Adobe Being 'Favored' by Cyber Criminals

Sufyan bin Uzayr, Freelance Writer, Graphic Artist and Photographer, www.sufyan.co.nr

Which is the most preferred brand of malware authors? You might reply, Microsoft! However, the scene has changed. Adobe products are more vulnerable to malware/spyware attacks owing to their popularity and diverse usage.

Yes, you read it right! According to a report published by McAfee Labs, many malware creators and hackers are targeting vulnerabilities in Adobe products, to the extent that in June 2011 alone, Adobe software received over 14,000 exploits (which is a mammoth figure in comparison to the roughly 1500 attacks on Microsoft products for the same month). Due to the wide and diverse usage as well as popularity, Adobe's products are simply catching the eye of cyber criminals. To quote from the Q2 2011 Threat Report, Adobe's offerings are suffering because they are “the most popular kids on their block.” Most of such exploits target products such as Photoshop, Premier Pro, Dreamweaver, InDesign, Illustrator, Audition, Flash and Acrobat. Also, such malicious attacks have seen a steady rise over the past eighteen months, starting in the second quarter of 2010 itself. In totality, McAfee Labs has identified over 65 million attack samples (six million in the second quarter of 2011 itself) — 28 percent higher than that of Microsoft products. Again, to quote from the report, it is estimated that the current 'Malware Zoo' shall cross “75 million samples by the year's end”.

Along similar lines, and rather surprisingly, presence has also been noted of malware posing as fake anti-virus software. Such fake AV solutions are also existing on Apple Mac OS, and it seems to be only a matter of time before similar malware and Trojan horses make their entry on iOS devices. Linux and BSD users, however, are still comparatively safer as the rise in UNIX threats has been negligible overall.

Speaking of mobile, Android has seen a steep rise in the total number of threats, getting as many as 76 percent of total attacks, which is thrice as high as that of the second platform in the list, JAVA Micro Edition. However, Symbian and JAVA ME still top the list!

Many Android malware are now employing Botnet and rootkit functions for 'stealth mode operation'. Most of them are disguising them as alibis of legitimate apps. For instance, a particular malware for Android disguises itself as an update for Angry Birds. Once you install this 'update', it operates secretly to send SMSes to your entire Contact List even without your notice! Such rootkits and Botnets have seen a monumental rise in their number — over 38 percent since the last year. Coming to the Internet, web threats are rising at an alarming rate. On an average, 7300 new websites with corrupt or malicious code are being discovered everyday. Similarly, 3000 new websites are being discovered everyday that containt Potentially Unwanted Programs (PUPs), and 2700 new phishing websites are being discovered everyday.

Owing to recent measures taken by almost all anti-virus and anti spyware providers, spam message/email detection has seen a rise in effectiveness level. However, McAfee Labs does expect a rise in spam messages coupled with Botnet activity towards the end of the year. India alone has recorded nearly 100 million spam messages in the second half of 2011.

Carrying on from the last report, the Q2 Threat Report also records the activities of hacktivist groups, such as Anonymous and LulzSec (including instances of 'cyber wars'). Over the past two months themselves, there have been attacks on websites and data centers of NASA, European Commission and the Norwegian Military. Overall, in the second half of 2011, there have been nearly 20 major attacks that can be attributed to such hacktivist groups.

In such an insecure environment, it is best to play it safe and employ proper anti-virus and anti-spyware software as well as implement other safety measures.

Reference: McAfee Labs' Threat Report — 2011 Q2: http://goo.gl/V6T6g