Kaspersky Releases Q3 Malware Report

• In Q3 2012, 28% of all mobile devices attacked by malware run Android OS version 2.3.6 (aka “Gingerbread”). Despite being released in September 2011, due to the considerable segmentation in the Android device market, it remains one of the most popular versions.
• In the last two weeks of September 2012, 91% of all Android malware attacks occurred on mobile devices running either “Gingerbread” (installed on 55% of devices) or “Ice Cream Sandwich” (installed on 23.7% of devices), the latest version of the Android OS (version 4.0.4). Of the 91% of malware attacks, 48% were on “Gingerbread” and 43% on “Ice Cream Sandwich”, showing that as consumers migrate to new Android OS’, the cybercriminals follow.
• More than half (57%) of all malware detected on smartphones was SMS Trojans – malicious programs that steal money from victims’ mobile accounts by sending SMS messages to premium rate numbers. However, the latest data reveals that SMS Trojans are gradually being replaced by more sophisticated and versatile data-accessing and data-stealing Trojans and malicious programs, which accounted for a combined 36% of Android malware in Q3 2012.

• In Q3 2012, Java vulnerabilities were used in more than half of all attacks (56%). According to Oracle, different versions of this virtual machine are installed on over 1.1 BILLION computers. Because updates for Java software are installed on demand rather than automatically, there is a longer shelf-life for vulnerabilities. Java vulnerabilities continue to be a favorite of cybercriminals, as Java exploits are easy to use under any Windows version, and with some additional work by cybercriminals, cross-platform exploits can easily be created (ex: Flashfake).
• Adobe Reader ranks second in vulnerable applications that were targeted by exploits in Q3 2012 as the program accounted for 25% of all attacks. The popularity of exploits for Adobe Reader is gradually declining due to a relatively simple mechanism that ensures their detection. Automated updates were introduced in the latest versions of Reader, contributing to the decline.

• In Q3 2012, a total of 30,749,066 vulnerable programs and files were detected on computers of Kaspersky Security Network (KSN) users, with an average of 8 different vulnerabilities were detected on each affected computer.
• The two most frequently exploited vulnerabilities were in Oracle Java, accounting for 35% and 21.70% of affected computers respectively.
• The Top 10 includes 5 spots going to Adobe’s Flash, Reader/Acrobat, and Acrobat.
• Apple’s QuickTime and iTunes came in at sixth and seventh place, with vulnerabilities showing up on 13.8% and 11.7% of computers respectively.
• The popular Nullsoft Winamp media player came in eighth, with the vulnerability appearing on 10.9% of machines.
• Any of the Top 10 Vulnerabilities can jeopardize a computer’s security because they all allow cybercriminals to gain full control of the system using exploits
• Microsoft did not appear on the Top 10 vulnerabilities list for the first time ever, primarily because the automatic updates mechanism in recent versions of Windows has been well developed.

• Russia (23.2%) has taken over the top spot from the U.S. (20.3%) for countries hosting malicious content. In Q3 2012, Russia saw an increase of 8.6%, while the U.S. fell 9.7%. The Netherlands came in third with 17% and an increase of 5.8% in Q3. 60% of all malicious content is located within these three countries.
• Nearly one-third (32.4%) of computers in the U.S. were attacked at least once while surfing online during Q3.
• Tajikistan supplanted Russia as the most dangerous country to surf the web with 61.1% of users encountering malware detections when online.
• Computers in Denmark (10.5%) and Japan (10.6%) faced the lowest risk of infection in Q3. Users in the Netherlands were the eighth lowest nation at risk (15.1%), though it is interesting to point out that 17% of all malicious content resides on computers in the Netherlands.