake antivirus program disguised as the famous ‘AVG Anti-Virus 2011.’ In April, the fake antivirus program appearing as BitDefender 2011 from SoftWin was also identified. This fake antivirus has the same-looking user interface, and also stole the product’s logo. Like other antiviruses, once installed, the rogue BitDefender automatically scans the system and triggers false alerts claiming user PCs have security issues and infections that require removal.  

Increased Number of Malicious Codes Patching Windows

In the first half of 2011, AhnLab observed an increase in the number of malicious codes patching windows system files. Malware that steals online game accounts by patching imm32.dll, ksuser.dll, midimap.dll and compres.dll files were identified. Some malicious codes deliver cyber attacks that bring forced closing of antivirus and/or Windows services by switching or deleting normal system files. In fact, these kinds of codes are designed to damage the operating system when detected and deleted by antivirus services.

Smarter Online Game Hacking

In the first half of 2011, game hacking has risen sharply and become more acute. In fact, as of June 2011, game hacking tools increased by 300 percent compared to the same period in 2010, from 1,068 to 4,050. Hacking tools for online games bring about unfair results by modifying user data in the memory, game file and server, and by also installing an auto play cheat. Data memory modification is becoming more popular over traditional code modification, and auto play cheating uses a specific action function as opposed to mouse and keyboard codes. AhnLab stipulates that 2,575 memory modification tools and 1,274 auto play tools were identified.

Increased Threat to Mac OS Users

Although Mac OS users have generally been considered relatively safer than Windows users, AhnLab found that Mac OS users are vulnerable to greater risks. AhnLab also notes that that this trend is rising in conjunction with the increased number of Mac and iPhone users. In fact, in May of this year, the fake antivirus application, MAC defender, was spread throughout Twitter. Upon installation by Mac users, this application infected the system. AhnLab warns that Mac users should be particularly careful not to open any links sent by unknown users.

Spam Mails with Malicious Codes

Spam mails with malicious codes were also on the rise in 2011, particularly in the second quarter. AhnLab observed the trend whereby mail disguises itself as either a Facebook password reset, or a FedEx or UPS invoice. AhnLab also notes a rise in malicious mails disguised as ‘credit card maxed out’ warnings, which direct victims to run corrupted files. In most cases, these malicious mails attempted to install fake antivirus programs.

Malicious Codes Spread Through Web Application Vulnerability

Malicious codes exploiting web application vulnerability were also noted as a top 10 security threat. In the 1st quarter of 2011 the following vulnerabilities were exploited: MS11-003: Internet Explorer; MS11-006: Windows OS; CVE-2011-0609: Adobe Flash Player. In the 2nd quarter, CVE-2011-0609 was found again in PDF form, and another Adobe Flash Player vulnerability, CVE-2011-0611, was also found. In June, CVE-2011-2110 from Adobe and MS11-050 from MS were exploited for the diffusion of malware. As we can see, the vulnerabilities from Adobe Flash Player were used as the path for malware, which resulted in a steep growth infection rate. AhnLab advises that all users update the latest patches for all software including Windows and Adobe, to prevent victimization.

For more information on the latest security threats through the first half of 2011, please visit (globalblog.ahnlab.com)

About AhnLab, Inc.

Headquartered in South-Korea, AhnLab Inc. (KSE: 053800) develops industry-leading security solutions and provides professional services that are designed to secure and protect critical business and personal information. As a leading innovator in the information security arena since 1988, AhnLab’s cutting edge products and services have been fulfilling the stringent security requirements of both enterprises and individual users. AhnLab’s products and services include anti-virus solutions, network, mobile and online game security, security management and consulting services. Today, AhnLab boasts a network of sales and research operations in more than 20 countries worldwide.

Media Contact:
AhnLab, Inc.
Corporate Communications
Changmin Song
+82.2.2186.7955
seemefly@ahnlab.com

Burson Marsteller Korea
Nicolle Kuritsky
+82.2.3782.6460
nicolle.kuritsky@bm.com

.

YOUR VIEW POINT
NAME : (REQUIRED)
MAIL : (REQUIRED)
will not be displayed
WEBSITE : (OPTIONAL)
YOUR
COMMENT :