Malware threats for mobile and messaging environments are increasing quickly, evolving in sophistication and functionality at a pace that eclipses PC-based malware, according to a report by McAfee Labs. Malicious programs for Android have become especially prevalent; historically, only two other operating systems have more malware.
The McAfee Threats Report: First Quarter 2011 revealed that the Android also had the third-highest number of mobile malwares designed for it in those months, after the Java 2 mobile edition and the number one Symbian Operating System. Though largely unknown in the United States, Symbian is the most popular system in the world with widespread use in Europe, Asia and the Asia-Pacific region, and it still accounts for approximately three-quarters of all malware.
Dave Marcus, the director of security research and communications at McAfee Labs, says that one of the most important take-aways from the first-quarter report—which focuses on more than mobile platforms—is the boom in mobile malware. He believes that the threat landscape will only worsen especially as more industry and government organizations continue to deploy such platforms and applications.
According to the document, McAfee Labs is combating several families of Android malware. The Android/DrdDream comprises a variety of legitimate games and apps injected with malicious codes. Android/Drad malware is made up of maliciously modified applications that send device information to sites controlled by hackers. And the Android/SteamyScr.A features a modified version of a novelty app that can turn phones' screens into steamy windows.
Google's open philosophy toward the development of apps for Android plays a part in its vulnerabilities, Marcus believes. Unlike Apple, which has a stringent review process for apps posted in its store, Google enables creators to post apps with minimal oversight. IOS malware numbers are relatively tiny, as are those for BlackBerry.
Mobile malware for all systems tends to advance at a rapid pace, however. Marcus explains that while PC threats evolve slowly, "mobile develops in sophistication by leaps and bounds." Malware writers learn from history and they use PC knowledge to attack the mobile world.
To combat the problem, Marcus suggests that users know their smartphones "backward and forward" and turn off any unused functionality. He especially stresses disabling Global Positioning System capabilities, because they can tell anyone in the world where a device is located at any given moment. Social-network platforms such as Facebook, Twitter and even Flickr also offer geolocation tools, which can prove hazardous to users.
In addition, Marcus recommends that the information-technology professionals in organizations give employees hands-on training with their devices, working with human resources to impress the importance of safe practices, such as how to lock down devices. He emphasizes that talking about security or providing static presentations is not enough. "It's about training users to make good decisions," he explains. Just as adults must teach children pedestrian safety, those versed in cybersecurity need to train regular consumers on proper behaviors. "You have to look both ways before you cross the Internet," Marcus says. People also need to forgo the idea that a program will keep information secure. "It's your behavior that's going to keep you safe or make you unsafe," he explains.