Malware attacking businesses through mobile social networks and WordPress platforms: AVG report
Monday, April 30, 2012/
Mobile versions of social networks and websites hosted using WordPress were two of the major targets for malware in the past quarter, a report from AVG reveals, while small businesses are being warned to crack down and keep their systems safe.
The warning comes during a big month for malware, after an infection spread across the internet that targeted Apple computers – leaving many customers open to attack who had previously believed the company’s products were unassailable by malware.
The latest AVG threat report for the first quarter reveals more cyber criminals are attempting to spread malware through mobile versions of social networks. Some of the most popular threats included malware being pushed through mobile devices, with many users unaware they were being infected.
“There has been a fairly marked increase in the prevalence of social media being used to target mobile users, and we’re talking about Android users here,” says AVG security advisor Michael McKinnon.
“So cyber criminals have worked out if they can use Twitter accounts to spam a bunch of links before Twitter shuts them down, they can send out links to infected sites.”
These infected sites can contain anything from types of malware including Trojans, to pieces of code that will infect a users’ device and form part of a collection of compromised computers, known in the industry as a “botnet”.
This warning comes as the number of malware-infected apps on the Android app market, known as Google Play, continues to rise. McKinnon says this is becoming a problem for businesses – especially as more start requiring staff to use smartphones.
Businesses that require staff to bring their own smartphones for use are in greater danger, as the company has no control over what apps are being downloaded. McKinnon says it’s imperative that businesses warn staff of the dangers surrounding their mobile activities.
“They need to take care when using social media from mobile devices, especially with regard to installing applications.”
The other main area of concern identified in the report is the malware that has attacked sites hosted by blogging platform WordPress. McKinnon says that while many businesses host blogs and other sites using WordPress, they may not be aware the platform had been targeted by harsh pieces of malware in the past month, most of which are coming from customisable plug-ins.
In fact, researchers revealed last week the massive infection that attacked Mac computers last month originated on WordPress sites, using a type of toolkit known as “Blackhole”.
McKinnon says it’s critical businesses using WordPress blogs get up to speed with what they’re dealing with, and find ways to keep themselves safe – especially when the majority of WordPress sites are operated by amateurs, not security professionals.
“There are lots of small businesses operating WordPress sites, and I think what’s interesting is that people are using vulnerabilities in WordPress for a platform for other infections.
“It can be the case that the website or business owner doesn’t know anything about this and their website becomes the point of redirection for an infection.”
McKinnon says business owners can’t keep themselves in the dark, with the threat report showing more platforms such as WordPress being used for infection.
“You need to make sure you have backups of your website, and you need to make sure you have a backup plan for everything. You don’t want to get caught with an infection that ruins you.”