[Tài liệu] McAfee Threats Report: Second Quarter 2011
The threat landscape of 2011 is undergoing a year of chaos and change. We see chaos in the major
challenges that hacktivist groups such as LulzSec and Anonymous pose, and change in the shifts in new
malware classes and targeted devices.
This quarter McAfee Labs saw major hacktivist activity—but in a very different way. The group Lulz
Security, LulzSec for short, differs from other hacktivist groups in that they had no specific goals. They
were in it, as they claimed, for the “lulz” (LOLs in text messagespeak, or “laugh out loud’s” ) but
showed an agility at compromising networks and servers, and stealing usernames, passwords, and other
data. LulzSec committed multiple intrusions against a wide variety of companies, as well as attacks
against police departments and intelligence agencies, and many other compromises. Although many
of the outcomes and uses of these compromises are still in play (and we provide a helpful overview of
the quarter’s activity) one thing has become clear: Many companies, both large and small, are more
vulnerable than they may have suspected. Further, the security industry may need to reconsider some
of its fundamental assumptions, including “Are we really protecting users and companies?” Although
LulzSec may have ceased its operations during this quarter, the questions they and other hacktivist
groups have raised will be debated for a long time.
One significant change in the first quarter of 2011 was Android’s becoming the third-most targeted
platform for mobile malware. This quarter the count of new Android-specific malware moved to number
one, with J2ME (Java Micro Edition), coming in second while suffering only a third as many malware.
This increase in threats to such a popular platform should make us evaluate our behavior on mobile
devices and the security industry’s preparedness to combat this growth.
We also saw an increase in for-profit mobile malware, including simple SMS-sending Trojans and
complex Trojans that use exploits to compromise smartphones. We offer an update of cybercrime
“pricebooks” as well as some changes to toolkit and service prices. “Crimeware as a service” and the
burgeoning “hacktivism as a service” continue to evolve as interests and targets change. On the positive
side, there were some significant victories against cybercriminals this quarter.
Continuing the change theme, we observed a considerable decrease in both AutoRun and Koobface
malware, offset by a strong rise in fake-anti-virus software that targets the Mac. Apple’s OS X has
been mostly ignored by malware writers for years, so this represents a significant change of target
Malware continued its overall growth during the quarter as did rootkit malware. Rootkits, used primarily
for stealth and resilience, makes malware more effective and persistent; its popularity is rising. Rootkits
such as Koutodoor and TDSS appear with increasing frequency. The amount of malware that attacks
vulnerabilities in Adobe products continues to overwhelm those in Microsoft products.
Botnets and messaging threats, although still at historic lows, have begun to rise again. We expected
this recovery after some recent botnet takedowns. Users and enterprises must plan for this growth and
prepare their defenses and responses accordingly. We again examine social engineering subjects by both
geography and subject and botnets by geography and type.
We saw several spikes in malicious web activity this quarter as well as some serious growth in blogs
and wikis with malicious reputations. Sites that deliver malware, potentially unwanted programs, and
phishing sites also increased.
The second quarter of the year was clearly a period of chaos, changes, and new challenges