Malware Regained Supreme Spot in World of Hacking in 2012


The year 2012 was a year of new platforms and new hacker threats. If recently the main target platform was the Windows operating system, it is now replaced by a variety of software platforms, most notably Android platform.

Malware developers are actively using this situation, coming up with new surprises for specialists in the field of IT security. Another trend in 2012 was the revival of the traditional hacking attacks–for example, the spread of the Internet malware.

Hackers spent a good part of 2012 to implement what they have in stock for 2013 as it is for large enterprises, governments, strategic military targets or consumers. Security researchers who have spent analyzing the behavior of malware and attacks have been witnessing a steady increase in malware threats.

During the second half of 2012, a series of zero-days was discovered on the Java platform threatening the security of this platform and allowing hackers access to corporate networks and individuals. Products such as Adobe Reader and Flash, which are present on most of Windows and Apple platforms, have been a delicacy for the pirates, who exploited the weaknesses of the latter.

Targeted attacks were not limited to nations, and hackers were motivated by political reasons in 2012, with high-level attacks against banks in the United States, government targets and against companies. Groups like Anonymous continue to make inroads, and disseminating data in order to embarrass their targets or to conduct a political or social action.

Kindsight used to release three quarterly reports per year and the company’s latest 2012 report highlights some interesting facts on malware trends:

  • 50% increase in high-level infections (botnets, rootkits, banking Trojan) in home networks from Q1
  • 2.2 million of home networks worldwide were infected with the ZeroAccess botnet
  • 13% of home networks in North America were infected with malware; 6.5% had high-level threats like bots, rootkits and banking Trojans
  • Mobile malware continued to grow with mobile adware accounting for 90% of the 3%+ infection rate among mobile devices
  • 300% increase in the number of Android malware samples

Now as the year comes to end, let’s look at some of the top Malware Advances in 2012.

PlaceRaider – Most Disturbing Malware Ever Made

Robert Templeman and his fellow researchers at the Naval Surface Warfare Center have developed a mobile application capable of reconstructing an environment from images taken from a smartphone.

Called PlaceRaider, the spy application that runs in the background on Android smartphones running version 2.3 or above is to take a bunch of pictures in a totally random way by associating each image orientation and position of the phone. PlaceRaider then sends all these photos and collected data to a server that is in charge to restore the environment. The good news is that the app is in safe hand of Naval Surface Warfare Center and will not be used commercially. Very impressive.

Mahdi – Cyber Espionage of Middle East

Researchers in computer security firm Kaspersky Lab and Seculert revealed during mid of this year (July) that malware called Mahdi has been used for nearly eight months to spy on hundreds of targets in Iran, Israel and some other counties in the Middle East. The victims were mostly associated with governmental departments and agencies.

The Trojan was capable of carrying between audio recordings or keyboard keystrokes and was also able to make screenshots at regular intervals to spy on communications via email or instant messaging or access and steal a certain number of documents, images, achieves and sensitive files.

The installer, a built-in file, would indeed run when users agree to open PowerPoint files, despite a warning message associated with these files.

Cyber Bank Robbery – Biggest Cyber Bank Robbery in History

The study by McAfee and Guardian Analytics back in June revealed that an estimated 75 million dollars from a number of high balance accounts from over 60 banking institutions around the world were pilfered. The cyber banking crime was being reported as the biggest cyber bank robbery in history.

The attackers used automated software to infiltrate server systems and utilized a system of mule accounts in staged events. The system was well developed to avert detection methods built in place for suspicious actions.

Shamoon – A New Pandemic

If your Windows computer does not boot up suddenly, it could be doing wrong malicious malware that deletes the contents of your computer – documents, photos and videos – and erase everything it stoles and then restart.

Viewing activity attack can be detected, but it is quite logical concern that according to several security firms (Symantec or Kaspersky Labs) a new type of malware known as Shamoon was wreaking havoc on Windows systems of energy facilities and uses a JPEG image to get to overwrite files on the hard drive of the infected system. It even deletes the master boot record so the infected machine cannot be booted or the data cannot be recovered. Besides the destruction of information, Shamoon sends information on the number of files that have been destroyed and the IP address of the infected computer to a remote server.

It’s rumored that Shamoon was responsible for the attack on the Saudi oil company Aramco, which had to shut down its main system (nearly 30,000 systems) following an attack by unspecified malware.

Flashback – Malware Evolves in Mac

with a nearly half a million to a million systems were infected with Flashback Trojan, it was considered as a major compromised to Apple’s Mac OS, which enjoy higher levels of security compared with their counterparts from Microsoft desktop computers.

According to Russian antivirus firm Doctor Web, the first to identify the malware, the BackDoor.Flashback.39 was targeted to an unpatched JavaScript codes (CVE-2011-3544, CVE-2008-5353 and CVE-2012-0507) vulnerabilities within Mac operating system. Later, Flashback C, a more potent variation of the Flashback Trojan appeared that disables Apple’s automatic updating mechanism so user could never receive security updates to remove the malware.

ZeroAccess Botnet – Takes World by Strom

While it’s been around for several years, the ZeroAccess botnet arrived again in September 2012 infecting more than 9 million computers around the world.

ZeroAccess contains a sophisticated rootkit that has adapted with new advanced techniques over the years. The malware installs a peer-to-peer botnet from which the hackers run a click-fraud scheme, stealing millions of dollars a year. It also makes money through advertising, re-directing users to advertising websites or forcing them with hundreds of pop-up ads to appear on the screen.