Smartphones 'Greatest Malware Delivery System Ever'

The ubiquitous smartphone is not such a smart idea, according to a report from George Tech's Information Security Center (ISC), which found that fewer than one percent of smartphones had any kind of security.

"The single biggest security threat to enterprises today is from their smartphones and mobile users," said Rob Smith, an ISC advisory board member.  "We now know mobile phone application stores are the greatest malware delivery system ever invented by man."

In its Emerging Cyber Threats report for 2011, Georgia Tech identified risks not only from smartphones but also in specific industries, including healthcare.

It found a lack of timely patching of infected computers and medical devices in hospitals, doctors who carry vital data on their USB drives and the threat posed to patient and enterprise security as college-age users of Facebook and Twitter grow older and take on responsibility for data security.

Malware growing

With security researchers now uncovering close to 100,000 new pieces of malware daily, the time and resources needed to hold back the threat posed by malware has become overwhelming, said Wenke Lee, a professor at the Georgia Tech College of Computing.

Lee noted that McAfee has found the first six months of 2010 the most active ever for total malware production, but Lee said that automated analysis technologies such as those used by the major anti-virus programs "lack the precision needed to deceipher purposely compressed, encrypted and obfuscated software."

Botnet attacks, in particular, are on the rise, Lee said. Botnets are collections of software agents that run automatically to compromise large numbers of machines for malicious activity including spreading spam, stealing log-in credentials and personal information, as well as distributing malware to others.

Symantec reported last August that the percentage of spam sent from botnets had increased to 95 percent of all spam and M.A.D. Partners, a mobile security provider, estimates that more than 100 million computers are currently part of criminal networks.

Major targets of botnet attacks are the U.S. government and other public-sector agencies, Lee said.

"Today's botnets are sophisticated, money-making machines that not only hijack the data present upopn the victim machines ... but have also become the backbone for an entire criminal ecosystem," said Gunter Ollmann, vice president of research at Damballa.

"Given the breadth of criminal enterprise and methods of monetizing botnets, everyone is at risk," Ollmann said.

Researchers at ISC say they have developed a scalable, transparent analysis system called MTrace that can detect malware and aid in its elimination.