Lookout Uses Big Data to Predict Malware Threats, Protects Entire App Stores

Android smartphone users are really fond of downloading apps, and why not?  Everything you want or need is already rolled up in an app.  There’s an app for quick exercise, low calorie diets, gamers favorites, speedometers, horoscopes… the list goes on and on.  The booming market has encouraged a deluge of marketplaces to crop up, from the Android Market to the Amazon App Store.

It’s encouraged a ripe environment for early malware threats, which plagued Android users especially in the past six months.  But as we know, smartphones are very much the computers of tomorrow, and there’s a great deal to be learned from the computers of yesteryear.  Lookout Mobile Security has a penchant for seeing the future, and it’s the company’s study of the past that helps them to stay ahead of mobile trends.  Today, Lookout launches the Mobile Threat Network, which extends its security tools to protect entire marketplaces.

The Mobile Threat Network is a platform that automates the mobile threat detection and analysis process, and delivers over-the-air protection to mobile users around the world.  And part of the Mobile Threat Network is the Mobile Security API, which can extend the protection available in the Network to any app store or download site.  The problem lies with the fact that apps are available in an open market where these apps are not monitored closely.  There are literally thousands of app developers, and tens of thousands of apps.  It’s hard to keep track which ones are legitimate, which have malware, and which have been later infected with malicious malware.

“Though our analysis is still under way, these applications are likely published by the same author as the original DroidDream malware,” Lookout said in an Android malware security alert posted on its blog. ”With the discovery of this new malware, it is more important than ever to pay attention to what you’re downloading.”

What’s interesting about Lookout’s process around finding and dealing with malware is its efficiency.  Lookout has a big data approach to the issue of malware, looking at the system behavior as a whole, and following entire clusters of data.  When an attacker pushes out a malware app, it’s hardly ever just one–it’s usually 20, or 50 apps all at once.  Looking at the behavior of apps is quite a job for Lookout, and it relies on its own database of thousands of apps to not only recognize malware when it’s present, but to predict where it will crop up next.  Using past information, existing data sets and predictive analysis is really at the core of what Lookout is doing with its Mobile Threat Network.  It’s not entirely different from what data analysis king Google is now doing with its new malware detection process, which works for computers.

Verizon Wireless is the first company to use the Mobile Security API and connect with Mobile Threat Network, providing customers with V CAST Apps with increased protection against threats to the applications they download and use from Verizon’s mobile storefront.  It’s a move that demonstrates Lookout’s own plans for growth and expansion, teaming with a carrier to provide extended support through its services.  Lookout teamed with Sprint on its last major update, protecting mobile browsers from malicious threats.

The carrier-partner strategy is an important one for Lookout, as the security provider has had a long-standing relationship with Verizon in particular.  As Lookout seeks ways to protect more areas of the mobile space, team-ups such as this are key to Lookout’s consumer reach, especially as in this case, users don’t even need to know about the Lookout app, let alone install it on their individual device.  But it’s an important step for the carriers as well.

“[Verizon] is really about protecting users,” says Kevin Mahaffey, CIO of Lookout.  “If you remember in the PC days, malware would take down physical networks.  And carriers don’t want that to happen with their mobile networks.  I think everyone in the mobile industry is being very proactive, and wants to get ahead of malware threats.”

While Lookout is making several aspects of malware detection an automated afterthought, consumers still need to be aware of how malware works, and what to look out for.  Several security groups offer tips on how to keep your smartphones safe from malware.  Basic security measures include: accessing only trusted and known websites, password-protecting the devices with a strong and complex password, and keeping all software updated.  We are also reminded that when using public Wi-Fi, consumers should refrain or better yet, never access shopping sites or banking sites or any sites that would require you to enter sensitive information.  And most of all, do not, under any circumstances, leave your mobile phone unattended.

The latest attack alert comes from Fortinet, which has discovered a new variant of the Zeus banking Trojan designed to target Android smartphones. The malware poses as a banking activation application, Fortinet said in a blog entry describing Zitmo, the mobile variant of Zeus.

Lookout Mobile Security is all about consumer education, also releasing some information on malicious developers and their infected apps: MobNet, Myournet, Kingmall2010, we20090202 are a few to look out for.  Lookout is advising consumers to contact their support group if they suspect they have been infected with malware or if they have downloaded any apps from the above developers.

Mellisa Torentino is a contributor to this article.