Thoughts on Malware for Mobile Devices - Part 2
In last month's diary I asked two main questions.
How would I really know if there was malware on my smart phone?
How do we really know that mobile malware is not widespread right now?
So a poll was created asking for your experiences.
One reader commented asking what the definition of "malware" was. Given that most of the readers of this diary are sufficiently knowledgeable about security to dismiss tracking cookies and other such things, I have to believe that only true malware is being reported.
I hope you reported the cookies.
The results and some preliminary analysis follows:
DISCLAIMER: This is not a scientific poll, I am not a statistician and this should in no way be construed as an effort to spread FUD.
Of 540 respondents to date (the six respondents listing other have been removed as their methods and results were not described)
83 of 540 (15.3%) of respondents were scanning for malware.
15 of 83 (18.1%) who were looking for malware on their mobile device found it.
457 of 540 (84.6%) were not scanning their devices.
Now, 540 responses is not a particularly large sample, but I have been monitoring the statistics as responses are entered and the percentage of people reporting they found malware consistently ranged from 15-20% so 18.1% seems to be a reasonable number. Likewise the percentage of people who were not scanning ranged consistently from 82-86%
Based on those numbers, 83 of the 457 people who responded who were not looking for malware would be infected. Ouch.
How many mobile devices are out there right now?
How many in your office building? How many in your city, your state, your country?
How many in the world?
Let's say these numbers are double what would be seen in the population at large.
Even so, if 9% of all the smart phones were infected with malware (especially if we didn't know it), that would be cause (IMHO) for alarm.
I couldn't find any good numbers on existing smart phones but according to this ZD Net Article Credit Suisse projected that total smartphone sales for 2009 will end up at around 176 million units. In the years ahead, Credit Suisse expects the smartphone market to balloon to around 1.5 billion units. By comparison, worldwide unit sales of all mobile phones in 2009 will be about 1.2 billion and worldwide unit sales of all PCs in 2009 will be about 300 million.
Let's say the Credit Suisse was way, way off and we'll say there are only 100 Million smart phones in the world today.
And we'll say that even the 9% above was way off and it's half that, which would be only 25% of what the poll you responded to said.
4.5 Million infected devices.
1.5 Billion Units? I don't even want to think about it.
Do the math. Plug in your own numbers. Check your smart phones.
So my delayed, and corrected answer to the gentlemen at SANSFire who asked "Will this year be the year that malware on mobile devices becomes a problem?" is:
I think it is. We just don't know it.
UPDATE:
Mikel wrote in:
Will you be following up with a site you can point your mobile app to that can scan it online?
Any recommendations for mobile AV?
Thanks Mikel
I don't know of any site that you can point your mobile device to and have it be scanned online.
Christopher Carboni - Handler On Duty
http://twitter.com/ccarboni
Comments
Anonymous
Dec 3rd 2022
10 months ago
Anonymous
Dec 3rd 2022
10 months ago
<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure. The social networks are not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go.
<a hreaf="https://technolytical.com/">the social network</a> is not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go. The social networks only collect the minimum amount of information required for the service that they provide. Your personal information is kept private, and is never shared with other companies without your permission
Anonymous
Dec 26th 2022
9 months ago
Anonymous
Dec 26th 2022
9 months ago
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> nearest public toilet to me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
Anonymous
Dec 26th 2022
9 months ago
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> nearest public toilet to me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
Anonymous
Dec 26th 2022
9 months ago
Anonymous
Dec 26th 2022
9 months ago
https://defineprogramming.com/
Dec 26th 2022
9 months ago
distribute malware. Even if the URL listed on the ad shows a legitimate website, subsequent ad traffic can easily lead to a fake page. Different types of malware are distributed in this manner. I've seen IcedID (Bokbot), Gozi/ISFB, and various information stealers distributed through fake software websites that were provided through Google ad traffic. I submitted malicious files from this example to VirusTotal and found a low rate of detection, with some files not showing as malware at all. Additionally, domains associated with this infection frequently change. That might make it hard to detect.
https://clickercounter.org/
https://defineprogramming.com/
Dec 26th 2022
9 months ago
rthrth
Jan 2nd 2023
9 months ago