Blackhole Exploit Toolkit 2.0 and mobile banking malware are top trends in AVG’s Q3 Threat Report

AVG’s latest Threat Report reveals how cybercriminals are developing new monetization methods

AMSTERDAM and SAN FRANCISCO - 24 October, 2012 – AVG Technologies (NYSE: AVG), the provider of Internet and mobile security to 128 million active users, today released its Q3 2012 Community Powered Threat Report. This quarter’s report investigates a number of malicious software developments including the newly launched 2.0 version of the Blackhole Exploit Toolkit, the evolution in malware targeting mobile banking services, a surge in malicious ads targeting social network users and a trick to hide malware inside image files.

Blackhole Exploit Toolkit 2.0

‘Commercial’ toolkit, Blackhole, continues to lead with 63 percent malware market share and almost 76 percent share of the toolkits market. With the ‘release’ of the Blackhole Exploit Toolkit 2.0 in September, it has increased its threat capabilities significantly and is set to grow its market share and impact even further. We can expect to see an upsurge in large scale attacks that will likely be more aggressive as a result of the new evasion techniques introduced in this latest version.

Prior to this in August, AVG Threat Labs identified an explosion of Blackhole attacks that targeted key social networks including Facebook and left users unable to log-on to their accounts or access any games or apps. Cybercriminals coordinated the attacks from multiple external advertising servers, which generated an exceptional increase from 250,000 attacks initially to over 1.6m recorded events within an eight hour period.

“Blackhole is a sophisticated and powerful exploit kit, mainly because it is polymorphic and its code is heavily obfuscated to evade detection by anti-virus solutions. The rapid update capabilities of the kit have also made it challenging for traditional antivirus vendors to track, which are the main reasons it has a high success rate,” said Yuval Ben-Itzhak, Chief Technology Officer at AVG Technologies. “Through our multi-layered security approach with real-time analysis at the endpoint, AVG has been detecting a much higher rate of Blackhole Toolkit-based attacks than other toolkits, as Blackhole’s creator seeks to stay ahead of their competition.”

Mobile banking attacks engineered with Zeus-in-the-Mobile

With the continued rapid uptake of mobile devices, mobile banking services come under the spotlight this quarter as an increasingly lucrative target for cybercriminals. ‘Traditional’ mobile monetization methods help criminals steal small amounts per victim to stay unnoticed. With these more advanced malware, which circumvents the two-factor authentication process some banks use, criminals can empty a victim’s bank account in one go. A 2012 PriceWaterhouseCoopers’ report projected that digital banking would become the norm globally by 2015, so these attacks can only be expected to become increasingly advanced and more prevalent.

Hiding malware in image files

Image files are typically considered safe as they aren’t executed. However, AVG has tracked a new attack looking at how a compromised webserver can be made to execute image files. Innocent looking image files can then be used to deliver malicious payload to unsuspecting visitors to the compromised website.

 

To download the full Q3 2012 Community Powered Threat Report, please visit: http://mediacenter.avg.com/en/press-tools/avg-threat-reports/avg-community-powered-threat-report-q3-2012.html

Keep up to date with our regular threat bulletins on the AVG News & Threats blog: http://blogs.avg.com/

 

About the report

The AVG Community Protection Network is an online neighborhood watch, where community members work to protect each other. Information about the latest threats is collected from customers who participate in the product improvement program and shared with the community to make sure everyone receives the best possible protection.

The AVG Community Powered Threat Report is based on the Community Protection Network traffic and data collected from participating AVG users over a three-month period, followed by analysis by AVG. It provides an overview of web, mobile devices, spam risks and threats. All statistics referenced are obtained from the AVG Community Protection Network.

AVG has focused on building communities that help millions of online participants support each other on computer security issues and actively contribute to AVG’s research efforts.